CN115033908B - Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method - Google Patents

Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method Download PDF

Info

Publication number
CN115033908B
CN115033908B CN202210962115.3A CN202210962115A CN115033908B CN 115033908 B CN115033908 B CN 115033908B CN 202210962115 A CN202210962115 A CN 202210962115A CN 115033908 B CN115033908 B CN 115033908B
Authority
CN
China
Prior art keywords
data
exploration
secret
center
fine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210962115.3A
Other languages
Chinese (zh)
Other versions
CN115033908A (en
Inventor
张晓均
唐伟
王文琛
王鑫
张豪
李兴鹏
刘庆
唐浩宇
薛婧婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southwest Petroleum University
Original Assignee
Southwest Petroleum University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Petroleum University filed Critical Southwest Petroleum University
Priority to CN202210962115.3A priority Critical patent/CN115033908B/en
Publication of CN115033908A publication Critical patent/CN115033908A/en
Application granted granted Critical
Publication of CN115033908B publication Critical patent/CN115033908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an oil-gas exploration fine-grained dense-state data retrieval method based on cloud storage, which comprises the following steps: encrypting and uploading original oil and gas exploration fine-grained data; authorization of confidential data retrieval; searching secret data; the cloud server aggregates the secret data; and (4) blinding, decrypting and statistically analyzing the aggregated confidential data. The invention ensures that the confidentiality of oil-gas exploration fine-grained data is not influenced by various attackers, and also ensures the bidirectional privacy protection of the identity of a data owner and the identity of a data user during data sharing, in addition, after the data analysis center retrieves the aggregated secret data from the cloud server, the data analysis center needs to blindly perform decryption, uses a second secret parameter during blinding, uses a decryption private key during decryption, even if the decryption private key is leaked, the attackers cannot obtain the blinded aggregated secret data, and cannot decrypt the aggregated value of the original oil-gas exploration fine-grained data through the decryption private key, thereby preventing the leakage of the oil-gas exploration fine-grained data information.

Description

Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method
Technical Field
The invention belongs to the field of big data analysis and safety processing in an oil gas exploration and development system, and particularly relates to a cloud storage-based oil gas exploration fine-grained and dense-state data retrieval method.
Background
The petroleum and the natural gas are used as important energy resources and strategic materials of the country, and the safety of the petroleum and the natural gas is an important basic stone for the national strategic safety. The oil and gas exploration work as a front-end joint of the oil and gas industry comprises the work of resource searching, design and implementation of a development scheme and the like, and has important significance for maintaining the stability of resource exploration reserves and ensuring the continuous development of the oil and gas industry. The research and development mechanism can integrate and analyze the oil and gas exploration data to obtain a global exploration model, so that repeated research and development of the oil and gas exploration mechanisms on the same project are reduced.
Since the data at each site of the oil and gas exploration is usually confidential data, the data often includes the site of oil and gas exploration discovery, machine investment, and even the oil and gas transportation path. Therefore, confidentiality of these strategic data is generally guaranteed. Therefore, each exploration institution wishes to have access to fine-grained data only by itself and grants data usage rights only to the relevant data analysis centers for the purpose of making the data available invisible. It is also only then that as a data owner, one would like to contribute his own data to obtain a more optimal global model.
In addition, since the data storage service of each organization is usually outsourced to the cloud server, the data in this mode is out of the control of the data owner. Therefore, the user can adopt a mode of uploading the encrypted data to ensure that the data is not leaked, but the authorization process of the data is not facilitated.
Therefore, under the background of data storage outsourcing, on the basis of ensuring the confidentiality of the multi-source heterogeneous exploration data, a sharing scheme which can keep the access right of a data owner to own data and can realize the data sharing right is an important base stone for novel intelligent oil-gas exploration and development in the big data era.
Disclosure of Invention
The invention aims to overcome one or more defects in the prior art and provides a cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method.
The purpose of the invention is realized by the following technical scheme:
the oil and gas exploration fine-grained dense-state data retrieval method based on cloud storage is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a trust center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the trust center, the trust center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and the retrieval method comprises the following steps:
s1, encrypting and uploading original oil and gas exploration fine-grained data: the method comprises the steps that a data manager of an exploration and development area obtains fault-tolerant parameters sent by a trusted center through a safety channel, encrypts original oil and gas exploration fine-grained data of the data manager by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, retrieval of secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated secret data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
Preferably, the step S1 further comprises the following steps:
initializing a system: the trusted center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function.
Preferably, before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the secure channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
Preferably, the system initialization specifically comprises the following sub-steps:
the trusted center selects the first prime number
Figure 100002_DEST_PATH_IMAGE001
And a second largest prime number
Figure DEST_PATH_IMAGE002
Calculating the modulus
Figure 100002_DEST_PATH_IMAGE003
Decrypting the private key
Figure DEST_PATH_IMAGE004
Homomorphic encryption public parameter one
Figure 100002_DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure DEST_PATH_IMAGE006
Wherein
Figure 100002_DEST_PATH_IMAGE007
To a circulating group
Figure DEST_PATH_IMAGE008
A generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein
Figure 100002_DEST_PATH_IMAGE009
Figure DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure 100002_DEST_PATH_IMAGE011
represents a p-1 factorial cyclic group;
the credible center selects a third secret parameter
Figure DEST_PATH_IMAGE012
And
Figure 100002_DEST_PATH_IMAGE013
second order polynomial
Figure DEST_PATH_IMAGE014
In which
Figure 100002_DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure DEST_PATH_IMAGE016
respectively from a finite field
Figure 100002_DEST_PATH_IMAGE017
The coefficients of the selected second polynomial;
the trusted center publishes a first set of parameters
Figure DEST_PATH_IMAGE018
And the second parameter is set
Figure 100002_DEST_PATH_IMAGE019
And (5) performing safe preservation.
Preferably, the exploration and development field data manager sends a registration request to a trust center, and the trust center records registration information of the exploration and development field data manager and generates the fault-tolerant parameter and the large prime number, which specifically includes the following sub-steps:
exploration and development field data manager selects private key thereof
Figure DEST_PATH_IMAGE020
And calculates its own public key
Figure 100002_DEST_PATH_IMAGE021
Then the public key of itself
Figure DEST_PATH_IMAGE022
And its own identity
Figure 100002_DEST_PATH_IMAGE023
Is sent toThe information center registers;
the trust center sends a large prime number through the secure channel
Figure DEST_PATH_IMAGE024
And fault tolerance parameters
Figure 100002_DEST_PATH_IMAGE025
To the exploration and development field data manager, wherein
Figure DEST_PATH_IMAGE026
The trusted center sends the information to the cloud server through the secure channel
Figure 100002_DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure DEST_PATH_IMAGE028
Wherein
Figure 100002_DEST_PATH_IMAGE029
Figure DEST_PATH_IMAGE030
The total number of data managers in the exploration and development field area initiating a registration request to the trusted center;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted center
Figure 100002_DEST_PATH_IMAGE031
A registration request of (2);
selecting a first secret parameter for authorized retrieval by a trusted center
Figure DEST_PATH_IMAGE032
First secret parameter
Figure 555508DEST_PATH_IMAGE032
Less than each large prime number
Figure 100002_DEST_PATH_IMAGE033
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindness
Figure DEST_PATH_IMAGE034
In which
Figure 100002_DEST_PATH_IMAGE035
Figure DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 816856DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the trusted center selects a first random number
Figure 100002_DEST_PATH_IMAGE037
First random number
Figure 488271DEST_PATH_IMAGE037
Satisfy the equation
Figure DEST_PATH_IMAGE038
And calculating a second secret parameter
Figure 100002_DEST_PATH_IMAGE039
The trusted center sends the data to the data analysis center through a secure channel
Figure DEST_PATH_IMAGE040
And publish
Figure 100002_DEST_PATH_IMAGE041
Preferably, S1 specifically includes the following sub-steps:
exploration and development field data manager acquires fault-tolerant parameters sent by trusted center through secure channel
Figure 481549DEST_PATH_IMAGE025
Exploration and development field data manager surveys fine-grained data of j original oil and gas in time period t
Figure DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 922019DEST_PATH_IMAGE042
Secret state data of
Figure 100002_DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure DEST_PATH_IMAGE044
Secret data component two
Figure 100002_DEST_PATH_IMAGE045
Figure DEST_PATH_IMAGE046
A second random number selected for an exploration and development field data manager;
data managers of exploration and development field regions send secret data
Figure 100002_DEST_PATH_IMAGE047
And uploading to a cloud server.
Preferably, the S2 specifically includes the following sub-steps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channel
Figure 980368DEST_PATH_IMAGE024
And de-blinding the blinded first public parameter to generate a first secret parameter
Figure 575297DEST_PATH_IMAGE032
Wherein
Figure DEST_PATH_IMAGE048
Exploration and development field data manager establishes multiple authorized access strategy values
Figure 100002_DEST_PATH_IMAGE049
And combining the various authorized access policy values into a retrieval policy set
Figure DEST_PATH_IMAGE050
Wherein
Figure 100002_DEST_PATH_IMAGE051
J-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy set
Figure 180722DEST_PATH_IMAGE050
Comprises
Figure DEST_PATH_IMAGE052
An authorized access policy value of
Figure 100002_DEST_PATH_IMAGE053
Figure DEST_PATH_IMAGE054
Is a concatenated symbol;
exploration and development field data manager construction
Figure 100002_DEST_PATH_IMAGE055
Second order polynomial
Figure DEST_PATH_IMAGE056
In which
Figure 100002_DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure DEST_PATH_IMAGE058
from a finite field
Figure 100002_DEST_PATH_IMAGE059
The method is characterized in that the method comprises the following steps of random selection,
Figure DEST_PATH_IMAGE060
is that
Figure 100002_DEST_PATH_IMAGE061
Coefficients of the second order first polynomial;
safety index construction by data manager of exploration and development field area
Figure DEST_PATH_IMAGE062
Figure 100002_DEST_PATH_IMAGE063
Is the one component of the security index-the one,
Figure DEST_PATH_IMAGE064
is the component two of the security index,
Figure 100002_DEST_PATH_IMAGE065
is a security index component three, where
Figure DEST_PATH_IMAGE066
And uploading the security index to a cloud server by the data manager of the exploration and development field.
Preferably, the S3 specifically includes the following sub-steps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel
Figure 552664DEST_PATH_IMAGE032
And reconstructing the authorized access policy value
Figure 100002_DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
Preferably, the S4 specifically includes the following sub-steps:
the cloud server sends an authorized access policy value according to the data analysis center
Figure DEST_PATH_IMAGE068
Construct vector one
Figure 100002_DEST_PATH_IMAGE069
The cloud server constructs a vector two according to the security index
Figure DEST_PATH_IMAGE070
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is
Figure 100002_DEST_PATH_IMAGE071
Cloud server computing Lagrange interpolation coefficient
Figure DEST_PATH_IMAGE072
In which
Figure 100002_DEST_PATH_IMAGE073
Developing site data manager identities for exploration
Figure 109810DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state data
Figure DEST_PATH_IMAGE074
And returning the aggregated secret state data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager which successfully uploads the own secret state data to the cloud server, and
Figure 100002_DEST_PATH_IMAGE075
Figure DEST_PATH_IMAGE076
indicating the size of the set of subscripts.
Preferably, the S5 specifically includes the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible center
Figure 100002_DEST_PATH_IMAGE077
And decrypting the private key
Figure DEST_PATH_IMAGE078
The data analysis center multiplies the aggregated secret data by a second secret parameter
Figure 834446DEST_PATH_IMAGE077
Obtaining the blinded aggregated dense-state data
Figure 100002_DEST_PATH_IMAGE079
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil-gas exploration fine-grained data in a time period t
Figure DEST_PATH_IMAGE080
Wherein
Figure 100002_DEST_PATH_IMAGE081
Is that
Figure 885972DEST_PATH_IMAGE078
In multiplication loop groups
Figure DEST_PATH_IMAGE082
The inverse of (1);
and the data analysis center performs statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
The beneficial effects of the invention are:
(1) Because the oil and gas exploration fine-grained data are closely related to the privacy of an exploration mechanism, an attacker may deduce some key information from the oil and gas exploration fine-grained data, the method implemented by the embodiment encrypts the owned original oil and gas exploration fine-grained data through a data owner (an exploration and development field data manager), and uses a public key of the data owner and fault-tolerant parameters distributed to the data owner by a trusted center during encryption, so that the data stored in a cloud server is secret data, the trusted center is used as a trusted third party, the data owner authorizes a secret data retrieval authority to a data analysis center registered in the trusted center, the data analysis center retrieves an aggregation value of the original oil and gas exploration fine-grained data, and the data analysis center can use the aggregation value of the oil and gas exploration fine-grained data for statistical analysis but does not know the identity of the data owner;
in conclusion, the method implemented in the embodiment guarantees that confidentiality of oil and gas exploration fine-grained data is not affected by various attackers, and bidirectional privacy protection of data owner identity and data user identity during data sharing is guaranteed.
(2) After the data analysis center retrieves the aggregated secret state data from the cloud server, the first-stage blinding is required, then the second-stage decryption is carried out, the second secret parameter distributed by the credible center is used during the blinding, the decryption private key distributed by the credible center is used for decryption, even if the decryption private key is leaked, an attacker cannot acquire the blinded aggregated secret state data, and the aggregated secret state data cannot be decrypted through the decryption private key, so that the leakage of fine-grained data information of oil and gas exploration cannot be caused.
(3) In an actual application scenario, the method implemented by the embodiment can enable a data analysis center and a data manager of an exploration and development field to retrieve the dense aggregate data in different time periods for monitoring and evaluating exploration conditions.
(4) The exploration and development field data manager can authorize the data analysis center to flexibly retrieve the aggregated secret state data in different time periods by constructing all possible authorized access strategy values, only provides the correct authorized access strategy value, can pass the data retrieval test of the cloud server, and in addition, any entity cannot pass the data retrieval test of the cloud server.
(5) And under the condition of transmission channel blockage or artificial damage, the method realized by the embodiment can also realize the fault-tolerant function in the retrieval and aggregation process of the secret data.
Drawings
FIG. 1 is an architecture diagram of a fine-grained dense data retrieval system for oil and gas exploration.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
The embodiment provides an oil and gas exploration fine-grained dense-state data retrieval method based on cloud storage, which is applied to an oil and gas exploration fine-grained dense-state data retrieval system. Fig. 1 shows an architecture diagram of a fine-grained and dense-state data retrieval system for oil and gas exploration. The oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field data manager, a data analysis center and a credible center, wherein the cloud server is respectively in communication connection with the exploration and development field data manager, the data analysis center and the credible center, the credible center is respectively in communication connection with the exploration and development field data manager and the data analysis center, the exploration and development field data manager serves as a data owner and has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, the original oil and gas exploration fine-grained data are derived from each exploration and development field where the exploration and development field data manager is located, and the exploration and development fields comprise an exploration and development field 1, an exploration and development field 2, an exploration and development field 3 and the like.
The cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method specifically comprises the following steps:
s1, encryption and uploading of original oil and gas exploration fine-grained data: and the data manager of the exploration and development area acquires fault-tolerant parameters sent by the trusted center through a safety channel, encrypts own original oil and gas exploration fine-grained data by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to the cloud server.
S2, authorization of secret state data retrieval: the method comprises the steps that a data manager of an exploration and development field acquires a large prime number sent by a trust center through a safety channel, de-blinding is carried out on a blinded first public parameter disclosed by the trust center according to the large prime number, a first secret parameter used for authorized retrieval is generated after de-blinding, then a plurality of authorized access strategy values are formulated according to the first secret parameter, each authorized access strategy value is used as a root of a first polynomial, the first polynomial is recovered, a safety index is generated according to the recovered first polynomial, and the generated safety index is uploaded to a cloud server, wherein the time period of oil gas exploration fine grain data contained in each authorized access strategy value is different from the type of the oil gas exploration fine grain data.
S3, retrieval of secret state data: the data analysis center obtains a first secret parameter sent by the credible center through the security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values set by an exploration and development field data manager.
S4, the cloud server aggregates the secret state data: and the cloud server performs a retrieval test on the secret state data according to the authorized access strategy value and the security index sent by the data analysis center, aggregates the secret state data passing the retrieval test, and returns the aggregated secret state data to the data analysis center.
S5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
Further, before S1, the following steps are also included:
initializing a system: the credible center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter which are generated based on a threshold secret sharing method and used for data manager registration of the exploration and development field area and data analysis center registration, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cycle group, a generator of the multiplication cycle group and a hash function.
Furthermore, before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number. Before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
Further, the system initialization specifically includes the following sub-steps:
s001, the trust center selects the first big prime number
Figure 799570DEST_PATH_IMAGE001
And a second largest prime number
Figure 557310DEST_PATH_IMAGE002
Calculating the modulus
Figure 350999DEST_PATH_IMAGE003
Decrypting the private key
Figure 954019DEST_PATH_IMAGE004
Homomorphic encryption public parameter one
Figure 925386DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure 89913DEST_PATH_IMAGE006
Wherein
Figure 146731DEST_PATH_IMAGE007
To a circulating group
Figure 287862DEST_PATH_IMAGE008
A generator of (2).
S002, the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G.
S003, the credible center sets a hash function H, wherein
Figure 615200DEST_PATH_IMAGE009
Figure 714743DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure 727699DEST_PATH_IMAGE011
represents a p-1 factorial cyclic group.
S004, the credible center selects a third secret parameter
Figure 938100DEST_PATH_IMAGE012
And
Figure 119945DEST_PATH_IMAGE013
second order polynomial
Figure 124810DEST_PATH_IMAGE014
Wherein
Figure 890641DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure 140619DEST_PATH_IMAGE016
respectively from a finite field
Figure 675506DEST_PATH_IMAGE017
Of the selected coefficients of the second polynomial.
S005, the trusted center publishes the first parameter set
Figure 116851DEST_PATH_IMAGE018
And the second parameter is set
Figure 369978DEST_PATH_IMAGE019
And (5) performing safe preservation.
Further, an exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates fault-tolerant parameters and large prime numbers, and the method specifically comprises the following sub-steps:
SS01, the data manager of the exploration and development field selects the private key thereof
Figure 158068DEST_PATH_IMAGE020
And calculates its own public key
Figure 547461DEST_PATH_IMAGE021
Then the public key of itself
Figure 159708DEST_PATH_IMAGE022
And its own identity
Figure 401595DEST_PATH_IMAGE023
And sending the information to a trusted center for registration.
SS02, the credible center sends a large prime number through a secure channel
Figure 757490DEST_PATH_IMAGE024
And fault tolerance parameters
Figure 266969DEST_PATH_IMAGE025
To the exploration and development field data managers, wherein
Figure DEST_PATH_IMAGE083
SS03, the trusted center sends to the cloud server through the secure channel
Figure 348320DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure 576039DEST_PATH_IMAGE028
Wherein
Figure 204466DEST_PATH_IMAGE029
Figure 347214DEST_PATH_IMAGE030
A total number of survey development site data managers to initiate registration requests to a trusted center.
Further, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, the second secret parameter and the decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
SSS01, data analysis center sends information containing self identity to trusted center
Figure 35685DEST_PATH_IMAGE031
To the registration request of (3).
SSS02, trusted center selects first secret parameter for authorization retrieval
Figure 750700DEST_PATH_IMAGE032
First secret parameter
Figure 949862DEST_PATH_IMAGE032
Less than each one large
Prime number
Figure 168354DEST_PATH_IMAGE033
Then, calculating the first public parameters of the blindness according to the Chinese remainder theorem
Figure 27726DEST_PATH_IMAGE034
In which
Figure DEST_PATH_IMAGE084
Figure 793819DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 29628DEST_PATH_IMAGE023
Subscript i in (1) is a different subscript number.
SSS03 and trust center select first random number
Figure 368205DEST_PATH_IMAGE037
First random number
Figure 165522DEST_PATH_IMAGE037
Satisfy the equation
Figure 323971DEST_PATH_IMAGE038
And calculating a second secret parameter
Figure 363471DEST_PATH_IMAGE039
SSS04 and trusted center send data analysis center through secure channel
Figure 323599DEST_PATH_IMAGE040
And publish
Figure 524773DEST_PATH_IMAGE041
Further, S1 specifically includes the following sub-steps:
s11, acquiring fault-tolerant parameters sent by a trusted center through a safety channel by a data manager of an exploration and development field area
Figure 436098DEST_PATH_IMAGE025
S12, exploration and development field data manager
Figure 515174DEST_PATH_IMAGE023
Exploring the jth original oil gas exploration fine grain data in the own time period t
Figure 828344DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 997157DEST_PATH_IMAGE042
Secret state data of
Figure 162822DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure 809704DEST_PATH_IMAGE044
Secret data component two
Figure DEST_PATH_IMAGE085
Figure DEST_PATH_IMAGE086
Data manager for exploration and development field
Figure 134637DEST_PATH_IMAGE023
And selecting a second random number.
S13, exploration and development field data manager
Figure 677614DEST_PATH_IMAGE023
Secret state data
Figure 32372DEST_PATH_IMAGE047
And uploading to a cloud server.
Further, S2 specifically includes the following sub-steps:
s21, exploration and development field data manager
Figure 441532DEST_PATH_IMAGE023
Obtaining the large prime number sent by the credible center through the secure channel
Figure 198136DEST_PATH_IMAGE024
De-blinding the first blinded parameter to generate a first secret parameter
Figure 912014DEST_PATH_IMAGE032
Wherein
Figure 19647DEST_PATH_IMAGE048
S22, exploration and development field data manager
Figure 978638DEST_PATH_IMAGE023
Formulating multiple authorized access policy values
Figure DEST_PATH_IMAGE087
And combining the various authorized access policy values into a retrieval policy set
Figure 386486DEST_PATH_IMAGE050
Wherein
Figure 536844DEST_PATH_IMAGE051
J-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy set
Figure 367659DEST_PATH_IMAGE050
Comprises
Figure 363297DEST_PATH_IMAGE052
An authorized access policy value of
Figure 828913DEST_PATH_IMAGE053
Figure 150173DEST_PATH_IMAGE054
Is a concatenated symbol.
S23, exploration and development field data manager
Figure 202705DEST_PATH_IMAGE023
Construction of
Figure 2034DEST_PATH_IMAGE055
First order polynomial
Figure 322157DEST_PATH_IMAGE056
Wherein
Figure 79897DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure 619725DEST_PATH_IMAGE058
from a finite field
Figure 488324DEST_PATH_IMAGE059
The method comprises the following steps of (1) selecting,
Figure 459691DEST_PATH_IMAGE060
is that
Figure 889798DEST_PATH_IMAGE061
Coefficients of the second order first polynomial.
S24, exploration and development field data manager
Figure 681036DEST_PATH_IMAGE023
Building a secure index
Figure 353326DEST_PATH_IMAGE062
Figure 179200DEST_PATH_IMAGE063
Is the one component of the security index-the one,
Figure 514628DEST_PATH_IMAGE064
is the component two of the security index,
Figure 793163DEST_PATH_IMAGE065
is a security index component three, where
Figure 737985DEST_PATH_IMAGE066
S25, exploration and development field data manager
Figure 654251DEST_PATH_IMAGE023
And uploading the security index to a cloud server.
Further, S3 specifically includes the following sub-steps:
s31, the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel
Figure 659116DEST_PATH_IMAGE032
And reconstructing the authorized access
Policy value
Figure 893788DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
Preferably, S4 specifically comprises the following sub-steps:
s41, the cloud server sends an authorized access strategy value according to the data analysis center
Figure 376722DEST_PATH_IMAGE068
Construct vector one
Figure 646029DEST_PATH_IMAGE069
S42, the cloud server constructs a second vector according to the security index
Figure 69400DEST_PATH_IMAGE070
S43, the cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is
Figure 56948DEST_PATH_IMAGE071
S44, computing Lagrange interpolation coefficient by the cloud server
Figure 77993DEST_PATH_IMAGE072
Wherein
Figure 467386DEST_PATH_IMAGE073
Data manager identity for field development for exploration and exploration
Figure 49940DEST_PATH_IMAGE023
Subscript i in (1) differs from subscript number.
S45, the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state data
Figure 524783DEST_PATH_IMAGE074
And returning the aggregated secret data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager successfully uploading the own secret data to the cloud server, and
Figure 349520DEST_PATH_IMAGE075
Figure 327840DEST_PATH_IMAGE076
indicating the size of the set of indices.
Further, S5 specifically includes the following sub-steps:
s51, the data analysis center obtains a second secret parameter distributed by the credible center
Figure 579830DEST_PATH_IMAGE077
And decrypting the private key
Figure 43435DEST_PATH_IMAGE078
S52, multiplying the aggregation secret state data by a second secret parameter by the data analysis center
Figure 406283DEST_PATH_IMAGE077
Obtaining the blinded aggregated dense-state data
Figure 504689DEST_PATH_IMAGE079
Then, decrypting the blinded aggregated dense-state data to obtain an aggregated value of jth original oil and gas exploration fine-grained data in a time period t
Figure DEST_PATH_IMAGE088
Wherein
Figure 491362DEST_PATH_IMAGE081
Is that
Figure 675218DEST_PATH_IMAGE078
In multiplication loop groups
Figure 841758DEST_PATH_IMAGE082
The inverse of (1).
And S53, the data analysis center carries out statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state. Statistical analysis includes evaluating the average state value of fine-grained data for this type of hydrocarbon exploration, and the like.
Data manager for exploration and development field
Figure DEST_PATH_IMAGE089
Due to the existence of
Figure DEST_PATH_IMAGE090
In which
Figure DEST_PATH_IMAGE091
And
Figure DEST_PATH_IMAGE092
according to the Chinese remainder theorem, the following can be obtained:
Figure DEST_PATH_IMAGE093
thus, each exploration and development site data manager
Figure 76561DEST_PATH_IMAGE089
The same value can be calculated
Figure DEST_PATH_IMAGE094
. The exploration and development field data managers can calculate the same authorized access strategy value according to the j-th type oil and gas exploration fine-grained data retrieval requirement of the time period t
Figure DEST_PATH_IMAGE095
So that the data analysis center can submit the same authorized access strategy value
Figure 562031DEST_PATH_IMAGE095
And retrieving the aggregated dense-state data in the cloud server.
Upon receiving an authorized access policy value from a data analysis center
Figure 967605DEST_PATH_IMAGE095
The cloud server constructs a vector I according to a safety index for oil and gas exploration confidential data retrieval
Figure 937835DEST_PATH_IMAGE069
Constructing a vector two
Figure 777877DEST_PATH_IMAGE070
The correctness of the test equation is derived as follows:
Figure DEST_PATH_IMAGE096
due to the fact that
Figure 136046DEST_PATH_IMAGE095
Is each one of
Figure 61539DEST_PATH_IMAGE055
Root of a function of degree, we can get
Figure DEST_PATH_IMAGE097
Cloud server generating aggregated secret data
Figure DEST_PATH_IMAGE098
Derived as follows:
Figure DEST_PATH_IMAGE099
the data analysis center then utilizes the second secret parameter
Figure 777736DEST_PATH_IMAGE077
Computing blinded aggregated dense-state data
Figure 236399DEST_PATH_IMAGE079
The derivation is as follows:
Figure DEST_PATH_IMAGE100
wherein k represents
Figure DEST_PATH_IMAGE101
Is that
Figure DEST_PATH_IMAGE102
Multiples of (a).
Finally, the data analysis center uses the decryption private key
Figure DEST_PATH_IMAGE103
Equation of decryption
Figure DEST_PATH_IMAGE104
The derivation is as follows:
Figure 548825DEST_PATH_IMAGE104
Figure DEST_PATH_IMAGE105
the foregoing is merely a preferred embodiment of the invention, and it is to be understood that the invention is not limited to the form disclosed herein, but is not intended to be foreclosed in other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (6)

1. The cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a trust center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the trust center, the trust center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and the retrieval method is characterized by comprising the following steps of:
s1, encryption and uploading of original oil and gas exploration fine-grained data: the method comprises the steps that a data manager in an exploration and development field acquires fault-tolerant parameters sent by a trusted center through a safety channel, encrypts own original oil and gas exploration fine-grained data by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, retrieval of secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated confidential data according to the second secret parameter, decrypts the blinded aggregated confidential data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state;
the method for detecting the S1 further comprises the following steps:
initializing a system: the method comprises the steps that a trusted center sets a security password component related in the method, a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function;
before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center acquires a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request;
the system initialization specifically comprises the following substeps:
the trusted center selects the first prime number
Figure DEST_PATH_IMAGE001
And the second largest prime number
Figure 43756DEST_PATH_IMAGE002
Calculating the modulus
Figure DEST_PATH_IMAGE003
Decrypting private key
Figure 145705DEST_PATH_IMAGE004
Homomorphic encryption public parameter one
Figure DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure 618623DEST_PATH_IMAGE006
Wherein
Figure DEST_PATH_IMAGE007
To a circulating group
Figure 34692DEST_PATH_IMAGE008
A generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein
Figure DEST_PATH_IMAGE009
Figure 756791DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure DEST_PATH_IMAGE011
represents a p-1 factorial cyclic group;
the credible center selects a third secret parameter
Figure 232903DEST_PATH_IMAGE012
And
Figure DEST_PATH_IMAGE013
second order polynomial
Figure 430666DEST_PATH_IMAGE014
Wherein
Figure DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure 588109DEST_PATH_IMAGE016
respectively from a finite field
Figure DEST_PATH_IMAGE017
The coefficients of the selected second polynomial;
the trusted center publishes a first set of parameters
Figure 227032DEST_PATH_IMAGE018
And the second parameter is set
Figure DEST_PATH_IMAGE019
Carrying out safe preservation;
the exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number, and the method specifically comprises the following sub-steps:
exploration and development field data manager selects own private key
Figure 218253DEST_PATH_IMAGE020
And calculates its own public key
Figure DEST_PATH_IMAGE021
Then sends its own public key
Figure 247520DEST_PATH_IMAGE022
And its own identity
Figure DEST_PATH_IMAGE023
Sending the information to a trusted center for registration;
the trust center sends a large prime number through the secure channel
Figure 598867DEST_PATH_IMAGE024
And fault tolerance parameters
Figure DEST_PATH_IMAGE025
To the exploration and development field data managers, wherein
Figure 92296DEST_PATH_IMAGE026
In trustSending the heart signal to the cloud server through the secure channel
Figure DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure 379052DEST_PATH_IMAGE028
In which
Figure DEST_PATH_IMAGE029
Figure 770982DEST_PATH_IMAGE030
The total number of data managers in the exploration and development field area initiating a registration request to the trusted center;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted center
Figure DEST_PATH_IMAGE031
A registration request of (2);
selecting a first secret parameter for authorized retrieval by a trusted center
Figure 789667DEST_PATH_IMAGE032
First secret parameter
Figure 668761DEST_PATH_IMAGE032
Less than each large prime number
Figure DEST_PATH_IMAGE033
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindness
Figure 126418DEST_PATH_IMAGE034
In which
Figure DEST_PATH_IMAGE035
Figure 723753DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 26690DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the trusted center selects a first random number
Figure DEST_PATH_IMAGE037
First random number
Figure 557028DEST_PATH_IMAGE037
Satisfy the equation
Figure 857690DEST_PATH_IMAGE038
And calculating a second secret parameter
Figure DEST_PATH_IMAGE039
The trusted center sends the data analysis center via a secure channel
Figure 4638DEST_PATH_IMAGE040
And publish
Figure DEST_PATH_IMAGE041
2. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 1, wherein the step S1 specifically comprises the following substeps:
the data manager of the exploration and development field obtains the credible centerFault tolerant parameters for secure channel transmissions
Figure 455473DEST_PATH_IMAGE025
Exploration and development field data manager surveys fine-grained data of j-th original oil and gas in time period t
Figure 964952DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 170936DEST_PATH_IMAGE042
Secret state data of
Figure DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure 211705DEST_PATH_IMAGE044
Secret data component two
Figure DEST_PATH_IMAGE045
Figure 246657DEST_PATH_IMAGE046
A second random number selected for an exploration and development field data manager;
the data manager of the exploration and development field area sends the secret data
Figure DEST_PATH_IMAGE047
And uploading to a cloud server.
3. The cloud storage-based retrieval method for fine-grained dense-state data of oil and gas exploration, according to claim 2, wherein the S2 specifically comprises the following substeps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channel
Figure 892533DEST_PATH_IMAGE024
And de-blinding the blinded first public parameter to generate a first secret parameter
Figure 394053DEST_PATH_IMAGE032
Wherein
Figure 594221DEST_PATH_IMAGE048
Exploration and development field data manager establishes multiple authorized access strategy values
Figure DEST_PATH_IMAGE049
And combining the various authorized access policy values into a retrieval policy set
Figure 319949DEST_PATH_IMAGE050
Wherein
Figure DEST_PATH_IMAGE051
J-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy set
Figure 944965DEST_PATH_IMAGE050
Comprises
Figure 351807DEST_PATH_IMAGE052
An authorized access policy value of
Figure DEST_PATH_IMAGE053
Figure 117900DEST_PATH_IMAGE054
Is a concatenated symbol;
exploration and development field data manager construction
Figure DEST_PATH_IMAGE055
First order polynomial
Figure 494655DEST_PATH_IMAGE056
Wherein
Figure DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure 521648DEST_PATH_IMAGE058
from a finite field
Figure DEST_PATH_IMAGE059
The method is characterized in that the method comprises the following steps of random selection,
Figure 99391DEST_PATH_IMAGE060
is that
Figure DEST_PATH_IMAGE061
Coefficients of the second order first polynomial;
safety index construction by data manager of exploration and development field area
Figure 149517DEST_PATH_IMAGE062
Figure DEST_PATH_IMAGE063
Is the one component of the security index-the one,
Figure 736488DEST_PATH_IMAGE064
is the component two of the security index,
Figure DEST_PATH_IMAGE065
is a security index component three, where
Figure 431036DEST_PATH_IMAGE066
And uploading the security index to a cloud server by the data manager of the exploration and development field.
4. The cloud storage-based retrieval method for fine-grained and dense-state data of oil and gas exploration, according to claim 3, wherein the S3 specifically comprises the following substeps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel
Figure 167962DEST_PATH_IMAGE032
And reconstructing the authorized access policy value
Figure DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
5. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 4, wherein S4 specifically comprises the following sub-steps:
the cloud server sends an authorized access policy value according to the data analysis center
Figure 892335DEST_PATH_IMAGE068
Construct vector one
Figure DEST_PATH_IMAGE069
The cloud server constructs a vector two according to the security index
Figure 220680DEST_PATH_IMAGE070
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is
Figure DEST_PATH_IMAGE071
Cloud server computing Lagrange interpolation coefficient
Figure 346899DEST_PATH_IMAGE072
Wherein
Figure DEST_PATH_IMAGE073
Data manager identity for field development for exploration and exploration
Figure 876231DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state data
Figure 212535DEST_PATH_IMAGE074
And returning the aggregated secret data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager successfully uploading the own secret data to the cloud server, and
Figure DEST_PATH_IMAGE075
Figure 406887DEST_PATH_IMAGE076
indicating the size of the set of indices.
6. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 5, wherein S5 specifically comprises the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible center
Figure DEST_PATH_IMAGE077
And decrypting the private key
Figure 200662DEST_PATH_IMAGE078
The data analysis center multiplies the aggregated secret data by a second secret parameter
Figure 9218DEST_PATH_IMAGE077
Obtaining the blinded condensed state data
Figure DEST_PATH_IMAGE079
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil-gas exploration fine-grained data in a time period t
Figure 380287DEST_PATH_IMAGE080
Wherein
Figure DEST_PATH_IMAGE081
Is that
Figure 378330DEST_PATH_IMAGE078
In multiplication loop groups
Figure 885666DEST_PATH_IMAGE082
The inverse of (1);
and the data analysis center carries out statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
CN202210962115.3A 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method Active CN115033908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210962115.3A CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210962115.3A CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Publications (2)

Publication Number Publication Date
CN115033908A CN115033908A (en) 2022-09-09
CN115033908B true CN115033908B (en) 2022-10-21

Family

ID=83130320

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210962115.3A Active CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Country Status (1)

Country Link
CN (1) CN115033908B (en)

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019005946A2 (en) * 2017-06-27 2019-01-03 Leighton Bonnie Berger Secure genome crowdsourcing for large-scale association studies
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
CN108768951B (en) * 2018-05-03 2021-06-08 上海海事大学 Data encryption and retrieval method for protecting file privacy in cloud environment
CN108769020B (en) * 2018-05-29 2021-07-13 东北大学 Privacy-protecting identity attribute certification system and method
WO2020082078A1 (en) * 2018-10-19 2020-04-23 Digital Asset (Switzerland) GmbH Privacy preserving validation and commit architecture
CN111294366B (en) * 2020-05-13 2020-07-28 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
CN111931249B (en) * 2020-09-22 2021-01-08 西南石油大学 Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111930688B (en) * 2020-09-23 2021-01-08 西南石油大学 Method and device for searching secret data of multi-keyword query in cloud server
US20220215948A1 (en) * 2021-01-07 2022-07-07 Abiomed, Inc. Network-based medical apparatus control and data management systems
CN113204741A (en) * 2021-04-12 2021-08-03 中国电力科学研究院有限公司 Method and system suitable for intelligent power consumption data aggregation
CN113194078B (en) * 2021-04-22 2023-04-07 西安电子科技大学 Sequencing multi-keyword search encryption method with privacy protection supported by cloud
CN113382016A (en) * 2021-06-28 2021-09-10 暨南大学 Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment
CN114143094A (en) * 2021-12-02 2022-03-04 兰州理工大学 Multi-authorization attribute-based verifiable encryption method based on block chain
CN114491578B (en) * 2021-12-24 2023-07-21 电子科技大学 Secure data aggregation method for privacy calculation

Also Published As

Publication number Publication date
CN115033908A (en) 2022-09-09

Similar Documents

Publication Publication Date Title
CN110224986B (en) Efficient searchable access control method based on hidden policy CP-ABE
CN108418681B (en) Attribute-based ciphertext retrieval system and method supporting proxy re-encryption
Kaaniche et al. A secure client side deduplication scheme in cloud storage environments
CN109145612B (en) Block chain-based cloud data sharing method for preventing data tampering and user collusion
WO2018113563A1 (en) Database query method and system having access control function
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
WO2016197770A1 (en) Access control system and access control method thereof for cloud storage service platform
Alowolodu et al. Elliptic curve cryptography for securing cloud computing applications
US10277563B2 (en) Computer-implemented system and method for protecting sensitive data via data re-encryption
CN107734021A (en) block chain data uploading method, system, computer system and storage medium
JP2021516901A (en) Lost pseudo-random function in key management system
CN106341236A (en) Access control method facing cloud storage service platform and system thereof
Kumar et al. Data outsourcing: A threat to confidentiality, integrity, and availability
Xu et al. Enabling comparable search over encrypted data for IoT with privacy-preserving
CN113645206A (en) Cloud storage data access control method and system for different user requirements
Sandhia et al. Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography
Tyagi et al. Analysis and Implementation of AES and RSA for cloud
CN115033908B (en) Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method
Salem et al. An efficient privacy preserving public auditing mechanism for secure cloud storage
Skarkala et al. Privacy preserving tree augmented naïve Bayesian multi-party implementation on horizontally partitioned databases
US7231047B2 (en) Private retrieval of digital objects
Devassy Research Project Questions
Arulsakthi et al. An Efficient Two-Factor Access Control For Web-Based Cloud Computing Services Using Jar File
Mujawar et al. An Attribute-Based Encryption Method Using Outsourced Decryption and Hierarchical Access Structure
Hu et al. Efficient verification of data encryption on cloud servers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant