CN104158880B - User-end cloud data sharing solution - Google Patents

User-end cloud data sharing solution Download PDF

Info

Publication number
CN104158880B
CN104158880B CN201410409232.2A CN201410409232A CN104158880B CN 104158880 B CN104158880 B CN 104158880B CN 201410409232 A CN201410409232 A CN 201410409232A CN 104158880 B CN104158880 B CN 104158880B
Authority
CN
China
Prior art keywords
encrypted
key
data
user
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410409232.2A
Other languages
Chinese (zh)
Other versions
CN104158880A (en
Inventor
王石
洪小莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JINAN SUPERSPEED SEMICONDUCTORS CO Ltd
Original Assignee
JINAN SUPERSPEED SEMICONDUCTORS CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JINAN SUPERSPEED SEMICONDUCTORS CO Ltd filed Critical JINAN SUPERSPEED SEMICONDUCTORS CO Ltd
Priority to CN201410409232.2A priority Critical patent/CN104158880B/en
Publication of CN104158880A publication Critical patent/CN104158880A/en
Application granted granted Critical
Publication of CN104158880B publication Critical patent/CN104158880B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention discloses a user-end cloud data sharing solution, the specific implementation process thereof is as follows: a data owner encrypts data files through content keys on a hardware marking carrier and encrypts all content keys at the same time, and uploads all encrypted data files and encrypted content keys to a cloud data master end; the hardware marking carrier of the data owner is called, an encrypted re-encryption key is generated through computing, and a specified user obtains the encrypted re-encryption key at the cloud data master end; according to the received encrypted re-encryption key, the specified user calls the hardware making carrier thereof and decrypts the encrypted re-encryption key so as to obtain all data files encrypted and uploaded by the data owner and to decrypt the files. Compared with the prior art, the user-end cloud data sharing solution may save network traffic, reduce the computing operation load for a computer, decrease power consumption and improve encrypted data sharing efficiency.

Description

A kind of user terminal cloud data sharing solution
Technical field
The present invention relates to field of information security technology, specifically practical, safe, occupancy network traffics Small, a kind of user terminal cloud data sharing solution.
Background technology
Files passe is shared in the prior art typically uses public key encryption scheme, such as:ELGamal encipherment schemes, This public key encryption scheme is also referred to as asymmetric-key encryption technology, and its specific encryption process is:Using a pair of matchings Key be encrypted, decrypt, with two keys, one is that public-key cryptography (public key) is private cipher key (private key), it Have this property:Every that key is performed a kind of unidirectional treatment to data, the function of every handle is exactly with another handle conversely, one It is during for encrypting, then another just for decrypting.Can only be decrypted with private key with the file of public key encryption, and the text of private key encryption Part can only use public key decryptions.
Based on above-mentioned cipher key encryption scheme, as shown in Figure 1, what user used upload data to cloud data deposits server Encipherment scheme is:User A plans to upload several file F1,F2,…,FnTo Dropbox.Because being related to secure context Problem, file will be encrypted before upload.The Hybrid Encryption example of the user terminal encryption customary is completed.Especially Can be distinguished and random symmetric content key K in uniqueness1,K2,…,KnUnder, the size that each key is at least 128, with Block cipher containing appropriate operator scheme, the preferably operator scheme of certification are (such as:AES-GCM), then by file F1, F2,…,FnC is encrypted as first1,C2,…,Cn, then under the public-key cryptography of Alice, with public key encryption scheme (such as:It is super More ElGamal encipherment schemes of elliptic curve group) to content key encryption.Ciphertext is uploaded to by encryption file C1,C2,…,CnGroup Into Dropbox on, encrypted content key is by CK1,CK2,…,CKnRepresent.Wherein in each encryption file, such as Ci, It also contains the initial vector that should be attributed to block cipher mode.Simply, it is assumed that initial vector is each encryption Privately owned file CiA part.
Sometime, user A wants to share her file with friend B.One common methods is:A from cloud main side (such as: Dropbox all of encrypted content ciphering key K is downloaded on)1,CK2,…,CKn, then they are decrypted and content key K is obtained1, K2,…,Kn, they are then encrypted as CK again with the public-key cryptography of B1’,CK2’,…,CKn', finally upload these it is new plus Close content key to cloud main side (such as:Dropbox) so that B is downloaded.The advantage of this method is that A need not download any one and add Ciphertext part, therefore, in A and cloud main side (such as:Dropbox communication period) can save bandwidth.
Even so, the encrypted content key that this method is still related to each file is uploaded and downloaded, so as to increase Network communication flow, the quantity of documents shared between network expenses and both sides is linear;Additionally, this method is also The substantial amounts of computer service ability of A this sides can be influenceed, so not being very practical, power consumption is increased, especially to by battery Notebook computer of power supply etc., it is very impracticable;Encryption data sharing efficiency is low, is total to other friends when A rethinks under the imagination Enjoy file, such as C.This solution can cause extra network charges, with the linear pass of the quantity of A and C shared files System, if allowing shared friend's quantity for m, the network charges of this solution are exactly the linear array of O (nm).
So the technological challenge in this application case is, lead to too much between user and cloud storage provider not causing On the premise of believing and not bringing too many computation burden to user, how to cause that this encryption data is shared more efficiently.
There is a potential solution for this problem.This scheme is exactly to allow A to be distributed to her private cipher key Cloud main side, then requires that cloud main side represents A and does decryption and encrypt.Even so, this method will depend on the peace of cloud main side Quan Xing, and A must not believe that cloud main side will not disclose file to any unauthorized third party.Therefore this method is not Guarantee can be provided to A:Only she possesses the administrative power of the encrypted file access of oneself.
Based on this, now provide a kind of network communication flow will not increase, encryption data sharing efficiency high, high safety, use Family end cloud data sharing solution.
The content of the invention
Technical assignment of the invention is directed to above weak point, there is provided a kind of practical, user terminal cloud data sharing Solution.
A kind of user terminal cloud data sharing solution, it implements process and is:
Data owner is encrypted by content key on hardware tab carrier to data file, while to all interior Hold key encryption, all of encrypted data file and encrypted content key are uploaded into cloud data main side, be i.e. cloud data are deposited Storage server end;
The hardware tab carrier of data owner is called, the re-encrypted private key that generation has been encrypted is calculated, and this has been encrypted Re-encrypted private key cloud data main side by specify user obtain;
According to the re-encrypted private key encrypted for receiving, specified user calls the hardware tab carrier of oneself, to having added Close re-encrypted private key is decrypted into re-encrypted private key, specifies user to encrypt according to re-encrypted private key decryption is all of And the data file uploaded by data owner.
By way of above-mentioned re-encryption, the participation computing of the generation without any server of key is may be such that, it is whole to protect Close property depends on the confidentiality of data owner and specified user's private cipher key, can strengthen the security of data.
Preferably, the hardware tab carrier for using refers to the USB flash disk or band Velosti for including AES encryption hardware The equipment of USB, this is to be relatively low cost and easy to realization due to the equipment, while being convenient for carrying, facilitates the real-time of above-mentioned steps Operation.
Further, public-key cryptography and private cipher key, corresponding, the weight encrypted are included in the hardware tab carrier The generating process of encryption key is:
The public-key cryptography of the private cipher key of data owner and specified user produces a re-encrypted private key Rekey, should Re-encrypted private key Rekey produces a re-encrypted private key encrypted with the public-key cryptography of specified user;
The decrypting process of the re-encrypted private key encrypted is:
User is specified after the re-encrypted private key encrypted is received, is added again by what the private cipher key pair of oneself had been encrypted Key is decrypted as re-encrypted private key Rekey, afterwards, the private cipher key of re-encrypted private key Rekey and specified user Use simultaneously, complete decryption.
The transmission of the public-key cryptography of the process of above-mentioned re-encryption and decryption is represented with plaintext, therefore to public-key cryptography without deep layer Security requirements, thus either the public-key cryptography of data owner still specifies the public-key cryptography of user, is all positioned over high in the clouds In read-only file folder;By said process so that all encrypted data files and content key come from number there is no In the case of according to the key of owner, it is impossible to by anyone decryption in cloud data, services business, and specify user that oneself then can be used Hardware tab carrier, the re-encrypted private key encrypted by the private cipher key pair of oneself is decrypted, and then obtained data and gathered around The data file that the person of having uploads, it is practical and safe.
Further, the re-encrypted private key generation encrypted is realized by enciphering and deciphering algorithm with decrypting process, acted on behalf of Re-encryption is made up of 6 probabilistic polynomial time algorithms, that is, set, produce key, produce weight key, encryption, re-encryption, Decryption.
The process that implements of above step is:
The first, the systematic parameter of the algorithm is set:
It is params=(G, q, g, H by the system parameter settings1,H2), wherein G is multiplicative group or module, and the G is Algorithm produces a set in sequence q;| q |=k and k is a given security parameter;G is all living creatures Cheng Yuan of G;H1With H2It is two hash functions of algorithm generation, is each mapped to Z from Gq, the ZqRepresentative set 0,1 ..., q-1 };Message Space M is decided to be the domain that G, i.e. plaintext space are decided to be crowd G.
2nd, key is produced:
Setting private cipher key ski=(xi,1,xi,2), xi,1,xi,2It is separate and be selected from Zq
Calculate public-key cryptography pki=(pki,1,pki,2)=(gxi,1,gxi,2)。
3rd, file is encrypted:
One public-key cryptography pk of inputi=(pki,1,pki,2) and come from the message m of message space M, by following Step produces ciphertext Ci
From ZqRandom selection r;
Calculate E=mgr
Calculate F=(pki,1 H2(pki,2)pki,2)r
Setting Ci=(E, F).
4th, weight key is produced:
It is random to select V from G, from ZqSelection u;
Calculate v=H1(V)(xi,1H2(pki,2)+xi,2)-1modq;
Calculate U=Vgu
Calculate W=pkj,2 u
Output ReKeyi-j=(v, U, W).
5th, re-encryption:
Input re-encrypted private key ReKeyi-j=(v, U, a W) and ciphertext Ci=(E, F), calculates F '=Fv, export Cj= (E,F’,U,W)。
6th, decrypt:
One private cipher key sk=(x of input1,x2) an and ciphertext C, message m is regained by algorithm, when C=(E, F it is) original cipher text, calculates t=xi,1H2(pki,2)+xi,2Modq and m=E (F1/t)-1;When C=(E, F ', U, W) is close re-encryption Text, calculates V=U (W1/xi,2)-1, then m=E (F '1/H1(V))-1
The span of the security parameter k is 160~512.
Further, the access port of raw data file is also obtained when the specified user obtains re-encrypted private key simultaneously, The access port of the raw data file refers to after raw data file is already encrypted and is uploaded to cloud data storage server Address links and is determined by data owner.The access port of the raw data file determines that its is shared more by data owner Few, i.e., data owner may decide that shared some or all of access port.
A kind of user terminal cloud data sharing solution of the invention, with advantages below:
A kind of user terminal cloud data sharing solution of the invention realizes multi-enciphering by borrowing hardware tab carrier Setting so that the shared network communication flow of encryption data is minimized between data owner and cloud storage service service provider, Saving network flow;The calculating operation burden of computer is reduced, power consumption is reduced;Lifting encryption data sharing efficiency, works as data Owner has many files and when each file may have a different recipient group, and this shared efficiency of algorithm is higher And effect is preferably, for data owner, she is to need to encrypt each file every time, and gives each recipient meter every time ReKey is calculated, for specifying user, he is to need to recover Rekey from data owner there every time;The generation of key Computing need not be participated in by any server, and will not individually allow anyone to decrypt file from encryption file, encrypted The confidentiality of file still depends on the confidentiality of data owner and specified user's private cipher key, even in encryption file quilt After shared, security is seamlessly realized with the integrated of existing shared mechanism of cloud data main side, more strengthens data Security;Consumer's Experience is also strengthened, while user cipher and living things feature recognition are not enforceable, the user cipher Become may be selected item so as to provide the double authentication more insured;It is practical, it is applied widely, it is easy to promote.
Brief description of the drawings
Accompanying drawing 1 is the high in the clouds data sharing flow chart of prior art.
Accompanying drawing 2 realizes flow chart for of the invention.
Specific embodiment
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings.
A kind of user terminal cloud data sharing solution of the invention, its overall design philosophy is:Can by using uniqueness The content key protection mass data file of differentiation, by all differentiable content key encryptions, by all of encrypted data File and encrypted content key upload to cloud data storage, then use a constant size in hardware tab carrier Specific information fetches all of data file.Based on this mentality of designing, it implements process and is:
Data owner is encrypted by content key on hardware tab carrier to data file, while to all interior Hold key encryption, all of encrypted data file and encrypted content key are uploaded into cloud data main side, be i.e. cloud data are deposited Storage server end;
The hardware tab carrier of data owner is called, the re-encrypted private key that generation has been encrypted is calculated, and this has been encrypted Re-encrypted private key cloud data main side by specify user obtain;
According to the re-encrypted private key encrypted for receiving, specified user calls the hardware tab carrier of oneself, to having added Close re-encrypted private key is decrypted into re-encrypted private key, specifies user to encrypt according to re-encrypted private key decryption is all of And the data file uploaded by data owner.
The hardware tab carrier for using refers to the USB flash disk for including AES encryption hardware.
Public-key cryptography and private cipher key, corresponding, the re-encrypted private key encrypted are included in the hardware tab carrier Generating process be:
The public-key cryptography of the private cipher key of data owner and specified user produces a re-encrypted private key Rekey, should Re-encrypted private key Rekey produces a re-encrypted private key encrypted with the public-key cryptography of specified user;
The decrypting process of the re-encrypted private key encrypted is:
User is specified after the re-encrypted private key encrypted is received, is added again by what the private cipher key pair of oneself had been encrypted Key is decrypted as re-encrypted private key Rekey, afterwards, the private cipher key of re-encrypted private key Rekey and specified user Use simultaneously, complete decryption.
The re-encrypted private key generation encrypted realizes that the enciphering and deciphering algorithm has with decrypting process by enciphering and deciphering algorithm Body process is:
The first, the systematic parameter of the algorithm is set:
One security parameter k of input, such as k=256, algorithm produces a set G in sequence q, for example:| q |=k. Without loss of generality, G is thought multiplicative group by us in actual conditions, or G can also be thought into module.G is allowed as the group of G Generation unit, so that conclusive Diffie-Hellman problems are difficult to be solved in G.Algorithm can also produce two hash functions H1And H2, each it is mapped to Z from Gq.Message space M is decided to be G.The systematic parameter of PRE be set to params=(G, q, g,H1,H2)。
In aforesaid operations, security parameter k is a variable, and its span is then a prime number for 160~512, q, In " bit " quantity, the length of q is equal with k, randomly generates in practice.
G is that in number theory " group ", after q and g is selected, G is automatically defined, and its domain is the value for depending on q and g.Q and The production method of g is some standard methods in Digital Theory, therefore be will not be repeated here.
All living creatures is also that, in Digital Theory Plays, it has determination number when actually used into the generation method of first g Word, because the content belongs to industry standard, therefore will not be described in detail herein.
In practice, H1And H2Generating process be:First select a basic hash function, such as SHA-256, then An element of the transformation from G is output into a string of binary characters, and with SHA-256 and counter by its hashed. Final output is calculated by the module simplification performed for q.For H1And H2For, they can be according to here What is described is carried out, but, to output hashed, works as H when with counter2Should be to string of binary characters " 0002 " Hash During change, H1Also should be to string of binary characters " 0001 " hashed.
Message space M defines all possible information that can be encrypted by the encryption method.
2nd, key is produced:
Setting private cipher key ski=(xi,1,xi,2), xi,1,xi,2It is separate and be selected from Zq
Calculate public-key cryptography pki=(pki,1,pki,2)=(gxi,1,gxi,2)。
3rd, file is encrypted:
One public-key cryptography pk of inputi=(pki,1,pki,2) and come from the message m of message space M, by following Step produces ciphertext Ci
From ZqRandom selection r;
Calculate E=mgr
Calculate F=(pki,1 H2(pki,2)pki,2)r
Setting Ci=(E, F).
4th, weight key is produced:
It is random to select V from G, from ZqSelection u;
Calculate v=H1(V)(xi,1H2(pki,2)+xi,2)-1modq;
Calculate U=Vgu
Calculate W=pkj,2 u
Output ReKeyi-j=(v, U, W).
5th, re-encryption:
Input re-encrypted private key ReKeyi-j=(v, U, a W) and ciphertext Ci=(E, F), calculates F '=Fv, export Cj= (E,F’,U,W)。
6th, decrypt:
One private cipher key sk=(x of input1,x2) an and ciphertext C, message m is regained by algorithm, when C=(E, F it is) original cipher text, calculates t=xi,1H2(pki,2)+xi,2Modq and m=E (F1/t)-1;When C=(E, F ', U, W) is close re-encryption Text, calculates V=U (W1/xi,2)-1, then m=E (F '1/H1(V))-1
The specified user also obtains the access port of raw data file, the initial data simultaneously when obtaining re-encrypted private key The access port of file refer to raw data file be already encrypted and be uploaded to after cloud data storage server address link and Determined by data owner.
By the above method, its encryption performance is as shown in the table:
Encrypt 2EXP+1PreEXP
ReEncrypt 1EXP
DecryptO 1EXP
DecryptR 2EXP
|CO| 2|G|
|CR| 4|G|
|ReKey| 2|G|+|Zq|
In list above, EXP represents exponentiation in G (it is assumed that G is a multiplication group, in addition, if G is one The addition group as elliptic curve group, EXP then represents Elliptic Curve Scalar Multiplication method), PreEXP represents advance computable in G Exponentiation.DecryptORepresent the decryption cost of original cipher text, DecryptRThe decryption cost of re-encryption information is represented, | CO| The size of original cipher text is represented, | CR| the size of re-encryption information is represented, | ReKey | represents the size of re-encrypted private key.
In the implementation of the invention, core technology is the cryptographic primitives for acting on behalf of re-encryption.As shown in Figure 2, number Be A according to owner, A wants to share her encryption data and gives friend B, further, above-mentioned steps by following detailed contents come Description:
Data owner has a hardware tab carrier comprising key information, and the data owner will access high in the clouds clothes Business device, and by data F1,F2,…,FnCloud data main side is encrypted and backups to, at this moment, data owner needs to complete following dynamic Make:
Hardware tab carrier is connected to cloud data main side first.
Hardware tab carrier generation n of the data owner can be distinguished and random content key K1,…,Kn, and hard To data F on part labeled vector1,…,FnEncryption turns into the C existed with cryptogram form1,…,Cn
The hardware tab carrier is also gone to encrypt K with key information1,…,Kn, and they are converted into cryptogram form CK1,…, CKn
Data owner uploads C by network1,…,CnAnd CK1,…,CKnTo cloud data storage server.
At this moment, if the friend of certain or some data owners is intended to share the upload data as specified user, need Complete following actions:
Specify users to share F1,…,Fn, call hardware tab carrier to calculate one re-encrypted private key encrypted of generation.
By accessing the cloud data main side of data owner, specify user to obtain the re-encrypted private key encrypted, specify and use Family connects the hardware tab carrier of oneself to the cloud data main side of oneself, and downloads CK from cloud data storage server1,…, CKnAnd C1,…,Cn
The re-encrypted private key decryption for specifying the hardware tab carrier of user first to encrypt obtains re-encrypted private key Rekey, Then go to decrypt CK using it1,…,CKnSo that hardware tab carrier can recover corresponding K1,…,Kn, and therefore, it is possible to Decryption C1,…,CnTo F1,…,Fn
Embodiment:
Assuming that Alice is data owner, as long as Alice wants to share the friend of her encryption data, agency with it Re-encryption allows Alice her private cipher key and the public-key cryptography of friend, produces a re-encrypted private key ReKey.For example, this Individual friend is Bob, and when the private cipher key with him is used together, this re-encrypted private key ReKey can allow Bob to decrypt and encrypt Content key.
If this functionality, for the friend that each Alice thinks shared encryption data, Alice is only Need to produce a re-encrypted private key ReKey.It is independently of each by the computational complexity and the size of ReKey that produce ReKey to bring The quantity of the encryption file shared with Bob.First, we reduce the computation burden of Alice;Secondly as only this is heavy Encryption key ReKey will not allow anyone from encryption file in recover file, so it will ensure that encryption file security, Even if opponent forces Dropbox to compromise and obtains the copy of ReKey.In other words, the confidentiality of encryption file is still depended on The confidentiality of Alice and Bob private cipher keys, even after encryption file is shared.
Using the method for above-mentioned offer, using Velosti USB devices as hardware tab carrier.
User Alice uses the USB flash disk of Velosti, wherein public-key cryptography and private cipher key and hardware comprising Alice add Close processor, and one be called encryption high in the clouds data client management tool software (brief says, we term it visitor Family end software).In order to strengthen data safety, data encryption and key handling all will pass through encryption in the USB flash disk of Velosti Device is completed.In the Dropbox files of Alice, client software creates a sub-folder for being named as Velosti, institute Having file of the storage in Velosti sub-folders can be encrypted by Hybrid Encryption mode same as above, but be by using The USB flash disk of Velosti.In order to connect encryption file, Alice must be inserted into Velosti USB flash disks in the computer networked and hold Row client software.
Additionally, in the Dropbox open files folder of Alice, the public-key cryptography copy of a Alice can be generated.Once After being aware of the Dropbox account accounts of Alice, all of Dropbox user can obtain Alice public-key cryptography copy. It is also same for other users.For example:Bob, in his Dropbox open files folder, also have it is a he Public-key cryptography is copied.
Assuming that Alice will share several encryption files in " Velosti " file with Bob.By client Software, Alice specifies the encryption file that she wants to be shared with Bob.Client software can want the text shared with Bob using Alice The Dropbox api interfaces of part notify Dropbox.Next, Dropbox can be notified using Dropbox existing datas are shared Agreement notifies the Bob relevant current shared.Even so, because these files are all encrypted, the especially content of these files Key is encrypted by Alice public-key cryptography, Bob or other people cannot all decode these files.Therefore, except notifying The client software of Dropbox, Alice can also access the Dropbox open files folder of Bob, so as to obtain Bob public-key cryptography Copy, and private cipher key and one re-encrypted private key ReKey of public-key cryptography calculating generation of Bob with Alice.In generation weight After encryption key ReKey, Alice is with Bob public key encryptions Rekey and uploads this part of encryption ReKey and copies Alice to Open file folder in.
Receive from Dropbox one it is shared notify after, Bob leads to obtain the re-encrypted private key ReKey of encryption The open file folder that his client software have accessed Alice is crossed, it is decrypted using his private cipher key and is simultaneously recovered ReKey. By using this re-encrypted private key ReKey and his private cipher key, in the Dropbox that following Bob can share from Alice Encryption file is downloaded, and decrypts them.
In this is based on acting on behalf of re-encryption solution, it is not necessary to use any server.Security is with Dropbox's The integrated of existing shared mechanism is seamlessly realized.By using Velosti USB devices, Consumer's Experience is also added By force, so that user cipher is not enforceable, it is on the contrary that they become may be selected to provide extra double authentication.
Above-mentioned specific embodiment is only specific case of the invention, and scope of patent protection of the invention is included but is not limited to Above-mentioned specific embodiment, it is any meet a kind of the claims of user terminal cloud data sharing solution of the invention and The appropriate change or replacement that any person of an ordinary skill in the technical field is done to it, should all fall into patent of the invention and protect Shield scope.

Claims (4)

1. a kind of user terminal cloud data sharing solution, it is characterised in that it implements process and is:
Data owner is encrypted by content key on hardware tab carrier to data file, while close to all the elements Key is encrypted, and all of encrypted data file and encrypted content key are uploaded into cloud data main side, i.e. cloud data storage clothes Business device end;
The hardware tab carrier of data owner is called, life is calculated using the private cipher key of oneself and the public-key cryptography of specified user Into the re-encrypted private key encrypted, and this re-encrypted private key is encrypted into cloud data main side by specifying user to obtain;
According to the re-encrypted private key encrypted for receiving, specified user calls the hardware tab carrier of oneself, and uses oneself The re-encrypted private key encrypted of private cipher key pair be decrypted into re-encrypted private key, by using this re-encrypted private key and from Oneself private cipher key, specifies user to decrypt data file that is all of having encrypted and being uploaded by data owner;
The hardware tab carrier for using refers to the USB flash disk for including AES encryption hardware;
Public-key cryptography and private cipher key, corresponding, the life of the re-encrypted private key encrypted are included in the hardware tab carrier It is into process:
The public-key cryptography of the private cipher key of data owner and specified user produces a re-encrypted private key Rekey, this it is heavy plus Key Rekey produces a re-encrypted private key encrypted with the public-key cryptography of specified user;
The decrypting process of the re-encrypted private key encrypted is:
Specify user after the re-encrypted private key encrypted is received, the re-encryption encrypted by the private cipher key pair of oneself is close Key is decrypted as re-encrypted private key Rekey, and afterwards, the private cipher key of re-encrypted private key Rekey and specified user is simultaneously Use, complete decryption.
2. a kind of user terminal cloud data sharing solution according to claim 1, it is characterised in that:It is described to have encrypted Re-encrypted private key is generated to be realized with decrypting process by enciphering and deciphering algorithm, and the enciphering and deciphering algorithm detailed process is:
The first, the systematic parameter of the algorithm is set:
It is params=(G, q, g, H by the system parameter settings1,H2), wherein G is multiplicative group or module, and the G is algorithm Produce a set in sequence q;| q |=k and k is a given security parameter;G is all living creatures Cheng Yuan of G;H1And H2It is Two hash functions that the algorithm is produced, are each mapped to Z from Gq, the ZqRepresentative set 0,1 ..., q-1 };Message space M is decided to be the domain that G, i.e. plaintext space are decided to be crowd G;
2nd, key is produced:
Setting private cipher key ski=(xi,1,xi,2), xi,1,xi,2It is separate and be selected from Zq
Calculate public-key cryptography pki=(pki,1,pki,2)=(gxi,1,gxi,2);
3rd, file is encrypted:
One public-key cryptography pk of inputi=(pki,1,pki,2) and come from the message m of message space M, by following step Produce ciphertext Ci
From ZqRandom selection r;
Calculate E=mgr
Calculate F=(pki,1 H2(pki,2)pki,2)r
Setting Ci=(E, F);
4th, weight key is produced:
It is random to select V from G, from ZqSelection u;
Calculate v=H1(V)(xi,1H2(pki,2)+xi,2)-1modq;
Calculate U=Vgu
Calculate W=pkj,2 u
Output ReKeyi-j=(v, U, W);
5th, re-encryption:
Input re-encrypted private key ReKeyi- j=(v, U, a W) and ciphertext Ci=(E, F), calculates F '=Fv, export Cj=(E, F’,U,W);
6th, decrypt:
One private cipher key sk=(x of input1,x2) and a ciphertext C, message m is regained by algorithm, when C=(E, F) is Original cipher text, calculates t=xi,1H2(pki,2)+xi,2Modq and m=E (F1/t)-1;When C=(E, F ', U, W) is re-encryption ciphertext, Calculate V=U (W1/xi,2)-1, then m=E (F '1/H1(V))-1
3. a kind of user terminal cloud data sharing solution according to claim 2, it is characterised in that:The security parameter The span of k is 160~512.
4. a kind of user terminal cloud data sharing solution according to claim 1, it is characterised in that:The specified user The access port of raw data file is also obtained when obtaining re-encrypted private key simultaneously, the access port of the raw data file refers to original Data file is already encrypted and is uploaded to the address link after cloud data storage server and determined by data owner.
CN201410409232.2A 2014-08-19 2014-08-19 User-end cloud data sharing solution Active CN104158880B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410409232.2A CN104158880B (en) 2014-08-19 2014-08-19 User-end cloud data sharing solution

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410409232.2A CN104158880B (en) 2014-08-19 2014-08-19 User-end cloud data sharing solution

Publications (2)

Publication Number Publication Date
CN104158880A CN104158880A (en) 2014-11-19
CN104158880B true CN104158880B (en) 2017-05-24

Family

ID=51884285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410409232.2A Active CN104158880B (en) 2014-08-19 2014-08-19 User-end cloud data sharing solution

Country Status (1)

Country Link
CN (1) CN104158880B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109412788A (en) * 2018-09-20 2019-03-01 如般量子科技有限公司 Cloud storage method of controlling security and system are acted on behalf of in anti-quantum calculation based on public keys pond

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468627B (en) * 2014-12-30 2018-09-04 成都三零瑞通移动通信有限公司 A kind of data ciphering method and system carrying out terminal data backup by server
CN106161000A (en) * 2015-03-30 2016-11-23 日本电气株式会社 The method and system that data file is encrypted and decrypted
CN104834868A (en) * 2015-04-28 2015-08-12 一铂有限公司 Electronic data protection method, device and terminal equipment
CN105516102A (en) * 2015-11-30 2016-04-20 英业达科技有限公司 File transfer system and method thereof
CN109302283B (en) * 2018-09-20 2020-09-08 如般量子科技有限公司 Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool
CN111342961B (en) * 2020-03-04 2023-09-12 贵州弈趣云创科技有限公司 Method for realizing data cross-platform sharing by configuring key pair
CN112784303B (en) * 2021-01-26 2022-11-22 政采云有限公司 File encryption method, device, system and storage medium
CN114143098B (en) * 2021-12-03 2023-08-15 建信金融科技有限责任公司 Data storage method and data storage device
CN117056983B (en) * 2023-10-13 2024-01-02 ***紫金(江苏)创新研究院有限公司 Multistage controllable data sharing authorization method, device and blockchain system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483518A (en) * 2009-02-20 2009-07-15 北京天威诚信电子商务服务有限公司 Customer digital certificate private key management method and system
CN101958796A (en) * 2010-09-27 2011-01-26 北京联合智华微电子科技有限公司 Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof
CN102594824A (en) * 2012-02-21 2012-07-18 北京国泰信安科技有限公司 Security electronic document distribution method based on multiple security protection mechanisms
CA2829197A1 (en) * 2011-03-07 2012-09-13 Security First Corp. Secure file sharing method and system
CN103427989A (en) * 2012-05-16 2013-12-04 王志良 Data encryption and identity authentication method oriented in environment of internet of things
CN103812650A (en) * 2012-11-12 2014-05-21 华为技术有限公司 Information processing method, user device and encryption device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103609059B (en) * 2010-09-20 2016-08-17 安全第一公司 The system and method shared for secure data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483518A (en) * 2009-02-20 2009-07-15 北京天威诚信电子商务服务有限公司 Customer digital certificate private key management method and system
CN101958796A (en) * 2010-09-27 2011-01-26 北京联合智华微电子科技有限公司 Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof
CA2829197A1 (en) * 2011-03-07 2012-09-13 Security First Corp. Secure file sharing method and system
CN102594824A (en) * 2012-02-21 2012-07-18 北京国泰信安科技有限公司 Security electronic document distribution method based on multiple security protection mechanisms
CN103427989A (en) * 2012-05-16 2013-12-04 王志良 Data encryption and identity authentication method oriented in environment of internet of things
CN103812650A (en) * 2012-11-12 2014-05-21 华为技术有限公司 Information processing method, user device and encryption device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
开放网络环境下敏感数据安全与防泄密关键技术研究;闫玺玺;《中国博士学位论文全文数据库》;20120501(第2013年01期);全文 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109412788A (en) * 2018-09-20 2019-03-01 如般量子科技有限公司 Cloud storage method of controlling security and system are acted on behalf of in anti-quantum calculation based on public keys pond

Also Published As

Publication number Publication date
CN104158880A (en) 2014-11-19

Similar Documents

Publication Publication Date Title
CN104158880B (en) User-end cloud data sharing solution
WO2020259635A1 (en) Method and apparatus for sharing blockchain data
CN109246096B (en) Multifunctional fine-grained access control method suitable for cloud storage
US20190318356A1 (en) Offline storage system and method of use
CN104038341B (en) A kind of cross-system of identity-based acts on behalf of re-encryption method
CN103795533B (en) Encryption based on identifier, the method and its performs device of decryption
CN104363215B (en) A kind of encryption method and system based on attribute
CN106375346B (en) Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment
CN107359986A (en) The outsourcing encryption and decryption CP ABE methods of user revocation
JP6363032B2 (en) Key change direction control system and key change direction control method
CN105933345B (en) It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing
CN104735070B (en) A kind of data sharing method between general isomery encryption cloud
CN105072107A (en) System and method for enhancing data transmission and storage security
CN107078906A (en) Public key encryp
CN112883399B (en) Method and system for realizing secure sharing of encrypted file
CN114513327B (en) Block chain-based Internet of things private data rapid sharing method
CN108462575A (en) Upload data ciphering method based on no trusted party thresholding Hybrid Encryption
CN103607278A (en) Safe data cloud storage method
CN113411323B (en) Medical record data access control system and method based on attribute encryption
CN105721146B (en) A kind of big data sharing method towards cloud storage based on SMC
Dong et al. SECO: Secure and scalable data collaboration services in cloud computing
CN106878322A (en) A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN109743162A (en) A kind of operated using ideal lattice carries out the matched encryption method of identity attribute
WO2013163861A1 (en) Method, device and system for proxy transformation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant