CN114417109B - Ciphertext searching method, device and system based on security gateway - Google Patents

Ciphertext searching method, device and system based on security gateway Download PDF

Info

Publication number
CN114417109B
CN114417109B CN202111642128.4A CN202111642128A CN114417109B CN 114417109 B CN114417109 B CN 114417109B CN 202111642128 A CN202111642128 A CN 202111642128A CN 114417109 B CN114417109 B CN 114417109B
Authority
CN
China
Prior art keywords
ciphertext
index
search
application data
application server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111642128.4A
Other languages
Chinese (zh)
Other versions
CN114417109A (en
Inventor
张宏莉
韩培义
叶麟
余翔湛
李东
于海宁
方滨兴
黄常喜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhisheng Information Technology Dongguan Co ltd
Original Assignee
Guangdong Electronic Information Engineering Research Institute of UESTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Electronic Information Engineering Research Institute of UESTC filed Critical Guangdong Electronic Information Engineering Research Institute of UESTC
Priority to CN202111642128.4A priority Critical patent/CN114417109B/en
Publication of CN114417109A publication Critical patent/CN114417109A/en
Application granted granted Critical
Publication of CN114417109B publication Critical patent/CN114417109B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a ciphertext searching method, a device and a system based on a security gateway, wherein the method comprises the following steps: receiving an uploading request of a user side; encrypting the application data, storing an encrypted ciphertext by a first application server, and returning an encrypted ciphertext identifier; extracting keywords of the application data, constructing a corresponding index, encrypting, storing an index ciphertext by a second application server, and returning an index ciphertext identifier; associating the index with the index ciphertext identifier and the encrypted ciphertext identifier; receiving a query request of a user side, converting the search keyword into a corresponding index ciphertext, and initiating the query request to a second application server; returning a corresponding index ciphertext identifier according to the second application server to obtain an encrypted ciphertext identifier; and initiating a request to the first application server by using the encrypted ciphertext identifier to obtain a corresponding encrypted ciphertext, and returning the encrypted ciphertext to the user side. The invention solves the searchability and safety problems of the ciphertext.

Description

Ciphertext searching method, device and system based on security gateway
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a ciphertext search method, apparatus, and system based on a security gateway.
Background
With the development of the internet, cloud storage and cloud computing are favored by users by virtue of the advantages of remote access service, low cost, high reliability of data, easy expansion of storage space and the like, become more and more important in daily life, and individuals and enterprises store own data in the cloud. However, since the data management in the cloud is out of the supervision of the user, many sensitive information is easy to be leaked, and the security of the data in the cloud storage is also receiving more and more attention from the cloud service provider and the user.
In order to prevent private data from being revealed, the data owner generally encrypts the private data first and then stores the encrypted private data in the cloud, but this brings another problem that when a user needs to retrieve a ciphertext file, the cloud server can only retrieve the file name of the ciphertext of the user because the cloud server has no key of the user, and the method lacks protection of keywords of the ciphertext, and reveals some information of the user data to a certain extent.
At present, the ciphertext search scheme often needs to dissimilate and solidify a standard encryption algorithm, for example, in order to realize ciphertext matching, an initialization vector IV in a symmetric encryption algorithm is set to be a fixed value, so that random encryption is changed into deterministic encryption, and the cost is that the strength of the encryption algorithm is reduced. The standard general encryption algorithm is supported, and meanwhile, the ciphertext search function is supported, which is a contradictory problem, and even if the same plaintext is encrypted by the standard, the same plaintext becomes different ciphertexts, so that the ciphertext is difficult to search. In addition, the cloud performs searching, because no index is stored locally, the index is stored in the cloud in an encrypted mode, and search keywords are associated with ciphertext indexes of the cloud through inquiring the single-shot function, the single-shot function cannot be dynamically changed and expanded, and therefore complex search requests cannot be supported. Therefore, the searchability and security problems of ciphertext in cloud storage have become an urgent issue to be resolved.
Disclosure of Invention
In view of the problems existing in the background art, the invention aims to provide a ciphertext search method, a ciphertext search device and a ciphertext search system based on a security gateway, which solve the problems of searchability and security of ciphertext.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, the invention discloses a ciphertext search method based on a security gateway, which comprises the following steps:
Step 1, receiving an uploading request of a user side, extracting the content of application data, encrypting the application data, uploading an encrypted ciphertext to a first application server, and returning an encrypted ciphertext identifier by the first application server;
Step 2, extracting keywords of the application data, constructing a corresponding index, encrypting the index, storing an index ciphertext to the second application server, and returning an index ciphertext identifier after the second application server receives the index ciphertext;
step 3, associating the index with the index ciphertext identifier and the encrypted ciphertext identifier;
Step 4, receiving a query request of the user terminal, converting the search keyword into the corresponding index ciphertext, and initiating a search query request to the second application server;
Step 5, returning the corresponding index ciphertext identifier according to the second application server to obtain the corresponding encrypted ciphertext identifier;
and step 6, initiating a request to the first application server by using the encrypted ciphertext identifier to obtain the corresponding encrypted ciphertext, and returning the encrypted ciphertext to the user side.
Further, in the step 1, an encryption key set corresponding to the application data is obtained according to a preset encryption rule; the encryption key set includes one or more keys for encrypting one or more content data of the application data; and encrypting one or more content data in the application data by using the encryption key group according to a preset encryption rule to obtain the encrypted ciphertext.
Further, inputting a search keyword, converting the search keyword into the index, and obtaining a corresponding encrypted ciphertext identifier according to a mapping function between the index ciphertext and the encrypted ciphertext identifier if the index ciphertext corresponding to the index exists; if the search keyword is input, converting the search keyword into the index, and if the index ciphertext corresponding to the index does not exist, newly adding the corresponding index and the index ciphertext according to a mapping function between the search keyword and the index.
Further, the index supporting the multi-keyword ordering function is constructed, and the specific steps are as follows:
Step 101, segmenting an application data set to obtain a dictionary set containing all keywords;
102, calculating the occurrence frequency of each word in any one of the application data;
step 103, calculating the inverse document frequency of the application data;
104, obtaining a corresponding inverted list according to the keywords, and calculating the relevance scores of the application data and the search keywords;
and 105, selecting a plurality of application data corresponding to the high-correlation scores as the multi-keyword ordering encryption ciphertext.
Further, constructing an inverted index using the keyword as a directory by using the application data index using the application data as a directory, including:
Step 201, traversing an application data linked list to obtain a keyword set corresponding to each application data;
Step 202, constructing a keyword chain table for each keyword;
step 203, for each keyword, acquiring a corresponding application data set, and storing the application data set in a corresponding keyword linked list.
Further, the index with fuzzy keyword searching is constructed, and the specific steps are as follows:
Step 301, based on a finite state automaton, judging whether the search keyword is similar to the index keyword or not by using an editing distance to obtain a similar keyword set with the editing distance smaller than n, wherein the editing distance refers to the minimum editing operation times required from the search keyword to the index keyword;
And 302, inquiring the local index by using the similar keyword set to obtain the corresponding encrypted ciphertext identifier, and obtaining the encrypted ciphertext according to the encrypted ciphertext identifier.
Further, in the step 4, after receiving the query request sent by the user terminal, analyzing the query request to obtain user identity information, and verifying whether the user terminal has access rights according to the user identity information; and if the user side has the access right, sending the query request to the second application server.
In a second aspect, the present invention also discloses a ciphertext search system based on a security gateway, which comprises:
The receiving module is configured to receive an application data uploading request sent by a user side; receiving a data search request sent by the user side; receiving an encrypted ciphertext identifier returned by the first application server; receiving an index ciphertext identifier returned by the second application server; receiving an encrypted ciphertext returned by the first application server;
the analysis module is configured to analyze the application data uploading request to obtain application data;
The first encryption module is configured to encrypt the application data to obtain the encrypted ciphertext, and send the encrypted ciphertext to the first application server;
The index construction module is configured to extract keywords from the application data and construct corresponding indexes;
The second encryption module is configured to encrypt the index to obtain an index ciphertext and send the index ciphertext to a second application server;
an association module configured to associate the index with the index ciphertext identifier and the encrypted ciphertext identifier;
The search module is configured to analyze the data search request to obtain a search keyword, transform the search keyword into the corresponding index ciphertext and initiate a search query request to the second application server;
A forwarding request module configured to initiate a request to the first application server using the index ciphertext identifier;
And the first return module is configured to return the encrypted ciphertext to the user side.
Further, the ciphertext search system based on the security gateway further comprises a verification module, wherein the verification module is configured to analyze the application data acquisition request to obtain user identity information, and verify whether the user terminal has access rights according to the user identity information.
In a third aspect, the invention also discloses a ciphertext search system based on the security gateway, which comprises a user side, a first application server, a second application server and the ciphertext search device, wherein the user side is in communication connection with the ciphertext search device, and the ciphertext search device is respectively in communication connection with the first application server and the second application server.
Aiming at the scheme, the invention has at least the following beneficial effects:
When application data is uploaded to an application server, the method and the device enable the first application server to be incapable of checking the application data uploaded by a user by storing the encrypted ciphertext obtained by encrypting the application data to the first application server, and ensure the safety of the application data uploaded by the user; the key words of the application data are extracted, the corresponding index is constructed, the index is encrypted, and the index ciphertext is stored in the second application server, so that the second application server cannot check the key words of the application data uploaded by the user, and information leakage of the user can be avoided to a certain extent; the index is associated with the index ciphertext identifier returned by the second application server and the encrypted ciphertext identifier returned by the first server, so that the application data and the index can be in one-to-one correspondence, and complex search requests can be supported;
when a user inquires application data, the invention initiates a search query request to a second application server by converting the search keyword into the corresponding index ciphertext, so that the second application server can not know the keyword information of the application data, thereby avoiding information leakage; because the index ciphertext is associated with the index ciphertext identifier and the encrypted ciphertext identifier, the corresponding index ciphertext identifier is returned according to the second application server, and the corresponding encrypted ciphertext identifier can be obtained; and initiating a request to the first application server by using the encrypted ciphertext identifier to obtain a corresponding encrypted ciphertext, and returning the encrypted ciphertext to the user terminal, wherein the encrypted data is used in the whole process of uploading data and inquiring the data by the user, so that the safety and searchability of the user information are ensured.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a ciphertext search method based on a security gateway according to an embodiment of the present invention.
Fig. 2 is a block diagram illustrating an operation of an application of a ciphertext search apparatus based on a security gateway according to an embodiment of the present invention.
Fig. 3 is a block diagram of a security gateway-based ciphertext search system according to an embodiment of the invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
As shown in fig. 1, the present embodiment provides a ciphertext search method based on a security gateway, which includes the following steps:
S1, receiving an uploading request of a user side, extracting the content of application data, encrypting the application data, storing an encrypted ciphertext to a first application server, receiving the encrypted ciphertext by the first application server, and returning an encrypted ciphertext identifier;
S2, extracting keywords of the application data, constructing a corresponding index, encrypting the index, storing an index ciphertext to a second application server, receiving the index ciphertext by the second application server, and returning an index ciphertext identifier;
s3, associating the index with the index ciphertext identifier and the encrypted ciphertext identifier;
S4, receiving a query request of a user side, converting the search keyword into a corresponding index ciphertext, and initiating a search query request to a second application server;
S5, returning the corresponding index ciphertext identifier according to the second application server to obtain a corresponding encrypted ciphertext identifier;
s6, initiating a request to the first application server by using the encrypted ciphertext identifier to obtain a corresponding encrypted ciphertext, and returning the encrypted ciphertext to the user side.
Preferably, in S1, an encryption key set corresponding to application data is obtained according to a preset encryption rule; the encryption key set includes one or more keys for encrypting one or more content data of the application data; and encrypting one or more content data in the application data by using the encryption key group according to a preset encryption rule to obtain an encrypted ciphertext. The embodiment of the invention can directly use the currently commonly used general encryption algorithm, such as the international general encryption algorithm of AES, RSA and the like, and the national commercial passwords of SM2, SM4, SM9 and the like to realize encryption search without changing the encryption algorithm, thereby ensuring the encryption strength.
Preferably, a search keyword is input, the search keyword is converted into an index, an index ciphertext corresponding to the index exists, and a corresponding encrypted ciphertext identifier is obtained according to a mapping function between the index ciphertext and the encrypted ciphertext identifier; if the search keyword is input, the search keyword is converted into an index, and an index ciphertext corresponding to the index does not exist, the corresponding index is newly added according to a mapping function between the search keyword and the index, the newly added index is encrypted to obtain the corresponding index ciphertext, the index ciphertext is stored in a second application server, and the second application server returns an index ciphertext identifier. Since the previous extraction of the keywords is performed by a computer, the extraction is not perfect, and therefore, the search keywords can be perfected by newly adding the search keywords without index ciphertext to the index, and the search habit of the user is further complied.
There are some embodiments for constructing an index supporting a multi-keyword ordering function, which specifically includes the steps of:
Step 101, segmenting an application data set to obtain a dictionary set containing all keywords;
102, calculating the occurrence frequency of each word in any application data;
step 103, calculating the inverse document frequency of the application data;
104, obtaining a corresponding inverted list according to the keywords, and calculating the relevance scores of the application data and the search keywords;
And 105, selecting a plurality of application data corresponding to the high-correlation scores as the multi-keyword ordering encryption ciphertext.
When a user inputs a plurality of keywords to search, the computer can calculate the relevance scores of different keywords in the application data by adding a plurality of keyword ordering functions, so that the application data most relevant to the keywords are arranged, and the search of the user on the application data is saved.
Preferably, constructing an inverted index using a keyword as a directory by using an application data index using application data as a directory, includes:
Step 201, traversing an application data linked list to obtain a keyword set corresponding to each application data;
step 202, constructing a keyword chain table for each keyword;
step 203, for each keyword, acquiring a corresponding application data set, and storing the application data set in a corresponding keyword linked list.
There are some embodiments for constructing an index supporting fuzzy keyword searching, which specifically includes the steps of:
step 301, based on a finite state automaton, judging whether the search keyword is similar to the index keyword or not by using an editing distance to obtain a similar keyword set with the editing distance smaller than n, wherein the editing distance refers to the minimum editing operation times required from the search keyword to the index keyword;
and 302, inquiring the local index by using the similar keyword set to obtain a corresponding encrypted ciphertext identifier, and obtaining the encrypted ciphertext according to the encrypted ciphertext identifier.
The fuzzy index is constructed, so that a user can conveniently increase the search range, and the searched application data is perfect.
Preferably, in S4, after receiving the query request sent by the user terminal, the query request is parsed to obtain user identity information, and whether the user terminal has access rights is verified according to the user identity information; and if the user side has the access right, sending the query request to the second application server.
As shown in fig. 2, this embodiment further provides a ciphertext search system based on a security gateway, including:
the receiving module is configured to receive an application data uploading request sent by a user side; receiving a data search request sent by a user terminal; receiving an encrypted ciphertext identifier returned by the first application server; receiving an index ciphertext identifier returned by the second application server; receiving an encrypted ciphertext returned by the first application server;
The analysis module is configured to analyze the application data uploading request to obtain application data;
The first encryption module is configured to encrypt the application data to obtain an encrypted ciphertext, and send the encrypted ciphertext to the first application server;
The index construction module is configured to extract keywords from the application data and construct corresponding indexes;
the second encryption module is configured to encrypt the index to obtain an index ciphertext and send the index ciphertext to the second application server;
an association module configured to associate the index with the index ciphertext identifier and the encrypted ciphertext identifier;
The search module is configured to analyze the data search request to obtain a search keyword, transform the search keyword into a corresponding index ciphertext and initiate a search query request to the second application server;
A forwarding request module configured to initiate a request to a first application server using the index ciphertext identifier;
and the first return module is configured to return the encrypted ciphertext to the user side.
Preferably, the system further comprises a verification module, wherein the verification module is configured to analyze the application data acquisition request to obtain user identity information, and verify whether the user terminal has access rights according to the user identity information.
As shown in fig. 3, this embodiment further provides a ciphertext search system based on a security gateway, where the user side is communicatively connected to a ciphertext search device, and the ciphertext search device is communicatively connected to a first application server and a second application server respectively. The user side is in communication connection with the first application server and the second application server through the ciphertext search device, so that the information security of the user is ensured.
The embodiment does not bind the application data and the index and upload the application data and the index to the same application server as in the prior art, and does not use keywords to refer to the application server when searching the application data.
When the application data is uploaded to the application server, the encrypted ciphertext obtained by encrypting the application data is stored in the first application server, so that the first application server cannot check the application data uploaded by the user, and the safety of the application data uploaded by the user is ensured; the key words of the application data are extracted, the corresponding index is constructed, the index is encrypted, and the index ciphertext is stored in the second application server, so that the second application server cannot check the key words of the application data uploaded by the user, and information leakage of the user can be avoided to a certain extent; the index is associated with the index ciphertext identifier returned by the second application server and the encrypted ciphertext identifier returned by the first server, so that the application data and the index can be in one-to-one correspondence, and complex search requests can be supported;
When a user inquires application data, the search keyword is converted into the corresponding index ciphertext, and a search inquiry request is initiated to a second application server, so that the second application server cannot learn keyword information of the application data, and information leakage is avoided; because the index ciphertext is associated with the index ciphertext identifier and the encrypted ciphertext identifier, the corresponding index ciphertext identifier is returned according to the second application server, and the corresponding encrypted ciphertext identifier can be obtained; and initiating a request to the first application server by using the encrypted ciphertext identifier to obtain a corresponding encrypted ciphertext, and returning the encrypted ciphertext to the user terminal, wherein the encrypted data is used in the whole process of uploading data and inquiring the data by the user, so that the safety and searchability of the user information are ensured.
The functional modules in the embodiments of the present invention may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present invention is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all required for the present invention.

Claims (8)

1. The ciphertext searching method based on the security gateway is characterized by comprising the following steps:
Step 1, receiving an uploading request of a user side, extracting the content of application data, encrypting the application data, storing an encrypted ciphertext to a first application server, and returning an encrypted ciphertext identifier by the first application server;
Step 2, extracting keywords of the application data, constructing a corresponding index, encrypting the index, storing an index ciphertext to the second application server, and returning an index ciphertext identifier after the second application server receives the index ciphertext;
step 3, associating the index with the index ciphertext identifier and the encrypted ciphertext identifier;
Step 4, receiving a query request of the user terminal, converting the search keyword into the corresponding index ciphertext, and initiating a search query request to the second application server;
Step 5, returning the corresponding index ciphertext identifier according to the second application server to obtain the corresponding encrypted ciphertext identifier;
step 6, using the encrypted ciphertext identifier to initiate a request to the first application server, obtaining the corresponding encrypted ciphertext, and returning the encrypted ciphertext to the user side;
Inputting a search keyword, converting the search keyword into the index, and obtaining a corresponding encrypted ciphertext identifier according to a mapping function between the index ciphertext and the encrypted ciphertext identifier if the index ciphertext corresponding to the index exists; if the search keyword is input, converting the search keyword into the index, and if the index ciphertext corresponding to the index does not exist, newly adding the corresponding index and the index ciphertext according to a mapping function between the search keyword and the index;
the index supporting the multi-keyword ordering function is constructed by the following specific steps:
Step 101, segmenting an application data set to obtain a dictionary set containing all keywords;
102, calculating the occurrence frequency of each word in any one of the application data;
step 103, calculating the inverse document frequency of the application data;
104, obtaining a corresponding inverted list according to the keywords, and calculating the relevance scores of the application data and the search keywords;
and 105, selecting a plurality of application data corresponding to the high-correlation scores as the multi-keyword ordering encryption ciphertext.
2. The security gateway-based ciphertext search method of claim 1, wherein in step 1, an encryption key set corresponding to the application data is obtained according to a preset encryption rule; the encryption key set includes one or more keys for encrypting one or more content data of the application data; and encrypting one or more content data in the application data by using the encryption key group according to a preset encryption rule to obtain the encrypted ciphertext.
3. The security gateway-based ciphertext search method of claim 1, wherein constructing an inverted index using the key as a directory using an application data index using the application data as a directory, comprises:
Step 201, traversing an application data linked list to obtain a keyword set corresponding to each application data;
Step 202, constructing a keyword chain table for each keyword;
step 203, for each keyword, acquiring a corresponding application data set, and storing the application data set in a corresponding keyword linked list.
4. The security gateway-based ciphertext search method of claim 1, wherein constructing the index that supports fuzzy keyword searching comprises the specific steps of:
Step 301, based on a finite state automaton, judging whether the search keyword is similar to the index keyword or not by using an editing distance to obtain a similar keyword set with the editing distance smaller than n, wherein the editing distance refers to the minimum editing operation times required from the search keyword to the index keyword;
And 302, inquiring the local index by using the similar keyword set to obtain a corresponding encrypted ciphertext identifier.
5. The security gateway-based ciphertext search method of claim 1, wherein in step 4, after receiving a query request sent by the user terminal, the query request is parsed to obtain user identity information, and whether the user terminal has access rights is verified according to the user identity information; and if the user side has the access right, sending the query request to the second application server.
6. A security gateway-based ciphertext search apparatus for use in the security gateway-based ciphertext search method of any one of claims 1 to 5, comprising:
The receiving module is configured to receive an application data uploading request sent by a user side; receiving a data search request sent by the user side; receiving an encrypted ciphertext identifier returned by the first application server; receiving an index ciphertext identifier returned by the second application server; receiving an encrypted ciphertext returned by the first application server;
the analysis module is configured to analyze the application data uploading request to obtain application data;
The first encryption module is configured to encrypt the application data to obtain the encrypted ciphertext, and send the encrypted ciphertext to the first application server;
The index construction module is configured to extract keywords from the application data and construct corresponding indexes;
The second encryption module is configured to encrypt the index to obtain an index ciphertext and send the index ciphertext to a second application server;
an association module configured to associate the index with the index ciphertext identifier and the encrypted ciphertext identifier;
The search module is configured to analyze the data search request to obtain a search keyword, transform the search keyword into the corresponding index ciphertext and initiate a search query request to the second application server;
A forwarding request module configured to initiate a request to the first application server using the index ciphertext identifier;
And the first return module is configured to return the encrypted ciphertext to the user side.
7. The security gateway-based ciphertext search apparatus of claim 6, further comprising a verification module configured to parse the application data acquisition request to obtain user identity information, and verify whether the user terminal has access rights according to the user identity information.
8. A ciphertext search system based on a security gateway, comprising a user side, a first application server, a second application server and the ciphertext search device according to any one of claims 6 to 7, wherein the user side is in communication connection with the ciphertext search device, and the ciphertext search device is respectively in communication connection with the first application server and the second application server.
CN202111642128.4A 2021-12-29 2021-12-29 Ciphertext searching method, device and system based on security gateway Active CN114417109B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111642128.4A CN114417109B (en) 2021-12-29 2021-12-29 Ciphertext searching method, device and system based on security gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111642128.4A CN114417109B (en) 2021-12-29 2021-12-29 Ciphertext searching method, device and system based on security gateway

Publications (2)

Publication Number Publication Date
CN114417109A CN114417109A (en) 2022-04-29
CN114417109B true CN114417109B (en) 2024-05-17

Family

ID=81270060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111642128.4A Active CN114417109B (en) 2021-12-29 2021-12-29 Ciphertext searching method, device and system based on security gateway

Country Status (1)

Country Link
CN (1) CN114417109B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080035295A (en) * 2006-10-19 2008-04-23 고려대학교 산학협력단 Method for searching encrypted database and system thereof
CN104408177A (en) * 2014-12-15 2015-03-11 西安电子科技大学 Cipher searching method based on cloud document system
CN107317814A (en) * 2017-07-03 2017-11-03 北京邮电大学 With applying transparent cipher text searching method, gateway apparatus, gateway device and system
CN108628867A (en) * 2017-03-16 2018-10-09 北京科瑞云安信息技术有限公司 Multi-key word cipher text retrieval method towards cloud storage and system
CN109063509A (en) * 2018-08-07 2018-12-21 上海海事大学 It is a kind of that encryption method can search for based on keywords semantics sequence
WO2019153813A1 (en) * 2018-02-07 2019-08-15 华南理工大学 Full-text fuzzy retrieval method for similar chinese characters in ciphertext domain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080035295A (en) * 2006-10-19 2008-04-23 고려대학교 산학협력단 Method for searching encrypted database and system thereof
CN104408177A (en) * 2014-12-15 2015-03-11 西安电子科技大学 Cipher searching method based on cloud document system
CN108628867A (en) * 2017-03-16 2018-10-09 北京科瑞云安信息技术有限公司 Multi-key word cipher text retrieval method towards cloud storage and system
CN107317814A (en) * 2017-07-03 2017-11-03 北京邮电大学 With applying transparent cipher text searching method, gateway apparatus, gateway device and system
WO2019153813A1 (en) * 2018-02-07 2019-08-15 华南理工大学 Full-text fuzzy retrieval method for similar chinese characters in ciphertext domain
CN109063509A (en) * 2018-08-07 2018-12-21 上海海事大学 It is a kind of that encryption method can search for based on keywords semantics sequence

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种高效的支持排序的关键词可搜索加密系统研究;张楠;陈兰香;;信息网络安全;20170210(02);全文 *

Also Published As

Publication number Publication date
CN114417109A (en) 2022-04-29

Similar Documents

Publication Publication Date Title
US10860725B2 (en) Increasing search ability of private, encrypted data
US9576005B2 (en) Search system
CN107798038B (en) Data response method and data response equipment
US9197613B2 (en) Document processing method and system
US8819408B2 (en) Document processing method and system
CN108090351B (en) Method and apparatus for processing request message
Awad et al. Chaotic searchable encryption for mobile cloud storage
JP2012164031A (en) Data processor, data storage device, data processing method, data storage method and program
CN105827582A (en) Communication encryption method, device and system
Xiangyang et al. MUSE: an efficient and accurate verifiable privacy‐preserving multikeyword text search over encrypted cloud data
CN115017107A (en) Data retrieval method and device based on privacy protection, computer equipment and medium
Shao et al. Achieve efficient and verifiable conjunctive and fuzzy queries over encrypted data in cloud
CN110618999A (en) Data query method and device, computer storage medium and electronic equipment
US20240211969A1 (en) Device Requirement and Configuration Analysis
CN115757676A (en) Fuzzy searchable encryption method and device and electronic equipment
CN113377876B (en) Data database processing method, device and platform based on Domino platform
CN116055067B (en) Weak password detection method, device, electronic equipment and medium
CN112966086A (en) Verifiable fuzzy search method based on position sensitive hash function
CN114417109B (en) Ciphertext searching method, device and system based on security gateway
CN111752964A (en) Data processing method and device based on data interface
Zhao et al. Privacy-preserving personalized search over encrypted cloud data supporting multi-keyword ranking
Pal et al. Efficient search on encrypted data using bloom filter
Yang et al. Research on the ranked searchable encryption scheme based on an access Tree in IoTs
CN112416875A (en) Log management method and device, computer equipment and storage medium
KR101661549B1 (en) System and method for searching contents

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240709

Address after: Room 303, Building 2, No. 16 Keji Fourth Road, Songshan Lake Park, Dongguan City, Guangdong Province, 523000

Patentee after: Zhisheng Information Technology (Dongguan) Co.,Ltd.

Country or region after: China

Address before: 523000 No. 17, headquarters 2nd Road, Songshanhu high tech Industrial Development Zone, Dongguan City, Guangdong Province

Patentee before: GUANGDONG ELECTRONIC INFORMATION ENGINEERING Research Institute OF UESTC(UNIVERSITY OF ELECTRONIC SCIENCE AND TECHNOLOGY OF CHINA)

Country or region before: China

TR01 Transfer of patent right