CN115695035B - Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium - Google Patents

Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium Download PDF

Info

Publication number
CN115695035B
CN115695035B CN202211402163.3A CN202211402163A CN115695035B CN 115695035 B CN115695035 B CN 115695035B CN 202211402163 A CN202211402163 A CN 202211402163A CN 115695035 B CN115695035 B CN 115695035B
Authority
CN
China
Prior art keywords
data
user
attribute
oil
gas field
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211402163.3A
Other languages
Chinese (zh)
Other versions
CN115695035A (en
Inventor
朱平伦
朱顺德
孙建康
刘一幡
刘海峰
叶风生
刘文政
郭艳荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Yunke Hanwei Software Co ltd
Original Assignee
Shandong Yunke Hanwei Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Yunke Hanwei Software Co ltd filed Critical Shandong Yunke Hanwei Software Co ltd
Priority to CN202211402163.3A priority Critical patent/CN115695035B/en
Publication of CN115695035A publication Critical patent/CN115695035A/en
Application granted granted Critical
Publication of CN115695035B publication Critical patent/CN115695035B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The embodiment of the application provides an oil and gas field service data authorization method and device based on cloud storage, electronic equipment and a computer readable medium. The cloud-stored oil and gas field service data authorization method comprises the following steps: acquiring a user accessing target data in a cloud storage server, and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil and gas field service data; sending a downloading request to a cloud storage server, so that the cloud storage server transmits encrypted oil and gas field service data to terminal equipment held by a user according to the downloading request; and decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the self attribute key meeting the authorized access set, so that the security of accessing the data in the cloud storage server can be effectively improved.

Description

Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium
Technical Field
The embodiment of the application relates to the technical field of cloud storage, in particular to an oil and gas field service data authorization method, device, electronic equipment and computer readable medium based on cloud storage.
Background
Cloud storage is a new concept which extends and develops in the concept of cloud computing, and refers to a system which integrates a large number of different types of storage devices in a network through application software to cooperatively work through functions of cluster application, network technology or distributed file systems and the like so as to provide data storage and service access functions together. When the core of the operation and the processing of the cloud computing system is the storage and the management of a large amount of data, a large amount of storage devices need to be configured in the cloud computing system, and then the cloud computing system is converted into a cloud storage system, so that the cloud storage is a cloud computing system with the data storage and the management as the core. When the existing cloud storage technology is applied to the field of oil and gas fields, the operation of acquiring encrypted oil and gas field service data and data is synchronously carried out, and the acquired encrypted oil and gas field service data is decrypted to obtain plaintext data corresponding to the encrypted oil and gas field service data, so that the security of accessing the data in a cloud storage server is reduced. Therefore, how to effectively improve the security of accessing the data in the cloud storage server becomes a technical problem to be solved currently.
Disclosure of Invention
The application aims to provide an oil and gas field service data authorization method, device, electronic equipment and computer readable medium based on cloud storage, which are used for solving the technical problem of how to effectively improve the security of accessing data in a cloud storage server in the prior art.
The embodiment of the application provides an oil and gas field service data authorization method based on cloud storage, which comprises the following steps:
Acquiring a user accessing target data in a cloud storage server, and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data;
The cloud storage server transmits the encrypted oil-gas field service data to terminal equipment held by the user according to a downloading request;
decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the self-attribute key satisfying an authorized access set;
Determining that the user is an unauthorized access user for the target data in response to the self attribute key not satisfying the authorized access set;
The authorized access set is formulated for plaintext data corresponding to the target data.
Optionally, the generating, based on the attribute set of the user, a self attribute key for authorizing access to the target data includes:
In response to a user attribute in the user attribute set not belonging to the target attribute set, characterizing the user attribute with user attribute negative data;
Responding to the user attribute in the attribute set of the user belonging to the target attribute set, and using user attribute front data to represent the user attribute;
and generating a self attribute key for authorizing access to the target data according to the negative data of the user attribute and the positive data of the user attribute through a key generation function.
Optionally, the user attribute in the set of attributes of the user includes at least one of:
the user access behavior direct reputation evaluation value, the user access behavior recommendation reputation evaluation value, the user access behavior comprehensive reputation evaluation value and the user access behavior historical reputation evaluation value.
Optionally, the generating, by a key generating function, a self attribute key for authorizing access to the target data according to the negative user attribute data and the positive user attribute data includes:
Generating a first random number for representing negative user attributes according to the negative user attribute data through a first random function in the key generation function;
Generating a second random number for representing the front attribute of the user according to the front data of the attribute of the user through a second random function in the key generation function;
performing inter-phase splicing on each random number in the first random number and each random number in the second random number through a splicing function in the key generation function to obtain spliced random numbers, and determining the spliced random numbers as the self attribute keys; before decrypting the encrypted oil and gas field service data, the method further comprises:
Determining user attribute negative data set for the authorized access user in the authorized access set, and generating a third random number for representing the user negative attribute according to the user attribute negative data through a third random function;
Determining user attribute front data set for the authorized access user in the authorized access set, and generating a fourth random number for representing the user front attribute according to the user attribute front data through a fourth random function;
Performing inter-phase piecing on each random number in the third random number and each random number in the fourth random number through a piecing function to obtain piecing random numbers;
executing the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to determining that the self attribute key is the same as the pieced random number;
And in response to determining that the self attribute key is not the same as the pieced random number, the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data is not performed.
Optionally, after decrypting the encrypted oil and gas field service data, the method further includes:
requesting hash data of plaintext data corresponding to the target data stored in the blockchain by the cloud storage server from the blockchain;
determining hash data of the decrypted plaintext data, and comparing the hash data of the decrypted plaintext data with the hash data returned by the blockchain;
Responding to the fact that the hash data of the decrypted plaintext data are identical to the hash data returned by the blockchain, and the decrypted plaintext data are decrypted correctly;
and in response to determining that the hash data of the decrypted plaintext data is not identical to the hash data returned by the blockchain, decrypting the decrypted plaintext data.
The embodiment of the application provides an oil and gas field service data authorization device based on cloud storage, which comprises the following components:
The system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a user accessing target data in a cloud storage server and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data;
the request module is used for the cloud storage server to send the encrypted oil-gas field service data to the terminal equipment held by the user according to the downloading request;
the decryption module is used for decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the self attribute key meeting the authorized access set;
the first determining module is used for determining that the user is an unauthorized access user aiming at the target data in response to the self attribute key not meeting the authorized access set;
The authorized access set is formulated for plaintext data corresponding to the target data.
The embodiment of the application provides electronic equipment, which comprises:
one or more processors;
A computer readable medium configured to store one or more programs,
When the one or more programs are executed by the one or more processors, the one or more processors implement the cloud storage-based oil and gas field service data authorization method according to any one of the embodiments of the present application.
An embodiment of the present application provides a computer readable medium, on which a computer program is stored, where the program when executed by a processor implements the cloud storage-based oil and gas field service data authorization method according to any one of the embodiments of the present application.
According to the cloud storage-based oil and gas field service data authorization scheme provided by the embodiment of the application, a user accessing target data in a cloud storage server is obtained, a self attribute key for authorizing access to the target data is generated based on the attribute set of the user, then the cloud storage server issues the encrypted oil and gas field service data to terminal equipment held by the user according to a downloading request, and the encrypted oil and gas field service data is decrypted to obtain the plaintext data in response to the self attribute key meeting the authorized access set, so that the security of accessing the data in the cloud storage server can be effectively improved.
Drawings
Some specific embodiments of the application will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings. The same reference numbers will be used throughout the drawings to refer to the same or like parts or portions. It will be appreciated by those skilled in the art that the drawings are not necessarily drawn to scale. In the accompanying drawings:
fig. 1 is a flowchart of steps of an oil and gas field service data authorization method based on cloud storage according to the first embodiment;
Fig. 2 is a schematic structural diagram of an oil and gas field service data authorization device based on cloud storage according to a second embodiment;
Fig. 3 is a schematic structural diagram of an electronic device according to a third embodiment;
Fig. 4 is a hardware structure of an electronic device according to the fourth embodiment.
Detailed Description
In order to better understand the technical solutions in the embodiments of the present application, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the present application, shall fall within the scope of protection of the embodiments of the present application.
Referring to fig. 1, a flowchart of steps of a cloud storage-based oil and gas field service data authorization method according to an embodiment is shown.
Specifically, the oil and gas field service data authorization method based on cloud storage provided by the embodiment comprises the following steps:
In step S101, a user accessing target data in a cloud storage server is acquired, and a self attribute key for authorizing access to the target data is generated based on an attribute set of the user.
In this embodiment, the target data is encrypted oil and gas field service data. Specifically, the oil and gas field business knowledge includes the type of oil and gas gathering zone, the type of hydrocarbon containing zone, and the like. The oil and gas gathering zone may include a duplex oil and gas gathering zone, a chlamydia oil and gas gathering zone, a large-scale lithology oil and gas gathering zone, an extrusion anticline oil and gas gathering zone, etc., and the oil and gas containing zone may include a platform inner depression oil and gas containing zone, a platform edge depression oil and gas containing zone, a mountain front depression oil and gas containing zone, an inter-mountain depression oil and gas containing zone, an intermediate land block oil and gas containing zone, etc. The oil and gas field service data comprise effective thickness of an oil layer, porosity, oil saturation, spreading of the oil layer on a plane, oil reservoir temperature and pressure conditions, pore fluid properties under stratum conditions and the like. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
Specifically, a user accessing target data in the cloud storage server can be obtained through a built special data channel in an API access mode, so that the safety of the data is ensured.
In this embodiment, cloud storage is a mode of online storage on the network, i.e., data is stored on multiple virtual servers, typically hosted by a third party, rather than on dedicated servers. The encrypted field service data may be data encrypted for video data, audio data, or text data. The encryption mode of the encrypted oil and gas field service data can be a symmetrical encryption mode or an asymmetrical encryption mode. The set of attributes of the user may be understood as a set of attributes of the user accessing the cloud storage server. The user attributes in the set of attributes of the user include at least one of: the user access behavior direct reputation evaluation value, the user access behavior recommendation reputation evaluation value, the user access behavior comprehensive reputation evaluation value and the user access behavior historical reputation evaluation value. The factors related to the direct reputation of the user access action include the number of times the user applies to access the cloud storage server, the time interval the user applies to access the cloud storage server, the historical reputation of the user applies to access the cloud storage server, etc., the factors related to the recommendation reputation evaluation result of the user access action include the credibility of the system recommendation service itself, the credibility of the historical interaction process between the recommendation service and the system access user, etc., the factors related to the comprehensive reputation evaluation value of the user access action include the direct recommendation reputation of the user access action, the recommendation reputation weight of the user access action, etc., and the historical reputation evaluation value of the user access action is similar to the direct reputation evaluation value of the system, and is not repeated here. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
In some alternative embodiments, when generating a self attribute key for authorizing access to the target data based on the set of attributes of the user, in response to a user attribute in the set of attributes of the user not belonging to the target set of attributes, the user attribute is characterized using user attribute negative data; responding to the user attribute in the attribute set of the user belonging to the target attribute set, and using user attribute front data to represent the user attribute; and generating a self attribute key for authorizing access to the target data according to the negative data of the user attribute and the positive data of the user attribute through a key generation function. By this, the user attribute negative data and the user attribute positive data can effectively generate the own attribute key for authorizing access to the target data. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
The key generation function may be, for example, a RAND function, or any of RANDBETWEEN functions.
Specifically, the attribute set of the user may be subjected to binarization processing to obtain binarized data, and mapping processing is performed by the specific key generation function, so as to obtain an attribute key of the user for authorizing access to the target data.
The mapping may be linear or nonlinear.
In a specific example, the set of target attributes may be understood as a set of target ranges in which the user attributes are located. For example, the set of target attributes may include a target range in which the user access behavior direct reputation evaluation value is located, a target range in which the user access behavior recommendation reputation evaluation value is located, a target range in which the user access behavior integrated reputation evaluation value is located, and a target range in which the user access behavior history reputation evaluation value is located. The user attribute negative data may be understood as data for characterizing the user attribute when the user attribute is not within the target range. The user attribute front data may be understood as data for characterizing the user attribute when the user attribute is within the target range. When the user access behavior direct reputation evaluation value is not in the target range of the user access behavior direct reputation evaluation value, the user attribute negative data is used for representing the user access behavior direct reputation evaluation value. When the user access behavior direct reputation evaluation value is in the target range of the user access behavior direct reputation evaluation value, the user attribute front data is used for representing the user access behavior direct reputation evaluation value. When the user access behavior recommendation reputation evaluation value is not in the target range of the user access behavior recommendation reputation evaluation value, the user attribute negative data is used for representing the user access behavior recommendation reputation evaluation value. When the user access behavior recommendation reputation evaluation value is in the target range of the user access behavior recommendation reputation evaluation value, the user attribute front data is used for representing the user access behavior recommendation reputation evaluation value. When the user access behavior comprehensive reputation evaluation value is not in the target range of the user access behavior comprehensive reputation evaluation value, the user attribute negative data is used for representing the user access behavior comprehensive reputation evaluation value. When the user access behavior comprehensive reputation evaluation value is in the target range of the user access behavior comprehensive reputation evaluation value, the user attribute front data is used for representing the user access behavior comprehensive reputation evaluation value. When the user access behavior historical reputation evaluation value is not in the target range of the user access behavior historical reputation evaluation value, the user attribute negative data is used for representing the user access behavior historical reputation evaluation value. When the user access behavior historical reputation evaluation value is in the target range of the user access behavior historical reputation evaluation value, the user attribute front data is used for representing the user access behavior historical reputation evaluation value. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
In some alternative embodiments, when generating, by a key generation function, a self attribute key for authorizing access to the target data from the user attribute negative data and the user attribute positive data, a first random number for characterizing a user negative attribute from the user attribute negative data by a first random function in the key generation function; generating a second random number for representing the front attribute of the user according to the front data of the attribute of the user through a second random function in the key generation function; and performing inter-phase splicing on each random number in the first random number and each random number in the second random number through a splicing function in the key generation function to obtain spliced random numbers, and determining the spliced random numbers as the self attribute keys. Wherein the first random function may be a RAND function, or RANDBETWEEN functions, and the second random function may be a RAND function, or RANDBETWEEN functions, and the pieced function may be understood as a function having a pieced function. By means of the first random number for characterizing negative attributes of the user and the second random number for characterizing positive attributes of the user, the self attribute key for authorizing access to the target data can be accurately determined. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
The mapping process based on the random function may be specifically linear random mapping or nonlinear random mapping.
The authorized access set is formulated for plaintext data corresponding to the target data.
In step S102, the cloud storage server issues the encrypted oil and gas field service data to a terminal device held by the user according to a downloading request.
In this embodiment, the download request may be understood as a request for requesting the cloud storage server to download the encrypted oil and gas field service data. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
In step S103, in response to the self attribute key satisfying the authorized access set, the encrypted oil and gas field service data is decrypted to obtain the plaintext data.
In this embodiment, the authorized access set may be understood as a set of user attribute negative data and user positive attribute data set for an authorized access user. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
In some alternative embodiments, prior to decrypting the encrypted field service data, the method further comprises: determining user attribute negative data set for the authorized access user in the authorized access set, and generating a third random number for representing the user negative attribute according to the user attribute negative data through a third random function; determining user attribute front data set for the authorized access user in the authorized access set, and generating a fourth random number for representing the user front attribute according to the user attribute front data through a fourth random function; performing inter-phase piecing on each random number in the third random number and each random number in the fourth random number through a piecing function to obtain piecing random numbers; executing the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to determining that the self attribute key is the same as the pieced random number; and in response to determining that the self attribute key is not the same as the pieced random number, the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data is not performed. Wherein the third random function may be a RAND function, or RANDBETWEEN function, and the fourth random function may be a RAND function, or RANDBETWEEN function, and the pieced function may be understood as a function having a pieced function. By means of the third random number used for representing negative attributes of the user and the fourth random number used for representing positive attributes of the user, the pieced random number can be accurately obtained, and whether the self attribute key meets the authorized access set can be accurately judged. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
For example, if the pieced random number matches the self attribute key, then it is considered satisfied, otherwise it is considered unsatisfied.
Specifically, the corresponding sequence value can be obtained by serializing the negative data of the user attribute and the positive data of the user attribute, and the corresponding random number is generated based on the sequence value.
In step S104, in response to the self attribute key not satisfying the authorized access set, the user is determined to be an unauthorized access user for the target data.
In this embodiment, if the self attribute key does not satisfy the authorized access set, the user is determined to be an unauthorized access user for the target data. Thereby, it can be accurately determined that the user is an unauthorized access user for the target data. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way. For example, if the self attribute key is not in the authorized access set, then the self attribute key does not satisfy the authorized access set.
In a specific example, before decrypting the encrypted oil-gas field service data, determining negative user attribute data set for authorized access users in the authorized access set, and generating a third random number for representing negative user attributes according to the negative user attribute data through a third random function; determining user attribute front data set for the authorized access user in the authorized access set, and generating a fourth random number for representing the user front attribute according to the user attribute front data through a fourth random function; performing inter-phase piecing on each random number in the third random number and each random number in the fourth random number through a piecing function to obtain piecing random numbers; in response to determining that the self attribute key is the same as the pieced random number, determining that the self attribute key satisfies an authorized access set; in response to determining that the self attribute key is not the same as the pieced random number, the self attribute key does not satisfy the set of authorized accesses. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
The same self-attribute key as the pieced random number is just one example of the match and is not uniquely defined. Such as satisfying other linear or non-linear mappings, may also be considered satisfied.
In a specific example, the encrypted oil and gas field service data may be decrypted in a symmetric encryption manner or an asymmetric encryption manner to obtain the plaintext data. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
The specific decryption method may refer to an encryption method, and the present application is not limited thereto.
In some alternative embodiments, after decrypting the encrypted field service data, the method further comprises: requesting hash data of plaintext data corresponding to the target data stored in the blockchain by the cloud storage server from the blockchain; determining hash data of the decrypted plaintext data, and comparing the hash data of the decrypted plaintext data with the hash data returned by the blockchain; responding to the fact that the hash data of the decrypted plaintext data are identical to the hash data returned by the blockchain, and the decrypted plaintext data are decrypted correctly; and in response to determining that the hash data of the decrypted plaintext data is not identical to the hash data returned by the blockchain, decrypting the decrypted plaintext data. Thereby, whether the decrypted plaintext data is decrypted correctly can be effectively verified. It will be appreciated that the above description is exemplary only, and that the present embodiment is not limited in any way.
The request may be transmitted, for example, over an encrypted data channel, thereby ensuring the security of the request, not being intercepted, thereby ensuring the security of the data authorization.
For example, the hash data of the decrypted plaintext data may specifically be obtained by performing an operation on the decrypted plaintext data according to a set hash function, thereby obtaining corresponding hash data. The specific hash function may be determined according to the application scenario, and is not particularly limited.
Illustratively, since the blockchain is required to return hash data, hash operations can be performed on the decrypted plaintext data according to a hash function corresponding to the hash data returned on the blockchain.
According to the cloud storage-based oil and gas field service data authorization method, a user accessing target data in a cloud storage server is obtained, a self attribute key for authorizing access to the target data is generated based on an attribute set of the user, then the cloud storage server issues the encrypted oil and gas field service data to terminal equipment held by the user according to a downloading request, and if the self attribute key meets the authorized access set, the encrypted oil and gas field service data is decrypted to obtain the plaintext data, so that the security of accessing the data in the cloud storage server can be effectively improved.
The cloud storage-based oil and gas field service data authorization method provided in this embodiment may be performed by any suitable device having data processing capability, including but not limited to: cameras, terminals, mobile terminals, PCs, servers, vehicle-mounted devices, entertainment devices, advertising devices, personal Digital Assistants (PDAs), tablet computers, notebook computers, palm game consoles, smart glasses, smart watches, wearable devices, virtual display devices or display enhancement devices, and the like.
Referring to fig. 2, a schematic structural diagram of an oil and gas field service data authorization device based on cloud storage according to a second embodiment is shown.
The oil and gas field service data authorization device based on cloud storage provided by the embodiment comprises: the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a user accessing target data in a cloud storage server and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data; the request module is used for the cloud storage server to send the encrypted oil-gas field service data to the terminal equipment held by the user according to the downloading request; the decryption module is used for decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the self attribute key meeting the authorized access set; and the first determining module is used for determining that the user is an unauthorized access user aiming at the target data in response to the self attribute key not meeting the authorized access set.
Optionally, the acquiring module includes: a first characterization sub-module, configured to characterize the user attribute using user attribute negative data in response to the user attribute in the user attribute set not belonging to the target attribute set; a second characterization sub-module, configured to, in response to a user attribute in the attribute set of the user belonging to the target attribute set, characterize the user attribute using user attribute front data; and the generation sub-module is used for generating a self attribute key for authorizing access to the target data according to the negative data of the user attribute and the positive data of the user attribute through a key generation function.
Optionally, the user attribute in the set of attributes of the user includes at least one of: the user access behavior direct reputation evaluation value, the user access behavior recommendation reputation evaluation value, the user access behavior comprehensive reputation evaluation value and the user access behavior historical reputation evaluation value.
Optionally, the generating submodule is specifically configured to: generating a first random number for representing negative user attributes according to the negative user attribute data through a first random function in the key generation function; generating a second random number for representing the front attribute of the user according to the front data of the attribute of the user through a second random function in the key generation function; performing inter-phase splicing on each random number in the first random number and each random number in the second random number through a splicing function in the key generation function to obtain spliced random numbers, determining the spliced random numbers as the self attribute keys,
Before the decryption module, the apparatus further includes: the second determining module is used for determining user attribute negative data set for the authorized access user in the authorized access set and generating a third random number for representing the user negative attribute according to the user attribute negative data through a third random function; the third determining module is used for determining user attribute front data set for the authorized access user in the authorized access set and generating a fourth random number used for representing the user front attribute according to the user attribute front data through a fourth random function; the splicing module is used for carrying out interphase splicing on each random number in the third random number and each random number in the fourth random number through a splicing function so as to obtain spliced random numbers; the first processing module is used for executing the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the fact that the self attribute key is the same as the pieced random number; and the second processing module is used for not executing the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the fact that the self attribute key is different from the pieced random number.
Optionally, after the decryption module, the apparatus further includes: the sending module is used for requesting the hash data of the plaintext data corresponding to the target data stored in the blockchain by the cloud storage server from the blockchain; a fourth determining module, configured to determine hash data of the decrypted plaintext data, and compare the hash data of the decrypted plaintext data with hash data returned by the blockchain; a fifth determining module, configured to, in response to determining that the hash data of the decrypted plaintext data is identical to the hash data returned by the blockchain, decrypt the decrypted plaintext data correctly; and a sixth determining module, configured to, in response to determining that the hash data of the decrypted plaintext data is different from the hash data returned by the blockchain, decrypt the decrypted plaintext data into an error.
The cloud storage-based oil and gas field service data authorization device provided by the embodiment is used for realizing the corresponding cloud storage-based oil and gas field service data authorization method in the method embodiments, and has the beneficial effects of the corresponding method embodiments, and is not described herein.
Fig. 3 is a schematic structural diagram of an electronic device in the third embodiment; the electronic device may include:
One or more processors 301;
the computer readable medium 302, may be configured to store one or more programs,
The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the cloud storage-based oil and gas field service data authorization method according to the above embodiment.
Fig. 4 is a hardware structure of the electronic device in the fourth embodiment; as shown in fig. 4, the hardware structure of the electronic device may include: a processor 401, a communication interface 402, a computer readable medium 403 and a communication bus 404;
wherein the processor 401, the communication interface 402, and the computer readable medium 403 perform communication with each other through the communication bus 404;
alternatively, the communication interface 402 may be an interface of a communication module, such as an interface of a GSM module;
Wherein the processor 401 may be specifically configured to: acquiring a user accessing target data in a cloud storage server, and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data; the cloud storage server transmits the encrypted oil-gas field service data to terminal equipment held by the user according to a downloading request; decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the self-attribute key satisfying an authorized access set; and in response to the self attribute key not meeting the authorized access set, determining that the user is an unauthorized access user for the target data.
The processor 401 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), and the like; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The computer readable medium 403 may be, but is not limited to, a random access memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable read only memory (Programmable Read-only memory, PROM), an erasable read only memory (Erasable Programmable Read-only memory, EPROM), an electrically erasable read only memory (Electric Erasable Programmable Read-only memory, EEPROM), etc.
As another aspect, the present application also provides a computer readable medium having stored thereon a computer program which when executed by a processor implements the cloud storage-based oil and gas field service data authorization method as described in the above embodiment one.
As another aspect, the present application also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by the apparatus, cause the apparatus to: acquiring a user accessing target data in a cloud storage server, and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data; the cloud storage server transmits the encrypted oil-gas field service data to terminal equipment held by the user according to a downloading request; decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to the self-attribute key satisfying an authorized access set; and in response to the self attribute key not meeting the authorized access set, determining that the user is an unauthorized access user for the target data.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application referred to in the present application is not limited to the specific combinations of the technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the inventive concept described above. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.

Claims (7)

1. An oil and gas field service data authorization method based on cloud storage, which is characterized by comprising the following steps:
Acquiring a user accessing target data in a cloud storage server, and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data;
The cloud storage server transmits the encrypted oil-gas field service data to terminal equipment held by the user according to a downloading request;
decrypting the encrypted oil-gas field service data to obtain plaintext data in response to the self-attribute key satisfying the authorized access set;
Determining that the user is an unauthorized access user for the target data in response to the self attribute key not satisfying the authorized access set;
the authorized access set is formulated for plaintext data corresponding to the target data;
Wherein the generating, based on the set of attributes of the user, a self attribute key for authorizing access to the target data includes:
In response to a user attribute in the user attribute set not belonging to the target attribute set, characterizing the user attribute with user attribute negative data;
Responding to the user attribute in the attribute set of the user belonging to the target attribute set, and using user attribute front data to represent the user attribute;
and generating a self attribute key for authorizing access to the target data according to the negative data of the user attribute and the positive data of the user attribute through a key generation function.
2. The cloud storage based oil and gas field service data authorization method according to claim 1, wherein the user attributes in the user's set of attributes comprise at least one of:
the user access behavior direct reputation evaluation value, the user access behavior recommendation reputation evaluation value, the user access behavior comprehensive reputation evaluation value and the user access behavior historical reputation evaluation value.
3. The cloud storage-based oil and gas field service data authorization method according to claim 2, wherein the generating, by a key generation function, a self-attribute key for authorizing access to the target data according to the user attribute negative data and the user attribute positive data, comprises:
Generating a first random number for representing negative user attributes according to the negative user attribute data through a first random function in the key generation function;
Generating a second random number for representing the front attribute of the user according to the front data of the attribute of the user through a second random function in the key generation function;
performing inter-phase splicing on each random number in the first random number and each random number in the second random number through a splicing function in the key generation function to obtain spliced random numbers, and determining the spliced random numbers as the self attribute keys;
Before decrypting the encrypted oil and gas field service data, the method further comprises:
Determining user attribute negative data set for the authorized access user in the authorized access set, and generating a third random number for representing the user negative attribute according to the user attribute negative data through a third random function;
Determining user attribute front data set for the authorized access user in the authorized access set, and generating a fourth random number for representing the user front attribute according to the user attribute front data through a fourth random function;
Performing inter-phase piecing on each random number in the third random number and each random number in the fourth random number through a piecing function to obtain piecing random numbers;
executing the step of decrypting the encrypted oil-gas field service data to obtain the plaintext data in response to determining that the self attribute key is the same as the pieced random number;
and in response to determining that the self attribute key is not the same as the pieced random number, the step of decrypting the encrypted oil-gas field service data to obtain plaintext data is not performed.
4. The cloud storage based oil and gas field service data authorization method according to claim 1, wherein after decrypting the encrypted oil and gas field service data, the method further comprises:
requesting hash data of plaintext data corresponding to the target data stored in the blockchain by the cloud storage server from the blockchain;
determining hash data of the decrypted plaintext data, and comparing the hash data of the decrypted plaintext data with the hash data returned by the blockchain;
Responding to the fact that the hash data of the decrypted plaintext data are identical to the hash data returned by the blockchain, and the decrypted plaintext data are decrypted correctly;
and in response to determining that the hash data of the decrypted plaintext data is not identical to the hash data returned by the blockchain, decrypting the decrypted plaintext data.
5. An oil and gas field business data authorization device based on cloud storage, which is characterized by comprising:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring a user accessing target data in a cloud storage server and generating a self attribute key for authorizing access to the target data based on an attribute set of the user, wherein the target data is encrypted oil-gas field service data;
the request module is used for the cloud storage server to send the encrypted oil-gas field service data to the terminal equipment held by the user according to the downloading request;
the decryption module is used for decrypting the encrypted oil-gas field service data to obtain plaintext data in response to the self attribute key meeting the authorized access set;
the first determining module is used for determining that the user is an unauthorized access user aiming at the target data in response to the self attribute key not meeting the authorized access set;
the authorized access set is formulated for plaintext data corresponding to the target data;
Wherein the generating, based on the set of attributes of the user, a self attribute key for authorizing access to the target data includes:
In response to a user attribute in the user attribute set not belonging to the target attribute set, characterizing the user attribute with user attribute negative data;
Responding to the user attribute in the attribute set of the user belonging to the target attribute set, and using user attribute front data to represent the user attribute;
and generating a self attribute key for authorizing access to the target data according to the negative data of the user attribute and the positive data of the user attribute through a key generation function.
6. An electronic device, the device comprising:
one or more processors;
A computer readable medium configured to store one or more programs,
The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the cloud storage based field service data authorization method of any of claims 1-4.
7. A computer readable medium, having stored thereon a computer program which when executed by a processor implements the cloud storage based oil and gas field service data authorization method according to any one of claims 1 to 4.
CN202211402163.3A 2022-11-10 2022-11-10 Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium Active CN115695035B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211402163.3A CN115695035B (en) 2022-11-10 2022-11-10 Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211402163.3A CN115695035B (en) 2022-11-10 2022-11-10 Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium

Publications (2)

Publication Number Publication Date
CN115695035A CN115695035A (en) 2023-02-03
CN115695035B true CN115695035B (en) 2024-04-19

Family

ID=85049417

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211402163.3A Active CN115695035B (en) 2022-11-10 2022-11-10 Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium

Country Status (1)

Country Link
CN (1) CN115695035B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763319A (en) * 2014-01-13 2014-04-30 华中科技大学 Method for safely sharing mobile cloud storage light-level data
WO2016197770A1 (en) * 2015-06-12 2016-12-15 深圳大学 Access control system and access control method thereof for cloud storage service platform
JP2017126851A (en) * 2016-01-13 2017-07-20 日本放送協会 Key generation device, intermediate encryption device, consignment encryption device, decoder and their program, and personal information protection system
CN110443069A (en) * 2019-08-06 2019-11-12 广东工业大学 A kind of method, system and the equipment of mobile social networking secret protection
CN111163036A (en) * 2018-11-07 2020-05-15 中移(苏州)软件技术有限公司 Data sharing method, device, client, storage medium and system
CN112887273A (en) * 2021-01-11 2021-06-01 苏州浪潮智能科技有限公司 Key management method and related equipment
CN113810410A (en) * 2021-09-16 2021-12-17 东莞职业技术学院 Unmisuse key decentralized attribute-based encryption method, system and storage medium
CN113901512A (en) * 2021-09-27 2022-01-07 北京邮电大学 Data sharing method and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103763319A (en) * 2014-01-13 2014-04-30 华中科技大学 Method for safely sharing mobile cloud storage light-level data
WO2016197770A1 (en) * 2015-06-12 2016-12-15 深圳大学 Access control system and access control method thereof for cloud storage service platform
JP2017126851A (en) * 2016-01-13 2017-07-20 日本放送協会 Key generation device, intermediate encryption device, consignment encryption device, decoder and their program, and personal information protection system
CN111163036A (en) * 2018-11-07 2020-05-15 中移(苏州)软件技术有限公司 Data sharing method, device, client, storage medium and system
CN110443069A (en) * 2019-08-06 2019-11-12 广东工业大学 A kind of method, system and the equipment of mobile social networking secret protection
CN112887273A (en) * 2021-01-11 2021-06-01 苏州浪潮智能科技有限公司 Key management method and related equipment
CN113810410A (en) * 2021-09-16 2021-12-17 东莞职业技术学院 Unmisuse key decentralized attribute-based encryption method, system and storage medium
CN113901512A (en) * 2021-09-27 2022-01-07 北京邮电大学 Data sharing method and system

Also Published As

Publication number Publication date
CN115695035A (en) 2023-02-03

Similar Documents

Publication Publication Date Title
CN109600377B (en) Method and device for preventing unauthorized use computer device and storage medium
CN114024710A (en) Data transmission method, device, system and equipment
CN113347206A (en) Network access method and device
CN110611657A (en) File stream processing method, device and system based on block chain
CN112632581A (en) User data processing method and device, computer equipment and storage medium
CN109347865B (en) User data authentication and evidence storage method and system based on block chain technology
CN113486122A (en) Data sharing method and electronic equipment
CN113792345A (en) Data access control method and device
CN114239072A (en) Block chain node management method and block chain network
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN113434882A (en) Communication protection method and device of application program, computer equipment and storage medium
CN110399706B (en) Authorization authentication method, device and computer system
CN116015840B (en) Data operation auditing method, system, equipment and storage medium
CN111783140A (en) Request response method and device, electronic equipment and computer readable storage medium
CN115695035B (en) Cloud storage-based oil and gas field service data authorization method and device, electronic equipment and readable medium
CN110602075A (en) File stream processing method, device and system for encryption access control
CN112995109A (en) Data encryption system and method, data processing method and device and electronic equipment
CN112966287B (en) Method, system, device and computer readable medium for acquiring user data
CN110995437B (en) ETC system-based user information input method, device, equipment and storage medium
CN113868713A (en) Data verification method and device, electronic equipment and storage medium
CN112565156A (en) Information registration method, device and system
CN113572763B (en) Data processing method and device, electronic equipment and storage medium
CN116781425B (en) Service data acquisition method, device, equipment and storage medium
CN114553570B (en) Method, device, electronic equipment and storage medium for generating token
JP7098065B1 (en) Preventing data manipulation and protecting user privacy in telecommunications network measurements

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant