CN115269504A - Document uploading and storing method, query downloading method, device, equipment and medium - Google Patents

Document uploading and storing method, query downloading method, device, equipment and medium Download PDF

Info

Publication number
CN115269504A
CN115269504A CN202210915910.7A CN202210915910A CN115269504A CN 115269504 A CN115269504 A CN 115269504A CN 202210915910 A CN202210915910 A CN 202210915910A CN 115269504 A CN115269504 A CN 115269504A
Authority
CN
China
Prior art keywords
ciphertext
key
document
information
index material
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210915910.7A
Other languages
Chinese (zh)
Inventor
张舒黎
陈珊
胡松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Westone Information Industry Inc
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN202210915910.7A priority Critical patent/CN115269504A/en
Publication of CN115269504A publication Critical patent/CN115269504A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The application discloses a document uploading and storing method, a document inquiring and downloading method, a device, equipment and a medium, which comprise the following steps: acquiring a first key and a second key from a key management center, and obtaining a derived key based on the first key; processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on a derivative key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key; encrypting the document to be stored by using a third key to obtain a ciphertext document, and encrypting the third key by using a second key to obtain an encrypted key; and uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates the index file based on the ciphertext index material through a full-text search engine server, and stores the ciphertext document and the encrypted key to a storage system. The safety of cloud data storage and query is improved.

Description

Document uploading and storing method, query downloading method, device, equipment and medium
Technical Field
The invention relates to the technical field of ciphertext retrieval and searchable encryption, in particular to a document uploading and storing method, a document inquiring and downloading method, a device, equipment and a medium.
Background
In the current cloud security storage and search scenes such as security cloud disks, power grid applications, cloud medical treatment and the like, although a cryptographic technology and a full-text search engine technology are combined when cloud data is stored or ciphertext retrieval is carried out, the combination only stays in the combination of the technical scheme, namely, only the input and the output of the full-text search engine are associated with the cryptographic technology. The core of the full-text search engine is still realized in a plaintext search mode, so that plaintext statistical information such as word frequency, position, abstract and the like is excessively leaked to the cloud, and the safety is low. In addition, the plaintext search or the ciphertext search in the traditional full-text search engine directly multiplexes the full-text search engine capability, and the full-text search engine is used as a server, so that the full-text search engine has a single function.
In summary, how to avoid the problem that the full-text search engine has a single function and improve the security of cloud data in the storage and query processes is a problem to be solved at present.
Disclosure of Invention
In view of this, the present invention provides a document uploading and storing method, a document querying and downloading method, an apparatus, a device and a medium, which can avoid the single function of a full-text search engine and improve the security of cloud data in the storing and querying processes. The specific scheme is as follows:
in a first aspect, the present application discloses a document uploading and storing method, applied to a user terminal, including:
acquiring a first key and a second key from a key management center, and obtaining a derived key based on the first key;
processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key;
encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key;
uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine service end, and stores the ciphertext document and the encrypted key to a storage system.
Optionally, the processing, by using a secure word splitter in the full-text search engine client, the document to be stored to obtain an index material, and encrypting the index material based on the derived key to obtain a ciphertext index material includes:
processing the documents to be stored by utilizing a security word segmentation device in the full-text search engine client to obtain inverted index materials;
generating forward index materials according to the document meta-information in the documents to be stored;
encrypting information in the reverse index materials based on the derived key to obtain ciphertext reverse index materials, and encrypting information in the forward index materials based on the derived key to obtain ciphertext forward index materials;
and packaging the ciphertext reverse index material and the ciphertext forward index material by using the security word segmentation device to obtain a ciphertext index material.
Optionally, the processing the document to be stored by using the security word segmentation device in the full-text search engine client to obtain the inverted index material includes:
extracting keyword information in the documents to be stored by using a safety word segmentation device in a full-text search engine client, counting word frequency information of the keywords, and screening abstract information from the documents to be stored based on the keywords;
and obtaining inverted index materials based on the keyword information, the word frequency information and the abstract information.
Optionally, the generating forward-ranking information material according to the document meta-information in the document to be stored includes:
obtaining domain information according to the document meta-information in the document to be stored, and obtaining forward information materials based on the domain information; wherein, the domain information comprises any one or more of title, date, author and time.
Optionally, the deriving a derivative key based on the first key includes:
obtaining a first derivative key, a second derivative key and a third derivative key from the first key by using a key derivation algorithm;
correspondingly, the encrypting the information in the inverted index material based on the derived key to obtain the ciphertext inverted index material includes:
encrypting the keyword information by using the first derivative key based on a preset hash algorithm to obtain a ciphertext keyword, encrypting the word frequency information by using the second derivative key based on an order preserving encryption algorithm to obtain a ciphertext word frequency, and encrypting the summary information by using the third derivative key to obtain a ciphertext summary;
obtaining a ciphertext inverted material based on the ciphertext keyword, the ciphertext word frequency and the ciphertext abstract;
correspondingly, the encrypting the information in the forward indexing material based on the derived key to obtain ciphertext forward indexing material includes:
and encrypting the domain information by using the third derivative key to obtain ciphertext domain information, and obtaining ciphertext forward index materials based on the ciphertext domain information.
Optionally, the transmitting the ciphertext index material, the ciphertext document, and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server, includes:
transmitting the ciphertext index material, the ciphertext document and the encrypted key to a cloud server so that the cloud server can analyze the ciphertext index material through a self-defined security word segmentation device corresponding to the security word segmentation device in a full-text search engine server side to obtain the ciphertext keyword, the ciphertext word frequency, the ciphertext abstract and the ciphertext domain information;
and storing the ciphertext keywords and the ciphertext domain information into corresponding index files according to a preset storage rule through the full-text search engine server, constructing reverse word frequency files based on the ciphertext word frequency and the ciphertext abstract, and storing the reverse word frequency files according to the sequence of the ciphertext word frequency from large to small.
In a second aspect, the present application discloses a document query downloading method, which is applied to a user terminal, and includes:
acquiring query content of a ciphertext document to be downloaded, and processing the query content by using a security word segmentation device in a full-text search engine client to obtain an encrypted keyword; the ciphertext document to be downloaded is stored by utilizing the disclosed document uploading and storing method;
transmitting the encrypted keywords to a cloud server so that the cloud server matches a target ciphertext document set through a full-text search engine server based on the encrypted keywords, screening a preset number of ciphertext documents from the target ciphertext document set by using a predefined order-preserving encryption scoring mechanism, finishing the sorting of the preset number of ciphertext documents to obtain a ciphertext document sorting result, and then obtaining corresponding ciphertext display information based on the preset number of ciphertext documents;
acquiring the ciphertext document sequencing result and the ciphertext display information sent by the cloud server, acquiring a first key and a second key from a key management center, and acquiring a derived key based on the first key;
decrypting the ciphertext display information based on the derived key to obtain decrypted information, downloading a corresponding ciphertext document and an encrypted key corresponding to the ciphertext document from the cloud server based on the decrypted information and the ciphertext document sequencing result, so as to decrypt the encrypted key by using the second key to obtain a third key, and decrypting the ciphertext document by using the third key.
In a third aspect, the present application discloses a document uploading storage device, which is applied to a user terminal, and includes:
the key acquisition module is used for acquiring a first key and a second key from a key management center and obtaining a derived key based on the first key;
the material acquisition module is used for processing the document to be stored by utilizing a security word segmentation device in the full-text search engine client to obtain an index material and correspondingly encrypting the index material based on the derived key to obtain a ciphertext index material;
the key generation module is used for utilizing the safety word segmentation device to call a password module to generate a third key;
the encryption module is used for encrypting the document to be stored by using the third key to obtain a ciphertext document and encrypting the third key by using the second key to obtain an encrypted key;
and the uploading storage module is used for uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server, and stores the ciphertext document and the encrypted key to a storage system.
In a fourth aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the steps of the document uploading and storing method disclosed in the foregoing.
In a fifth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the steps of the document upload storage method disclosed above.
Therefore, the method and the device for obtaining the key are used for obtaining the first key and the second key from the key management center and obtaining the derived key based on the first key; processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key; encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key; uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server side, and stores the ciphertext document and the encrypted key to a storage system. Therefore, the full-text search engine is divided into the client and the server, the user terminal obtains the first key and the second key from the key management center, the file to be stored is processed through the full-text search engine client to obtain an index material, the index material is encrypted by using a derivative key of the first key, the stored file is encrypted by using a third key generated by the password module, the third key is encrypted by using the second key, corresponding information obtained after encryption is uploaded to the cloud server, and the full-text search engine server is called through the cloud server to finish storage work. By splitting the full-text search engine client and the full-text search engine server and integrating the cryptographic technology, the security functions of document encryption, index encryption, key encryption and the like are realized, the minimization of information is achieved, data leakage is prevented to the greatest extent, and the security of the data storage process is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic diagram of a system framework to which a document uploading storage scheme and a document querying downloading scheme disclosed in the present application are applicable;
FIG. 2 is a flowchart of a document uploading and storing method disclosed in the present application;
FIG. 3 is a flowchart of a specific document uploading and storing method disclosed in the present application;
FIG. 4 is a diagram illustrating a specific index file update disclosed herein;
FIG. 5 is a flowchart of a document query download method disclosed in the present application;
FIG. 6 is a schematic structural diagram of a document uploading storage device disclosed in the present application;
fig. 7 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, when cloud data storage or ciphertext retrieval is performed, although a cryptographic technology and a full-text search engine technology are combined, the combination only remains in a combination of technical solutions, that is, only input and output of a full-text search engine are associated with the cryptographic technology. The core of the full-text search engine is still realized in a plaintext search mode, so that plaintext statistical information such as word frequency, position, abstract and the like is excessively leaked to the cloud, and the safety is low. In addition, the plaintext search or the ciphertext search in the traditional full-text search engine directly multiplexes the full-text search engine capability, and the full-text search engine is used as a server, so that the full-text search engine has a single function. Therefore, the embodiment of the application discloses a document uploading and storing method, a document inquiring and downloading method, a document uploading and storing device, a document inquiring and downloading device, a document uploading and storing device and a document inquiring and downloading medium, which can avoid the single function of a full-text search engine and improve the safety of cloud data in the storing and inquiring processes.
Among many full-text search engines, lucene is a high-performance, easily-extensible full-text information retrieval toolkit based on Java technology, and can very conveniently add full-text indexing and searching functions to various application programs. The embodiments of the present application take Lucene as an example to describe the technical scheme of the present application in detail. The Lucene function is divided into a client and a server, so that an end-to-end safe search scheme is realized. The client is located at the terminal and mainly solves the functions of safe word segmentation, encryption, decryption and the like; the server side is located on the cloud server, and key solutions are given to index file reconstruction and search logic. In the scheme for document uploading, storing, document querying and downloading, the system framework adopted may specifically be as shown in fig. 1, and may specifically include a user terminal 01, a cloud server 02 and a key management center 03. The user terminal 01 further includes an application 010, a security tokenizer 011, a lucene client 012, and a cryptographic module 013; the cloud server 02 further comprises a business system 020, a storage system 021, a lucene server 022 and a password module 023.
In the user terminal 01, the Lucene client 012 is an optimized and simplified Lucene, and mainly includes a security tokenizer 011 of a fusion cryptographic technology; the password module 013 is responsible for password operation and key management, and a password operation calling relation exists between the security participler 011 and the password module 013; a service call relationship exists between the application 010 and the lucene client 012. Further, the key management center 03 and the Lucene client 012 distribute and manage keys therebetween. In the cloud server, the Lucene server 022 is responsible for the server logic of ciphertext retrieval; the password module 023 is responsible for password operation on the cloud; the storage system 021 is used for storing the ciphertext document and the encrypted key, and has a storage calling relation with the service system 020; a service calling relationship exists between the Lucene server 022 and the service system 020, and a cryptographic operation calling relationship exists between the Lucene server 022 and the cryptographic module 023.
In this application, the user terminal 01 is configured to execute the steps of the document uploading storage method and the document querying and downloading method. The document query downloading method comprises the following steps: acquiring a first key and a second key from a key management center, and obtaining a derived key based on the first key; processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key; encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key; uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine service end, and stores the ciphertext document and the encrypted key to a storage system.
The document inquiry downloading method comprises the following steps: acquiring query content of a ciphertext document to be downloaded, and processing the query content by using a security word segmentation device in a full-text search engine client to obtain an encrypted keyword; the ciphertext document to be downloaded is a ciphertext document stored by using the disclosed document uploading and storing method; transmitting the encrypted keywords to a cloud server so that the cloud server matches a target ciphertext document set through a full-text search engine server based on the encrypted keywords, screening a preset number of ciphertext documents from the target ciphertext document set by using a predefined order-preserving encryption scoring mechanism, finishing the sorting of the preset number of ciphertext documents to obtain a ciphertext document sorting result, and then obtaining corresponding ciphertext display information based on the preset number of ciphertext documents; acquiring the ciphertext document sequencing result and the ciphertext display information sent by the cloud server, acquiring a first key and a second key from a key management center, and acquiring a derived key based on the first key; decrypting the ciphertext display information based on the derived key to obtain decrypted information, downloading a corresponding ciphertext document and an encrypted key corresponding to the ciphertext document from the cloud server based on the decrypted information and the ciphertext document sequencing result, so as to decrypt the encrypted key by using the second key to obtain a third key, and decrypting the ciphertext document by using the third key.
Referring to fig. 2, an embodiment of the present application discloses a document uploading and storing method, which is applied to a user terminal, and includes:
step S11: the first key and the second key are obtained from a key management center, and a derivative key is obtained based on the first key.
In this embodiment, the key management center generates the first key and the second key, and then the key management center sends the first key and the second key to the user terminal through the secure channel. After acquiring the first key, the user terminal needs to obtain a corresponding derivative key based on the first key.
Step S12: processing a document to be stored by using a security word segmentation device in the full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key.
In this embodiment, the user terminal needs to create index materials for the document to be stored, and mainly invokes the security tokenizer in the full-text search engine client to process the document to be stored to obtain the index materials, and in order to ensure the security in the uploading process, the user terminal needs to perform corresponding encryption processing on the index materials based on the derived key obtained in step S11 to obtain ciphertext index materials. In addition, the user terminal needs to call the cryptographic module through the security word segmentation device to generate a third key.
Step S13: and encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key.
In the embodiment, the document to be stored needs to be encrypted, the third key is used for encrypting the document to be stored to obtain the ciphertext document, and the second key is used for encrypting the third key to obtain the encrypted key.
Step S14: uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine service end, and stores the ciphertext document and the encrypted key to a storage system.
In the embodiment, the ciphertext index material, the ciphertext document and the encrypted key are uploaded to the cloud server, the cloud server calls the full-text search engine server to respectively update ciphertext fields in the security index material to corresponding index files, and then the ciphertext document and the encrypted key are stored through a storage system of the cloud server.
Therefore, the first secret key and the second secret key are obtained from the secret key management center, and the derived secret key is obtained based on the first secret key; processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key; encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key; uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server side, and stores the ciphertext document and the encrypted key to a storage system. Therefore, the full-text search engine is divided into the client and the server, the user terminal firstly obtains the first key and the second key from the key management center, the file to be stored is processed through the full-text search engine client to obtain an index material, the index material is encrypted by using a derivative key of the first key, the stored file is encrypted by using a third key generated by the password module, the third key is encrypted by using the second key, corresponding information obtained after encryption is uploaded to the cloud server, and the full-text search engine server is called through the cloud server to finish storage. By splitting the full-text search engine client and the full-text search engine server and integrating the cryptographic technology, the security functions of document encryption, index encryption, key encryption and the like are realized, the information is minimized, the data leakage is prevented to the greatest extent, and the security of the data storage process is improved.
Referring to fig. 3, the embodiment of the present application discloses a specific document uploading storage method, and compared with the previous embodiment, the embodiment further describes and optimizes the technical solution. The method specifically comprises the following steps:
step S21: the first key and the second key are obtained from a key management center, and a derivative key is obtained based on the first key.
In this embodiment, the obtaining a derived key based on the first key includes: a first derived key, a second derived key, and a third derived key are derived from the first key using a key derivation algorithm. It is understood that, the user terminal applies a key derivation algorithm to the first key to obtain a first derived key, a second derived key, and a third derived key.
Step S22: and processing the documents to be stored by utilizing a security word segmentation device in the full-text search engine client to obtain the inverted index materials.
In this embodiment, the processing the document to be stored by using the security word segmentation device in the full-text search engine client to obtain the inverted index material includes: extracting keyword information in the documents to be stored by using a safety word segmentation device in a full-text search engine client, counting word frequency information of the keywords, and screening abstract information from the documents to be stored based on the keywords; and obtaining inverted index materials based on the keyword information, the word frequency information and the abstract information. The method comprises the steps that a user terminal processes a document to be stored by using a word segmentation technology, and generates keyword information of the document to be stored through text word segmentation and stop word removal; then, based on the keyword information, word frequency information of the keywords is counted to obtain 'keyword-word frequency' information; and finally, screening abstract information from the document to be stored based on the keywords to obtain the information of the keywords, the word frequency and the abstract. In the process of screening out the summary information, for each keyword, recording all the context information of the keyword appearing in the document, and finding out the most suitable context as the summary of the keyword.
The method for screening the summary information comprises the following steps: suppose the current keyword is w, and the number of contexts containing the keyword w in the document to be stored is l, which is marked as { c 1 ,c 2 ,c 3 ,…c l }. Wherein a context c is assumed i In which n is i A key word w, k i And the other keywords also comprise a plurality of stop words, punctuation marks and the like. Then context c i The evaluation score of (a) is calculated according to the following formula:
Figure BDA0003775629200000101
where the smaller the value of i, the earlier the context appears in the document to be stored, a and b are adjustable parameters, typically a > 10b.
After obtaining the evaluation score, selecting the context c with the highest evaluation score i As a summary of the keyword w. By this method, the context containing more keywords and more advanced positions will have higher scores, i.e. will be selected as the summary of keywords preferentially. And in the summary, the keyword content is highlighted in the form of html tags.
Step S23: and generating forward index materials according to the document meta-information in the documents to be stored.
In this embodiment, the generating forward information material according to the document meta-information in the document to be stored includes: obtaining domain information according to the document meta-information in the document to be stored, and obtaining forward information materials based on the domain information; wherein, the domain information comprises any one or more of title, date, author and time. It is understood that domain information such as "title, date, author, time" and the like is generated from document meta information of a document to be stored, and various domain information is recorded as the forward information material.
Step S24: encrypting information in the reverse index material based on the derivative key to obtain ciphertext reverse index material, and encrypting information in the forward index material based on the derivative key to obtain ciphertext forward index material.
In this embodiment, the encrypting the information in the inverted index material based on the derived key to obtain the ciphertext inverted index material includes: encrypting the keyword information by using the first derivative key based on a preset hash algorithm to obtain a ciphertext keyword, encrypting the word frequency information by using the second derivative key based on an order preserving encryption algorithm to obtain a ciphertext word frequency, and encrypting the summary information by using the third derivative key to obtain a ciphertext summary; and obtaining a ciphertext inverted material based on the ciphertext keyword, the ciphertext word frequency and the ciphertext abstract. It can be understood that, when encrypting information in the inverted index material, the first derivative key, the second derivative key, and the third derivative key obtained by using the first key are needed to be respectively encrypted, specifically, the first derivative key is used, and a Hash algorithm with a key is used to encrypt the key information to obtain a ciphertext key, where the Hash algorithm is a Hash digest algorithm, and the Hash algorithm may be an HMAC (Hash-based Message Authentication Code); encrypting the word frequency information by using a second derived key and adopting an order-preserving encryption algorithm to obtain a ciphertext word frequency; and encrypting the digest information by using the third derivative key to obtain a ciphertext digest. And the ciphertext keywords, the ciphertext word frequency and the ciphertext abstract are used as ciphertext inverted materials.
In this embodiment, the encrypting the information in the forward-arranged index material based on the derived key to obtain a ciphertext forward-arranged index material includes: and encrypting the domain information by using the third derived key to obtain ciphertext domain information, and obtaining a ciphertext forward index material based on the ciphertext domain information. That is, when the domain information is encrypted, the third derivative key is used for the encryption process.
Step S25: and packaging the ciphertext reverse index material and the ciphertext forward index material by using the security word segmentation device to obtain a ciphertext index material.
In the embodiment, the ciphertext inverted index material and the ciphertext forward index material are packaged into the ciphertext index material in a json format through the security word segmentation device.
Step S26: and calling a password module by using the security word segmentation device to generate a third key, encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key.
Step S27: uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine service end, and stores the ciphertext document and the encrypted key to a storage system.
In this embodiment, the transmitting the ciphertext index material, the ciphertext document, and the encrypted key to the cloud server so that the cloud server updates the index file based on the ciphertext index material through the full-text search engine server includes: transmitting the ciphertext index material, the ciphertext document and the encrypted key to a cloud server so that the cloud server can analyze the ciphertext index material through a self-defined security word segmentation device corresponding to the security word segmentation device in a full-text search engine server side to obtain the ciphertext keyword, the ciphertext word frequency, the ciphertext abstract and the ciphertext domain information; and storing the ciphertext keywords and the ciphertext domain information into corresponding index files according to a preset storage rule through the full-text search engine server, constructing reverse word frequency files based on the ciphertext word frequency and the ciphertext abstract, and storing the reverse word frequency files according to the sequence of the ciphertext word frequency from large to small.
The specific process of updating the index file by the full-text search engine server side by using the ciphertext index materials comprises the following steps: the entrance of the full-text search engine server is a user-defined safe word segmentation device, and ciphertext index materials are analyzed through the user-defined safe word segmentation device to obtain ciphertext keywords, ciphertext word frequency, ciphertext abstract and ciphertext domain information. Referring to fig. 4, taking Lucene as an example, the ciphertext keywords are filled in dictionary files such as tip, tim and the like according to the existing rules of Lucene. And reconstructing the doc inverted word frequency file by the full text search engine server, and rewriting inverted word frequency logic. And the inverted word frequency file forms inverted information corresponding to the keywords in a linked list mode according to the triple structure of < document ID, ciphertext word frequency and ciphertext abstract >. Because the word frequency is encrypted in order preserving mode, the method has the capability of large and small cipher text, and records the inverted document information of the keywords and the cipher text abstract of the keywords in each document according to the sequence of the word frequency from large to small. For example, assume that the word frequency ordering in the original inverted list is: ETF1> ETF2> ETF3, and the newly inserted word frequency at this time satisfies ETF2> ETF6> ETF3, the newly inserted node is after document ID2 and before document ID 3. In addition, the ciphertext domain information is filled into the forward file formed by the files of fnm, fdx, fdt and the like according to the Lucene existing rule, and the corresponding information of the ciphertext title, the ciphertext author, the ciphertext time and the like is listed.
For a more specific processing procedure of the step S26, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, the method and the device integrate the functions of order-preserving encryption, hash summarization and the like on the basis of the safety word segmentation device, complete Hash summarization operation with the key on the key information based on the derived key of the first key, perform order-preserving encryption operation on the word frequency information, and generate summary information for the key by using an evaluation score scoring mechanism; and then the ciphertext keywords, the ciphertext word frequency and the ciphertext abstract are packaged into a ciphertext inverted index material, information such as a file title, an author, time and the like is encrypted to form a ciphertext forward index material, and the ciphertext inverted index material and the ciphertext forward index material are packaged into the ciphertext index material. And finally, encrypting the document to be stored by using a third key generated by a key module of the user terminal to obtain a ciphertext document, and encrypting by using a second key and the third key to obtain an encrypted key. After the ciphertext index material, the ciphertext document and the encrypted key are uploaded to the cloud server, the cloud server analyzes the ciphertext index material through a user-defined security word segmenter which is in butt joint with a security word segmenter of the user terminal to obtain ciphertext keywords, ciphertext word frequency, a ciphertext abstract and ciphertext domain information, redefines an inverted word frequency file through a full-text search engine service end, arranges document information corresponding to the keywords according to a sequence preserving encryption sorting algorithm and a sequence from large word frequency ciphertext to small word frequency ciphertext, defines the document information as < document ID, ciphertext word frequency and ciphertext abstract > triplets and stores the ciphertext keywords and the ciphertext domain information into corresponding index files according to a preset storage rule. The technical scheme improves the safety in the document storage process.
Referring to fig. 5, the embodiment of the present application discloses a document query downloading method, which is applied to a user terminal, and includes:
step S31: acquiring query content of a ciphertext document to be downloaded, and processing the query content by using a security word segmentation device in a full-text search engine client to obtain an encrypted keyword; the ciphertext document to be downloaded is a ciphertext document stored by using the disclosed document uploading and storing method.
In the embodiment, a user terminal submits the query content of a document to be downloaded, and the query content is processed by a security word segmentation device in a full-text search engine client to obtain an encrypted keyword; the ciphertext document to be downloaded is stored by utilizing the disclosed document uploading and storing method.
Step S32: and transmitting the encrypted keywords to a cloud server so that the cloud server matches a target ciphertext document set on the basis of the encrypted keywords through a full-text search engine server, screens out a preset number of ciphertext documents from the target ciphertext document set by using a predefined order-preserving encryption scoring mechanism, finishes sequencing the preset number of ciphertext documents to obtain a ciphertext document sequencing result, and obtains corresponding ciphertext display information on the basis of the preset number of ciphertext documents.
In this embodiment, the user terminal transmits the encrypted keyword to the cloud server, and the cloud server finds out a target ciphertext document set matched with the encrypted keyword through the full-text search engine server, screens out a preset number of ciphertext documents from the target ciphertext document set by using a predefined order-preserving encryption scoring mechanism, and finishes ranking the preset number of ciphertext documents to obtain a ciphertext document ranking result. The number of the encrypted keywords can be one or more, the keyword type can be a boolean keyword, and various rich search functions such as single keyword search, multi-keyword search, boolean search and the like can be realized through the technical scheme of the application.
In the first embodiment, if the number of the current encrypted keywords is one, the encrypted keywords are used as sort keywords, and the top N ciphertext documents corresponding to the sort keywords are obtained from the reverse-arranged word frequency file obtained in step S27, and a corresponding ciphertext sort result is obtained.
In a second specific embodiment, if the number of the current encrypted keywords is multiple, firstly, selecting the intersection of the target ciphertext documents corresponding to each encrypted keyword as a first target ciphertext document set; respectively selecting a first ciphertext document corresponding to each encryption keyword, comparing the sizes of ciphertext word frequencies, selecting the ciphertext word frequency with the maximum value, and marking the ciphertext keywords corresponding to the ciphertext word frequencies as sorting keywords; and sequencing the ciphertext documents of the first target ciphertext document set according to the sequence of the documents in the sequencing keywords, taking out the first N ciphertext documents, and obtaining a corresponding ciphertext sequencing result.
In a third specific embodiment, if the current encryption keywords are "and", "or" and "not", that is, boolean queries, first, according to the boolean relationships between "and", "or" and "not", a corresponding target ciphertext document set is selected as a first target ciphertext document set; respectively selecting first ciphertext documents corresponding to the corresponding keywords under the rules of 'and', 'or' and 'not', comparing the sizes of the ciphertext word frequencies, selecting the ciphertext word frequency with the maximum value, and marking the ciphertext keywords corresponding to the ciphertext word frequency as sorting keywords; and sequencing the ciphertext documents of the first target ciphertext document set according to the sequence of the documents in the sequencing keywords, taking out the first N ciphertext documents, and obtaining a corresponding ciphertext sequencing result.
In this embodiment, the obtaining of the corresponding ciphertext display information based on the predetermined number of ciphertext documents includes: extracting a ciphertext abstract, a ciphertext title, a ciphertext author and ciphertext time corresponding to each ciphertext document from a preset number of ciphertext documents, and packaging the ciphertext abstract, the ciphertext title, the ciphertext author and the ciphertext time to obtain ciphertext display information. It can be understood that after the N ciphertext documents are obtained, corresponding ciphertext abstracts are extracted from the N ciphertext documents according to the sort key, ciphertext domain information such as ciphertext titles, ciphertext authors, ciphertext time and the like corresponding to the N ciphertext documents is respectively selected from the forward-ranked files in step S27, and finally, information such as ciphertext abstracts, ciphertext titles, ciphertext authors, ciphertext time and the like of the N documents is encapsulated into ciphertext display information in a json format, and the ciphertext display information is highlighted.
Step S33: and acquiring the ciphertext document sequencing result and the ciphertext display information sent by the cloud server, acquiring a first key and a second key from a key management center, and acquiring a derived key based on the first key.
In the embodiment, the cloud server returns the json format ciphertext display information user terminal to the user terminal, and the security word segmentation device is called to analyze the json file. In addition, the user terminal needs to obtain the first key and the second key from the key management center, and obtain a corresponding third derivative key from the first key by using a key derivation algorithm.
Step S34: decrypting the ciphertext display information based on the derived key to obtain decrypted information, downloading a corresponding ciphertext document and an encrypted key corresponding to the ciphertext document from the cloud server based on the decrypted information and the ciphertext document sequencing result, so as to decrypt the encrypted key by using the second key to obtain a third key, and decrypting the ciphertext document by using the third key.
In this embodiment, the third derivative key is used to decrypt the ciphertext display information to obtain information such as an abstract, a title, an author, and time of each document. The third derivative key is a symmetric encryption key, and since it is known from step S24 that the third derivative key is used when encrypting the information, the third derivative key is also used when decrypting the information. The user terminal also needs to download the corresponding ciphertext document and the encrypted key corresponding to the ciphertext document from the cloud server based on the decrypted information and the ciphertext document sequencing result, so that the encrypted key is decrypted by using the second key pair to obtain a third key, and the ciphertext document is decrypted by using the third key to obtain a plaintext document, thereby completing the downloading of the document. The second key and the third key are also symmetric encryption keys, as well as the third derivative key described above.
Therefore, the method and the device for processing the encrypted keyword have the advantages that query contents of the encrypted documents to be downloaded are obtained, and the query contents are processed by the aid of the security word segmentation device in the full-text search engine client to obtain the encrypted keyword; the ciphertext document to be downloaded is stored by utilizing the disclosed document uploading and storing method; transmitting the encrypted keywords to a cloud server so that the cloud server matches a target ciphertext document set through a full-text search engine server based on the encrypted keywords, screening a preset number of ciphertext documents from the target ciphertext document set by using a predefined order-preserving encryption scoring mechanism, finishing the sorting of the preset number of ciphertext documents to obtain a ciphertext document sorting result, and then obtaining corresponding ciphertext display information based on the preset number of ciphertext documents; acquiring the ciphertext document sequencing result and the ciphertext display information sent by the cloud server, acquiring a first key and a second key from a key management center, and acquiring a derived key based on the first key; decrypting the ciphertext display information based on the derived key to obtain decrypted information, downloading a corresponding ciphertext document and an encrypted key corresponding to the ciphertext document from the cloud server based on the decrypted information and the ciphertext document sequencing result, so as to decrypt the encrypted key by using the second key to obtain a third key, and decrypting the ciphertext document by using the third key. The technical scheme of the application can realize various rich search functions such as single keyword search, multi-keyword search, boolean search and the like, avoids the problem of single search function, reduces encryption overhead while realizing safety by using various symmetric encryption schemes, achieves balance of ciphertext retrieval safety and functionality, has higher practical value, and is particularly suitable for scenes of shared storage of low-performance terminals. Therefore, when the problem of safe storage of data on the cloud is solved, the secure query function of the ciphertext data is provided, any original information and statistic related information of the data on the cloud are not revealed, the purpose of minimizing the data on the cloud is achieved, and the privacy safety of a user is practically guaranteed.
Referring to fig. 6, an embodiment of the present application discloses a document uploading storage device, which is applied to a user terminal, and includes:
a key obtaining module 11, configured to obtain a first key and a second key from a key management center, and obtain a derived key based on the first key;
the material acquisition module 12 is configured to process a to-be-stored document by using a security word splitter in the full-text search engine client to obtain an index material, and perform corresponding encryption processing on the index material based on the derivative key to obtain a ciphertext index material;
the key generation module 13 is used for calling the cryptographic module by using the security word segmentation device to generate a third key;
the encryption module is used for encrypting the document to be stored by using the third key to obtain a ciphertext document and encrypting the third key by using the second key to obtain an encrypted key;
and the uploading storage module 14 is configured to upload the ciphertext index material, the ciphertext document, and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine service end, and stores the ciphertext document and the encrypted key to a storage system.
Therefore, the method and the device for obtaining the key are used for obtaining the first key and the second key from the key management center and obtaining the derived key based on the first key; processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key; encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key; uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server side, and stores the ciphertext document and the encrypted key to a storage system. Therefore, the full-text search engine is divided into the client and the server, the user terminal obtains the first key and the second key from the key management center, the file to be stored is processed through the full-text search engine client to obtain an index material, the index material is encrypted by using a derivative key of the first key, the stored file is encrypted by using a third key generated by the password module, the third key is encrypted by using the second key, corresponding information obtained after encryption is uploaded to the cloud server, and the full-text search engine server is called through the cloud server to finish storage work. By splitting the full-text search engine client and the full-text search engine server and integrating the cryptographic technology, the security functions of document encryption, index encryption, key encryption and the like are realized, the information is minimized, the data leakage is prevented to the greatest extent, and the security of the data storage process is improved.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The method specifically comprises the following steps: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps in the document uploading storage method executed by the computer device disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is used to provide operating voltage for each hardware device on the computer device 20; the communication interface 24 can create a data transmission channel between the computer device 20 and an external device, and the communication protocol followed by the communication interface is any communication protocol that can be applied to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of DSP (Digital Signal Processing), FPGA (Field-Programmable Gate Array), PLA (Programmable Logic Array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.
In addition, the storage 22 is used as a carrier for storing resources, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., the resources stored thereon include an operating system 221, a computer program 222, data 223, etc., and the storage mode may be a transient storage mode or a permanent storage mode.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the computer device 20, so as to realize the operation and processing of the mass data 223 in the memory 22 by the processor 21, which may be Windows, unix, linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the document upload storage method executed by the computer device 20 disclosed in any of the foregoing embodiments. The data 223 may include data received by the computer device and transmitted from an external device, data collected by the input/output interface 25, and the like.
Further, an embodiment of the present application further discloses a storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, the method steps executed in the process of uploading and storing the document disclosed in any of the foregoing embodiments are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The document uploading and storing method, the document querying and downloading method, the device, the equipment and the storage medium provided by the invention are introduced in detail, specific examples are applied in the text to explain the principle and the implementation mode of the invention, and the description of the above embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (11)

1. A document uploading and storing method is applied to a user terminal and comprises the following steps:
acquiring a first key and a second key from a key management center, and obtaining a derived key based on the first key;
processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain an index material, encrypting the index material based on the derived key to obtain a ciphertext index material, and calling a password module by using the security word segmentation device to generate a third key;
encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key;
uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server side, and stores the ciphertext document and the encrypted key to a storage system.
2. The document uploading storage method according to claim 1, wherein the processing, by using a security tokenizer in a full-text search engine client, of the document to be stored to obtain indexing materials, and encrypting the indexing materials based on the derived key to obtain ciphertext indexing materials comprises:
processing a document to be stored by using a security word segmentation device in a full-text search engine client to obtain inverted index materials;
generating forward index materials according to the document meta-information in the documents to be stored;
encrypting information in the reverse index materials based on the derived key to obtain ciphertext reverse index materials, and encrypting information in the forward index materials based on the derived key to obtain ciphertext forward index materials;
and packaging the ciphertext reverse index material and the ciphertext forward index material by using the safe word segmentation device to obtain a ciphertext index material.
3. The method for uploading and storing the documents according to claim 2, wherein the processing of the documents to be stored by using a security word segmentation device in the full text search engine client to obtain the inverted index materials comprises:
extracting keyword information in the document to be stored by using a security word segmentation device in a full-text search engine client, counting word frequency information of the keywords, and screening summary information from the document to be stored based on the keywords;
and obtaining inverted index materials based on the keyword information, the word frequency information and the abstract information.
4. The document uploading storage method according to claim 3, wherein the generating of forward-ranking information material according to the document meta-information in the document to be stored comprises:
obtaining domain information according to the document meta-information in the document to be stored, and obtaining forward information materials based on the domain information; wherein, the domain information comprises any one or more of title, date, author and time.
5. The document uploading storage method according to claim 4, wherein the deriving a derivative key based on the first key comprises:
obtaining a first derived key, a second derived key and a third derived key from the first key by using a key derivation algorithm;
correspondingly, the encrypting the information in the inverted index material based on the derived key to obtain the ciphertext inverted index material includes:
encrypting the keyword information by using the first derivative key based on a preset hash algorithm to obtain a ciphertext keyword, encrypting the word frequency information by using the second derivative key based on an order preserving encryption algorithm to obtain a ciphertext word frequency, and encrypting the summary information by using the third derivative key to obtain a ciphertext summary;
obtaining a ciphertext inverted material based on the ciphertext keyword, the ciphertext word frequency and the ciphertext abstract;
correspondingly, the encrypting the information in the forward indexing material based on the derived key to obtain ciphertext forward indexing material includes:
and encrypting the domain information by using the third derived key to obtain ciphertext domain information, and obtaining a ciphertext forward index material based on the ciphertext domain information.
6. The document uploading and storing method according to claim 5, wherein the transmitting the ciphertext index material, the ciphertext document, and the encrypted key to a cloud server so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server comprises:
transmitting the ciphertext index material, the ciphertext document and the encrypted key to a cloud server so that the cloud server can analyze the ciphertext index material through a self-defined security word segmenter corresponding to the security word segmenter in a full-text search engine server side to obtain the ciphertext keyword, the ciphertext word frequency, the ciphertext abstract and the ciphertext domain information;
and storing the ciphertext keywords and the ciphertext domain information into corresponding index files according to preset storage rules through the full-text search engine server, constructing reverse word frequency files based on the ciphertext word frequency and the ciphertext abstract, and storing the reverse word frequency files according to the sequence of the ciphertext word frequency from large to small.
7. A document inquiry downloading method is characterized in that the method is applied to a user terminal and comprises the following steps:
acquiring query content of a ciphertext document to be downloaded, and processing the query content by using a security word segmentation device in a full-text search engine client to obtain an encrypted keyword; the ciphertext document to be downloaded is a ciphertext document stored by using the document uploading storage method according to any one of claims 1 to 6;
transmitting the encrypted keywords to a cloud server so that the cloud server matches a target ciphertext document set through a full-text search engine server based on the encrypted keywords, screening a preset number of ciphertext documents from the target ciphertext document set by using a predefined order-preserving encryption scoring mechanism, finishing the sorting of the preset number of ciphertext documents to obtain a ciphertext document sorting result, and then obtaining corresponding ciphertext display information based on the preset number of ciphertext documents;
acquiring the ciphertext document sequencing result and the ciphertext display information sent by the cloud server, acquiring a first key and a second key from a key management center, and acquiring a derived key based on the first key;
decrypting the ciphertext display information based on the derived key to obtain decrypted information, downloading a corresponding ciphertext document and an encrypted key corresponding to the ciphertext document from the cloud server based on the decrypted information and the ciphertext document sequencing result, so as to decrypt the encrypted key by using the second key to obtain a third key, and decrypting the ciphertext document by using the third key.
8. The document query downloading method of claim 7, wherein obtaining the corresponding ciphertext display information based on a preset number of the ciphertext documents comprises:
extracting a ciphertext abstract, a ciphertext title, a ciphertext author and ciphertext time corresponding to each ciphertext document from a preset number of ciphertext documents, and packaging the ciphertext abstract, the ciphertext title, the ciphertext author and the ciphertext time to obtain ciphertext display information.
9. A document uploading storage device is applied to a user terminal and comprises:
the key acquisition module is used for acquiring a first key and a second key from a key management center and obtaining a derived key based on the first key;
the material acquisition module is used for processing the document to be stored by utilizing a security word segmentation device in the full-text search engine client to obtain an index material and correspondingly encrypting the index material based on the derived key to obtain a ciphertext index material;
the key generation module is used for calling the password module by utilizing the security word segmentation device to generate a third key;
the encryption module is used for encrypting the document to be stored by using the third key to obtain a ciphertext document, and encrypting the third key by using the second key to obtain an encrypted key;
and the uploading storage module is used for uploading the ciphertext index material, the ciphertext document and the encrypted key to a cloud server, so that the cloud server updates an index file based on the ciphertext index material through a full-text search engine server, and stores the ciphertext document and the encrypted key to a storage system.
10. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the document upload storage method according to any one of claims 1 to 6.
11. A computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the steps of the document upload storage method of any of claims 1 to 6.
CN202210915910.7A 2022-08-01 2022-08-01 Document uploading and storing method, query downloading method, device, equipment and medium Pending CN115269504A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210915910.7A CN115269504A (en) 2022-08-01 2022-08-01 Document uploading and storing method, query downloading method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210915910.7A CN115269504A (en) 2022-08-01 2022-08-01 Document uploading and storing method, query downloading method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115269504A true CN115269504A (en) 2022-11-01

Family

ID=83746280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210915910.7A Pending CN115269504A (en) 2022-08-01 2022-08-01 Document uploading and storing method, query downloading method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115269504A (en)

Similar Documents

Publication Publication Date Title
US10013574B2 (en) Method and apparatus for secure storage and retrieval of encrypted files in public cloud-computing platforms
EP3168771B1 (en) Poly-logarythmic range queries on encrypted data
Chen et al. An efficient privacy-preserving ranked keyword search method
US8930691B2 (en) Dynamic symmetric searchable encryption
US10664610B2 (en) Method and system for range search on encrypted data
Awad et al. Chaotic searchable encryption for mobile cloud storage
US20160125198A1 (en) Searchable encryption with secure and efficient updates
CN108038128B (en) Retrieval method, system, terminal equipment and storage medium of encrypted file
US9946720B1 (en) Searching data files using a key map
Khan et al. Secure ranked fuzzy multi-keyword search over outsourced encrypted cloud data
Hahn et al. Poly-logarithmic range queries on encrypted data with small leakage
CN110110550B (en) Searchable encryption method and system supporting cloud storage
Quan et al. Efficient and secure top-k queries with top order-preserving encryption
Hiemenz et al. Dynamic searchable symmetric encryption for storing geospatial data in the cloud
KR102290605B1 (en) Message transmission system, communication terminal, server device, message transmission method and program
CN106874379B (en) Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system
EP2775420A1 (en) Semantic search over encrypted data
Ti et al. Benchmarking dynamic searchable symmetric encryption scheme for cloud-internet of things applications
CN115269504A (en) Document uploading and storing method, query downloading method, device, equipment and medium
Shahien et al. Multi-server searchable data crypt: searchable data encryption scheme for secure distributed cloud storage
Kamini et al. Encrypted multi-keyword ranked search supporting gram based search technique
Tan et al. A client-server prototype of a symmetric key searchable encryption scheme using open-source applications
CN116701493B (en) Database operation method supporting fuzzy query and user side
Ananthi et al. Secured Multikeyword Search over Encrypted Cloud Data Based On Quality and Usability
Rajendran et al. An Efficient Ranked Multi-Keyword Search for Multiple Data Owners Over Encrypted Cloud Data: Survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination