CN115033908A - Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method - Google Patents

Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method Download PDF

Info

Publication number
CN115033908A
CN115033908A CN202210962115.3A CN202210962115A CN115033908A CN 115033908 A CN115033908 A CN 115033908A CN 202210962115 A CN202210962115 A CN 202210962115A CN 115033908 A CN115033908 A CN 115033908A
Authority
CN
China
Prior art keywords
data
exploration
secret
center
fine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210962115.3A
Other languages
Chinese (zh)
Other versions
CN115033908B (en
Inventor
张晓均
唐伟
王文琛
王鑫
张豪
李兴鹏
刘庆
唐浩宇
薛婧婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southwest Petroleum University
Original Assignee
Southwest Petroleum University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Petroleum University filed Critical Southwest Petroleum University
Priority to CN202210962115.3A priority Critical patent/CN115033908B/en
Publication of CN115033908A publication Critical patent/CN115033908A/en
Application granted granted Critical
Publication of CN115033908B publication Critical patent/CN115033908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an oil-gas exploration fine-grained dense-state data retrieval method based on cloud storage, which comprises the following steps: encrypting and uploading original oil and gas exploration fine-grained data; authorization of confidential data retrieval; searching secret state data; the cloud server aggregates the secret data; and (4) blinding, decrypting and statistically analyzing the aggregated confidential data. The confidentiality of oil-gas exploration fine-grained data is guaranteed not to be influenced by various attackers, the two-way privacy protection of the identity of a data owner and the identity of a data user during data sharing is also guaranteed, in addition, after aggregated secret-state data is retrieved from a cloud server by a data analysis center, the data owner and the data user need to be blinded and then decrypted, a second secret parameter is used during blinding, a decryption private key is used during decryption, even if the decryption private key is leaked, the attackers cannot obtain the blinded aggregated secret-state data, and the aggregation value of the original oil-gas exploration fine-grained data cannot be decrypted through the decryption private key, so that the leakage of oil-gas exploration fine-grained data information is prevented.

Description

Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method
Technical Field
The invention belongs to the field of big data analysis and safety processing in an oil-gas exploration and development system, and particularly relates to a cloud storage-based oil-gas exploration fine-grained dense-state data retrieval method.
Background
Petroleum and natural gas are used as important energy resources and strategic materials of China, and the safety of the petroleum and the natural gas is an important basic stone for the national strategic safety. The oil and gas exploration work as a front-end link of the oil and gas industry comprises the work of resource searching, design and implementation of development schemes and the like, and has important significance for maintaining the stability of resource exploration reserves and ensuring the continuous development of the oil industry. The research and development mechanism can integrate and analyze oil and gas exploration data to obtain a global exploration model, so that repeated research and development of all the oil and gas exploration mechanisms on the same project are reduced.
Since the data of each oil and gas exploration site is usually confidential data, the data often includes oil and gas exploration discovery sites, machine investment and even oil and gas transportation paths. Therefore, confidentiality of these strategic data is usually guaranteed. Therefore, each exploration institution wants to access fine-grained data only by itself, and grants data use right only to the related data analysis center, so as to achieve the purpose that the data is usable and invisible. It is also only then that as a data owner, one would like to contribute his own data to obtain a more optimal global model.
In addition, since the data storage service of each organization is usually outsourced to the cloud server, the data in this mode is out of the control of the data owner. The user can adopt a mode of uploading the encrypted data to ensure that the data is not leaked, but the authorization process of the data is not facilitated.
Therefore, under the background of data storage outsourcing, on the basis of ensuring the confidentiality of the multi-source heterogeneous exploration data, a sharing scheme which can keep the access right of a data owner to own data and can realize the data sharing right is an important base stone for novel intelligent oil-gas exploration and development in the big data era.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method.
The purpose of the invention is realized by the following technical scheme:
the retrieval method of oil and gas exploration fine-grained dense-state data based on cloud storage is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a credible center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the credible center, the credible center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and the retrieval method comprises the following steps:
s1, encryption and uploading of original oil and gas exploration fine-grained data: the method comprises the steps that a data manager of an exploration and development area obtains fault-tolerant parameters sent by a trusted center through a safety channel, encrypts original oil and gas exploration fine-grained data of the data manager by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret state data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, searching secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
Preferably, the S1 further includes the following steps:
initializing a system: the trusted center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function.
Preferably, before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the secure channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
Preferably, the system initialization specifically includes the following sub-steps:
the trusted center selects the first prime number
Figure DEST_PATH_IMAGE001
And a second largest prime number
Figure DEST_PATH_IMAGE002
Calculating the modulus
Figure DEST_PATH_IMAGE003
Decrypting the private key
Figure DEST_PATH_IMAGE004
Homomorphic encrypted public parameter one
Figure DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure DEST_PATH_IMAGE006
Wherein
Figure DEST_PATH_IMAGE007
To a circulating group
Figure DEST_PATH_IMAGE008
A generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein
Figure DEST_PATH_IMAGE009
Figure DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure DEST_PATH_IMAGE011
represents a p-1 factorial cyclic group;
the trusted center selects a third secret parameter
Figure DEST_PATH_IMAGE012
And
Figure DEST_PATH_IMAGE013
second order polynomial
Figure DEST_PATH_IMAGE014
Wherein
Figure DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure DEST_PATH_IMAGE016
respectively from a finite field
Figure DEST_PATH_IMAGE017
The coefficients of the selected second polynomial;
the trusted center publishes a first set of parameters
Figure DEST_PATH_IMAGE018
And the second parameter is set
Figure DEST_PATH_IMAGE019
And (5) performing safe preservation.
Preferably, the exploration and development field data manager sends a registration request to a trusted center, and the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameter and the large prime number, specifically including the following sub-steps:
exploration and development field data manager selects private key thereof
Figure DEST_PATH_IMAGE020
And calculates its own public key
Figure DEST_PATH_IMAGE021
Then sends its own public key
Figure DEST_PATH_IMAGE022
And its own identity
Figure DEST_PATH_IMAGE023
Sending the information to a trusted center for registration;
the trust center sends a large prime number through the secure channel
Figure DEST_PATH_IMAGE024
And fault tolerance parameters
Figure DEST_PATH_IMAGE025
To the exploration and development field data manager, wherein
Figure DEST_PATH_IMAGE026
The trusted center sends the information to the cloud server through the secure channel
Figure DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure DEST_PATH_IMAGE028
Wherein
Figure DEST_PATH_IMAGE029
Figure DEST_PATH_IMAGE030
The total number of data managers in the exploration and development field area initiating a registration request to the trusted center;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted center
Figure DEST_PATH_IMAGE031
The registration request of (2);
selecting a first secret parameter for authorized retrieval by a trusted center
Figure DEST_PATH_IMAGE032
First secret parameter
Figure 555508DEST_PATH_IMAGE032
Less than each large prime number
Figure DEST_PATH_IMAGE033
Then, calculating the first public parameters of the blindness according to the Chinese remainder theorem
Figure DEST_PATH_IMAGE034
Wherein
Figure DEST_PATH_IMAGE035
Figure DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 816856DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the trusted center selects a first random number
Figure DEST_PATH_IMAGE037
First random number
Figure 488271DEST_PATH_IMAGE037
Satisfy the equation
Figure DEST_PATH_IMAGE038
And calculating a second secret parameter
Figure DEST_PATH_IMAGE039
The trusted center sends the data analysis center via a secure channel
Figure DEST_PATH_IMAGE040
And publish
Figure DEST_PATH_IMAGE041
Preferably, the S1 specifically includes the following sub-steps:
exploration and development field data manager acquires fault-tolerant parameters sent by trusted center through secure channel
Figure 481549DEST_PATH_IMAGE025
Exploration and development field data manager surveys fine-grained data of j-th original oil and gas in time period t
Figure DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 922019DEST_PATH_IMAGE042
Secret state data of
Figure DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure DEST_PATH_IMAGE044
Secret data component two
Figure DEST_PATH_IMAGE045
Figure DEST_PATH_IMAGE046
A second random number selected for an exploration and development field data manager;
data managers of exploration and development field regions send secret data
Figure DEST_PATH_IMAGE047
And uploading to a cloud server.
Preferably, the S2 specifically includes the following sub-steps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channel
Figure 980368DEST_PATH_IMAGE024
And de-blinding the blinded first public parameter to generate a first secret parameter
Figure 575297DEST_PATH_IMAGE032
Wherein
Figure DEST_PATH_IMAGE048
Exploration and development field data manager establishes multiple authorized access strategy values
Figure DEST_PATH_IMAGE049
And combining the various authorized access policy values into a retrieval policy set
Figure DEST_PATH_IMAGE050
In which
Figure DEST_PATH_IMAGE051
J, t and a retrieval strategy set, wherein j represents the original oil and gas exploration fine-grained data of an exploration and development field data manager, t represents the time period of the original oil and gas exploration fine-grained data
Figure 180722DEST_PATH_IMAGE050
Comprises
Figure DEST_PATH_IMAGE052
An authorized access policy value of
Figure DEST_PATH_IMAGE053
Figure DEST_PATH_IMAGE054
Is a concatenated symbol;
exploration and development field data manager construction
Figure DEST_PATH_IMAGE055
Second order polynomial
Figure DEST_PATH_IMAGE056
Wherein
Figure DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure DEST_PATH_IMAGE058
from a finite field
Figure DEST_PATH_IMAGE059
The method comprises the steps of (1) randomly selecting,
Figure DEST_PATH_IMAGE060
is that
Figure DEST_PATH_IMAGE061
Coefficients of the second order first polynomial;
safety index constructed by data manager in exploration and development field area
Figure DEST_PATH_IMAGE062
Figure DEST_PATH_IMAGE063
Is the one component of the security index-the one,
Figure DEST_PATH_IMAGE064
is the component two of the security index,
Figure DEST_PATH_IMAGE065
is a security index component three, where
Figure DEST_PATH_IMAGE066
And uploading the security index to a cloud server by the data manager of the exploration and development field.
Preferably, the S3 specifically includes the following sub-steps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel
Figure 552664DEST_PATH_IMAGE032
And reconstructing the authorized access policy value
Figure DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
Preferably, the S4 specifically includes the following sub-steps:
the cloud server sends an authorized access policy value according to the data analysis center
Figure DEST_PATH_IMAGE068
Construct vector one
Figure DEST_PATH_IMAGE069
The cloud server constructs a vector two according to the security index
Figure DEST_PATH_IMAGE070
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is
Figure DEST_PATH_IMAGE071
Computing Lagrange interpolation coefficient by cloud server
Figure DEST_PATH_IMAGE072
Wherein
Figure DEST_PATH_IMAGE073
Developing site data manager identities for exploration
Figure 109810DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state data
Figure DEST_PATH_IMAGE074
And returning the aggregated secret data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager successfully uploading the own secret data to the cloud server, and
Figure DEST_PATH_IMAGE075
Figure DEST_PATH_IMAGE076
indicating the size of the set of indices.
Preferably, the S5 specifically includes the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible center
Figure DEST_PATH_IMAGE077
And decrypting the private key
Figure DEST_PATH_IMAGE078
The data analysis center multiplies the aggregation secret state data by a second secret parameter
Figure 834446DEST_PATH_IMAGE077
Obtaining the blinded aggregated dense-state data
Figure DEST_PATH_IMAGE079
Then to the blindDecrypting the polymerized dense-state data to obtain a polymerized value of the jth original oil and gas exploration fine-grained data in the time period t
Figure DEST_PATH_IMAGE080
In which
Figure DEST_PATH_IMAGE081
Is that
Figure 885972DEST_PATH_IMAGE078
In multiplication loop groups
Figure DEST_PATH_IMAGE082
The inverse of (1);
and the data analysis center performs statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
The invention has the beneficial effects that:
(1) because the oil and gas exploration fine-grained data is closely related to the privacy of an exploration organization, an attacker may deduce some key information from the oil and gas exploration fine-grained data, the method realized by the embodiment encrypts the owned original oil and gas exploration fine-grained data through a data owner (an exploration and development field data manager), and the data stored in the cloud server is secret data by using the public key of the cloud server and the fault-tolerant parameters distributed to the cloud server by the trusted center during encryption, the trusted center serves as a trusted third party, the data owner authorizes a secret data retrieval authority to the data analysis center registered in the trusted center, the data analysis center retrieves an aggregation value of original oil and gas exploration fine-grained data, and the data analysis center can perform statistical analysis by using the aggregation value of the oil and gas exploration fine-grained data but does not know the identity of the data owner;
in conclusion, the method implemented in the embodiment guarantees that confidentiality of oil and gas exploration fine-grained data is not affected by various attackers, and bidirectional privacy protection of data owner identity and data user identity during data sharing is guaranteed.
(2) After the data analysis center retrieves the aggregated secret state data from the cloud server, the first-stage blinding is required, then the second-stage decryption is carried out, the second secret parameter distributed by the credible center is used during the blinding, the decryption private key distributed by the credible center is used for decryption, even if the decryption private key is leaked, an attacker cannot acquire the blinded aggregated secret state data, and the aggregated secret state data cannot be decrypted through the decryption private key, so that the leakage of fine-grained data information of oil and gas exploration cannot be caused.
(3) In an actual application scenario, the method implemented by the embodiment can enable a data analysis center and a data manager of an exploration and development field to retrieve the dense aggregate data in different time periods for monitoring and evaluating exploration conditions.
(4) The exploration and development field data manager can authorize the data analysis center to flexibly retrieve the aggregated secret state data in different time periods by constructing all possible authorized access strategy values, only provides the correct authorized access strategy value, can pass the data retrieval test of the cloud server, and in addition, any entity cannot pass the data retrieval test of the cloud server.
(5) And under the condition of transmission channel blockage or artificial damage, the method realized by the embodiment can also realize the fault-tolerant function in the retrieval and aggregation process of the secret data.
Drawings
FIG. 1 is an architecture diagram of a fine-grained dense data retrieval system for oil and gas exploration.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
The embodiment provides an oil and gas exploration fine-grained and dense-state data retrieval method based on cloud storage, which is applied to an oil and gas exploration fine-grained and dense-state data retrieval system. Fig. 1 shows an architecture diagram of a fine-grained dense data retrieval system for oil and gas exploration. The oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field data manager, a data analysis center and a credible center, wherein the cloud server is respectively in communication connection with the exploration and development field data manager, the data analysis center and the credible center, the credible center is respectively in communication connection with the exploration and development field data manager and the data analysis center, the exploration and development field data manager serves as a data owner and has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, the original oil and gas exploration fine-grained data are derived from each exploration and development field where the exploration and development field data manager is located, and the exploration and development fields comprise an exploration and development field 1, an exploration and development field 2, an exploration and development field 3 and the like.
The cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method specifically comprises the following steps:
s1, encryption and uploading of original oil and gas exploration fine-grained data: and the data manager of the exploration and development area acquires fault-tolerant parameters sent by the trusted center through a safety channel, encrypts own original oil and gas exploration fine-grained data by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to the cloud server.
S2, authorization of secret state data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a safety channel, blinding is carried out on a blinded first public parameter disclosed by the trust center according to the large prime number, a first secret parameter used for authorized retrieval is generated after blinding is removed, then a plurality of authorized access strategy values are formulated according to the first secret parameter, each authorized access strategy value is used as a root of a first polynomial, the first polynomial is recovered, a safety index is generated according to the recovered first polynomial, the generated safety index is uploaded to a cloud server, and the time period of oil and gas exploration fine grain data contained in each authorized access strategy value is different from the type of the oil and gas exploration fine grain data.
S3, searching secret state data: the data analysis center obtains a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager.
S4, the cloud server aggregates the secret data: and the cloud server performs a retrieval test on the secret state data according to the authorized access strategy value and the security index sent by the data analysis center, aggregates the secret state data passing the retrieval test, and returns the aggregated secret state data to the data analysis center.
S5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
Further, S1 may also include the following steps:
initializing a system: the credible center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter which are generated based on a threshold secret sharing method and used for data manager registration of the exploration and development field area and data analysis center registration, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cycle group, a generator of the multiplication cycle group and a hash function.
Furthermore, before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number. Before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
Further, the system initialization specifically includes the following sub-steps:
s001, the credible center selects the first big prime number
Figure 799570DEST_PATH_IMAGE001
And a second largest prime number
Figure 557310DEST_PATH_IMAGE002
Calculating the modulus
Figure 350999DEST_PATH_IMAGE003
Decrypting the private key
Figure 954019DEST_PATH_IMAGE004
Homomorphic encryption public parameter one
Figure 925386DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure 89913DEST_PATH_IMAGE006
Wherein
Figure 146731DEST_PATH_IMAGE007
To a circulating group
Figure 287862DEST_PATH_IMAGE008
A generator of (2).
And S002, selecting a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G by the credible center.
S003, the credible center sets a hash function H, wherein
Figure 615200DEST_PATH_IMAGE009
Figure 714743DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure 727699DEST_PATH_IMAGE011
representing a p-1 factorial cyclic group.
S004, the credible center selects a third secret parameter
Figure 938100DEST_PATH_IMAGE012
And
Figure 119945DEST_PATH_IMAGE013
second order polynomial
Figure 124810DEST_PATH_IMAGE014
Wherein
Figure 890641DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure 140619DEST_PATH_IMAGE016
respectively from a finite field
Figure 675506DEST_PATH_IMAGE017
Of the selected coefficients of the second polynomial.
S005, the trusted center publishes the first parameter set
Figure 116851DEST_PATH_IMAGE018
And the second parameter is set
Figure 369978DEST_PATH_IMAGE019
And (5) performing safe preservation.
Further, an exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates fault-tolerant parameters and large prime numbers, and the method specifically comprises the following sub-steps:
SS01, exploration and development field data manager selects own private key
Figure 158068DEST_PATH_IMAGE020
And calculates its own public key
Figure 547461DEST_PATH_IMAGE021
Then sends its own public key
Figure 159708DEST_PATH_IMAGE022
And its own identity
Figure 401595DEST_PATH_IMAGE023
And sending the information to a trusted center for registration.
SS02, trust center sends a big prime number through secure channel
Figure 757490DEST_PATH_IMAGE024
And fault tolerance parameters
Figure 266969DEST_PATH_IMAGE025
To the exploration and development field data manager, wherein
Figure DEST_PATH_IMAGE083
SS03, the trusted center sends to the cloud server through the secure channel
Figure 348320DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure 576039DEST_PATH_IMAGE028
In which
Figure 204466DEST_PATH_IMAGE029
Figure 347214DEST_PATH_IMAGE030
A total number of survey development site data managers to initiate registration requests to a trusted center.
Further, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, the second secret parameter and the decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
SSS01, data analysis center sends information containing self-identity to trusted center
Figure 35685DEST_PATH_IMAGE031
To the registration request of (3).
SSS02, trusted center selecting first secret parameter for authorized retrieval
Figure 750700DEST_PATH_IMAGE032
First secret parameter
Figure 949862DEST_PATH_IMAGE032
Less than each one large
Prime number
Figure 168354DEST_PATH_IMAGE033
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindness
Figure 27726DEST_PATH_IMAGE034
Wherein
Figure DEST_PATH_IMAGE084
Figure 793819DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 29628DEST_PATH_IMAGE023
Subscript i in (1) is a different subscript number.
SSS03 and trusted center selects first random number
Figure 368205DEST_PATH_IMAGE037
First random number
Figure 165522DEST_PATH_IMAGE037
Satisfy the equation
Figure 323971DEST_PATH_IMAGE038
And meterCalculating a second secret parameter
Figure 363471DEST_PATH_IMAGE039
SSS04, trusted center sends to data analysis center via secure channel
Figure 323599DEST_PATH_IMAGE040
And publish
Figure 524773DEST_PATH_IMAGE041
Further, S1 specifically includes the following sub-steps:
s11, the data manager of the exploration and development field acquires the fault-tolerant parameters sent by the trusted center through the secure channel
Figure 436098DEST_PATH_IMAGE025
S12 data manager of exploration and development field
Figure 515174DEST_PATH_IMAGE023
Exploring the jth original oil and gas fine-grained data in the time period t
Figure 828344DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 997157DEST_PATH_IMAGE042
Secret state data of
Figure 162822DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure 809704DEST_PATH_IMAGE044
Secret data component two
Figure DEST_PATH_IMAGE085
Figure DEST_PATH_IMAGE086
Data manager for exploration and development field
Figure 134637DEST_PATH_IMAGE023
And selecting a second random number.
S13 data manager of exploration and development field
Figure 677614DEST_PATH_IMAGE023
Secret state data
Figure 32372DEST_PATH_IMAGE047
And uploading to a cloud server.
Further, S2 specifically includes the following sub-steps:
s21 exploration and development field data manager
Figure 441532DEST_PATH_IMAGE023
Obtaining the large prime number sent by the credible center through the secure channel
Figure 198136DEST_PATH_IMAGE024
De-blinding the first blinded parameter to generate a first secret parameter
Figure 912014DEST_PATH_IMAGE032
Wherein
Figure 19647DEST_PATH_IMAGE048
S22 exploration and development field data manager
Figure 978638DEST_PATH_IMAGE023
Formulating multiple authorized access policy values
Figure DEST_PATH_IMAGE087
And combining the various authorized access policy values into a retrieval policy set
Figure 386486DEST_PATH_IMAGE050
Wherein
Figure 536844DEST_PATH_IMAGE051
J-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy set
Figure 367659DEST_PATH_IMAGE050
Comprises
Figure 363297DEST_PATH_IMAGE052
An authorized access policy value of
Figure 828913DEST_PATH_IMAGE053
Figure 150173DEST_PATH_IMAGE054
Is a concatenated symbol.
S23 data manager of exploration and development field
Figure 202705DEST_PATH_IMAGE023
Construction of
Figure 2034DEST_PATH_IMAGE055
Second order polynomial
Figure 322157DEST_PATH_IMAGE056
Wherein
Figure 79897DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure 619725DEST_PATH_IMAGE058
from a finite field
Figure 488324DEST_PATH_IMAGE059
The method comprises the following steps of (1) selecting,
Figure 459691DEST_PATH_IMAGE060
is that
Figure 889798DEST_PATH_IMAGE061
Coefficients of the second order first polynomial.
S24 data manager of exploration and development field
Figure 681036DEST_PATH_IMAGE023
Building a secure index
Figure 353326DEST_PATH_IMAGE062
Figure 179200DEST_PATH_IMAGE063
Is the one component of the security index-the one,
Figure 514628DEST_PATH_IMAGE064
is the component two of the security index,
Figure 793163DEST_PATH_IMAGE065
is a security index component three, where
Figure 737985DEST_PATH_IMAGE066
S25 exploration and development field data manager
Figure 654251DEST_PATH_IMAGE023
And uploading the security index to a cloud server.
Further, S3 specifically includes the following sub-steps:
s31, the data analysis center obtains a first secret parameter sent by the trusted center through the secure channel
Figure 659116DEST_PATH_IMAGE032
And reconstructing the authorized access
Policy value
Figure 893788DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
Preferably, S4 specifically includes the following sub-steps:
s41, cloudThe server sends an authorized access policy value according to the data analysis center
Figure 376722DEST_PATH_IMAGE068
Construct vector one
Figure 646029DEST_PATH_IMAGE069
S42, the cloud server constructs a vector two according to the security index
Figure 69400DEST_PATH_IMAGE070
S43, the cloud server carries out retrieval test of the secret state data and determines the secret state data meeting the test equation, wherein the test equation is
Figure 56948DEST_PATH_IMAGE071
S44, calculating Lagrange interpolation coefficient by cloud server
Figure 77993DEST_PATH_IMAGE072
Wherein
Figure 467386DEST_PATH_IMAGE073
Developing site data manager identities for exploration
Figure 49940DEST_PATH_IMAGE023
Subscript i in (1) is a different subscript number.
S45, the cloud server aggregates all the dense state data meeting the test equation to generate aggregated dense state data
Figure 524783DEST_PATH_IMAGE074
And returning the aggregated secret state data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager which successfully uploads the own secret state data to the cloud server, and
Figure 349520DEST_PATH_IMAGE075
Figure 327840DEST_PATH_IMAGE076
indicating the size of the set of subscripts.
Further, S5 specifically includes the following sub-steps:
s51, the data analysis center obtains a second secret parameter distributed by the credible center
Figure 579830DEST_PATH_IMAGE077
And decrypting the private key
Figure 43435DEST_PATH_IMAGE078
S52, the data analysis center multiplies the aggregation secret state data by the second secret parameter
Figure 406283DEST_PATH_IMAGE077
Obtaining the blinded aggregated dense-state data
Figure 504689DEST_PATH_IMAGE079
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil and gas exploration fine-grained data in a time period t
Figure DEST_PATH_IMAGE088
In which
Figure 491362DEST_PATH_IMAGE081
Is that
Figure 675218DEST_PATH_IMAGE078
In multiplication loop groups
Figure 841758DEST_PATH_IMAGE082
The inverse of (1).
S53, the data analysis center carries out statistical analysis according to the aggregation value of j-th original oil and gas exploration fine-grained data in the time period t under the privacy protection state. Statistical analysis includes evaluating the average state value of fine-grained data for this type of hydrocarbon exploration, and the like.
For explorationDevelopment site data manager
Figure DEST_PATH_IMAGE089
Due to the existence of
Figure DEST_PATH_IMAGE090
Wherein
Figure DEST_PATH_IMAGE091
And
Figure DEST_PATH_IMAGE092
according to the Chinese remainder theorem, the following can be obtained:
Figure DEST_PATH_IMAGE093
thus, each exploration and development site data manager
Figure 76561DEST_PATH_IMAGE089
The same value can be calculated
Figure DEST_PATH_IMAGE094
. The exploration and development field data managers can calculate the same authorized access strategy value according to the j-th type oil and gas exploration fine-grained data retrieval requirement of the time period t
Figure DEST_PATH_IMAGE095
So that the data analysis center can submit the same authorized access policy value
Figure 562031DEST_PATH_IMAGE095
And retrieving the aggregated dense-state data in the cloud server.
Upon receipt of an authorized access policy value from a data analysis center
Figure 967605DEST_PATH_IMAGE095
The cloud server constructs a vector I according to a safety index for oil and gas exploration confidential data retrieval
Figure 937835DEST_PATH_IMAGE069
Constructing a vector two
Figure 777877DEST_PATH_IMAGE070
The correctness of the test equation is derived as follows:
Figure DEST_PATH_IMAGE096
due to the fact that
Figure 136046DEST_PATH_IMAGE095
Is each one of
Figure 61539DEST_PATH_IMAGE055
Root of a sub-function, we can get
Figure DEST_PATH_IMAGE097
Cloud server generating aggregated secret data
Figure DEST_PATH_IMAGE098
The derivation is as follows:
Figure DEST_PATH_IMAGE099
the data analysis center then utilizes the second secret parameter
Figure 777736DEST_PATH_IMAGE077
Computing blinded aggregated dense-state data
Figure 236399DEST_PATH_IMAGE079
The derivation is as follows:
Figure DEST_PATH_IMAGE100
wherein k represents
Figure DEST_PATH_IMAGE101
Is that
Figure DEST_PATH_IMAGE102
Multiples of (a).
Finally, the data analysis center uses the decryption private key
Figure DEST_PATH_IMAGE103
Equation of decryption
Figure DEST_PATH_IMAGE104
The derivation is as follows:
Figure 548825DEST_PATH_IMAGE104
Figure DEST_PATH_IMAGE105
the foregoing is merely a preferred embodiment of the invention, it is to be understood that the invention is not limited to the forms disclosed herein, but is not intended to be exhaustive or to limit the invention to other embodiments, and to various other combinations, modifications, and environments and may be modified within the scope of the inventive concept as described herein by the teachings or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. The retrieval method of oil and gas exploration fine-grained dense-state data based on cloud storage is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a credible center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the credible center, the credible center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, and the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and is characterized by comprising the following steps:
s1, encryption and uploading of original oil and gas exploration fine-grained data: the method comprises the steps that a data manager of an exploration and development area obtains fault-tolerant parameters sent by a trusted center through a safety channel, encrypts original oil and gas exploration fine-grained data of the data manager by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret state data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, searching secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
2. The method for retrieving fine-grained dense data for oil and gas exploration based on cloud storage as claimed in claim 1, wherein said S1 is preceded by the steps of:
initializing a system: the trusted center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function.
3. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 2,
before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
4. The method for retrieving fine-grained dense-state data of oil and gas exploration based on cloud storage as claimed in claim 3, wherein the system initialization specifically comprises the following sub-steps:
the trust center selects the first large prime number
Figure 348453DEST_PATH_IMAGE001
And a second largest prime number
Figure 258640DEST_PATH_IMAGE002
Calculating the modulus
Figure 996920DEST_PATH_IMAGE003
Decrypting the private key
Figure 283545DEST_PATH_IMAGE004
Homomorphic encrypted public parameter one
Figure 922205DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure 268873DEST_PATH_IMAGE006
Wherein
Figure 353504DEST_PATH_IMAGE007
To a circulating group
Figure 164858DEST_PATH_IMAGE008
A generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein
Figure 674337DEST_PATH_IMAGE009
Figure 942638DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure 904778DEST_PATH_IMAGE011
represents a p-1 factorial cyclic group;
the credible center selects a third secret parameter
Figure 782473DEST_PATH_IMAGE012
And
Figure 880879DEST_PATH_IMAGE013
second order polynomial
Figure 320082DEST_PATH_IMAGE014
Wherein
Figure 769518DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure 188254DEST_PATH_IMAGE016
respectively from a finite field
Figure 141167DEST_PATH_IMAGE017
The coefficients of the selected second polynomial;
the trusted center publishes a first set of parameters
Figure 751271DEST_PATH_IMAGE018
And the second parameter is set
Figure 422423DEST_PATH_IMAGE019
And (5) performing safe preservation.
5. The method of claim 4 for retrieving fine grained dense data for oil and gas exploration based on cloud storage,
the exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number, and the method specifically comprises the following sub-steps:
exploration and development field data manager selects own private key
Figure 907500DEST_PATH_IMAGE020
And calculates its own public key
Figure 980498DEST_PATH_IMAGE021
Then the public key of itself
Figure 761504DEST_PATH_IMAGE022
And its own identity
Figure 919953DEST_PATH_IMAGE023
Sending the information to a trusted center for registration;
the trust center sends a large prime number through the secure channel
Figure 668773DEST_PATH_IMAGE024
And fault tolerance parameters
Figure 861857DEST_PATH_IMAGE025
To the exploration and development field data manager, wherein
Figure 813763DEST_PATH_IMAGE026
The trusted center sends the information to the cloud server through the secure channel
Figure 459508DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure 20809DEST_PATH_IMAGE028
Wherein
Figure 333978DEST_PATH_IMAGE029
Figure 456786DEST_PATH_IMAGE030
To send to the trusted centerThe total number of survey development site data managers that initiated the registration request;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted center
Figure 589827DEST_PATH_IMAGE031
The registration request of (2);
selection of a first secret parameter for authorized retrieval by a trusted center
Figure 846496DEST_PATH_IMAGE032
First secret parameter
Figure 791DEST_PATH_IMAGE032
Less than each large prime number
Figure 809347DEST_PATH_IMAGE033
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindness
Figure 914837DEST_PATH_IMAGE034
Wherein
Figure 99831DEST_PATH_IMAGE035
Figure 371281DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 85159DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the trusted center selects a first random number
Figure 333738DEST_PATH_IMAGE037
First random number
Figure 541996DEST_PATH_IMAGE037
Satisfy the equation
Figure 418685DEST_PATH_IMAGE038
And calculating a second secret parameter
Figure 821241DEST_PATH_IMAGE039
The trusted center sends the data analysis center via a secure channel
Figure 416171DEST_PATH_IMAGE040
And publish
Figure 162541DEST_PATH_IMAGE041
6. The method for retrieving fine-grained dense-state data of oil and gas exploration based on cloud storage according to claim 5, wherein the step S1 specifically comprises the following sub-steps:
exploration and development field data manager acquires fault-tolerant parameters sent by trusted center through secure channel
Figure 159316DEST_PATH_IMAGE025
Exploration and development field data manager surveys fine-grained data of j original oil and gas in time period t
Figure 729843DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 421856DEST_PATH_IMAGE042
Secret state data of
Figure 486764DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure 88777DEST_PATH_IMAGE044
Secret data component two
Figure 315359DEST_PATH_IMAGE045
Figure 871499DEST_PATH_IMAGE046
A second random number selected for an exploration and development field data manager;
data managers of exploration and development field regions send secret data
Figure 740098DEST_PATH_IMAGE047
And uploading to a cloud server.
7. The method for retrieving fine-grained and dense-state data of oil and gas exploration based on cloud storage as claimed in claim 6, wherein the step S2 specifically comprises the following substeps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channel
Figure 931039DEST_PATH_IMAGE024
And de-blinding the blinded first public parameter to generate a first secret parameter
Figure 859681DEST_PATH_IMAGE032
Wherein
Figure 634608DEST_PATH_IMAGE048
Exploration and development field data manager establishes multiple authorized access strategy values
Figure 182264DEST_PATH_IMAGE049
And combining the various authorized access policy values into a retrieval policy set
Figure 742558DEST_PATH_IMAGE050
Wherein
Figure 327254DEST_PATH_IMAGE051
J-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy set
Figure 871368DEST_PATH_IMAGE050
Comprises
Figure 892606DEST_PATH_IMAGE052
An authorized access policy value of
Figure 307407DEST_PATH_IMAGE053
Figure 63005DEST_PATH_IMAGE054
Is a concatenated symbol;
exploration and development field data manager construction
Figure 563256DEST_PATH_IMAGE055
Second order polynomial
Figure 561037DEST_PATH_IMAGE056
Wherein
Figure 830344DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure 756843DEST_PATH_IMAGE058
from a finite field
Figure 744391DEST_PATH_IMAGE059
The method comprises the steps of (1) randomly selecting,
Figure 283213DEST_PATH_IMAGE060
is that
Figure 407026DEST_PATH_IMAGE061
Coefficients of the second order first polynomial;
safety index construction by data manager of exploration and development field area
Figure 504427DEST_PATH_IMAGE062
Figure 713691DEST_PATH_IMAGE063
Is the one component of the security index, and,
Figure 53274DEST_PATH_IMAGE064
is the component two of the security index,
Figure 31595DEST_PATH_IMAGE065
is a security index component three, where
Figure 565475DEST_PATH_IMAGE066
And uploading the security index to a cloud server by the data manager of the exploration and development field.
8. The method for retrieving fine-grained dense-state data of oil and gas exploration based on cloud storage according to claim 7, wherein the step S3 specifically comprises the following sub-steps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel
Figure 527615DEST_PATH_IMAGE032
And reconstructing the authorized access policy value
Figure 142661DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
9. The method for retrieving fine-grained and dense-state data of oil and gas exploration based on cloud storage according to claim 8, wherein the step S4 specifically comprises the following substeps:
the cloud server sends an authorized access policy value according to the data analysis center
Figure 241067DEST_PATH_IMAGE068
Construct vector one
Figure 945849DEST_PATH_IMAGE069
The cloud server constructs a vector two according to the security index
Figure 129705DEST_PATH_IMAGE070
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is
Figure 811091DEST_PATH_IMAGE071
Cloud server computing Lagrange interpolation coefficient
Figure 29583DEST_PATH_IMAGE072
Wherein
Figure 374108DEST_PATH_IMAGE073
Developing site data manager identities for exploration
Figure 779681DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state data
Figure 861163DEST_PATH_IMAGE074
And returning the aggregated secret state data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager which successfully uploads the own secret state data to the cloud server, and
Figure 684894DEST_PATH_IMAGE075
Figure 449587DEST_PATH_IMAGE076
indicating the size of the set of indices.
10. The method for retrieving fine-grained dense data for oil and gas exploration based on cloud storage according to claim 9, wherein the step S5 specifically comprises the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible center
Figure 591725DEST_PATH_IMAGE077
And decrypting the private key
Figure 365646DEST_PATH_IMAGE078
The data analysis center multiplies the aggregation secret state data by a second secret parameter
Figure 43883DEST_PATH_IMAGE077
Obtaining the blinded aggregated dense-state data
Figure 344590DEST_PATH_IMAGE079
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil-gas exploration fine-grained data in a time period t
Figure 724756DEST_PATH_IMAGE080
Wherein
Figure 53100DEST_PATH_IMAGE081
Is that
Figure 835111DEST_PATH_IMAGE078
In multiplication loop groups
Figure 456454DEST_PATH_IMAGE082
The inverse of (1);
and the data analysis center performs statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
CN202210962115.3A 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method Active CN115033908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210962115.3A CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210962115.3A CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Publications (2)

Publication Number Publication Date
CN115033908A true CN115033908A (en) 2022-09-09
CN115033908B CN115033908B (en) 2022-10-21

Family

ID=83130320

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210962115.3A Active CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Country Status (1)

Country Link
CN (1) CN115033908B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768951A (en) * 2018-05-03 2018-11-06 上海海事大学 The data encryption of protection file privacy and search method under a kind of cloud environment
CN108769020A (en) * 2018-05-29 2018-11-06 东北大学 A kind of the identity attribute proof system and method for secret protection
US20180373834A1 (en) * 2017-06-27 2018-12-27 Hyunghoon Cho Secure genome crowdsourcing for large-scale association studies
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
US20200128022A1 (en) * 2018-10-19 2020-04-23 Digital Asset (Switzerland) GmbH Privacy preserving validation and commit architecture
CN111294366A (en) * 2020-05-13 2020-06-16 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
CN111931249A (en) * 2020-09-22 2020-11-13 西南石油大学 Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111930688A (en) * 2020-09-23 2020-11-13 西南石油大学 Method and device for searching secret data of multi-keyword query in cloud server
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113204741A (en) * 2021-04-12 2021-08-03 中国电力科学研究院有限公司 Method and system suitable for intelligent power consumption data aggregation
CN113382016A (en) * 2021-06-28 2021-09-10 暨南大学 Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment
CN114143094A (en) * 2021-12-02 2022-03-04 兰州理工大学 Multi-authorization attribute-based verifiable encryption method based on block chain
CN114491578A (en) * 2021-12-24 2022-05-13 电子科技大学 Security data aggregation method for privacy calculation
US20220215948A1 (en) * 2021-01-07 2022-07-07 Abiomed, Inc. Network-based medical apparatus control and data management systems

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180373834A1 (en) * 2017-06-27 2018-12-27 Hyunghoon Cho Secure genome crowdsourcing for large-scale association studies
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
CN108768951A (en) * 2018-05-03 2018-11-06 上海海事大学 The data encryption of protection file privacy and search method under a kind of cloud environment
CN108769020A (en) * 2018-05-29 2018-11-06 东北大学 A kind of the identity attribute proof system and method for secret protection
US20200128022A1 (en) * 2018-10-19 2020-04-23 Digital Asset (Switzerland) GmbH Privacy preserving validation and commit architecture
CN111294366A (en) * 2020-05-13 2020-06-16 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
CN111931249A (en) * 2020-09-22 2020-11-13 西南石油大学 Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111930688A (en) * 2020-09-23 2020-11-13 西南石油大学 Method and device for searching secret data of multi-keyword query in cloud server
US20220215948A1 (en) * 2021-01-07 2022-07-07 Abiomed, Inc. Network-based medical apparatus control and data management systems
CN113204741A (en) * 2021-04-12 2021-08-03 中国电力科学研究院有限公司 Method and system suitable for intelligent power consumption data aggregation
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113382016A (en) * 2021-06-28 2021-09-10 暨南大学 Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment
CN114143094A (en) * 2021-12-02 2022-03-04 兰州理工大学 Multi-authorization attribute-based verifiable encryption method based on block chain
CN114491578A (en) * 2021-12-24 2022-05-13 电子科技大学 Security data aggregation method for privacy calculation

Non-Patent Citations (14)

* Cited by examiner, † Cited by third party
Title
KRZYSZTOF GRINING 等: "On practical privacy-preserving fault-tolerant data aggregation", 《INTERNATIONAL JOURNAL OF INFORMATION SECURITY》 *
RUN XIE 等: "Lattice-based searchable public-key encryption scheme for secure cloud storage", 《INTERNATIONAL JOURNAL OF WEB AND GRID SERVICES》 *
WEI ZHANG 等: "Inference Attack-Resistant E-Healthcare Cloud System with Fine-Grained Access Control", 《IEEE TRANSACTIONS ON SERVICES COMPUTIN》 *
XIAOJUN ZHANG 等: "Efficient light-weight private auditing scheme for cloud-based wireless body area networks", 《INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS》 *
XIAOJUN ZHANG 等: "Lightweight Multidimensional Encrypted Data Aggregation Scheme With Fault Tolerance for Fog-Assisted Smart Grids", 《IEEE SYSTEMS JOURNA》 *
YINBIN MIAO 等: "Multi-Authority Attribute-Based Keyword Search over Encrypted Cloud Data", 《IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 *
ZHANG XIAOJUN 等: "Designated Cloud Server Public Key Encryption with Keyword Search from Lattice in the Standard Model", 《CHINESE JOURNALOF ELECTRONICS》 *
周俊 等: "边缘计算隐私保护研究进展", 《计算机研究与发展》 *
岳玮: "云环境下支持密文搜索的健康数据安全共享研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
张晓均 等: "可验证的云存储医疗加密数据统计分析方案", 《计算机工程》 *
张金丹: "面向安全云存储的密码协议研究", 《中国优秀博士学位论文全文数据库 信息科技辑》 *
曹来成 等: "属性盲化的模糊可搜索加密云存储方案", 《北京理工大学学报》 *
郝嘉禄: "云计算数据安全及访问控制关键技术研究", 《中国优秀博士学位论文全文数据库 信息科技辑》 *
骆琴: "云数据共享的搜索与验证方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Also Published As

Publication number Publication date
CN115033908B (en) 2022-10-21

Similar Documents

Publication Publication Date Title
CN108418681B (en) Attribute-based ciphertext retrieval system and method supporting proxy re-encryption
CN109614818B (en) Authorized identity-based keyword search encryption method
Kaaniche et al. A secure client side deduplication scheme in cloud storage environments
Sood A combined approach to ensure data security in cloud computing
Dubey et al. Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment
WO2018113563A1 (en) Database query method and system having access control function
JP6884642B2 (en) Computer implementation systems and methods for protecting sensitive data through data re-encryption
CN111212084B (en) Attribute encryption access control method facing edge calculation
CN104917772A (en) Access control system for cloud store service platform and access control method thereof
CN107734021A (en) block chain data uploading method, system, computer system and storage medium
CN101431516B (en) Method for implementing distributed security policy, client terminal and communication system thereof
CN112989375B (en) Hierarchical optimization encryption lossless privacy protection method
US20050201555A1 (en) System, method and apparatus for secure computation on encrypted data
CN106341236A (en) Access control method facing cloud storage service platform and system thereof
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
Kumar et al. Data outsourcing: A threat to confidentiality, integrity, and availability
Agarkhed et al. An efficient auditing scheme for data storage security in cloud
Sasikumar et al. Modeling and simulation of a novel secure quantum key distribution (SQKD) for ensuring data security in cloud environment
Tyagi et al. Analysis and Implementation of AES and RSA for cloud
CN115033908B (en) Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method
Salem et al. An efficient privacy preserving public auditing mechanism for secure cloud storage
Skarkala et al. Privacy preserving tree augmented naïve Bayesian multi-party implementation on horizontally partitioned databases
Devassy Research Project Questions
Saraswathi et al. A Secured Storage using AES Algorithm and Role Based Access in Cloud
Wang et al. Security enhanced cloud storage access control system based on attribute based encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant