KR101697868B1 - Method for encrypting data for sharing or searching the data and apparatus for performing the method - Google Patents

Method for encrypting data for sharing or searching the data and apparatus for performing the method Download PDF

Info

Publication number
KR101697868B1
KR101697868B1 KR1020150069751A KR20150069751A KR101697868B1 KR 101697868 B1 KR101697868 B1 KR 101697868B1 KR 1020150069751 A KR1020150069751 A KR 1020150069751A KR 20150069751 A KR20150069751 A KR 20150069751A KR 101697868 B1 KR101697868 B1 KR 101697868B1
Authority
KR
South Korea
Prior art keywords
data
keyword
cipher text
shared
personal data
Prior art date
Application number
KR1020150069751A
Other languages
Korean (ko)
Other versions
KR20160136060A (en
Inventor
이필중
주민규
Original Assignee
포항공과대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 포항공과대학교 산학협력단 filed Critical 포항공과대학교 산학협력단
Priority to KR1020150069751A priority Critical patent/KR101697868B1/en
Publication of KR20160136060A publication Critical patent/KR20160136060A/en
Application granted granted Critical
Publication of KR101697868B1 publication Critical patent/KR101697868B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F17/30
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

A data encryption method for sharing or retrieving and an apparatus for performing this are disclosed. A method of encrypting data for sharing or retrieving, the method comprising: receiving a secret key for a specific user from a key management server; transmitting the private key encrypted with the secret key from a user terminal of the user; Receiving data and keywords, storing encrypted personal data and keywords in a storage area associated with a user in a file server, receiving a personal data trap door for a keyword to be searched from a user terminal on a user side, And retrieving the personal data cipher text from the file server using the personal data trap door.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data encryption method for sharing or searching data,

The present invention relates to a data encryption system, and more particularly, to a data encryption system for encrypting data to facilitate sharing or retrieving data when encrypting data to be stored in an external storage or a database, And a device for performing the method.

When you store data on untrusted external storage or file servers, maintaining the confidentiality of the data you store is an essential element. If data is encrypted and stored, the confidentiality of the data can be guaranteed. However, when the user wants to obtain only specific data, the file server can not find the data desired by the user because the contents of the data can not be known. Thus, when searching for specific data, the user must obtain all the data from the file server and then decode the data to find the desired data.

To solve this problem, a searchable encryption scheme in a single user environment can be used. This technique generates a keyword for the data that the user stores, encrypts it, and stores it in the file server. A trap door for a keyword to be searched for later is generated and transmitted to the file server, and the file server can search for data corresponding to the keyword. At this time, the contents of the retrieved data or the keywords are encrypted, so that the file server can not know.

However, recently, external storage services such as cloud services provide the ability for multiple users to share data stored in file servers. However, searchable cryptography in such a single user environment is not suitable for use in a situation where a sharing function is provided.

In order to satisfy the situation of providing the sharing function, Dong et al. Proposed a searchable encryption technique in a multi-user environment in 2011 ("Shared and Searchable Encrypted Data for Untrusted Servers", Journal of Computer Security 19 (3): 367 -397p, 2011). This technique allows all users to encrypt and store data on a file server using their own private key. Then, all users can create a trap door using the user's own secret key to retrieve all encrypted data (including data stored by other users) stored in the file server, and decrypt the encrypted data . That is, this technique means that all users can search and decrypt all data stored in the file server without restriction.

However, most of the actual personal data encryption does not share all the data, but the user wants to share only the specific data.

It is an object of the present invention to solve the above-mentioned problems, and it is an object of the present invention to provide a method and an apparatus for encrypting and storing personal data of a user in a personal space connected to a network, A data encryption method capable of easily searching encrypted data, and an apparatus for performing the encryption method.

It is another object of the present invention to provide a data encryption method and a data encryption device capable of ensuring confidentiality of data as data and keywords used for sharing and retrieving a database are encrypted in an external repository.

According to an aspect of the present invention, there is provided a method of encrypting data for sharing or retrieving, the method comprising: receiving a secret key for a specific user from a key management server; ; Receiving personal data and keywords encrypted with the secret key from the user terminal of the user; Storing the encrypted personal data and keywords in a storage area associated with the user in a file server; Receiving a personal data trap door for a keyword to be searched from the user side from the user terminal; And retrieving the encrypted personal data from the file server using the personal data trap door.

According to another aspect of the present invention, there is provided a method of encrypting data for sharing or retrieval performed in a server device that provides a service for encrypting and storing data, the method comprising: receiving a secret key for a specific user from a key management server; ; Receiving personal data and keywords encrypted with the secret key from the user terminal of the user; Storing the encrypted personal data and a keyword in a storage area associated with the user; Receiving a re-encryption key for sharing at least a portion of the personal data ciphertext stored in the file server of the server device from the user terminal; Encrypting the personal data cipher text and the personal keyword cipher text stored in the file server using the re-encryption key to convert the cipher text data into a shared data cipher text and a shared keyword cipher text; Receiving a shared data trap door for a shared keyword that enables the shared data ciphertext to be retrieved from the file server from another user terminal; And retrieving the shared data cipher text stored in the file server using the shared data trap door.

According to another aspect of the present invention, there is provided an apparatus for performing data encryption for sharing or searching for providing a cloud service for storing personal data, A receiver for receiving the personal data encrypted with the secret key from the user terminal of the user and the encrypted keyword and receiving the personal data trap door for the specific keyword to be searched at the user side from the user terminal; A storage unit for storing encrypted personal data and encrypted keywords in a storage area associated with a user; And a retrieval unit for retrieving the personal data encrypted using the personal data trap door.

According to another aspect of the present invention, there is provided a data encryption apparatus for encrypting and storing data and performing data encryption for sharing or searching, A transceiver for receiving personal data and keywords encrypted with the secret key from the user terminal of the user and receiving a personal data trap door for a specific keyword to be searched from the user terminal; A storage unit for storing the encrypted personal data and keywords in a storage area associated with the user in a file server; And a retrieval unit retrieving the personal data cipher text stored in the file server using the personal data trap door.

According to another aspect of the present invention, there is provided a method of encrypting data for sharing or retrieving performed by a user terminal connected to a server device for providing a service for encrypting and storing data, Receiving a secret key that is shared with the public key; Encrypting the personal data and the keyword for the personal data using the secret key; Transmitting encrypted personal data and an encrypted keyword to the server device; Generating a personal data trap door for enabling a search of a personal data cipher text or a personal keyword cipher text stored in a storage area associated with a user in a file server of the server device; Transmitting the personal data trap door to the server device; Receiving from the server device the personal data cipher text retrieved from the file server using the personal data trap door; And decrypting the personal data cipher text into plaintext data.

According to another aspect of the present invention, there is provided a method of encrypting data for sharing or retrieval performed by a user terminal connected to a server device via a network, the method comprising: Receiving; Encrypting the personal data and the keyword for the personal data using the secret key; Transmitting encrypted personal data and keywords to the server device; Generating a re-encryption key for re-encrypting a personal data cipher text or keyword stored in a user-related storage area in a file server of the server device; And transmitting the re-encryption key to the server apparatus. Here, the server apparatus converts the personal data cipher text or the personal keyword cipher text stored in the user-related storage area into the shared data cipher text or the shared keyword cipher text using the re-encryption key, and transmits the shared data cipher text to another user A shared data trap door is received from the user terminal, the shared data cipher text is retrieved using the received shared data trap door, and the retrieved shared data cipher text is transmitted to the user terminal of the other user.

According to another aspect of the present invention, there is provided a data encryption apparatus connected to a server apparatus for providing a service for encrypting and storing data, for performing data encryption for sharing or searching, Transmitting the private data and the keyword encrypted to the server device, transmitting the personal data trap door to the server device, and transmitting the personal data cipher text retrieved from the file server of the server device using the personal data trap door A transmitting / receiving unit for receiving from the server device; An encryption and decryption unit for encrypting the personal data and the keyword for the personal data using the secret key and for decrypting the personal data cipher text from the server apparatus; And a trap door creator for generating a personal data trap door for enabling the file server to retrieve the personal data cipher text or the personal keyword cipher text stored in the user-related storage area.

According to another aspect of the present invention, there is provided a data encryption apparatus connected to a server apparatus for providing a service for encrypting and storing data, for performing data encryption for sharing or searching, To the server device, a shared data trap door for enabling the shared-data cipher text stored in the user-related storage area of the file server of the server device or the shared-keyword cipher text for the shared data cipher text to be retrieved, A transmitting / receiving unit receiving the shared data cipher text from the shared data cipher text; A trap door generator for generating the shared data trap door; And an encrypting and decrypting unit for decrypting the shared data cipher text received from the server apparatus.

In the data encryption method for sharing or searching according to the embodiment of the present invention as described above, when a user encrypts and stores his / her personal data in a personal space on a network, The encrypted data can be easily retrieved from the external storage and the database.

In addition, data and keywords used for sharing and searching the database as well as the external storage are encrypted, thereby ensuring the confidentiality of the data.

FIG. 1 is a diagram for explaining a data encryption method and a data encryption system for performing the data encryption method according to an embodiment of the present invention. Referring to FIG.
FIG. 2 and FIG. 3 are exemplary diagrams for the setup steps of the data encryption method of FIG.
FIGS. 4 and 5 are exemplary views of the personal data and the keyword encryption step of FIG.
6 to 7 are exemplary views of the personal data retrieval step of FIG.
8 is an exemplary view of the encrypted personal data decryption step of FIG.
Figs. 9 to 11 are diagrams illustrating an example of the personal data and keyword sharing step in Fig.
12 and 13 are exemplary views of the shared data retrieval step of FIG.
14 is an exemplary view of the encrypted shared data decryption step of FIG.
15 is a flowchart of a method for retrieving encrypted personal data in the data encryption method of FIG.
16 is a flow chart of a method for sharing encrypted private data among the data encryption methods of FIG.
17 is a schematic block diagram of a data encryption apparatus according to another embodiment of the present invention.
18 is a schematic block diagram of a data encryption apparatus according to another embodiment of the present invention.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. Like reference numerals are used for like elements in describing each drawing.

The terms first, second, A, B, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component. And / or < / RTI > includes any combination of a plurality of related listed items or any of a plurality of related listed items.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like refer to the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

Also, in the present specification, when subscripts of certain characters have different subscripts, other subscripts of subscripts can be displayed in the same form as subscripts for convenience of display.

Unless otherwise defined herein, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as ideal or overly formal in the sense of the art unless explicitly defined herein Do not.

Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings.

FIG. 1 is a diagram for explaining a data encryption method and a data encryption system for performing the data encryption method according to an embodiment of the present invention. Referring to FIG.

Referring to FIG. 1, a data encryption system 1 according to the present embodiment includes a trusted key management server 10, a user terminal 20, and a server device 30. The server device 30 may include a file server 38.

The key management server 10 generates a system parameter and a private key (secret key) as a trusted object, and transmits the secret key to the user terminal 20 and the server device 30 ).

The user terminal 20 can encrypt personal data and keywords using the secret key received from the key management server 10 and store the encrypted personal data and keywords in the file server of the server device 30. [ The user terminal 20 can create a trapdoor so that the file server can search for a particular keyword. That is, the user terminal 20 can create its own trap door for the personal data and the keyword to be stored in the file server by using the secret key only known to the user, and can search. In addition, when it is desired to share specific data and keywords with other users, the user terminal 20 generates and transmits a re-encryption key to the file server, and the file server uses the re- The personal data cipher text and the personal keyword cipher text are re-encrypted to be converted into the shared data cipher text and the shared keyword cipher text, thereby allowing the search and decryption of all the users of the shared data and the keyword.

The server device 30 may include a file server or a proxy server connected to the file server, and the file server may be a honest-but-curious server. That is, the file server performs the designated role appropriately, but assumes it is an object to know if it knows about the contents of the user's personal data. In other words, the file server honors the protocol with the user, but assumes that the data owner is interested in the contents of the outsourced data file. Thus, the file server may try to find the contents of the file stored by the data owner within a given computing resource. The file server stores the encrypted personal data and the keyword received from the user terminal 20 and receives the trap door for the specific keyword from the user terminal 20 and searches the keyword corresponding to the trap door using the trap door, ). ≪ / RTI >

The data encryption method performed by the data encryption system 1 according to the present embodiment includes a setup step S1, a personal data and keyword encryption step S2, a personal data retrieval step S3, a personal data decryption step S4), a keyword sharing step (S5), a shared data retrieving step (S6), and a shared data decoding step (S7).

The above-mentioned steps will be described in detail as follows. However, "↑ R " in each of the drawings to be described below means to select an arbitrary random number and assign it to the value in the right-hand side. "←" means that the value of the left term is obtained through the operation of the right term. The group G, the generator g, the random random function F , and the hash function H are generic techniques well known to those skilled in the art, and will not be described in detail here.

Figures 2 and 3 are exemplary diagrams of the setup steps of the data encryption method of Figure 1;

The data encryption method according to the present embodiment includes Init algorithm S1a and Keygen algorithm S1b in a setup step constituting a shared and searchable data encryption method for a semi-trusted server having an optional sharing function, Can be used.

That is, the trusted key management server generates the system parameters and the secret key of the user using the Init algorithm S1a, and executes the Keygen algorithm S1b using the Init algorithm S1a to control the user and the file server for the user Secret key can be generated and transmitted to the user terminal and the server device, respectively.

2, the Init algorithm S1a includes one or more steps S11 and S12 defining a prime number q , a group G , a group g , a random random function F , and a hash function H , A random number selection step S13 for selecting a random number through an operation ↑ R s , x , and a public key generation step S14 for obtaining a public key of the trusted key management server through hg × operation.

Input to the algorithm Init (S1a) can comprise system security intensity value (1 k) and the output values include a private key of the key management server that can be trusted and the system parameters. System parameters public key h, also a random function F, including a hash function H, and the secret key that is a master session key of the group G, the key management server in the group G constructor g, reliable to the prime q, small number q in percentile (master session key, msk) may have a random value of x, it s to 1 k as inputs.

Minority group constructor defined step (S11) defines a small number q in accordance with the security strength of the encryption algorithm receives as an input to the Init algorithm to determine a generator g of the group G and the group G is a prime number q of a percentile. In the definition step (S12) of the random random function F and the hash function h , a random function F which generates a random value by taking a keyword as an input is defined, and a hash function h used throughout the system is defined. The random number selection step S13 selects an arbitrary random number x, which is one of the secret keys of the trusted key management server and the s value to be used as the key of the random random function. The public key generation step S14 of the key management server can be performed by generating a public key of the key management server to be used in the system by squaring the generator by x .

The Keygen algorithm S1b includes a random number selection step S16 to be used as a secret key, a file server secret key generation step S17, and a user secret key generation step S18, as shown in FIG. Keygen algorithm inputs are a secret key of the trusted key management server that x, s and includes a user i with a specific user identity and user i's private key x i 11, x i 12, x i 13 a (S1b) , s and the secret key x i 2 , x i 12 of the file server for user i .

The random number selection step S16 of selecting a random number to be used as the secret key selects random numbers x i 1 , x i 11 , x i 12 to be used as the secret key. The file server secret key generation step S17 calculates x - x i 1 mod q to obtain a file server secret key ( x i 2 ). Then, the user secret key generation step (S18) is x i 3 = x i 1 - (x i 11 + x i 12) calculate mod q to obtain the user private key (x i 13).

4 and 5 are exemplary views of the personal data and keyword encryption step of FIG.

In the personal data and keyword encryption steps constituting the shared and searchable data encryption method for the semi-trusted server having the selective sharing function according to this embodiment, the P-Data- Enc algorithm S2a and the P -Keyword- Enc algorithm (S2b) can be used.

That is, the user terminal can encrypt the data and the keyword through the personal data and the keyword encryption step using the secret key of the user received from the trusted key management server, and transmit the encrypted data and the keyword to the file server. At this time, the user terminal first encrypts the user's personal data through the P-Data- Enc algorithm S2a to obtain the personal data ciphertext, encrypts the user's keyword through the P-Keyword-Enc algorithm S2b, Can be obtained. When the encrypted personal data, that is, the personal data cipher text and the encrypted keyword, that is, the personal keyword cipher text, is transmitted to the file server, the file server can store the value in a preset storage area for the user.

More specifically, as shown in Fig. 4, the P-Data- Enc algorithm S2a includes a random number selection step S20 for personal data encryption, a first sub personal data cipher text generation step S21, And a sub personal data cipher text generation step S22.

Input to the P-Data- algorithm Enc (S2a) may include a data m to be encrypted with the private key x i of the user 11 i, the output may include a personal data cipher of the user i.

Random selection step for private data encryption (S20) selects an arbitrary random number r m. The first sub-personal data cipher text generation step S21 obtains the first sub-personal data cipher text c m 1 '' through a public key operation using an arbitrary random number. Public key operations using arbitrary random numbers

Figure 112015047894945-pat00001
Can be calculated. The second sub-personal data cipher text generation step S22 obtains the second sub-personal data cipher text c m 2 '' through the public key operation using the private key and the random number. Public key operations using secret keys and random numbers
Figure 112015047894945-pat00002
Can be calculated. And then transmits the personal data cipher text of the user i, which is the output value, to the file server. The c i '' (m) = ( c m 1 '' , c m 2 '' ) represents the private data ciphertext.

Next, as shown in FIG. 5, the P-Keyword- Enc algorithm S2b includes a random number selection step S24 for encrypting individual keywords, a random number generation step S25 for a keyword, a first sub- The second sub personal keyword ciphertext generation step S27, the third sub personal keyword ciphertext generation step S28, and the fourth sub personal keyword ciphertext generation step S29.

Input to the P-Keyword- algorithm Enc (S2b) may comprise the user i of the secret key x i and 11 s, and the keyword w to encryption, the output values may include a private keyword cipher text of the user i.

The random number selection step S24 for encrypting personal keywords selects random numbers r w and s i . Also for the keyword random number generation step (S25) includes a first random number (r w) for using also the random function through the operation of Fs (w) to obtain a first be random number (s w), the second random number (s i ), the second may also be through the operation of the random function Fs i (w) is determined using a random number (w s').

The first sub-personal keyword cipher text generation step S26 obtains a first sub-personal keyword cipher text c w 1 '' through a first public key operation using a random number and a random number. When a first public key operation using an arbitrary random number and a random number is displayed

Figure 112015047894945-pat00003
.

The second sub-personal keyword ciphertext generation step S27 is a step of generating a second sub-personal keyword ciphertext by using a random number and a secret key product, a product of a secret key and a first random number, and a second public key operation using a secret key and a second random number The second sub personal keyword cipher text c w 2 '' is obtained. When the second public key operation is displayed

Figure 112015047894945-pat00004
.

The third subpersonal keyword ciphertext generation step S28 computes the hash function of the group creator using the product of the random number and the secret key multiplied by the product of the secret key and the random number of the first number to obtain the third subpersonal keyword cipher text c w 3 " ). If you represent a hash function for the group constructor

Figure 112015047894945-pat00005
.

A fourth public key for the individual sub-keyword ciphertext generation step (S29) may be any of random numbers for encryption keyword (r w) (

Figure 112015047894945-pat00006
) As a hash function to obtain a fourth sub personal keyword cipher text ( c w 4 '' ). Then, the personal keyword ciphertext of the user i , which is the output value of the P-Keyword- Enc algorithm S2b, is transmitted to the file server. It represents the individual keywords equal to the cipher text c i '' (w) = (c w 1 '', c w 2 '', c w 3 '', c w 4 '').

FIG. 6 and FIG. 7 are exemplary views of the personal data retrieval step in the external storage and the database in the data encryption method of FIG.

In the personal data retrieval step constituting the shared and searchable data encryption method for the semi-trusted server having the selective sharing function according to this embodiment, the P-Trapdoor algorithm S3a and the P-Search algorithm S3b) can be used.

That is, when the user desires to retrieve personal data, the user can retrieve the data through the personal data retrieval step. First, the user selects the personalized personal data, which is a trapdoor for the keyword to be searched through the P- Creates a data trap door and passes it to the file server. Then, the file server can retrieve the personal data cipher text using the corresponding trap door in the P-Search algorithm (S3b), and transmit it to the user.

More specifically, as shown in FIG. 6, the P-Trapdoor algorithm S3a includes a random number selection step S31 for generating a personal data trap door, a random number generation step S32 for a keyword, A trap door creation step S33, and a second sub personal data trap door creation step S34.

Input to the P-Trapdoor algorithm (S3a) may include a keyword w to find from the first to the third private key x i 11, x i 12, s i and a data encryption system of the user i, the output value is the user i < / RTI > If the personal data trap door is represented, T pi ( w ) = ( t p 1 , t p 2 ) .

In the random number selection step S31 for generating the personal data trap door, an arbitrary random number r pt to be included as a component of the variable set is selected. In the random number generating step S32 of the keyword, the random number Fs i ( w ) of the number of keywords to be searched is calculated using the third secret key, and a random number ( s w ' ) is obtained through the calculation.

The first sub personal data trap door creation step S33 obtains the first sub personal data trap door t p 1 through a public key operation using a random number. If you represent this public key operation

Figure 112015047894945-pat00007
.

The second sub-personal data trap door generation step S34 is a step of generating a second sub personal data trap door through a public key operation using a random number and a first secret key multiplied by a product of a second secret key and a random number, ( t p 2 ). If you represent this public key operation

Figure 112015047894945-pat00008
. Then, the personal data trap door T pi ( w ) = ( t p 1 , t p 2 ) of the user i , which is the output value of the P-Trapdoor algorithm S3a, is transmitted to the file server.

Next, as shown in FIG. 7, the P-Search algorithm S3b may include a personal data trap door value generation step S35 and a keyword search step S36 using a personal data trap door.

The input value of the P-Search algorithm S3b includes a user i including the user's identity, a personal data trap door T pi ( w ) , encrypted data stored in the file server so that only the user i can know it, E (D i), and the user i and the file, the server may include a secret key x i12 share, the output values are output the data satisfying the search condition (c i '' (m) , c i '' (w )) .

Personal data trapdoor value generation step (S35) the public key through the operation of the personal data trapdoor using a secret key obtains the personal data trapdoor value (T p). If you represent this public key operation

Figure 112015047894945-pat00009
.

Personal data trapdoor keyword search step (S36) in the home {element of all of the output data, the data stored on the file server with (c i '' (m) , c i '' (w))

Figure 112015047894945-pat00010
H conditional expression for E (D i)} (c w 2 '' · T p -1) = c w 3 '' after confirming that satisfied, when the output data is satisfied (c i '' (m) , c i '' (w)) to the user terminal of user i as a search result. Here, the value D i of the output data may include all the documents of the user i including the sequences of the data D and the keyword w (D) .

FIG. 8 is a diagram illustrating an example of an encrypted private data decryption method in the data encryption method shown in FIG. 1. FIG.

The P-Data- Dec algorithm S4 may be used in the personal data decryption step of the shared and searchable data encryption method for the semi-trusted server having the selective sharing function according to the present embodiment . That is, the user terminal decrypts the personal data cipher text by executing the P-Data- Dec algorithm (S4) in the personal data decryption step, and obtains plaintext data through the decryption.

More specifically, as shown in FIG. 8, the P-Data- Dec algorithm S4 may include a personal data decryption step S41. Input to the P-Data- Dec algorithm (S4) may include a user i of the secret key (x i 11) and the personal data of the user encrypted text c i i '' (m), the output value is the plaintext data m .

Personal data cryptogram decoding step (S41) in using the private key of the user 11 i x i through the decrypted i.e. decoding operation on the cipher text to obtain a plain text data (m). When the decoding operation of this embodiment is shown

Figure 112015047894945-pat00011
.

FIGS. 9 to 11 illustrate exemplary methods of sharing personal data and keywords in the data encryption method of FIG.

The Data-Re- Enc - Keygen algorithm (S5a) is performed in the step of sharing the keywords with the personal data constituting the shared and searchable data encryption method for the semi-trusted server having the selective sharing function according to this embodiment. , A Keyword-Re-Enc-Keygen algorithm (S5b), and a Re- Enc - Keygen algorithm (S5c).

That is, if the user would like to share their personal data may be shared by the personal data and keywords sharing step, first, the user at the user terminal Data-Re-Enc-Keygen algorithm (S5a) and Keyword-Re- Enc - The personal data to be shared and the re-encryption key for the keyword can be generated and transmitted to the file server using the Keygen algorithm (S5b). Then, the file server can convert the user's personal data and personal keywords into shared data and shared keywords through re-encryption in the Re- Enc - Keygen algorithm (S5c) using the re -encryption key and the secret key of the file server.

More specifically, as shown in FIG. 9, the Data-Re- Enc - Keygen algorithm S5a includes a random number selection step S51 for data re-encryption, a first sub data re-encryption key generation step S52, A sub data re-encryption key generation step (S53), and a third sub data re-encryption key generation step (S54).

The input value of the Data-Re- Enc - Keygen algorithm S5a is the secret key of the user i ( x i 12 , x i 13 ) and a first sub-personal data cipher text ( c m 1 '' ), the output value of which may include a re-encryption key for private data or a private data cipher text. If the re-encryption key is represented, k data -re ( w ) = ( k 1 , k 2 , k 3 ).

The random number selection step S51 for data re-encryption selects an arbitrary random number r re . The first sub data re-encryption key generation step (S52) defines the first sub-personal data cipher text ( c m 1 '' ) as the first sub data re-encryption key ( k 1 ).

The second sub data re-encryption key generation step (S53) obtains the second sub data re-encryption key ( k 2 ) using an arbitrary random number. Here, the generation of the second sub-data re-encryption key (or its cipher text) using an arbitrary random number

Figure 112015047894945-pat00012
Can be calculated.

The third sub data re-encryption key generation step (S54) obtains the third sub data re-encryption key ( k 3 ) using the three secret keys and the first sub personal data cipher text. The generation of the third sub-data re-encryption key using the three secret keys and the first sub-personal data cipher text

Figure 112015047894945-pat00013
Can be calculated. And then transmits the re-encryption key for the data, which is the output value of the Data-Re-Enc-Keygen algorithm S5a, to the file server. If the re-encryption key is represented, k data -re ( w ) = ( k 1 , k 2 , k 3 ).

As shown in FIG. 10, the Keyword-Re- Enc - Keygen algorithm S5b includes a random number selection step S55 for re-encryption of the keyword, a first sub keyword re-encryption key generation step S56, A key generation step S57, and a third sub keyword re-encryption key generation step S58.

Keyword-Re- Enc - input of Keygen algorithm (S5b) the first and second secret keys of user i (i x 12, and x i 13) and the first sub individual keywords ciphertext (c w1 ''), the output value is a re-encryption key k keyword -re (w) = ( k 4, k 5, k 6) for the keyword.

The random number selection step S55 for the keyword re-encryption selects an arbitrary random number r re ' . In the first sub keyword re-encryption key generation step (S56), the first sub keyword personal cipher text c w1 '' is determined by the first sub keyword re-encryption key ( k 4 ).

The second sub-keyword re-encryption key generation step (S57) obtains the second sub-keyword re-encryption key ( k 5 ) using an arbitrary random number. The generation of the second sub keyword re-encryption key using an arbitrary random number

Figure 112015047894945-pat00014
Can be calculated.

The third sub-keyword re-encryption key generation step (S58) generates the third sub-keyword re-encryption key k ( k) through the random number and the first secret key multiplication and the public key calculation of two secret key sums for the first sub- 6 ) is obtained. To illustrate public key computation

Figure 112015047894945-pat00015
. Then, the re-encryption key k keyword -re ( w ) = ( k 4 , k 5 , k 6 ), which is the output value of the Keyword-Re- Enc - Keygen algorithm S5b, is transmitted to the file server.

11, the Re- Enc - Keygen algorithm S5c includes a personal data retrieval step S59 to be shared, a first sub-shared data cipher text generation step S591, a second sub-shared data cipher text generation step S592 , A first sub-shared keyword ciphertext generation step (S593), a second sub shared keyword ciphertext generation step (S594), and a third sub shared keyword ciphertext generation step (S595).

The input value of the Re- Enc - Keygen algorithm S5c includes a user i including the user's identity, a re-encryption key k data -re ( w ) for the data , a re-encryption key k keyword -re ( w ) Personal data trap door value T p , encrypted data and keywords E ( D i ) stored in the file server so that only user i can know it, and secret key x i 12 shared by user i and the file server may be, the output value is a shared data c i '(m) = ( c m 1', c m 2 ') with the shared keyword c i' (w) = ( c w 1 ', c w 2', c w 3 ' ) .

The personal data retrieval step (S59) to be shared requires all data { c i '' (m), c i '' (w)) obtained by subtracting keywords from the encrypted data stored in the shared data only by the user himself the first equation k 1 = c m 1 '' and the second equation k 4 = c w 1 '' are two solutions for establishing (c i '' (m) , c i ' with respect to E (D i)}' (w)) .

The first sub-shared-data ciphertext generation step (S591) sets one of the shared data ( c m 1 '' ) to the first sub-shared-data ciphertext ( c m 1 ' ).

A second sub-shared data, the ciphertext generation step (S592) is the other of the shared data (c m 2 ''), the secret key, the second encryption key (k 2), the third encryption key (k 3) and the share of the of the data obtained with a (c m 1 '') a second sub-shared data encrypted text via the encrypted text using the operation (c m 2 '). The ciphertext computation that generates the second sub-shared data ciphertext is

Figure 112015047894945-pat00016
Can be expressed as

The first sub-shared keywords ciphertext generation step (S593) the determined by the first sub-data shared cipher one keyword (c w 1 '') ( c w 1) one of the keywords share a 'corresponding to. Similarly, another keyword ( c w 4 '' ) corresponding to the first sub-shared-data ciphertext is set to the other ( c w 3 ' ) of the keywords to be shared.

In the second sub-shared-keyword ciphertext generation step S594, a keyword c w 2 '' , a secret key x i 2 , a fifth encryption key k 5 , ( C w 2 ' ) among the keywords to be shared through a ciphertext operation using the key ( k 6 ) and the first sub-shared keyword cipher text ( c w 1 '' ). The generation of the second sub-shared keyword cipher text

Figure 112015047894945-pat00017
Can be calculated.

The third sub-shared keywords ciphertext generation step (S595) is determined as a first keyword corresponding to a different sub-shared data encrypted text (c w 3 '') one of the other of the shared keywords (c w 3 '). After Re- Enc - the output value of Keygen algorithm (S5c) is a shared data c i '(m) = ( c m 1', c m 2 ') with the shared keyword c i' (w) = ( c w 1 ' , c w 2 ' , c w 3 ' ) , which can be stored in a file server.

FIG. 12 and FIG. 13 are diagrams illustrating an example of a shared data retrieval step in the data encryption method of FIG.

In the shared data retrieval step constituting the shared and searchable data encryption method for the semi-trusted server having the selective sharing function according to this embodiment, the M-Trapdoor algorithm (S6a) and the M-Search algorithm S6b) can be used.

That is, if all the users want to search shared data, they can retrieve the data through the shared data search step. First, the user executes the M-Trapdoor algorithm S6a using the secret key of the user, A shared data trap door for a door to a file server. Then, the file server can retrieve the data using the trap door in the M-Search algorithm (S6b) and transmit the search result to the user.

12, the M-Trapdoor algorithm S6a includes a random number selection step S61 for generating a shared data trap door, a random number generation step S62 for a keyword, a first sub- A data trap door creation step S63, and a second sub shared data trap door creation step S64.

Input to the M-Trapdoor algorithm (S6a) may include a keyword w to find the secret key (x i 1, s) of the user i, the output value of user i shared data trapdoor, i.e. T mi (w) = ( t m 1 , t m 2 ) .

In the random number selection step (S61) for the shared data generated trapdoor selects any random number (r mt). In the random number generation step S62 for the keyword, the random number ( s w ) is obtained through the random random function Fs ( w ).

The first sub-shared-data trap door generation step S63 is a step of generating a cipher text in which a random number is subtracted from an arbitrary random number as an index of the group creator

Figure 112015047894945-pat00018
) To obtain the first sub-shared data trap door ( t m 1 ).

The second sub-shared-data trap door generation step S64 includes a public key h which exponents a random number, a group constructor g which exponents multiply a secret key and an arbitrary random number, A ciphertext for a combination of group constructors that exponents the product of numbers

Figure 112015047894945-pat00019
) To obtain the second sub-shared data trap door ( t m 2 ). Then, the data encryption device can transmit the shared data trap door T mi ( w ) = ( t m 1 , t m 2 ) of the user i , which is the output value of the M-Trapdoor algorithm S 6 a , to the file server.

13, the M-Search algorithm S6b includes a shared data trap door generation step S65, a keyword search step S66 using the shared data trap door, a first sub shared data ciphertext generation step S65 for the user i , (S67), and a second sub-shared-data ciphertext generation step (S68) for user i .

The input values of the M-Search algorithm S6b include user i including the user's identity, shared data trap door T mi ( w ) , encrypted shared data and keywords E ( D m ) stored in the file server, ( X i 2 ) shared by user i and the file server, and the output value includes a shared data cipher text for user i , c i (m) = ( c m 1 , c m 2 ) . The shared data cipher text may be sent to the user terminal of user i , which is any other user.

The shared data trap door creating step S65 is a step of creating a shared data trap door

Figure 112015047894945-pat00020
To obtain the personal data trap door value T m .

Keyword search step (S66) using the shared data trapdoor are each (c i '(m), c i' (w)) ∈ E (D m) formula H (c w 2 'with respect to all data corresponding to the · T m -1) = c w 3 retrieves '((m, c i' (w)) to c i) is satisfied.

Generating the first sub data shared cipher for user i step (S67) is determined by the first sub-shared data encrypted text (c m 1) a 'c m 1 of the (m)' c i found above.

The second sub-shared-data cipher text generation step S68 for the user i uses the c m 1 '

Figure 112015047894945-pat00021
And obtains the second sub-shared-data cipher text ( c m 2 ). To illustrate this,

Figure 112015047894945-pat00022
Respectively.

Since M-Search shared cipher text data of the output value of user i in the algorithm (S6b) c i (m) = (c m 1, c m 2) may be delivered to the user terminal of user i.

FIG. 14 is an exemplary diagram illustrating a step of decrypting encrypted shared data in the data encryption method of FIG. 1. FIG.

In the shared data decryption step constituting the shared and searchable data encryption method for the semi-trusted server having the selective sharing function according to the present embodiment, it includes the M-Data- Dec algorithm (S7). That is, the user can execute the M-Data- Dec algorithm (S7) through the shared data decryption step to decrypt the shared data cipher text, thereby obtaining the plaintext data.

The M-Data- Dec algorithm S7 includes a shared data decryption step S71 for the user i as shown in Fig. M-Data- input to the algorithm Dec (S7) may include a shared data encrypted text c i (m) on the private key (x i 1) and the user i of the user i, the output value is the plaintext data (m) . ≪ / RTI >

Shared data cryptogram decoding step (S71) in the decoding operation using the x i 1 the secret key of the user i

Figure 112015047894945-pat00023
, And thereby, plain text data can be obtained.

In the present embodiment, when the system use right for a specific user is to be revoked, the file server secret key can be deleted from the user of the file server.

For example, in the conventional technique of Dong et al., All data stored by a user is converted into shared data by a file server using a secret key of a file server, so that all data is shared with all users without limitation. However, in this embodiment, in order for the data stored by the user to be converted into the shared data by the file server, data required by the user, a re-encryption key for the keyword, and a secret key of the file server are required. Thus, the stored data can be shared by all users only for the data and keywords given to the file server by the user creating the re-encryption key.

As described above, the data encryption method according to the present embodiment is advantageous in that it is possible to implement a technique capable of sharing specific data only when the user desires, unlike the conventional technique such as Dong, in which all data is shared without user restriction. To do this, the user i encrypts the data and keywords to be stored using a secret key known only to the user, and then shares the encrypted data and the keyword itself in the form of keywords and data of the conventional technique such as Dong . In this way, all users still have access to encrypted data and keywords stored by user i , but unshared data and keywords can not be searched because they are encrypted so that other users do not know. There is an advantage that the encrypted data can not be decrypted.

Also, in the conventional technique such as Dong, if the user i wants to share a part of his / her data among the data stored in the file server, it searches the encrypted data and the keyword in the file server, decrypts the data after downloading the data, Should be stored on the server. Therefore, it can be seen that this conventional method is very inefficient in terms of the amount of calculation and the amount of communication compared to the present embodiment. Comparing the data encryption method of the present embodiment and the data encryption method of the related art as a whole, it can be seen that the data encryption method of this embodiment is efficient and useful in all aspects compared to the prior art.

15 is a flowchart of a method for retrieving encrypted personal data in the data encryption method of FIG.

The encrypted personal data retrieval process according to the present embodiment will be described with reference to FIG.

The key management server 10 generates a system parameter (S1a). Then, a secret key is generated (S1b). The key management server 10 transfers the generated secret key to the user terminal 20 and the server device 30 (S151, S152). The server device 30 may be connected to a file server 38.

Next, the user terminal 20 encrypts the personal data and the keyword according to the user command (S2). Then, the encrypted personal data and the keyword are transmitted to the server device 30 (S153).

The server device 30 receiving the encrypted personal data and the keyword from the user terminal 20 stores the corresponding data in the file server 38 (S154).

Next, in order to retrieve the personal data cipher text stored in the file server, the user terminal 20 generates a personal data trap door (S3a). A trapdoor is a secret path from which system security has been removed and can correspond to the security hole of the system designer's system for accessibility of service technicians or maintenance program authors. Trap doors can also be referred to as backdoors. In large-scale applications or operating system development, administrators can easily access data ciphers by setting breaks in the middle of the code, called trap doors.

Next, the generated personal data trap door is transmitted to the server device 30 (S155), and the server device 30 can search the personal data cipher text stored in the user's file server 38 using the personal data trap door (S36). Then, the server device 30 can transmit the retrieved personal data cipher text to the user terminal 20 as a search result (S156).

Next, the user terminal receives the search result based on the personal data trap door at the file server 38, and obtains the plain text data by decoding it (S4).

16 is a flow chart of a method for sharing encrypted private data among the data encryption methods of FIG.

The encrypted personal data sharing process according to the present embodiment will be described with reference to FIG.

The key management server 10 generates a system parameter (S1a), and generates a secret key based on the system parameter (S1b). The key management server 10 transfers the generated secret key to the user terminal 20 and the server device 30 (S151, S152). The server device 30 may be connected to a file server 38. Then, the key management server 10 may transmit the secret key associated with another user to another user terminal 21 (S151a).

Next, the user terminal 20 encrypts personal data and keywords according to a user input or the like (S2). Then, the encrypted personal data and the keyword are transmitted to the server device 30 (S153). The server device 30 receiving the encrypted personal data and the keyword from the user terminal 20 stores the corresponding data in the file server 38 (S154).

Next, the user terminal 20 generates a re-encryption key (S5a) and transmits the generated re-encryption key to the server device 30 in order to convert data to be shared with other users among the personal data ciphertexts stored in the file server (S157).

Next, the server device 30 converts at least a part of the personal data cipher text and the personal keyword cipher text of the user stored in the file server into the shared data cipher text and the shared keyword cipher text using the re-encryption key (S158).

Next, another user who wants to search for the shared data cipher text and / or the shared keyword cipher text stored in the file server 38 can use the other secret key received from the key management server 10 at the other user terminal 21 to access the shared data trap door (S5b), and may transmit the shared data trap door to the server device 30 together with the user information of another user (S159).

The server device 30 receiving the shared data trap door searches the shared data cipher text and / or the shared keyword cipher text stored in the file server 38 based on the user information and the shared data trap door (S6) Or the corresponding shared data cipher text to another user terminal 21 (S160).

The other user terminal 21 having received the shared data cipher text can obtain the plain text data by decoding the shared data cipher text using the secret key (S7).

17 is a schematic block diagram of a data encryption apparatus according to another embodiment of the present invention.

The data encryption apparatus according to the present embodiment can correspond to the user terminal 20. [ Therefore, the data encryption apparatus according to the present embodiment is denoted by reference numeral 20. On the other hand, the configuration of the data encryption apparatus according to the present embodiment can be applied to the server apparatus described below, and vice versa.

The data encryption device 20 applicable to the user terminal may include a processor 22, a memory 24 and a communication interface 26 as shown in Fig.

The processor 22 may include one or more cores, a cache memory, a memory interface, and a peripheral interface. When the processor 22 has a multi-core structure, a multi-core refers to integrating two or more independent cores into one package of a single integrated circuit. A single core may refer to a central processing unit. The central processing unit (CPU) may be implemented as a system on chip (SOC) in which a micro control unit (MCU) and a peripheral device (integrated circuit for external expansion device) are disposed together, but the present invention is not limited thereto. The core includes registers for storing instructions to be processed, an arithmetic logical unit (ALU) for comparisons, judgments, and arithmetic operations, a control unit (CPU) for internally controlling the CPU to interpret and execute instructions, ), An internal bus, and the like.

In addition, the processor 22 may include, but is not limited to, one or more data processors, image processors, or codecs (CODECs). The data processor, image processor, or codec may be configured separately. In addition, the processor 22 may have a peripheral interface and a memory interface, in which case the peripheral interface connects the processor 22 to the input / output system and various other peripherals, The memory 24 can be connected.

The processor 22 of the above-described configuration can execute data input, data processing, and data output to execute various software programs to perform a data encryption method. In addition, the processor 22 may execute a specific software module (instruction set) stored in the memory 24 to perform various specific functions corresponding to the module. That is, the processor 22 can perform a data encryption method that can be retrieved or shared from a user terminal such as a mobile device through a link with a server device by modules for a data encryption method included in software modules stored in the memory 24 Can be performed.

The processor 22 may include a transceiver 221, an encryption / decryption unit 222, a trap door generator 223, and a re-encryption key generator 224 to implement the data encryption method. In this case, the transceiver 221 receives the secret key from the key management server, transmits the encrypted personal data and the encrypted keyword to the server device, transmits the personal data trap door to the server device, The encrypted personal data retrieved using the personal data trap door can be received from the server apparatus.

Also, the encryption / decryption unit 222 can encrypt the personal data and the keyword for the personal data using the secret key, and output the plain-text data by decrypting the encrypted personal data received from the server apparatus. The trap door creator 223 can generate a personal data trap door for enabling the file server to retrieve the encrypted personal data stored in the user storage area and / or the encrypted keyword. The re-encryption key generator 224 re-encrypts the encrypted personal data and / or the encrypted keyword stored in the user-related storage area in the file server to convert the encrypted personal data and / or the encrypted keyword into the shared data ciphertext and / An encryption key can be generated.

 The memory 24 may include a high-speed random access memory, such as one or more magnetic disk storage devices, and / or a non-volatile memory, one or more optical storage devices, and / or a flash memory.

The memory 24 may store software, programs, a set of instructions, or a combination thereof. The memory 24 may store encrypted personal data and encrypted private keywords. Also, the memory 24 may store the trap door and may store the re-encryption key.

Components of the software may include an operating system module, a communication module, a graphics module, a user interface module, a moving picture experts group (MPEG) module, a camera module, one or more application modules, and the like. A module is a set of instructions that can be represented as an instruction set or program.

The operating system includes built-in operating systems such as MS WINDOWS, LINUX, Darwin, RTXC, UNIX, OS X, iOS, Mac OS, VxWorks, Google OS, Android, And may include various components for controlling the system operation of a user terminal including a mobile device and the like. The above-described operating system may also include, but is not limited to, a function of performing communication between various hardware devices and software components (modules).

For general system operation or control of functions except for the control of functions implementing the data encryption method, the user terminal may comprise one or more means for e.g. memory management and control, storage hardware control and management, power control and management, And may include a configuration unit that performs a function corresponding to the operation mode.

The communication interface 26 supports one or more communication protocols so that the data encryption device 20 can be connected to the server device, the file server, or another device on the network via the network.

The communication interface 26 may also include one or more wireless communication subsystems. The wireless communication subsystem may include a radio frequency receiver and a transceiver and / or an optical (e.g., infrared) receiver or transceiver. The communication interface 26 may be a network such as a Global System for Mobile Communication (GSM) network, an Enhanced Data GSM Environment (EDGE) network, a Code Division Multiple Access (CDMA) network, a W- Network, an LTE (Long Term Evolution) network, an OFDMA (Orthogonal Frequency Division Multiple Access) network, a WiMax network, a Wi-Fi (Wireless Fidelity) network, a Bluetooth network and the like.

Meanwhile, in the present embodiment, the components (221 to 224, etc.) of the data encryption apparatus may be functional blocks or modules mounted on a user terminal or a computer apparatus, but are not limited thereto. The above-described components may be stored in a computer-readable medium (recording medium) in the form of software for implementing a series of functions (data encryption method) performed by them, or may be transmitted to a remote place in the form of a carrier to be implemented to operate in various computer devices . The computer readable medium may include a plurality of computer devices or a cloud system connected through a network, and at least one of the plurality of computer devices or the cloud system may include a data encryption method in the data encryption device of the present embodiment You can save the program or source code to perform.

That is, the computer-readable medium may be embodied in the form of a program command, a data file, a data structure, or the like, alone or in combination. Programs recorded on a computer-readable medium may include those specifically designed and constructed for the present invention or those known and available to those skilled in the computer software arts.

The computer-readable medium can also include a hardware device specifically configured to store and execute program instructions, such as a ROM, a RAM, a flash memory, and the like. Program instructions may include machine language code such as those produced by a compiler, as well as high-level language code that may be executed by a computer using an interpreter or the like. The hardware device may be configured to operate with at least one software module to perform the noise reduction method of the present embodiment, and vice versa.

18 is a schematic block diagram of a data encryption apparatus according to another embodiment of the present invention.

The data encryption apparatus according to the present embodiment can correspond to the server apparatus 30. [ Therefore, the data encryption apparatus according to the present embodiment is denoted by reference numeral 30. The configuration of the data encryption apparatus according to the present embodiment can be applied to the user terminal described above, and vice versa.

The data encryption apparatus 30 applicable to the server apparatus may include a processor 32, a memory 34 and a communication interface 36 as shown in Fig.

The data encryption apparatus 30 according to the present embodiment includes a memory 34 in which the transmission / reception module 341, the storage module 342, the search module 343, and the conversion module 344 are mounted, And may be similar or identical to the data encryption apparatus described above. Thus, descriptions of similar or identical components are omitted to avoid redundancy.

The transmission / reception module 341 is executed by the processor 32 to receive a secret key for a specific user from the key management server, receive private data encrypted with the secret key from the user terminal of the user and the encrypted keyword, And can receive a shared data trap door for a specific keyword to be searched on the user side from another user terminal. In addition, the transceiver module 341 may further receive a re-encryption key for sharing at least a portion of the encrypted personal data from the user terminal.

The storage module 342 stores the encrypted personal data and / or the shared personal data and / or shared data ciphertext received from the user terminal through the transmission / reception module 341 in the storage area associated with the user, And store the encrypted text in the file server 38.

The search module 343 may retrieve the encrypted personal data from the file server using the personal data trap door that is executed by the processor 32 and received from the user terminal. In addition, the search module 343 may include at least a portion of the encrypted personal data stored in the file server, that is, a shared data cipher text or a shared keyword cipher text associated therewith, which is executed by the processor 32 using the shared data trap door received from the other user terminal Can be searched.

The conversion module 344 re-encrypts the personal data cipher text and the personal keyword cipher text stored in the file server using the re-encryption key that is performed by the processor 32 and converts the cipher text data into the shared data cipher text and the shared keyword cipher text .

In the case of using the data encryption device 30 that can be implemented by at least some functional units or configuration units of the cloud service providing apparatus according to the present embodiment, data stored in an external storage or a database (file server, etc.) And can encrypt and store the data so as to enable selective sharing and / or retrieval of the data.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the following claims It can be understood that

Claims (20)

delete delete A data encryption method for sharing or retrieving, which is performed in a server apparatus that provides a service for encrypting and storing data,
Receiving a secret key for a user from a key management server;
Receiving personal data and keywords encrypted with the secret key from the user terminal of the user;
Storing the encrypted personal data and keywords in a storage area associated with the user in a file server;
Receiving a personal data trap door for a keyword to be searched from the user side from the user terminal; And
Retrieving a personal data cipher text from a file server using the personal data trap door,
In the step of retrieving the personal data cipher text, a P-Data-Enc algorithm is used,
The P-Data-Enc algorithm includes a random number selection step for encrypting personal data, a first sub personal data cipher text generation step and a second sub personal data cipher text generation step, wherein the input value of the P-Data- The secret key and the data to be encrypted, the output value including a personal data cipher text of the user,
Wherein the random number selection step for encrypting the personal data selects a random number for the personal data to be encrypted and the first sub personal data cipher text generation step calculates a cipher text in the form of a public key using the random number to generate first sub- And generating a second sub personal data cipher text by encrypting a product of the group generator and the plaintext data in which the product of the secret key and the random number is an exponent in a public key form to generate a second sub personal data cipher text, Wherein the personal data cipher text includes the first and second sub personal data cipher texts,
The keyword is encrypted by the P-Keyword-Enc algorithm at the user terminal,
The P-Keyword-Enc algorithm includes a random number selection step for encrypting a personal keyword, a random number generation step for a keyword, a first sub personal keyword ciphertext generation step, a second sub personal keyword ciphertext generation step, Wherein the input value of the P-Keyword-Enc algorithm includes a secret key and a keyword to be encrypted, the output value includes a personal keyword cipher text,
Wherein the random number selection step for encrypting the personal keywords selects an arbitrary first random number and a second random number for the keyword to be encrypted, The second subpersonal keyword cipher text generation step generates the first subpopular keyword cipher text using the cipher text of the group creator that exponents the sum of the secret key and the first random number, The second subprivate keyword ciphertext generation step may include multiplying the product of the first random number and the secret key, a product of the secret key and a first random number corresponding to the first random number, and a second random number corresponding to the secret key and the first random number A second subpersonal keyword cipher text is obtained using the cipher text of the group creator that exponents the sum of the products of the second subpopular random number, The ciphertext generation step generates a third subpersonal keyword cipher text using a hash function for the group creator exponent of the product of the first random number and the secret key multiplied by the product of the secret key and the first random number The fourth sub personal keyword cipher text is obtained by using a hash function for a public key in which the secret key is exponent, A method of encrypting data, comprising key word ciphertexts. The method of claim 3,
The step of retrieving the personal data cipher text uses a P-Trapdoor algorithm,
The P-Trapdoor algorithm includes a random number selection step for generating a personal data trap door, a number random number generation step for a keyword, a first sub personal data trap door generation step and a second sub personal data trap door generation step The input value of the P-Trapdoor algorithm includes a secret key and a keyword to be searched on the user side, the output value includes a personal data trap door,
Wherein the random number selection step for generating the personal data trap door selects any random number and the generating of the number random number for the keyword generates a random number by using a random number function for the secret key, 1 sub-personal data trap door generating step generates a first sub personal data trap door using the cipher text of the group creator exponentating the random number, and the second sub personal data trap door generating step generates the second sub personal data trap door using the random number and the secret key And generating a second sub personal data trap door using the cipher text of the group creator indexing the sum of the product of the secret key and the random number, wherein the personal data trap door comprises a first and a second Sub personal data trap doors. The method of claim 4,
The step of retrieving the personal data ciphertext further uses a P-Search algorithm,
The P-Search algorithm personal data trapdoor value generating step and the personal data traps containing the keyword search step using the door, wherein the input value of the P-Search algorithm is the secret key, the personal data trapdoor, and the file server The encrypted personal data corresponding to the keyword to be searched on the user side and the output value include the encrypted personal data corresponding to the keyword to be searched on the user side,
Wherein the personal data trap door value generating step generates a personal data trap door value using the private key and the first and second sub personal data trap doors, and the keyword searching step using the personal data trap door comprises: And deciding whether or not the third subpersonal keyword cipher text is matched with the subpersonal keyword cipher text and the hash function of the inverse personal data trap door value. The method of claim 5,
Wherein the step of retrieving the personal data cipher text comprises the step of exponentiating the product of the secret key and the random number of the random number using the secret key and the random number using the secret key and the random number, Extracting the personal data ciphertext corresponding to the keyword to be searched on the user side and transmitting the extracted personal data ciphertext to the user terminal if the combination of the group creator matches the third sub keyword cipher text,
And the user terminal decrypts the personal data cipher text into plaintext data. The method of claim 6,
The decryption of the personal data ciphertext in the user terminal uses a P-Data- Dec algorithm,
Wherein the P-Data - Dec algorithm comprises a private data decryption step, wherein the input value of the P-Data- Dec algorithm includes a secret key and a private data cipher text from the server device, ≪ / RTI &
Wherein the private data decryption step decrypts the private data cipher text using the secret key. A data encryption method for sharing or retrieving, which is performed in a server apparatus that provides a service for encrypting and storing data,
Receiving a secret key for a user from a key management server;
Receiving personal data and keywords encrypted with the secret key from the user terminal of the user;
Storing the encrypted personal data and a keyword in a storage area associated with the user;
Receiving a re-encryption key for sharing at least a portion of the personal data ciphertext stored in the file server of the server device from the user terminal;
Encrypting the personal data cipher text and the personal keyword cipher text stored in the file server using the re-encryption key to convert the cipher text data into a shared data cipher text and a shared keyword cipher text;
Receiving a shared data trap door for a shared keyword that enables the shared data ciphertext to be retrieved from the file server from another user terminal; And
And retrieving the shared data cipher text stored in the file server using the shared data trap door. The method of claim 8,
The step of retrieving the shared data cipher text uses an M-Trapdoor algorithm,
The M-Trapdoor algorithm includes a random number selection step for generating a shared data trap door, a number random number generation step for a keyword, a first sub shared data trap door generation step, and a second sub shared data trap door generation step. Wherein the input value of the M-Trapdoor algorithm includes a secret key and a keyword to be searched, the output value includes a shared data trap door,
Wherein the step of selecting a random number for generating the shared data trap door selects a random number and the generating of the number random number for the keyword generates a random number by using a random Random function using the random number, Wherein the step of generating the shared data trap door determines a first sub shared data trap door using a cipher text in which a value obtained by subtracting the random number from the random number is an index of the group creator, A second group is generated by using a cipher text in which a public key having a random number as an exponent, a group creator having an exponent of a product of the secret key and the random number, and a group creator having an exponent as a product of the secret key and the random number, A shared data trap door is obtained, wherein the shared data trap door comprises a first and a second sub- Method, data encryption, including data trapdoor. The method of claim 9,
The step of retrieving the shared data ciphertext further uses an M-Search algorithm,
The M-Search algorithm includes a shared data trap door generation step, a keyword search step using a shared data trap door, a first sub shared data cipher text generation step for another user, and a second sub shared data cipher text generation step for the other user Wherein the input value of the M-Search algorithm includes at least one of the identity of the other user, the shared data trap door, encrypted shared data and shared keywords stored in the file server, And the output value is a shared data cipher text shared by the other user,
Wherein the step of generating the shared data trap door comprises: obtaining a shared data trap door value from the ciphertexts of the first and second sub-shared data trap doors using the secret key; and searching the keyword using the shared data trap door, It is determined whether or not the hash function using the second sub-shared keyword cipher text and the inverse shared data trap door value match the third sub-shared keyword cipher text in the case where the shared data corresponding to all the keywords to be searched is the element of the encrypted shared data Wherein the third sub-shared keyword ciphertext defines another keyword corresponding to the first sub-shared keyword ciphertext in the shared keywords. The method of claim 10,
If the hash function matches the third sub-shared keyword cipher text in the step of retrieving the shared data cipher text, extracting the shared data cipher text corresponding to the keyword to be searched at the other user side, Wherein the other user terminal decrypts the shared data cipher text to obtain plain text data. The method of claim 11,
The decryption of the shared data ciphertext in the other user terminal uses an M-Data-Dec algorithm,
Wherein the M-Data - Dec algorithm comprises a shared data decryption step, wherein an input value of the M-Data- Dec algorithm includes a secret key of the other user terminal and the shared data cipher text, ≪ / RTI &
Wherein the shared data decryption step decrypts the shared data cipher text using the secret key at the other user terminal. delete A data encryption apparatus for providing a service for encrypting and storing data and performing data encryption for sharing or retrieving,
Receiving a private key for a user from a key management server, receiving personal data and a keyword encrypted with the private key from the user terminal of the user, and receiving a personal data trap for a specific keyword to be searched from the user terminal, A transmission / reception unit for receiving a door;
A storage unit for storing the encrypted personal data and keywords in a storage area associated with the user in a file server; And
And a retrieval unit for retrieving a personal data cipher text stored in the file server using the personal data trap door,
Wherein the transceiver further receives a re-encryption key for sharing at least a portion of the personal data ciphertext from the user terminal,
Wherein the data encryption apparatus further comprises a conversion unit for re-encrypting the personal data cipher text and the personal keyword cipher text stored in the file server using the re-encryption key to convert the cipher text data into a shared data cipher text and a shared keyword cipher text. 15. The method of claim 14,
Wherein the transceiver further receives a shared data trap door for retrieving the shared data ciphertext from another user terminal,
And the retrieving unit retrieves the shared data cipher text stored in the file server using the shared data trap door. 15. The method of claim 14,
Wherein the data encryption device comprises at least a part of a function of at least a part of a cloud service providing server connected to a user terminal via a network or at least a part of a part performing a function corresponding to the function part. delete A data encryption method for a sharing or retrieval performed by a user terminal connected to a server device via a network,
Receiving a secret key shared with the server device from a key management server;
Encrypting the personal data and the keyword for the personal data using the secret key;
Transmitting encrypted personal data and keywords to the server device;
Generating a re-encryption key for re-encrypting a personal data cipher text or keyword stored in a user-related storage area in a file server of the server device; And
And transmitting the re-encryption key to the server device,
The server apparatus converts the cipher text of personal data or personal keywords stored in the user-related storage area into a shared data cipher text or a shared keyword cipher text using the re-encryption key, And transmitting the retrieved shared data ciphertext to the user terminal of the other user. The shared data ciphertext is transmitted to the user terminal of the another user by using the shared data trap door,
Data encryption method. delete delete
KR1020150069751A 2015-05-19 2015-05-19 Method for encrypting data for sharing or searching the data and apparatus for performing the method KR101697868B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150069751A KR101697868B1 (en) 2015-05-19 2015-05-19 Method for encrypting data for sharing or searching the data and apparatus for performing the method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150069751A KR101697868B1 (en) 2015-05-19 2015-05-19 Method for encrypting data for sharing or searching the data and apparatus for performing the method

Publications (2)

Publication Number Publication Date
KR20160136060A KR20160136060A (en) 2016-11-29
KR101697868B1 true KR101697868B1 (en) 2017-01-19

Family

ID=57706491

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150069751A KR101697868B1 (en) 2015-05-19 2015-05-19 Method for encrypting data for sharing or searching the data and apparatus for performing the method

Country Status (1)

Country Link
KR (1) KR101697868B1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102025409B1 (en) * 2017-07-31 2019-09-25 서강대학교산학협력단 Data access management system based on blockchain and method thereof
KR101997984B1 (en) * 2017-10-25 2019-07-08 이화여자대학교 산학협력단 Location based vehicle communication method using proxy re-encryption and proxy server for vehicle communication
KR102050888B1 (en) * 2017-11-29 2019-12-02 고려대학교 산학협력단 Method and system for similarity search over encrypted data in cloud computing
KR102320667B1 (en) * 2019-11-08 2021-11-02 두나무 주식회사 Method and terminal for managing user information
CN113486364A (en) * 2020-10-20 2021-10-08 青岛海信电子产业控股股份有限公司 Terminal, server and data processing method
CN116521743A (en) * 2023-06-27 2023-08-01 北京中科江南信息技术股份有限公司 Ciphertext retrieval method and device, storage medium and electronic equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100945535B1 (en) 2007-11-29 2010-03-09 주식회사 케이티 Key generating method for preventing dictionary attack and method of producing searchable keyword encryption and searching data using that

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11143780A (en) * 1997-11-05 1999-05-28 Hitachi Ltd Method and device for managing secret information in database
KR100839220B1 (en) * 2006-10-19 2008-06-19 고려대학교 산학협력단 Method for searching encrypted database and System thereof
KR101302137B1 (en) * 2009-12-16 2013-09-16 한국전자통신연구원 Method for Searchable Symmetric Encryption

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100945535B1 (en) 2007-11-29 2010-03-09 주식회사 케이티 Key generating method for preventing dictionary attack and method of producing searchable keyword encryption and searching data using that

Also Published As

Publication number Publication date
KR20160136060A (en) 2016-11-29

Similar Documents

Publication Publication Date Title
KR101697868B1 (en) Method for encrypting data for sharing or searching the data and apparatus for performing the method
CN107038383B (en) Data processing method and device
CN108629027B (en) User database reconstruction method, device, equipment and medium based on block chain
KR101600016B1 (en) method of encrypting data using Homomorphic Encryption and Computing device performing the method
CN106817358B (en) Encryption and decryption method and device for user resources
KR102449816B1 (en) Apparatus for encryption and search and method thereof
US20170310479A1 (en) Key Replacement Direction Control System and Key Replacement Direction Control Method
JP2014126865A (en) Device and method for encryption processing
CN109672521B (en) Security storage system and method based on national encryption engine
JPWO2015155896A1 (en) Support vector machine learning system and support vector machine learning method
US11128452B2 (en) Encrypted data sharing with a hierarchical key structure
US9479330B2 (en) Method, information service system and program for information encryption/decryption
WO2016088453A1 (en) Encryption apparatus, decryption apparatus, cryptography processing system, encryption method, decryption method, encryption program, and decryption program
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
CN108549824A (en) A kind of data desensitization method and device
GB2546612A (en) Password-authenticated public key encryption and decryption
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
CN111767550B (en) Data storage method and device
EP3119031A1 (en) Encryption scheme using multiple parties
CN113761570B (en) Data interaction method for privacy intersection
CN113672954B (en) Feature extraction method and device and electronic equipment
CN109361717A (en) Encrypted content file method, apparatus and electronic equipment
CN115510490A (en) Method, device, system and equipment for inquiring encrypted data shared by non-secret keys
KR102633416B1 (en) Method for privacy preserving using homomorphic encryption with private variables and apparatus theroef
KR102512871B1 (en) Centralized private key management method for multiple user devices related to a single public key

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right