CN114826736A - Information sharing method, device, equipment and storage medium - Google Patents

Information sharing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114826736A
CN114826736A CN202210445750.4A CN202210445750A CN114826736A CN 114826736 A CN114826736 A CN 114826736A CN 202210445750 A CN202210445750 A CN 202210445750A CN 114826736 A CN114826736 A CN 114826736A
Authority
CN
China
Prior art keywords
information
symmetric
attribute
encrypted
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210445750.4A
Other languages
Chinese (zh)
Other versions
CN114826736B (en
Inventor
尹嘉峻
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Chengyi Technology Consulting Co ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN202210445750.4A priority Critical patent/CN114826736B/en
Publication of CN114826736A publication Critical patent/CN114826736A/en
Application granted granted Critical
Publication of CN114826736B publication Critical patent/CN114826736B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of passwords, and discloses an information sharing method, which comprises the following steps: storing the encryption information and a hash value corresponding to the encryption information into a block chain, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext; reading the symmetric encrypted ciphertext and the attribute encrypted ciphertext from the block chain, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext; creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data, and executing symmetric decryption on the index data to obtain a second decrypted plaintext; and inquiring the encrypted information corresponding to the second decrypted plaintext in the block chain to obtain the shared information. The invention also relates to a block chaining technique, shared information can be stored in block link points. The invention also provides an information sharing device, equipment and a medium. The invention can ensure the privacy and the integrity of information sharing.

Description

Information sharing method, device, equipment and storage medium
Technical Field
The present invention relates to the field of cryptographic technologies, and in particular, to an information sharing method, apparatus, device, and storage medium.
Background
Currently, with the development of internet technology, the requirement of privacy protection for personal information is higher and higher, for example, in the medical field, the application of personal health information sharing can help to improve the accuracy of diagnosis of doctors.
However, in the conventional technology for realizing information sharing, personal information is usually outsourced to a third party (such as a cloud service provider), in this case, a user may lose direct control over the information of the user, and the cloud service provider may tamper with or reveal the personal information, which results in poor privacy and integrity of the information when sharing.
Disclosure of Invention
The invention provides an information sharing method, an information sharing device, information sharing equipment and a storage medium, and mainly aims to guarantee the privacy and the integrity of information sharing.
In order to achieve the above object, the present invention provides an information sharing method, including:
acquiring encryption information to be shared, storing the encryption information and a hash value corresponding to the encryption information into a preset block chain, and respectively recording the encryption information and the hash value corresponding to the encryption information as an information ID and an information hash value ID, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext;
receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext;
creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext;
and inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
Optionally, the performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext, includes:
acquiring an attribute public key, an attribute private key and an attribute access tree of the attribute encryption ciphertext, wherein the access tree comprises a plurality of child nodes and a father node;
traversing the access tree to obtain child attribute values returned by each child node, and accumulating the child attribute values to obtain parent attribute values;
judging whether the parent attribute value meets a preset encryption attribute value or not;
if the father attribute value does not meet the encryption attribute value, the decryption fails;
and if the father attribute value meets the encryption attribute value, pairing the attribute public key and the attribute private key to obtain the first decrypted plaintext.
Optionally, the performing the key index by using the key token to obtain index data in the symmetric encryption text includes:
acquiring keywords input by a user and keyword keys of the keywords, and generating trapdoors corresponding to the keywords according to the keyword keys;
and executing the keyword index in the symmetric encryption ciphertext according to the trapdoor and the keyword token to obtain index data in the symmetric encryption ciphertext.
Optionally, the generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext includes:
and acquiring a keyword input by a user and a symmetric key of the symmetric encrypted ciphertext, and taking the keyword, the first decrypted plaintext and the encrypted ciphertext as input parameters of a preset token generating function to obtain a keyword token.
Optionally, the performing symmetric decryption on the index data in the symmetric encrypted plaintext to obtain a second decrypted plaintext includes:
and acquiring a symmetric key of the symmetric encryption ciphertext, and taking the symmetric key and the index data as input parameters of a preset symmetric decryption function to obtain a second decrypted plaintext.
Optionally, the querying, according to the information hash value ID, the encrypted information corresponding to the second decrypted plaintext in the preset block chain to obtain shared information includes:
reading a plaintext hash value of the second decrypted plaintext;
acquiring the encrypted information hash value according to the information hash value ID and a preset query statement;
and extracting the encrypted information which is consistent with the plaintext hash value in the encrypted information hash value as shared information.
Optionally, the storing the encryption information and the hash value corresponding to the encryption information into a preset block chain includes:
acquiring a Merck tree storing the encrypted information in the preset block chain, a preset block chain private key and a preset block chain public key;
signing a root node in the Mercker tree by using the preset block chain private key to obtain a root node signature;
verifying whether the preset block chain public key is matched with the root node signature;
if the preset block chain public key is not matched with the root node signature, determining that the verification is not passed;
and if the preset block chain public key is matched with the root node signature, determining that the verification is passed, and storing the encryption information and the hash value corresponding to the encryption information in the preset block chain.
In order to solve the above problem, the present invention further provides an information sharing apparatus, including:
the encryption information storage module is used for acquiring encryption information to be shared, storing the encryption information and a hash value corresponding to the encryption information into a preset block chain, and respectively recording the encryption information and the hash value corresponding to the encryption information as an information ID and an information hash value ID, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext;
the attribute decryption module is used for receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext;
the symmetric decryption module is used for creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext;
and the information sharing module is used for inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one computer program; and
and a processor executing the computer program stored in the memory to implement the information sharing method.
In order to solve the above problem, the present invention also provides a computer-readable storage medium in which at least one computer program is stored, the at least one computer program being executed by a processor in an electronic device to implement the information sharing method described above.
In the embodiment of the invention, firstly, the encrypted information to be shared is obtained, the encrypted information and the hash value corresponding to the encrypted information are stored in a preset block chain, and the encrypted information and the hash value corresponding to the encrypted information are respectively recorded as an information ID and an information hash value ID, so that the information can be managed through the block chain, and the condition that the information is tampered or leaked when being outsourced to a third party is avoided; secondly, performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext, creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, performing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, performing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext, further ensuring the integrity of information through two layers of decryption, and directly and accurately obtaining data corresponding to keywords from the symmetric encrypted ciphertext through the keyword index, thereby effectively avoiding source data from leaking to a third party; and finally, inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information, so that the user can quickly and effectively verify the integrity and privacy of the information received from a third party without interacting with the third party, and the privacy and integrity of the information during sharing are guaranteed. Therefore, the information sharing method, the information sharing device, the information sharing equipment and the information sharing storage medium provided by the embodiment of the invention can guarantee the privacy and the integrity of information sharing.
Drawings
Fig. 1 is a schematic flowchart of an information sharing method according to an embodiment of the present invention;
fig. 2 is a detailed flowchart illustrating a step in an information sharing method according to an embodiment of the present invention;
fig. 3 is a detailed flowchart illustrating a step in an information sharing method according to an embodiment of the present invention;
fig. 4 is a detailed flowchart illustrating a step in an information sharing method according to an embodiment of the present invention;
fig. 5 is a detailed flowchart illustrating a step in an information sharing method according to an embodiment of the present invention;
fig. 6 is a block diagram of an information sharing apparatus according to an embodiment of the present invention;
fig. 7 is a schematic internal structural diagram of an electronic device implementing an information sharing method according to an embodiment of the present invention;
the implementation, functional features and advantages of the present invention will be further described with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the invention provides an information sharing method. The execution subject of the information sharing method includes, but is not limited to, at least one of electronic devices such as a server and a terminal that can be configured to execute the method provided by the embodiments of the present application. In other words, the information sharing method may be performed by software or hardware installed in the terminal device or the server device, and the software may be a block chain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Referring to fig. 1, which is a schematic flow chart of an information sharing method according to an embodiment of the present invention, in an embodiment of the present invention, the information sharing method includes the following steps S1-S4:
s1, obtaining encrypted information to be shared, storing the encrypted information and a hash value corresponding to the encrypted information into a preset block chain, and recording the encrypted information and the hash value corresponding to the encrypted information as an information ID and an information hash value ID respectively, wherein the encrypted information comprises a symmetric encrypted ciphertext and an attribute encrypted ciphertext.
In the embodiment of the present invention, the encrypted information to be shared refers to information for encrypting the personal identity of the sender, for example, in the field of medical health, the encrypted information to be shared may be the personal health record information of the patient; the hash value corresponding to the encrypted information has the main function of calculating data with any length into result data with a fixed length, and the hash value has strong anti-tampering capability, and only slightly changes any input, so that the hash value is greatly changed, and the encrypted information can be effectively prevented from being tampered.
In the embodiment of the present invention, the encrypted information includes a Symmetric encrypted ciphertext and an attribute encrypted ciphertext, where the Symmetric encrypted ciphertext is encrypted by using a Symmetric Encryption technology, and the attribute encrypted ciphertext is encrypted by using an attribute Encryption technology to encrypt a key of the Symmetric encrypted information, where the Symmetric Encryption technology may be an SSE (secure Symmetric Encryption) technology, and is characterized in that the same key is used for Encryption and decryption; the Attribute Encryption technology can be a CP-ABE (Ciphertext Policy Based Attribute Encryption) technology, and by embedding attributes into a key formed by symmetric Encryption, users conforming to the attributes can access symmetric encrypted Ciphertext through key pairing.
For example, in the field of medical health, the symmetric encryption information and the symmetric key can be obtained by encrypting the personal health record information of the patient by using a symmetric searchable encryption technology, and in order to solve the problem of single point of failure caused by centralized key management of a single entity, the embodiment of the invention further encrypts the symmetric key by using an attribute encryption technology to obtain the attribute encryption information.
Further, the embodiment of the invention stores the encryption information and the hash value corresponding to the encryption information into a preset block chain by acquiring the encryption information to be shared, and records the encryption information and the hash value corresponding to the encryption information as the information ID and the information hash value ID respectively, so that the information can be managed through the block chain, and the condition that the information is tampered or leaked when the information is outsourced to a third party is avoided.
As an embodiment of the present invention, referring to fig. 2, the storing the encrypted information and the hash value corresponding to the encrypted information into a preset block chain includes the following steps S11-S15:
s11, acquiring the Mercker tree storing the encrypted information in the preset block chain, the preset block chain private key and the preset block chain public key;
s12, signing the root node in the Mercker tree by using the preset block chain private key to obtain a root node signature;
s13, verifying whether the preset block chain public key is matched with the root node signature;
s14, if the preset block chain public key is not matched with the root node signature, determining that the verification is not passed;
and S15, if the public key of the preset block chain is matched with the signature of the root node, determining that the verification is passed, and storing the encrypted information and the hash value corresponding to the encrypted information in the preset block chain.
The merkel tree is a tree for storing the hash value corresponding to the encrypted information, and whether the encrypted information and the hash value corresponding to the encrypted information are completely stored in a preset block chain can be verified through signature verification of the block chain, so that the information integrity of the encrypted information is guaranteed.
In an embodiment of the present invention, if the predetermined public key of the blockchain is not matched with the signature of the root node, it indicates that the encrypted information and the information corresponding to the hash value before being stored in the predetermined blockchain are incomplete, and this condition may be fed back to the user and the developer to be tracked by the developer.
S2, receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext.
In the embodiment of the present invention, the request content or the request purpose of the access request varies according to different service scenarios, for example, in the medical health field, the access request may be an encrypted information request for initiating access to the personal health record.
In the embodiment of the present invention, the information ID is used as an index, and a symmetric encryption ciphertext and an attribute encryption ciphertext in the encryption information may be read from the block chain.
In the embodiment of the present invention, the first decrypted plaintext refers to a corresponding attribute plaintext obtained by decrypting the attribute encrypted ciphertext.
Further, according to the access request and the information ID, the embodiment of the present invention reads the symmetric encrypted ciphertext and the attribute encrypted ciphertext included in the encrypted information from the preset block chain, and performs attribute decryption on the attribute encrypted ciphertext to obtain the first decrypted plaintext, and only the user meeting the attribute requirement of the attribute encrypted ciphertext can decrypt the first decrypted plaintext, so that the rationality of the identity information of the sender sending the access request can be verified, and the privacy protection of the encrypted information is enhanced.
As an embodiment of the present invention, referring to fig. 3, the performing attribute decryption on the attribute-encrypted ciphertext to obtain a first decrypted plaintext includes the following steps S21-S25:
s21, acquiring an attribute public key, an attribute private key and an attribute access tree of the attribute encrypted ciphertext, wherein the access tree comprises a plurality of child nodes and a father node;
s22, traversing the access tree to obtain child attribute values returned by each child node, and accumulating the child attribute values to obtain parent attribute values;
s23, judging whether the father attribute value meets the preset encryption attribute value;
s24, if the father attribute value does not meet the encryption attribute value, the decryption fails;
s25, if the father attribute value meets the encryption attribute value, the attribute public key is paired with the attribute private key to obtain the first decryption plaintext.
The access tree is an attribute structure tree generated during attribute encryption, wherein each node of the access tree stores a corresponding attribute value; the child attribute values refer to the attribute values stored by each child node; the parent attribute value represents an attribute value corresponding to the whole access tree; the encryption attribute value refers to an encryption attribute value which is customized when attribute encryption is performed and can be changed according to requirements.
S3, creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext.
In the embodiment of the invention, the keyword index refers to self-defined keyword retrieval, and different keywords can be defined according to requirements.
Optionally, when the data is outsourced to a third party, the data is encrypted and stored to the third party, and in order to realize that the data can be indexed after being encrypted and the original data cannot be leaked to the third party, a keyword index of the encrypted information is created, where the keyword index can be created through a preset probability function (such as an Enc function).
In the embodiment of the present invention, the index data refers to data related to a keyword index in the encrypted information.
In the embodiment of the present invention, the second decrypted plaintext is obtained by decrypting the index data in the symmetric encrypted plaintext, and thus the second decrypted plaintext may specifically include, but is not limited to, identity information (such as name, illness state, treatment period, and the like) of a user, an access address, an access object, and an access domain name, where the access address may be a system website address for initiating an access request; the access domain name may be the system website IP address from which the access request originated.
Further, in the embodiment of the present invention, a keyword token is generated according to the first decrypted plaintext and the symmetric encrypted ciphertext, and the keyword index is executed by using the keyword token to obtain index data, so that data corresponding to a keyword can be accurately obtained from the symmetric encrypted ciphertext directly through the keyword index, and source data is effectively prevented from being leaked to a third party.
As an embodiment of the present invention, the generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext includes:
and acquiring a keyword input by a user and a symmetric key of the symmetric encrypted ciphertext, and taking the keyword, the first decrypted plaintext and the encrypted ciphertext as input parameters of a preset token generating function to obtain a keyword token.
In an embodiment of the present invention, the token generation function may be τ s =Stoken(K,C,w);
Wherein, tau s Representing a key token, Stoken (K, C, w) representing a token generating function, K representing the first decrypted plaintext, C representing the symmetric key, and w representing the key.
Further, referring to fig. 4, the performing the key indexing with the key token to obtain the index data in the symmetric encryption text includes the following steps S31-S32:
s31, acquiring keywords input by a user and keyword keys of the keywords, and generating trapdoors corresponding to the keywords according to the keyword keys;
s32, executing the key word index in the symmetric encryption ciphertext according to the trapdoor and the key word token to obtain index data in the symmetric encryption ciphertext.
The trapdoors are encrypted keywords and comprise retrieval trapdoors and updating trapdoors, and the retrieval trapdoors are used for retrieving required information in a symmetric encrypted ciphertext; the trap door is used for adding or deleting the keywords in the symmetric encryption text, and further, the embodiment of the invention can prevent the plain text of the keywords from being directly leaked to a third party through the trap door, thereby ensuring the privacy of the keywords.
Furthermore, the embodiment of the invention obtains the second decrypted plaintext by symmetrically decrypting the index data in the symmetrically encrypted ciphertext, can resist the conventional data encryption attack means, and effectively prevents the symmetrically encrypted ciphertext from being tampered.
As an embodiment of the present invention, the performing symmetric decryption on the index data in the symmetric encrypted text to obtain a second decrypted plaintext includes:
and acquiring a symmetric key of the symmetric encryption ciphertext, and taking the symmetric key and the index data as input parameters of a preset symmetric decryption function to obtain a second decrypted plaintext.
In an embodiment of the present invention, the symmetric key is both a public key and a private key; the preset symmetric decryption function may be P ═ D (K, C).
Wherein, P is the second decrypted plaintext, C is the index data, K is the symmetric key, and D (K, C) is the symmetric decryption function.
S4, inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
In this embodiment of the present invention, the shared information refers to information in the encrypted information that is consistent with the second decrypted plaintext, for example, if the second decrypted plaintext is the personal health record of the patient a, the shared information is also the personal health record of the patient a.
Furthermore, according to the information hash value ID, the encrypted information corresponding to the second decrypted plaintext in the preset block chain is inquired to obtain shared information, so that a user can quickly and effectively verify the integrity and privacy of information received from a third party without interacting with the third party, and the privacy and integrity of the information during sharing are guaranteed.
As an embodiment of the present invention, referring to fig. 5, the querying the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information includes the following steps S41-S43:
s41, reading the plaintext hash value of the second decrypted plaintext;
s42, acquiring the encrypted information hash value according to the information hash value ID and a preset query statement;
and S43, extracting the encrypted information which is consistent with the plaintext hash value in the encrypted information hash value as shared information.
Wherein the plaintext hash value of the second decrypted plaintext may be obtained by a hash algorithm, such as (SHA algorithm); the preset query statement may be an SQL query statement.
In the embodiment of the invention, firstly, the encrypted information to be shared is obtained, the encrypted information and the hash value corresponding to the encrypted information are stored in a preset block chain, and the encrypted information and the hash value corresponding to the encrypted information are respectively recorded as an information ID and an information hash value ID, so that the information can be managed through the block chain, and the condition that the information is tampered or leaked when being outsourced to a third party is avoided; secondly, performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext, creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, performing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, performing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext, further ensuring the integrity of information through two layers of decryption, and directly and accurately obtaining data corresponding to keywords from the symmetric encrypted ciphertext through the keyword index, thereby effectively avoiding source data from leaking to a third party; and finally, inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information, so that the user can quickly and effectively verify the integrity and privacy of the information received from a third party without interacting with the third party, and the privacy and integrity of the information during sharing are guaranteed. Therefore, the information sharing method provided by the embodiment of the invention can ensure the privacy and the integrity of information sharing.
The information sharing apparatus 100 according to the present invention may be installed in an electronic device. According to the realized functions, the information sharing apparatus may include an encrypted information storage module 101, an attribute decryption module 102, a symmetric decryption module 103, and an information sharing module 104, which may also be referred to as a unit, and refer to a series of computer program segments capable of being executed by a processor of an electronic device and performing fixed functions, and stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the encrypted information storage module 101 is configured to acquire encrypted information to be shared, store the encrypted information and a hash value corresponding to the encrypted information into a preset block chain, and record the encrypted information and the hash value corresponding to the encrypted information as an information ID and an information hash value ID, respectively, where the encrypted information includes a symmetric encrypted ciphertext and an attribute encrypted ciphertext.
In the embodiment of the present invention, the encrypted information to be shared refers to information for encrypting the personal identity of the sender, for example, in the field of medical health, the encrypted information to be shared may be the personal health record information of the patient; the hash value corresponding to the encrypted information has the main function of calculating data with any length into result data with a fixed length, and the hash value has strong anti-tampering capability, and only slightly changes any input, so that the hash value is greatly changed, and the encrypted information can be effectively prevented from being tampered.
In the embodiment of the present invention, the encrypted information includes a Symmetric encrypted ciphertext and an attribute encrypted ciphertext, where the Symmetric encrypted ciphertext is encrypted by using a Symmetric Encryption technology, and the attribute encrypted ciphertext is encrypted by using an attribute Encryption technology to encrypt a key of the Symmetric encrypted information, where the Symmetric Encryption technology may be an SSE (secure Symmetric Encryption) technology, and is characterized in that the same key is used for Encryption and decryption; the Attribute Encryption technology can be a CP-ABE (Ciphertext Policy Based Attribute Encryption) technology, and by embedding attributes into a key formed by symmetric Encryption, users conforming to the attributes can access symmetric encrypted Ciphertext through key pairing.
For example, in the field of medical health, the symmetric encryption information and the symmetric key can be obtained by encrypting the personal health record information of the patient by using a symmetric searchable encryption technology, and in order to solve the problem of single point of failure caused by centralized key management of a single entity, the embodiment of the invention further encrypts the symmetric key by using an attribute encryption technology to obtain the attribute encryption information.
Further, the embodiment of the invention stores the encryption information and the hash value corresponding to the encryption information into a preset block chain by acquiring the encryption information to be shared, and records the encryption information and the hash value corresponding to the encryption information as the information ID and the information hash value ID respectively, so that the information can be managed through the block chain, and the condition that the information is tampered or leaked when the information is outsourced to a third party is avoided.
As an embodiment of the present invention, the storing module 101 stores the encrypted information and the hash value corresponding to the encrypted information into a preset block chain by performing the following operations, including:
acquiring a Merck tree storing the encrypted information in the preset block chain, a preset block chain private key and a preset block chain public key;
signing a root node in the Mercker tree by using the preset block chain private key to obtain a root node signature;
verifying whether the preset block chain public key is matched with the root node signature;
if the preset block chain public key is not matched with the root node signature, determining that the verification is not passed;
and if the preset block chain public key is matched with the root node signature, determining that the verification is passed, and storing the encryption information and the hash value corresponding to the encryption information in the preset block chain.
The merkel tree is a tree for storing the hash value corresponding to the encrypted information, and whether the encrypted information and the hash value corresponding to the encrypted information are completely stored in a preset block chain can be verified through signature verification of the block chain, so that the information integrity of the encrypted information is guaranteed.
In an embodiment of the present invention, if the predetermined public key of the blockchain is not matched with the signature of the root node, it indicates that the encrypted information and the information corresponding to the hash value before being stored in the predetermined blockchain are incomplete, and this condition may be fed back to the user and the developer to be tracked by the developer.
The attribute decryption module 102 is configured to receive an access request for accessing the encrypted information, read a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and perform attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext.
In the embodiment of the present invention, the request content or the request purpose of the access request varies according to different service scenarios, for example, in the medical health field, the access request may be an encrypted information request for initiating access to the personal health record.
In the embodiment of the present invention, the information ID is used as an index, and a symmetric encryption ciphertext and an attribute encryption ciphertext in the encryption information may be read from the block chain.
In the embodiment of the present invention, the first decrypted plaintext refers to a corresponding attribute plaintext obtained by decrypting the attribute encrypted ciphertext.
Further, according to the access request and the information ID, the embodiment of the present invention reads the symmetric encrypted ciphertext and the attribute encrypted ciphertext included in the encrypted information from the preset block chain, and performs attribute decryption on the attribute encrypted ciphertext to obtain the first decrypted plaintext, and only the user meeting the attribute requirement of the attribute encrypted ciphertext can decrypt the first decrypted plaintext, so that the rationality of the identity information of the sender sending the access request can be verified, and the privacy protection of the encrypted information is enhanced.
As an embodiment of the present invention, the attribute decryption module 102 performs attribute decryption on the attribute encrypted ciphertext by performing the following operations to obtain a first decrypted plaintext, including:
acquiring an attribute public key, an attribute private key and an attribute access tree of the attribute encryption ciphertext, wherein the access tree comprises a plurality of child nodes and a father node;
traversing the access tree to obtain child attribute values returned by each child node, and accumulating the child attribute values to obtain parent attribute values;
judging whether the parent attribute value meets a preset encryption attribute value or not;
if the father attribute value does not meet the encryption attribute value, the decryption fails;
and if the father attribute value meets the encryption attribute value, pairing the attribute public key and the attribute private key to obtain the first decrypted plaintext.
The access tree is an attribute structure tree generated during attribute encryption, wherein each node of the access tree stores a corresponding attribute value; the child attribute values refer to the attribute values stored by each child node; the parent attribute value represents an attribute value corresponding to the whole access tree; the encryption attribute value refers to an encryption attribute value which is customized when attribute encryption is performed and can be changed according to requirements.
The symmetric decryption module 103 is configured to create a keyword index of the symmetric encrypted ciphertext, generate a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, execute the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and execute symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext.
In the embodiment of the invention, the keyword index refers to self-defined keyword retrieval, and different keywords can be defined according to requirements.
Optionally, when the data is outsourced to a third party, the data is encrypted and stored to the third party, and in order to realize that the data can be indexed after being encrypted and the original data cannot be leaked to the third party, a keyword index of the encrypted information is created, where the keyword index can be created through a preset probability function (such as an Enc function).
In the embodiment of the present invention, the index data refers to data related to a keyword index in the encrypted information.
In the embodiment of the present invention, the second decrypted plaintext is obtained by decrypting the index data in the symmetric encrypted plaintext, and thus the second decrypted plaintext may specifically include, but is not limited to, identity information (such as name, illness state, treatment period, and the like) of a user, an access address, an access object, and an access domain name, where the access address may be a system website address for initiating an access request; the access domain name may be the system website IP address from which the access request originated.
Further, in the embodiment of the present invention, a keyword token is generated according to the first decrypted plaintext and the symmetric encrypted ciphertext, and the keyword index is executed by using the keyword token to obtain index data, so that data corresponding to a keyword can be accurately obtained from the symmetric encrypted ciphertext directly through the keyword index, and source data is effectively prevented from being leaked to a third party.
As an embodiment of the present invention, the generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext includes:
and acquiring a keyword input by a user and a symmetric key of the symmetric encrypted ciphertext, and taking the keyword, the first decrypted plaintext and the encrypted ciphertext as input parameters of a preset token generating function to obtain a keyword token.
In an embodiment of the present invention, the token generation function may be τ s =Stoken(K,C,w);
Wherein, tau s Representing a key token, Stoken (K, C, w) representing a token generating function, K representing the first decrypted plaintext, C representing the symmetric key, and w representing the key.
Further, the symmetric decryption module 103 executes the key index by using the key token to obtain index data in the symmetric encrypted text by performing the following operations, including:
acquiring keywords input by a user and keyword keys of the keywords, and generating trapdoors corresponding to the keywords according to the keyword keys;
and executing the keyword index in the symmetric encryption ciphertext according to the trapdoor and the keyword token to obtain index data in the symmetric encryption ciphertext.
The trapdoor is an encrypted keyword and comprises a retrieval trapdoor and an updated trapdoor, and the retrieval trapdoor is used for retrieving required information in a symmetric encrypted ciphertext; the trap door is updated to be used for adding or deleting the keywords in the symmetric encryption texts, and further, the plain texts of the keywords can be prevented from being directly leaked to a third party through the trap door, so that the privacy of the keywords is guaranteed.
Furthermore, the embodiment of the invention obtains the second decrypted plaintext by symmetrically decrypting the index data in the symmetrically encrypted ciphertext, can resist the conventional data encryption attack means, and effectively prevents the symmetrically encrypted ciphertext from being tampered.
As an embodiment of the present invention, the performing symmetric decryption on the index data in the symmetric encrypted text to obtain a second decrypted plaintext includes:
and obtaining a symmetric key of the symmetric encryption ciphertext, and taking the symmetric key and the index data as input parameters of a preset symmetric decryption function to obtain a second decrypted plaintext.
In an embodiment of the present invention, the symmetric key is both a public key and a private key; the preset symmetric decryption function may be P ═ D (K, C).
Wherein, P is the second decrypted plaintext, C is the index data, K is the symmetric key, and D (K, C) is the symmetric decryption function.
The information sharing module 104 is configured to query the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID, so as to obtain shared information.
In this embodiment of the present invention, the shared information refers to information in the encrypted information that is consistent with the second decrypted plaintext, for example, if the second decrypted plaintext is the personal health record of the patient a, the shared information is also the personal health record of the patient a.
Furthermore, according to the information hash value ID, the encrypted information corresponding to the second decrypted plaintext in the preset block chain is inquired to obtain shared information, so that a user can quickly and effectively verify the integrity and privacy of information received from a third party without interacting with the third party, and the privacy and integrity of the information during sharing are guaranteed.
As an embodiment of the present invention, the information sharing module 104 queries the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID by performing the following operations to obtain shared information, including:
reading a plaintext hash value of the second decrypted plaintext;
acquiring the encrypted information hash value according to the information hash value ID and a preset query statement;
and extracting the encrypted information which is consistent with the plaintext hash value in the encrypted information hash value as shared information.
Wherein the plaintext hash value of the second decrypted plaintext may be obtained by a hash algorithm, such as (SHA algorithm); the preset query statement may be an SQL query statement.
In the embodiment of the invention, firstly, the encrypted information to be shared is obtained, the encrypted information and the hash value corresponding to the encrypted information are stored in a preset block chain, and the encrypted information and the hash value corresponding to the encrypted information are respectively recorded as an information ID and an information hash value ID, so that the information can be managed through the block chain, and the condition that the information is tampered or leaked when being outsourced to a third party is avoided; secondly, performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext, creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, performing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, performing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext, further ensuring the integrity of information through two layers of decryption, and directly and accurately obtaining data corresponding to keywords from the symmetric encrypted ciphertext through the keyword index, thereby effectively avoiding source data from leaking to a third party; and finally, inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information, so that the user can quickly and effectively verify the integrity and privacy of the information received from a third party without interacting with the third party, and the privacy and integrity of the information during sharing are guaranteed. Therefore, the information sharing device provided by the embodiment of the invention can ensure the privacy and the integrity of information sharing.
Fig. 7 is a schematic structural diagram of an electronic device implementing the information sharing method according to the present invention.
The electronic device may comprise a processor 10, a memory 11, a communication bus 12 and a communication interface 13, and may further comprise a computer program, such as an information sharing program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of media, which includes flash memory, removable hard disk, multimedia card, card type memory (e.g., SD or DX memory, etc.), magnetic memory, local disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, for example a removable hard disk of the electronic device. The memory 11 may also be an external storage device of the electronic device in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only to store application software installed in the electronic device and various types of data, such as codes of an information sharing program, but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device by running or executing programs or modules (e.g., information sharing programs, etc.) stored in the memory 11 and calling data stored in the memory 11.
The communication bus 12 may be a PerIPheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus may be divided into an address bus, a data bus, a control bus, etc. The communication bus 12 is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
Fig. 7 shows only an electronic device having components, and those skilled in the art will appreciate that the structure shown in fig. 7 does not constitute a limitation of the electronic device, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management and the like are realized through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Optionally, the communication interface 13 may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), which is generally used to establish a communication connection between the electronic device and other electronic devices.
Optionally, the communication interface 13 may further include a user interface, which may be a Display (Display), an input unit (such as a Keyboard (Keyboard)), and optionally, a standard wired interface, or a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device and for displaying a visualized user interface.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The information sharing program stored in the memory 11 of the electronic device is a combination of a plurality of computer programs, and when running in the processor 10, can realize:
acquiring encryption information to be shared, storing the encryption information and a hash value corresponding to the encryption information into a preset block chain, and respectively recording the encryption information and the hash value corresponding to the encryption information as an information ID and an information hash value ID, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext;
receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext;
creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext;
and inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
Specifically, the processor 10 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1 for a specific implementation method of the computer program, which is not described herein again.
Further, the electronic device integrated module/unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable medium. The computer readable medium may be non-volatile or volatile. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
Embodiments of the present invention may also provide a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor of an electronic device, the computer program may implement:
acquiring encryption information to be shared, storing the encryption information and a hash value corresponding to the encryption information into a preset block chain, and respectively recording the encryption information and the hash value corresponding to the encryption information as an information ID and an information hash value ID, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext;
receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext;
creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext;
and inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
In the embodiments provided by the present invention, it should be understood that the disclosed media, devices, apparatuses and methods may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. An information sharing method, the method comprising:
acquiring encryption information to be shared, storing the encryption information and a hash value corresponding to the encryption information into a preset block chain, and respectively recording the encryption information and the hash value corresponding to the encryption information as an information ID and an information hash value ID, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext;
receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext;
creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext;
and inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
2. The information sharing method according to claim 1, wherein the performing attribute decryption on the attribute-encrypted ciphertext to obtain a first decrypted plaintext, comprises:
acquiring an attribute public key, an attribute private key and an attribute access tree of the attribute encryption ciphertext, wherein the access tree comprises a plurality of child nodes and a father node;
traversing the access tree to obtain child attribute values returned by each child node, and accumulating the child attribute values to obtain parent attribute values;
judging whether the father attribute value meets a preset encryption attribute value or not;
if the father attribute value does not meet the encryption attribute value, the decryption fails;
and if the father attribute value meets the encryption attribute value, pairing the attribute public key and the attribute private key to obtain the first decrypted plaintext.
3. The information sharing method of claim 1, wherein the performing the key indexing using the key token to obtain index data in the symmetric encryption text comprises:
acquiring keywords input by a user and keyword keys of the keywords, and generating trapdoors corresponding to the keywords according to the keyword keys;
and executing the keyword index in the symmetric encryption ciphertext according to the trapdoor and the keyword token to obtain index data in the symmetric encryption ciphertext.
4. The information sharing method according to claim 1, wherein the generating a key token from the first decrypted plaintext and the symmetric encrypted ciphertext comprises:
and acquiring a keyword input by a user and a symmetric key of the symmetric encrypted ciphertext, and taking the keyword, the first decrypted plaintext and the encrypted ciphertext as input parameters of a preset token generating function to obtain a keyword token.
5. The information sharing method according to claim 1, wherein said symmetrically decrypting the index data in the symmetrically encrypted text to obtain a second decrypted plaintext comprises:
and acquiring a symmetric key of the symmetric encryption ciphertext, and taking the symmetric key and the index data as input parameters of a preset symmetric decryption function to obtain a second decrypted plaintext.
6. The information sharing method according to claim 1, wherein the querying the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information includes:
reading a plaintext hash value of the second decrypted plaintext;
acquiring the encrypted information hash value according to the information hash value ID and a preset query statement;
and extracting the encrypted information which is consistent with the plaintext hash value in the encrypted information hash value as shared information.
7. The information sharing method according to claim 1, wherein the storing the encryption information and the hash value corresponding to the encryption information into a preset block chain includes:
acquiring a Merck tree storing the encrypted information in the preset block chain, a preset block chain private key and a preset block chain public key;
signing a root node in the Mercker tree by using the preset block chain private key to obtain a root node signature;
verifying whether the preset block chain public key is matched with the root node signature;
if the preset block chain public key is not matched with the root node signature, determining that the verification is not passed;
and if the preset block chain public key is matched with the root node signature, determining that the verification is passed, and storing the encryption information and the hash value corresponding to the encryption information in the preset block chain.
8. An information sharing apparatus, the apparatus comprising:
the encryption information storage module is used for acquiring encryption information to be shared, storing the encryption information and a hash value corresponding to the encryption information into a preset block chain, and respectively recording the encryption information and the hash value corresponding to the encryption information as an information ID and an information hash value ID, wherein the encryption information comprises a symmetric encryption ciphertext and an attribute encryption ciphertext;
the attribute decryption module is used for receiving an access request for accessing the encrypted information, reading a symmetric encrypted ciphertext and an attribute encrypted ciphertext included in the encrypted information from the preset block chain according to the access request and the information ID, and performing attribute decryption on the attribute encrypted ciphertext to obtain a first decrypted plaintext;
the symmetric decryption module is used for creating a keyword index of the symmetric encrypted ciphertext, generating a keyword token according to the first decrypted plaintext and the symmetric encrypted ciphertext, executing the keyword index by using the keyword token to obtain index data in the symmetric encrypted ciphertext, and executing symmetric decryption on the index data in the symmetric encrypted ciphertext to obtain a second decrypted plaintext;
and the information sharing module is used for inquiring the encrypted information corresponding to the second decrypted plaintext in the preset block chain according to the information hash value ID to obtain shared information.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the information sharing method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the information sharing method according to any one of claims 1 to 7.
CN202210445750.4A 2022-04-26 2022-04-26 Information sharing method, device, equipment and storage medium Active CN114826736B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210445750.4A CN114826736B (en) 2022-04-26 2022-04-26 Information sharing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210445750.4A CN114826736B (en) 2022-04-26 2022-04-26 Information sharing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114826736A true CN114826736A (en) 2022-07-29
CN114826736B CN114826736B (en) 2024-10-01

Family

ID=82507886

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210445750.4A Active CN114826736B (en) 2022-04-26 2022-04-26 Information sharing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114826736B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992494A (en) * 2023-09-27 2023-11-03 四川启明芯智能科技有限公司 Security protection method, equipment and medium for scenic spot data circulation
CN117786756A (en) * 2024-02-23 2024-03-29 四川大学华西医院 Method and system for realizing safe sharing of user patient data based on skin database

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute
CN108471417A (en) * 2018-03-28 2018-08-31 湖南大学 Keyword query method based on hierarchy attributes under a kind of cloud environment
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
US20190354693A1 (en) * 2018-05-17 2019-11-21 International Business Machines Corporation Blockchain for managing access to medical data
CN111143471A (en) * 2019-12-27 2020-05-12 北京工业大学 Ciphertext retrieval method based on block chain
CN112632598A (en) * 2020-12-09 2021-04-09 西安电子科技大学 Encrypted data retrieval and sharing method, system, medium, equipment and application
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN114048448A (en) * 2021-11-24 2022-02-15 中央财经大学 Block chain based dynamic searchable encryption method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN108471417A (en) * 2018-03-28 2018-08-31 湖南大学 Keyword query method based on hierarchy attributes under a kind of cloud environment
US20190354693A1 (en) * 2018-05-17 2019-11-21 International Business Machines Corporation Blockchain for managing access to medical data
CN111143471A (en) * 2019-12-27 2020-05-12 北京工业大学 Ciphertext retrieval method based on block chain
CN112632598A (en) * 2020-12-09 2021-04-09 西安电子科技大学 Encrypted data retrieval and sharing method, system, medium, equipment and application
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN114048448A (en) * 2021-11-24 2022-02-15 中央财经大学 Block chain based dynamic searchable encryption method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116992494A (en) * 2023-09-27 2023-11-03 四川启明芯智能科技有限公司 Security protection method, equipment and medium for scenic spot data circulation
CN116992494B (en) * 2023-09-27 2023-12-08 四川启明芯智能科技有限公司 Security protection method, equipment and medium for scenic spot data circulation
CN117786756A (en) * 2024-02-23 2024-03-29 四川大学华西医院 Method and system for realizing safe sharing of user patient data based on skin database
CN117786756B (en) * 2024-02-23 2024-05-14 四川大学华西医院 Method and system for realizing safe sharing of user patient data based on skin database

Also Published As

Publication number Publication date
CN114826736B (en) 2024-10-01

Similar Documents

Publication Publication Date Title
CN108900464B (en) Electronic device, block chain-based data processing method, and computer storage medium
Reen et al. Decentralized patient centric e-health record management system using blockchain and IPFS
CN112804218B (en) Block chain-based data processing method, device, equipment and storage medium
WO2022134760A1 (en) Data processing method and apparatus, and electronic device and medium
CN114826736B (en) Information sharing method, device, equipment and storage medium
WO2021003977A1 (en) Default information query method and apparatus, and computer device and storage medium
CN111914029A (en) Block chain-based medical data calling method and device, electronic equipment and medium
CN113055380B (en) Message processing method and device, electronic equipment and medium
CN114389889B (en) File full life cycle management method and device based on block chain technology
CN112951356B (en) Cross-modal medical data joint sharing method based on alliance chain
CN113420049B (en) Data circulation method, device, electronic equipment and storage medium
CN114826553A (en) Cloud storage data security protection method and device based on group signature and homomorphic encryption
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN111695097A (en) Login checking method and device and computer readable storage medium
CN113112252B (en) Resource transfer method and device based on block chain, electronic equipment and storage medium
CN110851843A (en) Data management method and device based on block chain
CN113158207A (en) Block chain based report generation method and device, electronic equipment and storage medium
CN112217642A (en) Data encryption sharing method and device, electronic equipment and computer storage medium
CN115270193B (en) Data file secure sharing method and device based on block chain and collaborative synchronization
CN115758399A (en) Intelligent medical information management method, device, equipment and medium based on medical networking
CN115694949A (en) Private data sharing method and system based on block chain
CN112733180A (en) Data query method and device and electronic equipment
CN114827354A (en) Identity authentication information display method and device, electronic equipment and readable storage medium
CN113806776A (en) Block chain-based medical archive query method and device, electronic equipment and medium
CN115374150A (en) Character string data query method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20241009

Address after: 510000 Building 1, No. 106 Fengze East Road, Nansha District, Guangzhou City, Guangdong Province X1301-D010825 (Cluster Registration) (JM)

Patentee after: Guangzhou Chengyi Technology Consulting Co.,Ltd.

Country or region after: China

Address before: 518000 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong

Patentee before: PING AN PUHUI ENTERPRISE MANAGEMENT Co.,Ltd.

Country or region before: China