CN115333845B - Privacy data verification method based on subset - Google Patents
Privacy data verification method based on subset Download PDFInfo
- Publication number
- CN115333845B CN115333845B CN202211000771.1A CN202211000771A CN115333845B CN 115333845 B CN115333845 B CN 115333845B CN 202211000771 A CN202211000771 A CN 202211000771A CN 115333845 B CN115333845 B CN 115333845B
- Authority
- CN
- China
- Prior art keywords
- key
- ciphertext
- verification
- subset
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000013524 data verification Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 95
- 230000002776 aggregation Effects 0.000 claims abstract description 42
- 238000004220 aggregation Methods 0.000 claims abstract description 42
- 238000004891 communication Methods 0.000 claims abstract description 22
- 230000008569 process Effects 0.000 claims abstract description 18
- 238000004364 calculation method Methods 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 11
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 8
- 238000001914 filtration Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 238000006116 polymerization reaction Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a privacy data verification method based on a subset, which relates to the field of communication and comprises the following steps: establishing a key exchange channel with a receiving terminal and a gateway server respectively, and generating a first key and a second key based on a key exchange protocol; encrypting the target data based on the second key and the encryption parameter and the public key issued by the key generation center to generate a ciphertext tag; and the ciphertext label is sent to the gateway server, so that the gateway server can decrypt and match the ciphertext label based on the aggregation trapdoor uploaded by the receiving terminal. In the scheme, the sending, receiving and server sides respectively establish key exchange channels, and encrypt, generate and aggregate trapdoors, verify and the like according to encryption parameters, public keys or private keys of a key generation center, so that keywords in a trapdoor verification designated keyword set are realized, verification efficiency is improved, and confidentiality of a data set and the trapdoors in the hidden data verification process is also protected.
Description
Technical Field
The embodiment of the application relates to the field of communication, in particular to a privacy data verification method based on a subset.
Background
In recent years, with the competition about key core technologies among large countries, particularly core technologies related to the aspect of national security, the requirement on how to design autonomous and controllable domestic cryptographic technologies is also growing. On the basis of organically combining as many of the existing domestic cryptographic techniques as possible, it is an important measure to realize efficient key data privacy verification technology.
In the related art, a public key encryption scheme of keyword search is a popular data encryption verification scheme. The traditional PEKS scheme has a certain privacy disclosure risk for small keyword space scenes, namely, the traditional PEKS scheme is easy to suffer from keyword guessing attacks. Specifically, when the receiver wants to filter the subset of keywords, each incoming data should be compared with the labels of all the keywords in the subset, which increases the number of verification times of the cloud or the terminal, and affects the communication efficiency. Taking CN 110489998B as an example, the method is limited to encryption and filtering of files, but cannot be applied to privacy data verification under a real-time application scene of data flow, and the method only supports single keyword searching, if subset searching needs to be supported, a plurality of single keyword trapdoors need to be deployed at a gateway and operated with the trapdoors in sequence, so that the execution efficiency is not high.
Disclosure of Invention
The application provides a subset-based privacy verification method. The method solves the problem of guessed attack and verification efficiency of data in the related technology, and the technical scheme is as follows:
in one aspect, a subset-based privacy verification method is provided, the method is used for a transmitting terminal, and the method includes:
establishing a key exchange channel with a receiving terminal and a gateway server respectively, and generating a first key and a second key based on a key exchange protocol; the first secret key is a shared secret key between the receiving and transmitting ends, and the second secret key is a shared secret key which is encrypted by the transmitting terminal and checked by the gateway service;
based on the second secret key, the encryption parameters and the public key issued by the secret key generation center, carrying out data encryption on target data to generate a ciphertext tag; communication connection is established between the key generation center and the sending terminal, between the key generation center and the receiving terminal and between the key generation center and the gateway server;
the ciphertext label is sent to the gateway server, so that the gateway server can conveniently check the ciphertext label based on the aggregation trapdoor uploaded by the receiving terminal, and the check result is sent to the receiving terminal; the aggregate trapdoor is generated by the receiving terminal based on a subset of the specified keyword space.
In another aspect, there is provided a subset-based private data authentication method for a gateway server, the method comprising:
establishing a key exchange channel with the sending terminal, and generating a second key based on a key exchange protocol; the second key is a shared key for encryption by the sending terminal and the gateway service;
receiving the ciphertext tag uploaded by the sending terminal, and decrypting and checking the ciphertext tag based on the second secret key, the encryption parameter issued by the secret key generation center and the aggregation trapdoor uploaded by the receiving terminal; the aggregation trapdoor is generated by the receiving terminal based on a subset of the keyword space, and communication connection is established among the key generation center, the sending terminal, the receiving terminal and the gateway server;
responding to the matching of the verification result of the ciphertext label and the verification set of the subset, and transmitting the verification result to the receiving terminal; the verification set contains verification data of all keywords in the subset.
In yet another aspect, there is provided a subset-based private data authentication method for a receiving terminal, the method comprising:
establishing a key exchange channel with a sending terminal, and generating a first key based on a key exchange protocol; the first secret key is a shared secret key between the receiving and transmitting ends;
acquiring a private key issued by a key generation center, and generating an aggregation trapdoor based on the first key and a subset of a keyword space agreed with the sending terminal; communication connection is established between the key generation center and the sending terminal, between the key generation center and the receiving terminal and between the key generation center and the gateway server;
uploading the aggregation trapdoor to a gateway server, facilitating decryption and verification of the gateway server through the aggregation trapdoor and the ciphertext tag uploaded by the sending terminal, and receiving a verification result issued by the gateway server.
In yet another aspect, a gateway server is provided, the gateway server comprising a processor and a memory, the memory storing therein at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the subset-based privacy data verification method of the above aspect.
The beneficial effects brought by the technical scheme at least comprise: introducing a third party key generation center, and acquiring encryption parameters, a public key and a private key by each part based on the key generation center without acquiring data of each part to realize communication isolation; for the verification and decryption processes, the scheme is placed on the gateway server, so that the decryption pressure of the receiving terminal can be reduced, and the possibility of privacy leakage possibly occurring between the terminals is avoided; secret keys are established between the sending terminal and the gateway server and between the sending terminal and the receiving terminal, so that end-to-end directional encryption is realized, and even if data are hijacked, the data cannot be predicted and cracked through keywords; for all the encrypted data of the sending terminal, the receiving terminal does not need secondary uploading and request, and the data decryption, verification, filtering and receiving can be realized only by one-time uploading. Compared with the encryption mode in the related art, the scheme is greatly improved in encryption safety and communication efficiency.
Drawings
Fig. 1 is a schematic view of a scenario of a subset-based privacy data verification method provided in an embodiment of the present application;
fig. 2 is a flowchart of a subset-based privacy data verification method for a transmitting terminal according to an embodiment of the present application;
fig. 3 is a flowchart of a subset-based privacy data verification method for a gateway server provided in an embodiment of the present application;
fig. 4 is a flowchart of a subset-based privacy data verification method for a receiving terminal according to an embodiment of the present application;
fig. 5 is an interactive flow chart of a subset-based privacy data verification method provided in another embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
References herein to "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
Fig. 1 is a schematic view of a scenario of a subset-based privacy data verification method provided in an embodiment of the present application. Including a key generation center 100, a transmission terminal 200, a gateway server 300, and a reception terminal 400. The key generation center 100 is an authorized entity established between government parts or defense departments to ensure confidential information and to avoid privacy from being compromised by theft. The key generation center 100 synchronizes the generated information such as the key and encryption parameter to the transmitting terminal 200, the gateway server 300 and the receiving terminal 400 to establish a verification mechanism, and after the verification mechanism is established, all data information between the transmitting terminal and the receiving terminal is encrypted and verified to ensure absolute security of the information. The transmitting terminal and the receiving terminal in this embodiment represent at least one or more devices including, but not limited to, mobile handsets, PCs, notebooks, repeaters, workstations, etc. The gateway server 200 corresponds to a server of a software program for data interaction between the transmitting terminal 100 and the receiving terminal 300, for example, a server of a communication program, a server of an e-mail, a server of a financial system and a network platform, etc. The gateway server 200 monitors all data uploaded by the sending terminal 200, verifies the data, and selects to filter, hide and send target data according to the requirements of the two parties.
The key generation center 100 is a government-approved trust authority that provides a unified public key and a separate private key for the receiver and sender and application server, the timeliness of the public and private keys being set according to regulations. During the period of time, the receiving terminal 400 only needs to upload the aggregation trapdoor once to the gateway server 300, and the gateway server 300 performs filtering and verification. Alternatively, the program and algorithm for encrypting, uploading and verifying the data may be installed on the transmitting terminal and the receiving terminal, or on a device such as a switch or a router in a department, and the target data for transmitting and verifying includes, but is not limited to, information such as a file, an audio/video, a data stream, and a mail.
The data verification process needs to be agreed in advance, namely, public key keys are issued among all parts, verification keys are mutually established, a subset of a keyword space is agreed, and verification is carried out according to keywords contained in the subset. In contrast, during the interactive communication, the receiving terminal 400 feeds back information to the transmitting terminal 200, and identity is exchanged, encrypted and uploaded by the receiving terminal 400, and the transmitting terminal receives 200. Only one of the processes is described in the following embodiments. The keyword space in the scheme comprises a plurality of subsets, and specified keywords can be added into different subsets according to actual needs, wherein the keywords comprise but are not limited to numerical values, codes, websites, characters, character strings, special symbols and the like. The method can be used for file identification, and can also realize encryption and verification of streaming media formats such as data streams, images, voice characters and the like.
Fig. 2 is a flowchart of a privacy verification method provided in an embodiment of the present application, which is used for the transmitting terminal 200 in fig. 1, and includes the following steps:
step 201, a key exchange channel is respectively established with a receiving terminal and a gateway server, and a first key and a second key are generated based on a key exchange protocol.
The first key is a shared key between the receiving and transmitting ends, and the second key is a shared key for encryption by the transmitting terminal and verification by the gateway service.
Under the condition that a checking mechanism is established between the sending terminal and the receiving terminal, any data information sent by the sending terminal needs to be encrypted, a key exchange channel is established between the gateway server and the receiving terminal for establishing the checking mechanism, the key exchange channel does not conduct data interaction, and the key exchange channel is only used for handshake according to a specific key exchange protocol to generate a corresponding key. The first secret key established by the sending terminal and the receiving terminal is a secret key shared by the two parties and is respectively used for encrypting data of the sending terminal and generating an aggregation trapdoor by the receiving terminal; and the second key established by the sending terminal and the gateway server is used for encrypting data at the sending end and decrypting the data at the gateway server.
And 202, encrypting the target data based on the second key, the encryption parameters and the public key issued by the key generation center, and generating a ciphertext tag.
Communication connection is established between the key generation center and the sending terminal, between the receiving terminal and the gateway server, and is used for issuing encryption parameters and public keys when a verification mechanism is initialized and changed. The encryption parameters specify the protocols, algorithms, system parameters, etc. necessary for encryption and decryption. The public key is used for encryption and authentication of the various parts. And the sending terminal encrypts the target data according to the uploaded second key, the encryption parameters and the public key issued by the key generation center, and generates a ciphertext tag, namely encrypted data information. The process can be completed on the terminal or encrypted by the network equipment of the department where the terminal is located.
And 203, sending the ciphertext label to a gateway server, facilitating the gateway server to verify the ciphertext label based on the aggregation trapdoor uploaded by the receiving terminal, and sending the verification result to the receiving terminal.
One reason for data encryption is to avoid the risk of revealing confidential data between the sender and the receiver, and the other is to avoid that the data is hijacked and cracked, resulting in privacy disclosure. Encryption between the transmitting terminal and the server may prevent the risk of hijacking, while encryption between the transmitting terminal and the receiving terminal may avoid privacy disclosure between parts or terminals. The departments and the terminals realize the safe communication of the sender and the receiver through the agreed keyword space and the related subset, namely, the subset is constructed based on the privacy keywords, and the sent target data is encrypted and checked according to the subset. The aggregation trapdoor is generated by the receiving terminal based on a subset of the key space agreed with the transmitting terminal. After the receiving terminal agrees with the agreement, can be according to parameter and various secret keys generation and gathering the trapdoor that acquire, upload the gateway server with gathering the trapdoor, the gateway server carries out decryption and check to the ciphertext label that the sending terminal uploaded based on this and gathers the trapdoor, finally sends the check result to the receiving terminal.
Fig. 3 is a flowchart of a privacy verification method provided in an embodiment of the present application, which is used in the gateway server 300 in fig. 1, and includes the following steps:
step 301, a key exchange channel is established with a transmitting terminal, and a second key is generated based on a key exchange protocol.
The process refers to step 201 and will not be described in detail here.
And 302, receiving the ciphertext tag uploaded by the sending terminal, and decrypting and checking the ciphertext tag based on the second secret key, the encryption parameter issued by the secret key generation center and the aggregation trapdoor uploaded by the receiving terminal.
The aggregation trapdoor is generated by the receiving terminal based on a subset of the keyword space agreed with the transmitting terminal, and communication connection is established among the key generating center, the transmitting terminal, the receiving terminal and the gateway server. The aggregation trapdoor and the encryption parameters are acquired in advance by the gateway server, and after the ciphertext label uploaded by the sending terminal is received, the ciphertext label can be decrypted and checked. The decryption and verification are needed to be participated together by the second secret key and the aggregation trapdoor, the aggregation trapdoor is not needed to be uploaded and modified each time, and the receiving terminal is not needed to repeat the uploading work on the premise of not changing the protocol content.
And step 303, in response to the matching of the verification result of the ciphertext tag with the verification set of the subset, sending the verification result to the receiving terminal.
The verification set comprises verification data of all keywords in the subset, under the condition that the subset is determined, the verification data set corresponding to each keyword can be obtained by performing preliminary encryption through encryption parameters issued by a key generation center, and the verification set is obtained by hash operation based on the issuing of the key generation center and only exists in a gateway server, so that privacy leakage caused by unilateral data decryption between terminals is avoided.
Fig. 4 is a flowchart of a privacy verification method provided in an embodiment of the present application, for use in the gateway server 400 in fig. 1, including the following steps:
in step 401, a key exchange channel is established with a transmitting terminal, and a first key is generated based on a key exchange protocol.
This process refers to step 201, which is not described in detail.
And step 402, acquiring the encryption parameters and the private key issued by the key generation center, and generating an aggregation trapdoor based on the first key and a subset of the keyword space agreed with the sending terminal.
Because the communication connection is established between the key generating center and the transmitting terminal, the receiving terminal and the gateway server. The receiving terminal can acquire the encryption parameters and the private key issued by the key generation center in real time. The encryption parameters and private key are used to generate an aggregate trapdoor, and the aggregate trapdoor is generated based on a subset of the specified key space, which reduces the decryption matching pressure of the server during the authentication process. The first key is for end-to-end encryption to ensure that data is hijacked and cracked, the private key is different from the public key, the key generation center synchronizes the public key to the receiving terminal, the sending terminal and the gateway server, and the private key is a unique key special for the receiving party.
Step 403, uploading the aggregation trapdoor to the gateway server, so that the gateway server can decrypt and check the ciphertext label uploaded by the aggregation trapdoor and the sending terminal conveniently, and receiving the check result issued by the gateway server.
The process refers to step 203 and will not be described in detail here.
In summary, in order to improve the security of communication between the departments and the terminals, a third-party key generation center is introduced, and the key generation center is responsible for issuing encryption parameters, public keys and private keys without acquiring data of each part, so that communication isolation is realized; for the verification and decryption processes, the scheme is placed on the gateway server, so that the decryption pressure of the receiving terminal can be reduced, and the possibility of privacy leakage possibly occurring between the terminals is avoided; secret keys are established between the sending terminal and the gateway server and between the sending terminal and the receiving terminal, so that end-to-end directional encryption is realized, and even if data are hijacked, the data cannot be predicted and cracked through keywords; for all encrypted data of a sending terminal, a receiving terminal does not need secondary uploading and request, and data decryption, verification, filtering and receiving can be realized only by one-time uploading. Compared with the encryption mode of single keywords in the related art, the scheme constructs the aggregation trapdoor through the subset, only one aggregation trapdoor is needed to be generated, and the encryption security and the verification efficiency are greatly improved.
Fig. 5 is an interactive flow chart of a subset-based privacy data verification method provided in another embodiment of the present application. The method comprises the following steps:
in step 501, a first key exchange channel is established between a receiving terminal and a transmitting terminal, and a first key for hiding a keyword is generated based on an SM2 key exchange protocol.
In the scheme, the cipher negotiations need to mutually establish a special channel and are generated by running a cipher exchange protocol which is issued by a cipher generation center. The encryption parameters sp issued by the password generation center at least comprise security parametersBilinear map->Subset W,>order cycle group and generator->Hash function->Key exchange protocol->And encryption protocol->At least one of (a) and (b); the issued keys again comprise the public key +.>And private key->The public key is generated based on the private key,/-A>. Wherein->,/>,/>The value is 0 to +.>A positive integer therebetween. The system parameters need to be synchronized to a server and a receiving and transmitting end, so that subsequent synchronous encryption and decryption are facilitated. For the communication connection between the key generating center, the receiving terminal and the transmitting terminal by the gateway server, the special channel is also adopted for transmission, so as to ensure the safety of data transmission.
In addition, the cipher exchange protocol in the scheme adopts SM2 cipher key exchange protocol, and the first is established between the receiving terminal and the transmitting terminalAfter a key exchange channel, a key exchange protocol based on SM2 is operated to generate a first key for hiding the sub-setThe first key may initially conceal the target data. />,/>I.e. the security parameter, and also the length of the first key string.
Step 502, a second key exchange channel is established between the sending terminal and the gateway server, and a second key for data encryption is generated based on the SM2 key exchange protocol.
The second key exchange channel is similar to the first encryption channel for generating a key between the sending terminal and the gateway server. Second secret keyThe second key and the first key belong to random keys, and the character string sequences may be different.
It should be noted that, a secure transmission channel is established between the gateway server, the sending terminal, and the receiving terminal and the key generating center, respectively, for receiving the encryption parameters and the public and private keys.
In step 503, the transmitting terminal composes a first key tuple based on the first key and the second key.
First Key tupleThe function of the key tuple is equivalent to taking each key part to be used as a vector set, and the key parts are selected to be used in the encryption and decryption processes. The first key tuple is for a receiving terminal. Similarly, the receiving terminal also needs to generate a second key tuple +>。
The receiving terminal composes a second key tuple based on the private key and the first key, step 504.
For use by the transmitting terminal in generating an aggregation trapdoor, and the second key tuple is a key tuple unique to the receiving party.
It should be noted that, the first key tuple can be shared with the department terminal, so as to realize quick copying, and realize that the multi-terminal and the sending terminal receive the shared ciphertext tag. The execution sequence of step 503 and step 504 is not sequential, and can be arbitrarily adjusted, so long as the private key is obtained and the first key is generated.
Step 505, the sending terminal selects an encrypted random number, and performs data encryption on the target data based on the encrypted random number, the first key tuple, the public key and the encryption parameter to obtain a ciphertext tag.
In order to ensure the randomness and the security of encryption, for target data sent by a sending terminal each time, the sending terminal selects a random number r, combines r,、/>And->And encrypts the target data through SM4 encryption protocol. Wherein r is not more than +.>Positive integer of>Representing the order of the order cyclic group in the encryption parameter. The method comprises the following steps of:
step 505a, based on the encrypted random number r and the generatorCalculating to obtain ciphertextThe first ciphertext of the tag.
Before the transmitting terminal transmits data each time, r is randomly selected based on the generation elementCalculating to obtain a first ciphertext->. The calculation formula of the first ciphertext is as follows:
in step 505b, hash operation is performed on the target data and the first key through a hash function, and bilinear mapping is performed on the hash operation result and the public key, so as to obtain a second ciphertext of the ciphertext tag.
The hash function in the scheme is issued by the secret generation center, and for target data w, hash operation encryption is carried out by using a first key in the first key tuple to obtain encrypted dataFurther, the issued public key is reused>Performing bilinear mapping calculation with the encrypted random number to obtain a second ciphertext +.>. The calculation formula of the second ciphertext is as follows:
for the first key->For target data, H is a hash function, e is a bilinear map function, rRepresenting an r-th operation on the public key.
And 505c, carrying out SM4 symmetric encryption on the second key and the encrypted random number to obtain a third ciphertext.
The first two times of encryption adopts random number encryption and a first key to carry out hash encryption on target data, and because the process needs to be decrypted through a gateway server, the second key agreed with handshake of the gateway server is also needed to be used for encryption, so that on one hand, keyword prediction hijacking is prevented, and meanwhile, hackers can be prevented from invading the server and obtaining data inside the server side to a certain extent from being decrypted reversely. Third ciphertextEncryption is carried out by using an SM4 encryption protocol, and the calculation formula is as follows:
for the second key->The function is calculated for symmetric encryption. It should be noted that in the three-section cipher text, only the second cipher text contains the target data, and the other two cipher texts are used for increasing complexity and decryption.
And 505d, combining the first ciphertext, the second ciphertext and the third ciphertext to obtain the encrypted ciphertext tag.
The ciphertext label is a form after integrating three sections of ciphertext, and the ciphertext label is expressed as。
In step 506, the sending terminal sends the ciphertext tag to the gateway server.
In step 507, the receiving terminal obtains the hash function in the encryption parameter, calculates ciphertext hash values of all keywords in the sub-set based on the second key tuple, and determines the product of all ciphertext hash values as the first hash value.
For the receiving terminal, the aggregation trapdoor can be generated only after the private key and the encryption parameter issued by the first key and the key generation center are acquired. Generating the aggregation trapdoor requires acquiring a corresponding sub-set in advance, calculating ciphertext hash values of all keywords in the sub-set, and then acquiring a first hash value。/>The calculation formula is as follows:
for the ith keyword in the subset, < +.>A private key, and is a positive integer, here representing the power calculation; />Ciphertext hash value for the ith keyword, < +.>Is the first key. Note that, subset w= = ->Including but not limited to text coding, speech coding, video coding, mailbox and web site coding, etc.
Step 508, calculating the ratio of the first hash value to all the ciphertext hash values, and combining the second hash value of the ratio into a verification set.
Verification setThe verification method is a standard for verification of the final gateway server, and the number of verification sets is the same as the number of keywords. The ratio of the first hash value to all ciphertext hash values is +.>The expression is as follows:
verification setExpressed as:
and n is the total number of keywords, and i is less than or equal to n, which is the ratio of the first hash value to the ith ciphertext hash value.
In step 509, the receiving terminal composes the first hash value and the verification set into an aggregation trapdoor.
Polymerization trapdoorThe verification data of all keywords in the subset are contained, and the verification data are formed based on a private key and encryption parameters issued by the key generation center, so that data cannot be pushed back and decrypted even if data leakage occurs.
Step 510, the receiving terminal uploads the aggregation trapdoor to the gateway server.
It should be noted that, steps 507-510 may occur before step 506 or after step 506, because decryption and verification of the gateway server may be performed only by having both the ciphertext tag and the aggregation trapdoor uploaded.
In step 511, the gateway server decomposes the aggregate trapdoor to obtain a first hash value for the subset.
The process is the acquisition step 507. Reference is made in particular to step 507.
In step 512, the gateway server decomposes the ciphertext tag to obtain a first ciphertext and a third ciphertext therein.
For the tag ciphertext, the gateway server may obtain the first ciphertext and the third ciphertext by decomposing the first ciphertext, and may not decompose the second ciphertext including the target data, so as to reduce data processing pressure, and decrypt the second ciphertext after the verification condition is satisfied, i.e. extract the target data according to the public key and bilinear mapping and hash operation.
Step 513, the gateway server performs bilinear mapping operation on the first hash value and the first ciphertext to obtain a first check value; and carrying out SM4 decryption operation on the second secret key and the third ciphertext to obtain a second check value.
The decryption process also needs to rely on encryption parameters, namely, bilinear map decryption operations and SM4 decryption operations. First check value. The second check value is encoded with a second key +.>As input, the SM4 decryption algorithm is run to obtain。
Step 514, the gateway server performs a check operation on the first check value and the second check value, and matches the check result with the verification set of the subset.
The first check formula for the first check value y and the second check value m is:
the second check formula for the second check value m is:
representing an inverse operation on the second check value m, z being the check result, c being the received ciphertext tag,/and->Representing the order of the cyclic group in the encryption parameter.
Checking the check value by checking whether there areTo determine. I.e. z is matched with all second hash values in the verification set of the subset.
And step 515, when the gateway server is matched with the same second hash value and the verification operation result meets the requirement, the gateway server indicates that the keyword exists in the target data, and feeds back the decryption result to the receiving terminal according to the encryption protocol.
When the arrival of z is matched with a certain second hash value in the verification set and the second hash value meets an identity formula of inverse element operation, the target data contains keywords in the hit sub-set or the keywords in the hit sub-set, and then the keywords are filtered according to an encryption protocol, and the keywords are hidden or fed back to a receiving terminal and the like.
Taking mail filtering as an example, the mail communication between the A department and the B department is that the gateway server is a mail server, the mail sent by the A department contains external network connection, and the external network connection is a specified keyword, so that the gateway server can intercept the mail directly, and for the mail which does not contain the keyword normally, the mail is decrypted into normal mail format data, and then the mail is forwarded to the terminal equipment of the B department for display.
In summary, in order to ensure the security of data communication, a third party key generation center is added on the basis of a receiving end, a transmitting end and a gateway server. In addition, in order to avoid hijacking and reverse predictive cracking of the transmitted data, the transmitting end and the receiving end respectively establish a switching channel, and the transmitting end and the server end generate a first key and a second key through a protocol issued by a key generation center, so that the data is prevented from being intercepted and cracked in the transmitting process and the server end is prevented from being invaded and acquired.
In the encryption of data and the generation operation of an aggregation trapdoor, a first key for keyword hiding is used, keywords are mapped to a larger variable space, and the adversary is prevented from performing keyword guessing attack; meanwhile, each keyword is independently encrypted, and possible ciphertext combinations do not need to be preprocessed according to verification conditions, so that the storage space of ciphertext data is reduced; in trapdoor generation operation, for a given plurality of keywords, a data receiver only needs to generate an aggregate trapdoor of the whole subset, instead of generating one trapdoor for each keyword, so that the calculation complexity in the verification stage is reduced; in the verification stage, when the aggregation key is used for verifying whether the message corresponding to the detected ciphertext is contained in the keyword set corresponding to the aggregation trapdoor, the gateway server only needs to perform bilinear calculation once, and the calculation amount required by the traditional verification method is positive to the number of the keyword sets. According to our definition, a trapdoor can be used to detect ciphertext of multiple keyword conditions, hiding the size distribution of a single keyword query result to a certain extent, and thus can play a role in resisting leakage abuse attacks based on the result size.
The verification process is put on the server side, the strong processing capacity of the cloud is relied on, the response speed of receiving can be improved, and the terminal pressure is reduced, so that the effect of resisting leakage abuse attacks based on the result size can be achieved, and the efficiency of the traditional verification method is greatly reduced. Compared with the prior art, the trapdoor aggregation technology can use one aggregated trapdoor to realize privacy verification of a plurality of keywords. The mapping space of the keywords is enlarged by utilizing the encryption technology of public and private key mixing, and the guessing attack of the keywords from the internal adversary is resisted; meanwhile, in the verification stage, for any ciphertext, the gateway server can complete verification matching by only executing bilinear operation once, so that the efficiency of the traditional verification method is greatly reduced, and the communication safety is improved. In addition, the design is based on domestic passwords SM2 and SM4, and the localization of privacy verification technology is realized.
In an embodiment of the present application, there is also provided a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. A processor of a computer device reads the computer instructions from a computer readable storage medium, the processor executing the computer instructions to cause the computer device to perform the subset-based privacy data verification method of any of the above aspects.
The foregoing describes preferred embodiments of the present invention; it is to be understood that the invention is not limited to the specific embodiments described above, wherein devices and structures not described in detail are to be understood as being implemented in a manner common in the art; any person skilled in the art will make many possible variations and modifications, or adaptations to equivalent embodiments without departing from the technical solution of the present invention, which do not affect the essential content of the present invention; therefore, any simple modification, equivalent variation and modification of the above embodiments according to the technical substance of the present invention still fall within the scope of the technical solution of the present invention.
Claims (9)
1. A subset-based private data authentication method for a transmitting terminal, the method comprising:
establishing a key exchange channel with a receiving terminal and a gateway server respectively, and generating a first key and a second key based on a key exchange protocol; the first secret key is a shared secret key between the receiving and transmitting ends, and the second secret key is a shared secret key which is encrypted by the transmitting terminal and checked by the gateway service;
based on the second secret key, the encryption parameters and the public key issued by the secret key generation center, carrying out data encryption on target data to generate a ciphertext tag; communication connection is established between the key generation center and the sending terminal, between the key generation center and the receiving terminal and between the key generation center and the gateway server;
the ciphertext label is sent to the gateway server, so that the gateway server can conveniently check the ciphertext label based on the aggregation trapdoor uploaded by the receiving terminal, and the check result is sent to the receiving terminal; the aggregation trapdoor is generated by the receiving terminal based on a subset of the specified keyword space;
the gateway server checking process comprises the steps of decomposing the aggregation trapdoor to obtain first hash values of all keywords in the subset; the first hash value is the product of ciphertext hash values corresponding to all keywords, and the ciphertext hash value is obtained by the receiving terminal through hash operation on the keywords according to the second key tuple;
decomposing the ciphertext tag to obtain a first ciphertext and a third ciphertext; the first ciphertext is obtained by the sending terminal based on the encrypted random number and the generation element, and the third ciphertext is obtained by performing SM4 symmetric encryption calculation on the encrypted random number by using a second key;
performing bilinear mapping operation on the first hash value and the first ciphertext to obtain a first check value; performing SM4 decryption operation on the third ciphertext by using the second key to obtain a second check value;
performing verification operation on the first verification value and the second verification value, and matching a verification result with a verification set of the subset; the verification set is a second hash value set formed by the ratio of the first hash value to each ciphertext hash value in the subset;
and when the same second hash value is matched and the verification operation result meets the requirement, indicating that the target data has the keyword, and feeding back the verification result to the receiving terminal according to an encryption protocol.
2. The method of claim 1, wherein establishing a key exchange channel with the receiving terminal and the gateway server, respectively, and generating the first key and the second key based on the key exchange protocol, comprises:
establishing a first key exchange channel with the receiving terminal, and generating the first key for hiding the keyword based on an SM2 key exchange protocol; a second key exchange channel is established with the gateway server, and the second key for data encryption is generated based on an SM2 key exchange protocol.
3. The method according to claim 2, wherein the encryption parameters include at least security parameters, bilinear mapping functions, the subset, and,Order cycle group and generator->At least one of a hash function, a key exchange protocol, and an encryption protocol; the first key and the second key are generated based on the security parameters; the public key is generated by the key generating center based on a private key and a generator; the private key is randomly generated by the key generation center.
4. The method according to claim 3, wherein the encrypting the target data based on the second key and the encryption parameter and the public key issued by the key generation center to generate the ciphertext tag includes:
forming a first key tuple based on the first key and the second key;
selecting an encrypted random number r, and carrying out data encryption on the target data based on the encrypted random number, the first key tuple, the public key and the encryption parameter to obtain the ciphertext tag; wherein r is not greater thanPositive integer of>Representing the order of the order cyclic group in the encryption parameter.
5. The method of claim 4, wherein the data encrypting the target data based on the encrypted random number, the first key tuple, the public key, and the encryption parameter to obtain the ciphertext tag comprises:
based on the encrypted random number r and the generatorCalculating to obtain the first ciphertext of the ciphertext tag>The method comprises the steps of carrying out a first treatment on the surface of the The calculation formula is as follows:
performing hash operation on the target data and the first key through a hash function, and performing bilinear mapping operation on a hash operation result and the public key to obtain a second ciphertext of the ciphertext tagThe method comprises the steps of carrying out a first treatment on the surface of the The calculation formula is as follows:
for the first key->The method is characterized in that the method comprises the steps of taking target data, H as a hash operation function, and e as a bilinear mapping function;
encrypting the second key and the encryptionSM4 symmetric encryption is carried out on the random number, and a third ciphertext is obtainedThe method comprises the steps of carrying out a first treatment on the surface of the The calculation formula is as follows:
for the second key->Calculating a function for symmetric encryption;
and combining the first ciphertext, the second ciphertext and the third ciphertext to obtain the encrypted ciphertext tag.
6. A subset-based private data verification method for a gateway server, the method comprising:
establishing a key exchange channel with the sending terminal, and generating a second key based on a key exchange protocol; the second key is a shared key for encryption by the sending terminal and the gateway service;
receiving the ciphertext label uploaded by the sending terminal, and decrypting and checking the ciphertext label based on the second secret key, the encryption parameter issued by the secret key generation center and the aggregation trapdoor uploaded by the receiving terminal; the aggregation trapdoor is generated by the receiving terminal based on a subset of the keyword space, and communication connection is established among the key generation center, the sending terminal, the receiving terminal and the gateway server; the aggregation trapdoor is decomposed to obtain first hash values of all keywords in the subset; the first hash value is the product of ciphertext hash values corresponding to all keywords, and the ciphertext hash value is obtained by the receiving terminal through hash operation on the keywords according to the second key tuple;
decomposing the ciphertext tag to obtain a first ciphertext and a third ciphertext; the first ciphertext is obtained by the sending terminal based on the encrypted random number and the generation element, and the third ciphertext is obtained by performing SM4 symmetric encryption calculation on the encrypted random number by using a second key;
performing bilinear mapping operation on the first hash value and the first ciphertext to obtain a first check value; performing SM4 decryption operation on the third ciphertext by using the second key to obtain a second check value;
performing verification operation on the first verification value and the second verification value, and matching a verification result with a verification set of the subset; the verification set is a second hash value set formed by the ratio of the first hash value to each ciphertext hash value in the subset;
when the same second hash value is matched and the verification operation result meets the requirement, indicating that the keyword exists in the target data, and feeding back the verification result to the receiving terminal according to an encryption protocol; the verification set contains verification data of all keywords in the subset.
7. The method of claim 6, wherein performing a check operation on the first check value and the second check value, matching a check result with the verification set of the subset, comprises:
the first check formula of the first check value y and the second check value m is as follows:
the second check formula for the second check value m is:
representing an inverse operation on the second check value, z being the check result, c being the received ciphertext tag,/o>Representing the order of the cyclic group in the encryption parameter.
8. A subset-based private data verification method for a receiving terminal, the method comprising:
establishing a key exchange channel with a sending terminal, and generating a first key based on a key exchange protocol; the first secret key is a shared secret key between the receiving and transmitting ends;
acquiring a private key issued by a key generation center, and generating an aggregation trapdoor based on the first key and a subset of a keyword space agreed with the sending terminal; communication connection is established between the key generation center and the sending terminal, the receiving terminal and the gateway server;
uploading the aggregation trapdoor to a gateway server, so that the gateway server can conveniently decrypt and check the ciphertext label uploaded by the aggregation trapdoor and the sending terminal, and receiving a check result issued by the gateway server;
the gateway server checking process comprises the steps of decomposing the aggregation trapdoor to obtain first hash values of all keywords in the subset; the first hash value is the product of ciphertext hash values corresponding to all keywords, and the ciphertext hash value is obtained by the receiving terminal through hash operation on the keywords according to the second key tuple;
decomposing the ciphertext tag to obtain a first ciphertext and a third ciphertext; the first ciphertext is obtained by the sending terminal based on the encrypted random number and the generation element, and the third ciphertext is obtained by performing SM4 symmetric encryption calculation on the encrypted random number by using a second key;
performing bilinear mapping operation on the first hash value and the first ciphertext to obtain a first check value; performing SM4 decryption operation on the third ciphertext by using the second key to obtain a second check value;
performing verification operation on the first verification value and the second verification value, and matching a verification result with a verification set of the subset; the verification set is a second hash value set formed by the ratio of the first hash value to each ciphertext hash value in the subset;
and when the same second hash value is matched and the verification operation result meets the requirement, indicating that the keyword exists in the target data, and feeding back the verification result to the receiving terminal according to the encryption protocol.
9. The method of claim 8, wherein the obtaining the encryption parameters and the private key issued by the key generation center and generating the aggregate trapdoor based on the first key and a subset of the key space agreed with the sending terminal comprises:
forming a second key tuple from the first key and the private key;
obtaining a hash function in the encryption parameters, calculating ciphertext hash values of all keywords in the subset based on the second key tuple, and determining products of all the ciphertext hash values as first hash valuesThe method comprises the steps of carrying out a first treatment on the surface of the The calculation formula is as follows:
for the ith keyword in the subset, < +.>For the private key in the second key tupleAnd is a positive integer, ">Ciphertext hash value for the ith keyword, < +.>A first key in a second key tuple;
calculating the ratio of the first hash value to all the ciphertext hash values respectively, and combining the second hash value of the ratio into a verification setThe method comprises the steps of carrying out a first treatment on the surface of the The validation set is expressed as:
n is the total number of keywords, and i is less than or equal to n, which is the ratio of the first hash value to the ith ciphertext hash value;
combining the first hash value and the verification set into the aggregation trapdoor。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211000771.1A CN115333845B (en) | 2022-08-19 | 2022-08-19 | Privacy data verification method based on subset |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211000771.1A CN115333845B (en) | 2022-08-19 | 2022-08-19 | Privacy data verification method based on subset |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115333845A CN115333845A (en) | 2022-11-11 |
| CN115333845B true CN115333845B (en) | 2024-04-12 |
Family
ID=83925228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211000771.1A Active CN115333845B (en) | 2022-08-19 | 2022-08-19 | Privacy data verification method based on subset |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115333845B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116886268B (en) * | 2023-08-10 | 2024-04-26 | 云海链控股股份有限公司 | Data transmission verification method, device, equipment and computer readable storage medium |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106549753A (en) * | 2016-10-18 | 2017-03-29 | 电子科技大学 | The encipherment scheme that a kind of support ciphertext of identity-based compares |
| CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
| CN108256348A (en) * | 2017-11-30 | 2018-07-06 | 深圳大学 | A kind of cipher text searching result verification method and its system |
| CN108390760A (en) * | 2018-01-12 | 2018-08-10 | 电子科技大学 | Public key keyword can search for encryption method end to end in a kind of cloud data transmission |
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN110602064A (en) * | 2019-08-29 | 2019-12-20 | 河海大学 | Identity-based encryption method and system supporting multi-keyword search |
| CN111786790A (en) * | 2020-06-09 | 2020-10-16 | 河海大学 | Privacy protection identity-based encryption method and system with keyword search function |
| CN112861153A (en) * | 2021-02-10 | 2021-05-28 | 华中科技大学 | Keyword searchable delay encryption method and system |
| CN113330712A (en) * | 2018-11-13 | 2021-08-31 | 蓝捕快股份公司 | Encryption system and method using permutation group-based encryption technology |
| WO2021208690A1 (en) * | 2020-11-11 | 2021-10-21 | 平安科技(深圳)有限公司 | Method and apparatus for data encryption and decryption, device, and storage medium |
| CN114124371A (en) * | 2021-10-27 | 2022-03-01 | 杭州师范大学 | Certificateless public key searchable encryption method meeting MTP (Multi-time programmable) security |
| CN114138823A (en) * | 2021-11-12 | 2022-03-04 | 山东云海国创云计算装备产业创新中心有限公司 | Encrypted file retrieval method and system |
| CN114142996A (en) * | 2021-11-18 | 2022-03-04 | 贵州大学 | Searchable encryption method based on SM9 cryptographic algorithm |
-
2022
- 2022-08-19 CN CN202211000771.1A patent/CN115333845B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106549753A (en) * | 2016-10-18 | 2017-03-29 | 电子科技大学 | The encipherment scheme that a kind of support ciphertext of identity-based compares |
| CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
| CN108256348A (en) * | 2017-11-30 | 2018-07-06 | 深圳大学 | A kind of cipher text searching result verification method and its system |
| CN108390760A (en) * | 2018-01-12 | 2018-08-10 | 电子科技大学 | Public key keyword can search for encryption method end to end in a kind of cloud data transmission |
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN113330712A (en) * | 2018-11-13 | 2021-08-31 | 蓝捕快股份公司 | Encryption system and method using permutation group-based encryption technology |
| CN110602064A (en) * | 2019-08-29 | 2019-12-20 | 河海大学 | Identity-based encryption method and system supporting multi-keyword search |
| CN111786790A (en) * | 2020-06-09 | 2020-10-16 | 河海大学 | Privacy protection identity-based encryption method and system with keyword search function |
| WO2021208690A1 (en) * | 2020-11-11 | 2021-10-21 | 平安科技(深圳)有限公司 | Method and apparatus for data encryption and decryption, device, and storage medium |
| CN112861153A (en) * | 2021-02-10 | 2021-05-28 | 华中科技大学 | Keyword searchable delay encryption method and system |
| CN114124371A (en) * | 2021-10-27 | 2022-03-01 | 杭州师范大学 | Certificateless public key searchable encryption method meeting MTP (Multi-time programmable) security |
| CN114138823A (en) * | 2021-11-12 | 2022-03-04 | 山东云海国创云计算装备产业创新中心有限公司 | Encrypted file retrieval method and system |
| CN114142996A (en) * | 2021-11-18 | 2022-03-04 | 贵州大学 | Searchable encryption method based on SM9 cryptographic algorithm |
Non-Patent Citations (4)
| Title |
|---|
| Keita Emura ; Le Trieu Phong ; Yohei Watanabe.Keyword Revocable Searchable Encryption with Trapdoor Exposure Resistance and Re-generateability.《IEEE》.2015,全文. * |
| Lei Xu,Chengzhi Xu, Jianghua Liu, Bennian Dou,Xiaocan Jin.Enabling privacy-preserving data validation from multi-writer encryption with aggregated keywords search.《Wireless Networks》.2022,全文. * |
| 云环境下个人医疗信息的密文检索方法研究;冒海波;李永忠;;计算机应用与软件;20170915(09);全文 * |
| 面向云存储的带关键词搜索的公钥加密方案;郭丽峰;李智豪;胡磊;;计算机研究与发展;20200707(07);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115333845A (en) | 2022-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104023013B (en) | Data transmission method, server side and client | |
| CN103763631B (en) | Authentication method, server and television set | |
| CN109495250B (en) | Quantum-computation-resistant intelligent home communication method and system based on key fob | |
| US20130073850A1 (en) | Hybrid encryption schemes | |
| CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| CN103338448A (en) | Wireless local area network security communication method based on quantum key distribution | |
| CA2829689A1 (en) | An instant communication method and system | |
| CN107682152B (en) | Group key negotiation method based on symmetric cipher | |
| CN109495251A (en) | Anti- quantum calculation wired home cloud storage method and system based on key card | |
| Mishra et al. | A pairing-free identity based authentication framework for cloud computing | |
| CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN106330432A (en) | DES encryption algorithm based encryption method | |
| CN115333845B (en) | Privacy data verification method based on subset | |
| CN116527279A (en) | Verifiable federal learning device and method for secure data aggregation in industrial control network | |
| Castiglione et al. | An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update | |
| CN104735094A (en) | Information separation based data security transmission system and method | |
| CN109889329A (en) | Anti- quantum calculation wired home quantum communications method and system based on quantum key card | |
| Liu | Designing And Implementing a Chat System with Enhanced Security Via AES Encryption Methods | |
| CN103685239A (en) | Real-time encryption and decryption system and real-time encryption and decryption method for mobile products | |
| CN111212017A (en) | Intelligent terminal-oriented safe transmission method and system | |
| CN115150076A (en) | Encryption system and method based on quantum random number | |
| CN112423295B (en) | Lightweight security authentication method and system based on block chain technology | |
| CN103873270B (en) | Intelligent meter infrastructure network system and its message broadcasting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |