CN114285867A - Air-railway combined transport data sharing method and system based on alliance chain and attribute encryption - Google Patents
Air-railway combined transport data sharing method and system based on alliance chain and attribute encryption Download PDFInfo
- Publication number
- CN114285867A CN114285867A CN202111597986.1A CN202111597986A CN114285867A CN 114285867 A CN114285867 A CN 114285867A CN 202111597986 A CN202111597986 A CN 202111597986A CN 114285867 A CN114285867 A CN 114285867A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- air
- cloud
- management center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an air-railway combined transport data sharing method and system based on alliance chain and attribute encryption, comprising the following steps: adopts a mode of combining chains with chains from top to bottom and clouds from top to bottom. And sharing and recording the ciphertext fingerprint, the ciphertext storage address and the air-iron data on the bottom layer of the alliance chain to store the certificate. Ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, an air-rail data owner applies for a public key and a master secret key to formulate an access strategy; and encrypting the data by using the public key, the master key and the strategy, and uploading and storing the data. A blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; and downloading the ciphertext, and decrypting the ciphertext by using the obtained private key. The invention has the advantages that: the source tracing and the right confirming are carried out on the data sharing, the safe sharing of the data is ensured, the data storage expense is reduced, and the operation and maintenance difficulty is reduced.
Description
Technical Field
The invention relates to the technical field of block chains, attribute encryption based on a ciphertext strategy and air-railway data sharing, in particular to an air-railway intermodal data sharing method and system based on a alliance chain and attribute encryption.
Background
In the internet era, technologies such as 5G, cloud computing and the internet of things are more and more mature, and the production, acquisition, storage and processing of mass data become reality; data are increased in an explosive mode, all data are based on the data, the data play a greater role, and the method is a premise and a foundation for building a good society. But now, a plurality of problems such as data security management loss, data transfer difficulty, data islanding and the like generally exist. Therefore, the demands of improving the precision of the training model and mining the potential value of data resources are becoming stronger by 'expanding' the data volume through the mode of data sharing. However, two problems are inevitably involved in data sharing: data privacy disclosure and data abuse. How to realize data sharing on the basis of ensuring privacy security and break a data island is a problem which needs to be solved urgently.
Traffic is a crucial factor for economic development and is a firm foundation for national economic development. The air transportation and the railway transportation are important transportation components in China, and the realization of data sharing between the air transportation and the railway transportation to promote the realization of joint transportation between the air transportation and the railway transportation is an important strategy for future economic development of China. Especially, the method has great promotion effect on accelerating the construction of economic development mainly based on domestic major cycle, and has very important strategic significance on future economic development of the country. In addition, with explosive growth of air transportation data and railway transportation data, local hardware equipment of the system cannot meet the requirement of mass data storage, and data are stored on a cloud server to form a cloud data management middle platform.
The potential value of big data is explored, and the trend of utilizing the big data to promote economic development is formed; large data must not be shared with data. There are also some problems in existing data sharing solutions:
prior art 1: data exchange security study based on blockchain technology [ J ] communication technology, 2021, 54 (5): 1220-; in the prior art, the problem that one copy of data needs to be encrypted for multiple times when homomorphic encryption is used is not considered, and the problem that the data is slowly synchronized when consensus occurs in a block chain is solved.
Prior art 2: the invention has the following patent: the data sharing method and system based on the multi-party fully homomorphic encryption are applied for the date: 2021.03.09, application No.: CN 202110254124.2; in the patent, data is encrypted by using multi-party fully homomorphic encryption, and the encrypted data result is shared; only specific calculation results are shared, and flexible data sharing cannot be achieved. Meanwhile, the multi-party fully homomorphic encryption cannot realize fine-grained data access authority control.
Interpretation of terms appearing in the invention
Data island: data islanding is a phenomenon which is common in government or enterprise informatization construction and mainly comprises two types of physical and logical: physical data isolated island means that data are stored and maintained independently in different departments and are isolated from each other. The logical data isolated island means that different departments stand at the own angle to understand and define data, so that the same data are endowed with different meanings, and the communication cost of cross-department data cooperation is increased invisibly.
Air transportation data: the air transportation means that a mode of transporting goods, passengers and the like by using an airplane is used, and air transportation data comprises passenger data, flight data, goods logistics information and the like.
And (3) railway transportation data: railway transportation is a mode of transporting passengers and goods by using railway facilities and equipment. The railway transportation data refers to train number information, passenger data, cargo information, cargo logistics information and the like.
Cloud data management middle station: a novel data center based on cloud computing, high in virtualization, automation and energy conservation is relied on. When the enterprise migrates the data and the workload to the cloud data center, the enterprise does not undertake the works of design, construction, maintenance, power supply, personnel allocation or protection and the like of the solid building. But rather is responsible for providing highly available, highly fault-tolerant computing resources as a service by the cloud provider. Enterprises can be liberated, and more resources are used for self business in a centralized manner.
The attribute encryption algorithm of the ciphertext strategy is as follows: the attribute encryption algorithm based on the ciphertext strategy writes the strategy into a ciphertext, and writes the attribute into a user private key. The ciphertext corresponds to an access structure; the user private key corresponds to a set of attributes, and data can only be decrypted if the attributes in the user attribute set satisfy the access structure.
Air-rail data owner: the party who owns air transportation data or rail transportation data is also the party who shares data in the present invention.
Air-rail data demanders: the party with the air transportation data or rail transportation data requirement is the data requester in the present invention.
Cloud data management middle station: the cloud data management center station is used for upgrading and reinforcing a traditional software platform, and the core essence of the cloud data management center station is service sharing. In the invention, a cloud data management center introduces new rules of professional function division, data uniqueness modeling and the like; the method aims to solve the problem of 'division of function boundaries among software platforms' and the problem of 'data isolated island' which cannot be solved by the traditional 'software platform'.
Data fingerprint: digital fingerprinting uses truncated information to identify large data files or structures, and a common data fingerprint is a digest value of data, i.e., a value calculated by a hash function.
Federation chain: a federation chain is a cluster consisting of a plurality of private chains, a block chain which is managed by a plurality of organizations jointly, and each organization or organization manages one or more nodes, wherein the data of the nodes only allows the organizations in the system to read, write and send. Each node of the federation chain usually has a corresponding entity organization, and can join and leave the network only after authorization.
Intelligent contract: namely, chain code is code logic that runs on a blockchain and is automatically executed under specific conditions, and is an important way for a user to implement business logic using the blockchain. The operating result of the smart contract is authentic, as a result of which it cannot be forged and tampered with.
Disclosure of Invention
The invention aims to provide an air-railway combined transportation data sharing method and system based on alliance chain and attribute encryption, so as to solve the problems of safe cloud storage of air transportation data and railway transportation data, safe air-railway data sharing and the like, finally realize air-railway combined transportation and promote economic growth.
In order to realize the purpose, the technical scheme adopted by the invention is as follows:
an air-rail transport data sharing system based on alliance chain and attribute encryption, comprising: the system comprises a cloud data management middle platform, a sky data owner, a sky data demander and a alliance chain bottom layer;
the air-rail intermodal data sharing system adopts a mode of combining uplink and downlink in a chain and cloud-up and cloud-down. The whole air-railway combined transport data sharing system relies on the alliance chain bottom layer and the cloud data management middle station, and the ciphertext fingerprint, the ciphertext storage address and the air-railway data are shared and recorded on the alliance chain bottom layer for storage. Ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, a subway data owner applies for a system public key and a system master secret key to formulate a data access strategy; and encrypting the data by using the system public key, the system master key and the access strategy and uploading and storing the ciphertext in a cloud data management console. A blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; and downloading the ciphertext from the cloud data management center, and decrypting the ciphertext by using the obtained private key.
Further, the cloud data management center comprises: the system comprises a data encryption module, a ciphertext cloud storage module, an intelligent contract management module, a data display module and an audit management module.
The data encryption module is responsible for generating a system public key, a main public key, a data access strategy and a private key; and carrying out attribute encryption on the data of the data sharer.
The ciphertext cloud storage module is responsible for storing the encrypted shared data in a cloud data center and developing a shared data access interface to a data demander who passes identity authority verification.
The intelligent contract management module is used for managing ciphertext fingerprint authentication, ciphertext storage address storage, ciphertext address access authorization, linked data query, ciphertext authentication and ciphertext authentication.
The data display module functions comprise space-rail shared data abstract information display, ciphertext information retrieval, ciphertext data statistics and ciphertext fingerprint display.
And the auditing management module is used for user auditing, alliance link point auditing and data requirement auditing. And the node joining the alliance chain needs to initiate application in a cloud data management central station, the platform authorizes the node by using an MSP intelligent contract after the platform is approved, and the node joining is successful after the authorization is completed. The air traffic data owner and the air traffic data demander firstly register in the cloud data management center, the platform audits registration information of the air traffic data owner and the air traffic data demander, and the air traffic data owner and the air traffic data demander can enter the platform after the audit is passed. Meanwhile, the data requirement application initiated by the data demander needs platform auditing, and the data demander can acquire data after the auditing is passed.
Further, the data encryption module uses an encryption algorithm based on the ciphertext policy attribute, and the steps are as follows:
s1, initializing attribute encryption based on the ciphertext strategy; the algorithm needs a security parameter p during initialization, generates a bilinear group G0 with the element G and a bilinear map e, namely G0 XG 0 → G1, and generates a prime number Z of the order. Next, inputting an attribute set U, wherein the attribute set U is { a1, a2, ·, an }, and n is the number of the attribute sets; generating a random number alpha, { t1, t2, · and (tn) belongs to Zp; let y be e (g, g) α and Tj be gtj (1 ≦ j ≦ n). The system public key (public key) is calculated according to one bilinear mapping e, a bilinear group, a value y and a value Tj (e, g, y, Tj (1 is less than or equal to j and less than or equal to n)), and the main private key (master key) is calculated according to the random number a and the value Tj (alpha, Tj (1 is less than or equal to j and less than or equal to n)).
S2, generating a key of the air-railway data demander: generating a user private key according to the user attribute related parameters, inputting an attribute set omega of a user, selecting a random number from r ∈ Zp ∈ and calculating d0 ═ g alpha-r,
dj-grt-j 1, thereby generating a user key (secret) ═ d0, { dj } aj ∈ ω).
S3, data encryption: the input parameters are a system public key, data needing encryption and an access control structure associated with an access strategy, and a ciphertext encrypted based on the attribute is output.
S4, decrypting Decrypt: decryption is divided into two steps, the first step: and (3) accessing leaf nodes of the policy tree, wherein i is att (x), and x represents the leaf nodes of the ciphertext policy access tree, (and a function att (x) returns the attribute corresponding to the node x). The second step is that: and after the first step of verification passes, inputting a user private key and an encrypted ciphertext by an algorithm, and if the attribute set meets an access strategy, successfully decrypting the ciphertext by the user to obtain original data.
The invention also provides an air-railway combined transport data sharing method based on alliance chain and attribute encryption, which comprises the following specific steps:
s1, establishing alliance chain bottom layer service, and deploying a plurality of alliance chain nodes between the air-iron data owner and the air-iron data demander.
And S2, requesting the data sharing secret key from the air-iron data owner to the cloud data management center, generating a system public key and a master secret key by the cloud data management center, and returning the system public key and the master secret key to the air-iron data owner by the cloud data management center.
S3, the air-rail data owner makes a shared data access strategy, and uses the system public key and the data access strategy to encrypt the shared data based on the ciphertext strategy attribute.
And S3, uploading the encrypted data to a cloud data management center by the air-railway data owner, and storing the encrypted data to the cloud data management center by the cloud data management center.
And S4, after the ciphertext data are successfully stored, the cloud data management center stores the ciphertext fingerprints and the ciphertext cloud existence address in the alliance chain. And the cloud data management center station displays the successfully stored ciphertext abstract.
And S5, the air-iron data demander can check the shared data in the cloud data management central station, and according to the requirement, the air-iron data demander carries the attribute set and the corresponding attribute value of the air-iron data demander to apply to the cloud data management central station.
And S6, the cloud data management center examines and approves the application, calculates a private key according to the attribute information and the master secret key submitted by the air and railway data demanders after the examination and approval is passed, and returns the private key to the air and railway data demanders.
S7, the intelligent contract authorizes the air-rail data demander, the air-rail data demander obtains a ciphertext storage address in the alliance chain so as to obtain a ciphertext in the cloud data management center, and the air-rail data demander decrypts the ciphertext by using a returned private key.
And S8, the cloud data management center station records the data sharing in the alliance chain for evidence storage, and the one-time air-rail data sharing is finished.
Compared with the prior art, the invention has the advantages that:
1. the method is established on an alliance block chain, and ciphertext fingerprint data, cloud data storage addresses, data sharing records and the like set by a space data owner are stored on the block chain by using the characteristics of block chain decentralization, non-tampering, traceability and the like. Only the members in the alliance chain can be authorized to access, and the data accessors are limited; the source tracing can be carried out on the data sharing, and the authority confirming can be carried out on the shared data.
2. The data shared by the air-rail data owners is encrypted by using an encryption algorithm based on ciphertext strategy attributes, the algorithm is that firstly, a data sharer formulates a data access strategy, and a private key is generated by using attributes of air-rail data demanders and a master key. And performing attribute encryption on the data through a system public key and an access policy. The data user key decrypts the ciphertext, and the data can be decrypted only if the attribute accords with the access policy. The data are safely shared, and the air-rail data owner has fine-grained access control on the shared data.
3. With the mass increase of air transportation data and railway transportation data, the storage of local hardware data can not meet the requirements, and air rail is stored in a cloud data management middle platform, so that the data storage expense is reduced, and the operation and maintenance difficulty is reduced.
4. The cloud data management center station displays the shared data, the air traffic data demander can check the required data in the cloud data management center station and sends a data demand application, and the data management cloud data management center station checks the application. The cloud data management center performs auditing and control on data sharing, and ensures the trusted data sharing.
5. The air-rail data owner makes an access strategy for shared data through the cloud data management center, and the cloud data management center returns a system public key to the air-rail data owner for storage
6. The data accessor acquires the cloud access address of the ciphertext and needs to pass the authorization of the intelligent contract,
7. safe data sharing is realized among the air railings, more choices can be made when passengers go out, data sharing is realized before the air railings, a strong traffic network is constructed, and rapid economic growth is further promoted.
Drawings
FIG. 1 is a federation link point diagram of the present invention;
FIG. 2 is a functional block diagram of a cloud-based data management center of the present invention;
FIG. 3 is a flow chart of the present invention for shared data encryption based on ciphertext policy attributes;
FIG. 4 is a flow chart of the air-iron data owner sharing data according to the present invention;
FIG. 5 is a flow chart of the data consumer obtaining data in accordance with the present invention;
fig. 6 is an architecture diagram of the air rail intermodal data sharing system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings by way of examples.
As shown in fig. 6, the air-rail intermodal data sharing system adopts a combination of uplink and downlink, cloud and cloud. The whole air-railway combined transport data sharing system relies on the alliance chain bottom layer and cloud service, and the ciphertext fingerprints, the ciphertext storage addresses, the air-railway data sharing records and the like are stored on the alliance chain. Ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, a subway data owner applies for a system public key and a system master secret key to formulate a data access strategy; and encrypting the data by using the system public key, the master secret key and the access strategy and uploading and storing the ciphertext in a cloud data management console. A blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; and downloading the ciphertext from the cloud data management center, and decrypting the ciphertext by using the obtained private key.
The air-rail transport data sharing system comprises: the system comprises a sky data owner, a sky data demander, alliance chain bottom layer services and a cloud data management console;
as shown in fig. 2, the cloud data management console includes: the system comprises a data encryption module, a ciphertext cloud storage module, an intelligent contract management module, a data display module and an audit management module.
The air-rail data sharing participant comprises an air-rail data owner and an air-rail data demander; as shown in fig. 4 and 5, a subway data owner transmits security parameters to a cloud data management center, applies for a system public key and a system secret key, and formulates a data access policy; and encrypting the data, and storing the data in a cloud data management center. The air-rail data demander sends out an application according to the self requirement, and the cloud data management center checks and authorizes the application; the air-rail data demander acquires a ciphertext according to the ciphertext storage address; and the air-iron data demander provides the key decryption data generated by the relevant data access attribute, and the decryption is successful, namely the air-iron data sharing is finished once.
As shown in fig. 1, the air-rail transport data sharing system is built by relying on an alliance block chain, the block chain has the characteristics of decentralization, no tampering, traceability and the like, and by means of a plurality of characteristics of the block chain, the air-rail transport data sharing system records a ciphertext cloud storage address, a ciphertext fingerprint and data sharing of both air-rail parties in the alliance chain for evidence storage. The air-rail data demander acquires the ciphertext storage address and must be authorized by an intelligent contract, so that the security of the ciphertext data is ensured. Meanwhile, after the space-time iron data demander obtains the ciphertext, the integrity of the ciphertext can be verified through the fingerprint in the alliance chain.
The alliance chain uses a PBFT (Byzantine fault tolerance) algorithm, the total number of nodes is N, f is a Byzantine error node, and the number of N is equal to 3f + 1. The alliance chain has the advantages of strong controllability, high consensus speed and the like, and the alliance chain is used for carrying out evidence storage service, so that the data safety can be ensured, and the consensus speed can be ensured.
Aiming at the problem that mass data storage cannot be met by a local database due to explosive growth of air transportation data and railway transportation data, the air-rail data storage method stores air-rail data in a cloud data management middle platform, and solves the problems of limited storage capacity, difficulty in operation and maintenance and the like by using cloud service. A data security sharing mode of the chain up, the chain down, the cloud up and the cloud down is established by combining the alliance chain and the cloud service; the cloud data management center station uses an intelligent contract to interact with the alliance chain, and uses the intelligent contract to perform chain certificate storage on ciphertext fingerprints, ciphertext storage addresses, shared data records of the air and railway parties and the like. As shown in fig. 2, a cloud data management center is established, and the cloud data management center comprises a cloud data management center, an encryption management module, an audit management module and an intelligent contract management module; and a data display module. The air-rail data sharing parties interact through cloud data management, and an air-rail data owner encrypts data and uploads the data; the air-rail data demanders apply for data and decrypt the data, and the series of processes can be completed in a cloud data management center. The cloud data management console will be described in detail below.
The cloud data management center has a plurality of excellent characteristics of large storage capacity, low operation and maintenance cost, software and hardware decoupling, high resource utilization and the like. According to the invention, the air transportation data and the railway transportation related data are stored in the cloud data management center platform in an encrypted manner, so that the problems of insufficient local storage capacity, high operation and maintenance difficulty and the like can be solved, and the safety of shared data can be ensured. And the air data owner uploads data to be encrypted, the cloud data management center platform stores the ciphertext in the data center, and the shared data abstract is displayed on the cloud data management center platform after the ciphertext is successfully stored.
The encryption module is responsible for generating a system public key, a main public key, a data access strategy, a private key and the like, and the cloud data management center encryption module uses an encryption algorithm based on ciphertext strategy attributes. The attribute encryption based on the ciphertext strategy is that a lost-air data owner writes a data access strategy into a ciphertext, and the attribute is written into a user key; the cipher text corresponds to an access structure, the cipher text designates an access strategy in an attribute range defined in the system, the key corresponds to an attribute set, and the cipher text can be decrypted only if the attributes in the key attribute set can be matched with the access structure in the cipher text during decryption. The encryption based on the attributes protects data by using a password mechanism, a blank data owner formulates a strategy for accessing a ciphertext and associates an attribute set with an access resource, a blank data demander can access ciphertext information according to the authorized attribute of the blank data demander, and the blank data owner can control a person who has the attributes to access the ciphertext by setting the strategy, so that the encryption access control of the data attribute level can be realized.
As shown in fig. 3, the attribute encryption based on the ciphertext policy in the present invention mainly includes:
(1) initializing attribute encryption based on a ciphertext strategy: the attribute encryption algorithm based on the ciphertext strategy is a randomization algorithm; the algorithm needs a security parameter p during initialization, generates a bilinear group G0 with the element G and a bilinear map e, namely G0 XG 0 → G1, and generates a prime number Z of the order. Next, inputting an attribute set U, wherein the attribute set U is { a1, a2, ·, an }, and n is the number of the attribute sets; generating a random number alpha, { t1, t2, · and (tn) belongs to Zp; let y be e (g, g) α and Tj be gtj (1 ≦ j ≦ n). The system public key (public key) is calculated according to one bilinear mapping e, a bilinear group, a value y and a value Tj (e, g, y, Tj (1 is less than or equal to j and less than or equal to n)), and the main private key (master key) is calculated according to the random number a and the value Tj (alpha, Tj (1 is less than or equal to j and less than or equal to n)).
(2) And (3) generating a key of the air-rail data demander: the stage is to generate a user private key according to relevant parameters such as user attributes and the like, input an attribute set omega of a user, select a random number from r ∈ Zp, calculate d0 ═ g alpha-r,
dj-grt-j 1, thereby generating a user key (secret) ═ d0, { dj } aj ∈ ω).
(3) Data encryption: the attribute encryption based on the ciphertext strategy uses a randomization algorithm, the input parameters are a system public key, data to be encrypted and an access control structure associated with the access strategy, and the ciphertext encrypted based on the attribute is output.
(4) Decrypting Decrypt: the decryption stage in the attribute encryption algorithm based on the ciphertext strategy uses a deterministic algorithm and is divided into two steps, wherein the first step is as follows: and (3) accessing leaf nodes of the policy tree, wherein i is att (x), and x represents the leaf nodes of the ciphertext policy access tree, (and a function att (x) returns the attribute corresponding to the node x). The second step is that: and after the first step of verification passes, inputting a user private key and an encrypted ciphertext by an algorithm, and if the attribute set meets an access strategy, successfully decrypting the ciphertext by the user to obtain original data.
The auditing management module is divided into modules such as user auditing, alliance link point auditing, data requirement auditing and the like as shown in fig. 2. The node joining in the alliance chain needs to initiate application in a cloud data management central station, the platform audits that the node is authorized through an authorized MSP intelligent contract, and the node joining is successful. And after the platform audit checks that the user joins in the application audit, both the data sharing parties can share the data. As shown in a data flow chart obtained by a data demander in fig. 5, after the user audit is finished, a blank data demander initiates a data application, the cloud data management center performs audit according to related conditions such as application, attributes and the like of the application, and the cloud data management center calls an intelligent contract to authorize the data application; and the ciphertext cloud storage address can be obtained only by the air-rail data demander after the authorization is passed.
The intelligent contract is a supporting technology in a block chain, is a coded contract which is written in a computer language and automatically verified and executed by a computer, and is a data-based form of a paper contract. The intelligent contract has three characteristics: 1. the intelligent contract content is transparent and is arranged on the block chain in the form of binary data, so the contract content is naturally transparent. 2. The contract content is not tampered, and the content of the intelligent contract cannot be modified. 3. The intelligent contracts are permanently operated on the blockchain and are commonly maintained by the network nodes on the blockchain, and the intelligent contracts can be operated as long as the blockchain exists. The intelligent contract content non-tampering characteristic and the block chain are perfectly combined, and by means of the excellent characteristics of the intelligent contract content non-tampering characteristic and the block chain, the ciphertext is stored in the alliance chain through the intelligent contract. As shown in fig. 2, the intelligent contract management module of the present invention includes contents of ciphertext fingerprint authentication, ciphertext storage address storage, ciphertext address access authorization, chained data query, ciphertext authority determination, ciphertext authentication, etc. The cloud data management center station stores the cipher text storage address of the air-rail data owner and the cipher text fingerprint in a coalition chain through intelligent contract, the cipher text storage address can be obtained only after the intelligent contract is authorized, and the data sharing parties can inquire the data on the chain through the intelligent contract, perform owner authority confirmation on the cipher text data and verify the cipher text.
The data display module has the functions of air-rail shared data abstract information, ciphertext information retrieval, ciphertext data statistics and ciphertext fingerprint display
It will be appreciated by those of ordinary skill in the art that the examples described herein are intended to assist the reader in understanding the manner in which the invention is practiced, and it is to be understood that the scope of the invention is not limited to such specifically recited statements and examples. Those skilled in the art can make various other specific changes and combinations based on the teachings of the present invention without departing from the spirit of the invention, and these changes and combinations are within the scope of the invention.
Claims (4)
1. An air-rail transport data sharing system based on alliance chain and attribute encryption, comprising: the system comprises a cloud data management middle platform, a sky data owner, a sky data demander and a alliance chain bottom layer;
the air-rail combined transport data sharing system adopts a mode of combining uplink and downlink in a chain and cloud-up and cloud-down; the whole air-railway combined transport data sharing system relies on the alliance chain bottom layer and a cloud data management middle station, and the ciphertext fingerprint, the ciphertext storage address and the air-railway data are shared and recorded on the alliance chain bottom layer for storage; ciphertext data shared by the air trains are stored in a cloud data management center, and an air train data owner or an air train data demander interacts with the cloud data management center in an up-and-down cloud mode; firstly, a subway data owner applies for a system public key and a system master secret key to formulate a data access strategy; encrypting data by using a system public key, a system master key and an access strategy and uploading and storing a ciphertext in a cloud data management console; a blank data demander initiates a data demand application through a cloud data management center to obtain a ciphertext storage address; and downloading the ciphertext from the cloud data management center, and decrypting the ciphertext by using the obtained private key.
2. The air-rail intermodal data sharing system according to claim 1, wherein:
the high in the clouds data management middle desk includes: the system comprises a data encryption module, a ciphertext cloud storage module, an intelligent contract management module, a data display module and an audit management module;
the data encryption module is responsible for generating a system public key, a main public key, a data access strategy and a private key; carrying out attribute encryption on data of a data sharer;
the ciphertext cloud storage module is responsible for storing the encrypted shared data in a cloud data center and developing a shared data access interface to a data demander passing identity authority verification;
the intelligent contract management module is used for managing ciphertext fingerprint authentication, ciphertext storage address storage, ciphertext address access authorization, linked data query, ciphertext authentication and ciphertext authentication;
the data display module has the functions of displaying the abstract information of the air-rail shared data, retrieving ciphertext information, counting ciphertext data and displaying ciphertext fingerprints;
the auditing management module is used for user auditing, alliance link point auditing and data requirement auditing; the node joining alliance chain needs to initiate application in a cloud data management center, the platform authorizes the node by using an MSP intelligent contract after the platform is approved, and the node joining is successful after the authorization is completed; the air traffic data owner and the air traffic data demander firstly register in a cloud data management center, the platform checks the registration information, and the air traffic data owner and the air traffic data demander can enter the platform after the checking is passed; meanwhile, the data requirement application initiated by the data demander needs platform auditing, and the data demander can acquire data after the auditing is passed.
3. The air-rail intermodal data sharing system according to claim 2, wherein: the data encryption module uses an encryption algorithm based on the ciphertext policy attribute, and comprises the following steps:
s1, initializing attribute encryption based on the ciphertext strategy; the algorithm needs a security parameter p during initialization, generates a bilinear group G0 with the element G and a bilinear mapping e of G0 XG 0 → G1, wherein the order of the bilinear group is prime number Z; next, inputting an attribute set U, wherein the attribute set U is { a1, a2, ·, an }, and n is the number of the attribute sets; generating a random number alpha, { t1, t2, · and (tn) belongs to Zp; let y ═ e (g, g) α, Tj ═ gtj (1 ≦ j ≦ n); calculating a system public key (e, g, y, Tj (j is more than or equal to 1 and less than or equal to n)) according to a bilinear mapping e, a bilinear group, a value y and a value Tj, and calculating a main private key (alpha, Tj (j is more than or equal to 1 and less than or equal to n)) according to a random number a and the value Tj;
s2, generating a key of the air-railway data demander: generating a user private key according to the user attribute related parameters, inputting an attribute set omega of a user, selecting a random number from r e Zp, and calculating
Thereby generating a user key ═ (d0, { dj } aj ∈ ω);
s3, data encryption: the input parameters are a system public key, data to be encrypted and an access control structure associated with an access strategy, and a ciphertext encrypted based on the attribute is output;
s4, decrypting Decrypt: decryption is divided into two steps, the first step: accessing leaf nodes of the policy tree, wherein i is att (x), x represents the leaf nodes of the ciphertext policy access tree, and a function att (x) returns attributes corresponding to the node x; the second step is that: and after the first step of verification passes, inputting a user private key and an encrypted ciphertext by an algorithm, and if the attribute set meets an access strategy, successfully decrypting the ciphertext by the user to obtain original data.
4. The air-rail intermodal data sharing system according to claim 1, wherein: the air-railway combined transport data sharing system uses an air-railway combined transport data sharing method, and comprises the following specific steps:
s1, establishing alliance chain bottom layer service, and deploying a plurality of alliance chain nodes between a bare iron data owner and a bare iron data demander;
s2, requesting a data sharing secret key from a cloud data management center by a sky data owner, generating a system public key and a master secret key by the cloud data management center, and returning the system public key and the master secret key to the sky data owner by the cloud data management center;
s3, the air-rail data owner makes a shared data access strategy, and encrypts shared data based on the ciphertext strategy attribute by using a system public key and the data access strategy;
s3, uploading the encrypted data to a cloud data management center by the air-rail data owner, and storing the encrypted data to the cloud data management center by the cloud data management center;
s4, after the ciphertext data are successfully stored, the cloud data management center stores the ciphertext fingerprints and the ciphertext cloud existing address in the alliance chain; the cloud data management center station displays the successfully stored ciphertext abstract;
s5, the air-iron data demander can check the shared data in the cloud data management central station, and according to the requirement, the air-iron data demander carries the attribute set and the corresponding attribute value to apply to the cloud data management central station;
s6, the cloud data management center platform examines and approves the application, calculates a private key according to the attribute information and the master secret key submitted by the air and railway data demanders after the examination and approval is passed, and returns the private key to the air and railway data demanders;
s7, authorizing the air-iron data demander through an intelligent contract, acquiring a ciphertext storage address in a alliance chain by the air-iron data demander so as to acquire a ciphertext in a cloud data management center, and decrypting the ciphertext by the air-iron data demander through a returned private key;
and S8, the cloud data management center station records the data sharing in the alliance chain for evidence storage, and the one-time air-rail data sharing is finished.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111597986.1A CN114285867B (en) | 2021-12-24 | 2021-12-24 | Air-railway combined transport data sharing system based on alliance chain and attribute encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111597986.1A CN114285867B (en) | 2021-12-24 | 2021-12-24 | Air-railway combined transport data sharing system based on alliance chain and attribute encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285867A true CN114285867A (en) | 2022-04-05 |
| CN114285867B CN114285867B (en) | 2022-12-23 |
Family
ID=80874916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111597986.1A Active CN114285867B (en) | 2021-12-24 | 2021-12-24 | Air-railway combined transport data sharing system based on alliance chain and attribute encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285867B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150200A (en) * | 2022-09-02 | 2022-10-04 | 国网山东省电力公司五莲县供电公司 | Electric power data sharing system and equipment based on block chain |
| CN117278271A (en) * | 2023-09-19 | 2023-12-22 | 淮北师范大学 | Attribute-based encrypted data transmission method and system |
| CN117574437A (en) * | 2024-01-15 | 2024-02-20 | 杭州阿里云飞天信息技术有限公司 | Full-secret database system, data processing method, safety control device and equipment |
| CN117648706A (en) * | 2023-11-30 | 2024-03-05 | 云南大学 | Access control method based on block chain and attribute encryption |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109951498A (en) * | 2019-04-18 | 2019-06-28 | 中央财经大学 | A kind of block chain access control method and device based on ciphertext policy ABE encryption |
| US20190332791A1 (en) * | 2018-04-26 | 2019-10-31 | Mastercard International Incorporated | Methods and systems for facilitating sharing of digital documents between a sharing party and a relying party |
| CN111914269A (en) * | 2020-07-07 | 2020-11-10 | 华中科技大学 | Data security sharing method and system under block chain and cloud storage environment |
| CN112019591A (en) * | 2020-07-09 | 2020-12-01 | 南京邮电大学 | Cloud data sharing method based on block chain |
-
2021
- 2021-12-24 CN CN202111597986.1A patent/CN114285867B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190332791A1 (en) * | 2018-04-26 | 2019-10-31 | Mastercard International Incorporated | Methods and systems for facilitating sharing of digital documents between a sharing party and a relying party |
| CN109951498A (en) * | 2019-04-18 | 2019-06-28 | 中央财经大学 | A kind of block chain access control method and device based on ciphertext policy ABE encryption |
| CN111914269A (en) * | 2020-07-07 | 2020-11-10 | 华中科技大学 | Data security sharing method and system under block chain and cloud storage environment |
| CN112019591A (en) * | 2020-07-09 | 2020-12-01 | 南京邮电大学 | Cloud data sharing method based on block chain |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150200A (en) * | 2022-09-02 | 2022-10-04 | 国网山东省电力公司五莲县供电公司 | Electric power data sharing system and equipment based on block chain |
| CN117278271A (en) * | 2023-09-19 | 2023-12-22 | 淮北师范大学 | Attribute-based encrypted data transmission method and system |
| CN117278271B (en) * | 2023-09-19 | 2024-05-10 | 淮北师范大学 | Attribute-based encrypted data transmission method and system |
| CN117648706A (en) * | 2023-11-30 | 2024-03-05 | 云南大学 | Access control method based on block chain and attribute encryption |
| CN117574437A (en) * | 2024-01-15 | 2024-02-20 | 杭州阿里云飞天信息技术有限公司 | Full-secret database system, data processing method, safety control device and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285867B (en) | 2022-12-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114285867B (en) | Air-railway combined transport data sharing system based on alliance chain and attribute encryption | |
| CN112637278B (en) | Data sharing method and system based on block chain and attribute-based encryption and computer readable storage medium | |
| CN108830601B (en) | Smart city information safe use method and system based on block chain | |
| CN103856477B (en) | A kind of credible accounting system and corresponding authentication method and equipment | |
| CN111400749B (en) | Government affair financial data sharing platform based on block chain and implementation method thereof | |
| CN108229962A (en) | Right management method and system based on block chain | |
| CN111988338B (en) | Permission-controllable Internet of things cloud platform based on block chain and data interaction method | |
| CN109377198A (en) | A kind of signing system known together in many ways based on alliance's chain | |
| CN108960594A (en) | The more SC collaboration system and methods of building based on block chain Yu BIM model | |
| CN110278462A (en) | A kind of mobile film projection authorization management method based on block chain | |
| CN106302334A (en) | Access role acquisition methods, Apparatus and system | |
| CN112149073B (en) | Cone blockchain management method and system | |
| CN111988307B (en) | Construction engineering work information sharing platform based on block chain technology and operation method | |
| CN107302524A (en) | A kind of ciphertext data-sharing systems under cloud computing environment | |
| CN113554421A (en) | Police affair resource data governance cooperation method based on block chain | |
| CN110555783B (en) | Block chain-based electric power marketing data protection method and system | |
| Lu et al. | ATMChain: Blockchain‐Based Security Framework for Cyber‐Physics System in Air Traffic Management | |
| Li et al. | DareChain: A Blockchain-Based Trusted Collaborative Network Infrastructure for Metaverse | |
| Zou et al. | Application of blockchain digital identity technology in healthcare consumer finance system | |
| Chen et al. | Data Access & Sharing Approach for Trade Documentations Based on Blockchain Technology | |
| Zhang et al. | FutureText: A blockchain-based contract signing prototype with security and convenience | |
| Chen | Trustworthy Internet Based on Generalized Blockchain | |
| Zhan et al. | An Distributed CA System: Identity authentication system in transnational railway transportation based on blockchain | |
| KR102258064B1 (en) | System and method for providing hybrid blockchain based aircraft control service | |
| CN114168996A (en) | Zero-knowledge-proof-based alliance-link order privacy data verification method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |