CN104158880B - User-end cloud data sharing solution - Google Patents
User-end cloud data sharing solution Download PDFInfo
- Publication number
- CN104158880B CN104158880B CN201410409232.2A CN201410409232A CN104158880B CN 104158880 B CN104158880 B CN 104158880B CN 201410409232 A CN201410409232 A CN 201410409232A CN 104158880 B CN104158880 B CN 104158880B
- Authority
- CN
- China
- Prior art keywords
- encrypted
- key
- data
- user
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a user-end cloud data sharing solution, the specific implementation process thereof is as follows: a data owner encrypts data files through content keys on a hardware marking carrier and encrypts all content keys at the same time, and uploads all encrypted data files and encrypted content keys to a cloud data master end; the hardware marking carrier of the data owner is called, an encrypted re-encryption key is generated through computing, and a specified user obtains the encrypted re-encryption key at the cloud data master end; according to the received encrypted re-encryption key, the specified user calls the hardware making carrier thereof and decrypts the encrypted re-encryption key so as to obtain all data files encrypted and uploaded by the data owner and to decrypt the files. Compared with the prior art, the user-end cloud data sharing solution may save network traffic, reduce the computing operation load for a computer, decrease power consumption and improve encrypted data sharing efficiency.
Description
Technical field
The present invention relates to field of information security technology, specifically practical, safe, occupancy network traffics
Small, a kind of user terminal cloud data sharing solution.
Background technology
Files passe is shared in the prior art typically uses public key encryption scheme, such as:ELGamal encipherment schemes,
This public key encryption scheme is also referred to as asymmetric-key encryption technology, and its specific encryption process is:Using a pair of matchings
Key be encrypted, decrypt, with two keys, one is that public-key cryptography (public key) is private cipher key (private key), it
Have this property:Every that key is performed a kind of unidirectional treatment to data, the function of every handle is exactly with another handle conversely, one
It is during for encrypting, then another just for decrypting.Can only be decrypted with private key with the file of public key encryption, and the text of private key encryption
Part can only use public key decryptions.
Based on above-mentioned cipher key encryption scheme, as shown in Figure 1, what user used upload data to cloud data deposits server
Encipherment scheme is:User A plans to upload several file F1,F2,…,FnTo Dropbox.Because being related to secure context
Problem, file will be encrypted before upload.The Hybrid Encryption example of the user terminal encryption customary is completed.Especially
Can be distinguished and random symmetric content key K in uniqueness1,K2,…,KnUnder, the size that each key is at least 128, with
Block cipher containing appropriate operator scheme, the preferably operator scheme of certification are (such as:AES-GCM), then by file F1,
F2,…,FnC is encrypted as first1,C2,…,Cn, then under the public-key cryptography of Alice, with public key encryption scheme (such as:It is super
More ElGamal encipherment schemes of elliptic curve group) to content key encryption.Ciphertext is uploaded to by encryption file C1,C2,…,CnGroup
Into Dropbox on, encrypted content key is by CK1,CK2,…,CKnRepresent.Wherein in each encryption file, such as Ci,
It also contains the initial vector that should be attributed to block cipher mode.Simply, it is assumed that initial vector is each encryption
Privately owned file CiA part.
Sometime, user A wants to share her file with friend B.One common methods is:A from cloud main side (such as:
Dropbox all of encrypted content ciphering key K is downloaded on)1,CK2,…,CKn, then they are decrypted and content key K is obtained1,
K2,…,Kn, they are then encrypted as CK again with the public-key cryptography of B1’,CK2’,…,CKn', finally upload these it is new plus
Close content key to cloud main side (such as:Dropbox) so that B is downloaded.The advantage of this method is that A need not download any one and add
Ciphertext part, therefore, in A and cloud main side (such as:Dropbox communication period) can save bandwidth.
Even so, the encrypted content key that this method is still related to each file is uploaded and downloaded, so as to increase
Network communication flow, the quantity of documents shared between network expenses and both sides is linear;Additionally, this method is also
The substantial amounts of computer service ability of A this sides can be influenceed, so not being very practical, power consumption is increased, especially to by battery
Notebook computer of power supply etc., it is very impracticable;Encryption data sharing efficiency is low, is total to other friends when A rethinks under the imagination
Enjoy file, such as C.This solution can cause extra network charges, with the linear pass of the quantity of A and C shared files
System, if allowing shared friend's quantity for m, the network charges of this solution are exactly the linear array of O (nm).
So the technological challenge in this application case is, lead to too much between user and cloud storage provider not causing
On the premise of believing and not bringing too many computation burden to user, how to cause that this encryption data is shared more efficiently.
There is a potential solution for this problem.This scheme is exactly to allow A to be distributed to her private cipher key
Cloud main side, then requires that cloud main side represents A and does decryption and encrypt.Even so, this method will depend on the peace of cloud main side
Quan Xing, and A must not believe that cloud main side will not disclose file to any unauthorized third party.Therefore this method is not
Guarantee can be provided to A:Only she possesses the administrative power of the encrypted file access of oneself.
Based on this, now provide a kind of network communication flow will not increase, encryption data sharing efficiency high, high safety, use
Family end cloud data sharing solution.
The content of the invention
Technical assignment of the invention is directed to above weak point, there is provided a kind of practical, user terminal cloud data sharing
Solution.
A kind of user terminal cloud data sharing solution, it implements process and is:
Data owner is encrypted by content key on hardware tab carrier to data file, while to all interior
Hold key encryption, all of encrypted data file and encrypted content key are uploaded into cloud data main side, be i.e. cloud data are deposited
Storage server end;
The hardware tab carrier of data owner is called, the re-encrypted private key that generation has been encrypted is calculated, and this has been encrypted
Re-encrypted private key cloud data main side by specify user obtain;
According to the re-encrypted private key encrypted for receiving, specified user calls the hardware tab carrier of oneself, to having added
Close re-encrypted private key is decrypted into re-encrypted private key, specifies user to encrypt according to re-encrypted private key decryption is all of
And the data file uploaded by data owner.
By way of above-mentioned re-encryption, the participation computing of the generation without any server of key is may be such that, it is whole to protect
Close property depends on the confidentiality of data owner and specified user's private cipher key, can strengthen the security of data.
Preferably, the hardware tab carrier for using refers to the USB flash disk or band Velosti for including AES encryption hardware
The equipment of USB, this is to be relatively low cost and easy to realization due to the equipment, while being convenient for carrying, facilitates the real-time of above-mentioned steps
Operation.
Further, public-key cryptography and private cipher key, corresponding, the weight encrypted are included in the hardware tab carrier
The generating process of encryption key is:
The public-key cryptography of the private cipher key of data owner and specified user produces a re-encrypted private key Rekey, should
Re-encrypted private key Rekey produces a re-encrypted private key encrypted with the public-key cryptography of specified user;
The decrypting process of the re-encrypted private key encrypted is:
User is specified after the re-encrypted private key encrypted is received, is added again by what the private cipher key pair of oneself had been encrypted
Key is decrypted as re-encrypted private key Rekey, afterwards, the private cipher key of re-encrypted private key Rekey and specified user
Use simultaneously, complete decryption.
The transmission of the public-key cryptography of the process of above-mentioned re-encryption and decryption is represented with plaintext, therefore to public-key cryptography without deep layer
Security requirements, thus either the public-key cryptography of data owner still specifies the public-key cryptography of user, is all positioned over high in the clouds
In read-only file folder;By said process so that all encrypted data files and content key come from number there is no
In the case of according to the key of owner, it is impossible to by anyone decryption in cloud data, services business, and specify user that oneself then can be used
Hardware tab carrier, the re-encrypted private key encrypted by the private cipher key pair of oneself is decrypted, and then obtained data and gathered around
The data file that the person of having uploads, it is practical and safe.
Further, the re-encrypted private key generation encrypted is realized by enciphering and deciphering algorithm with decrypting process, acted on behalf of
Re-encryption is made up of 6 probabilistic polynomial time algorithms, that is, set, produce key, produce weight key, encryption, re-encryption,
Decryption.
The process that implements of above step is:
The first, the systematic parameter of the algorithm is set:
It is params=(G, q, g, H by the system parameter settings1,H2), wherein G is multiplicative group or module, and the G is
Algorithm produces a set in sequence q;| q |=k and k is a given security parameter;G is all living creatures Cheng Yuan of G;H1With
H2It is two hash functions of algorithm generation, is each mapped to Z from Gq, the ZqRepresentative set 0,1 ..., q-1 };Message
Space M is decided to be the domain that G, i.e. plaintext space are decided to be crowd G.
2nd, key is produced:
Setting private cipher key ski=(xi,1,xi,2), xi,1,xi,2It is separate and be selected from Zq;
Calculate public-key cryptography pki=(pki,1,pki,2)=(gxi,1,gxi,2)。
3rd, file is encrypted:
One public-key cryptography pk of inputi=(pki,1,pki,2) and come from the message m of message space M, by following
Step produces ciphertext Ci:
From ZqRandom selection r;
Calculate E=mgr;
Calculate F=(pki,1 H2(pki,2)pki,2)r;
Setting Ci=(E, F).
4th, weight key is produced:
It is random to select V from G, from ZqSelection u;
Calculate v=H1(V)(xi,1H2(pki,2)+xi,2)-1modq;
Calculate U=Vgu;
Calculate W=pkj,2 u;
Output ReKeyi-j=(v, U, W).
5th, re-encryption:
Input re-encrypted private key ReKeyi-j=(v, U, a W) and ciphertext Ci=(E, F), calculates F '=Fv, export Cj=
(E,F’,U,W)。
6th, decrypt:
One private cipher key sk=(x of input1,x2) an and ciphertext C, message m is regained by algorithm, when C=(E,
F it is) original cipher text, calculates t=xi,1H2(pki,2)+xi,2Modq and m=E (F1/t)-1;When C=(E, F ', U, W) is close re-encryption
Text, calculates V=U (W1/xi,2)-1, then m=E (F '1/H1(V))-1。
The span of the security parameter k is 160~512.
Further, the access port of raw data file is also obtained when the specified user obtains re-encrypted private key simultaneously,
The access port of the raw data file refers to after raw data file is already encrypted and is uploaded to cloud data storage server
Address links and is determined by data owner.The access port of the raw data file determines that its is shared more by data owner
Few, i.e., data owner may decide that shared some or all of access port.
A kind of user terminal cloud data sharing solution of the invention, with advantages below:
A kind of user terminal cloud data sharing solution of the invention realizes multi-enciphering by borrowing hardware tab carrier
Setting so that the shared network communication flow of encryption data is minimized between data owner and cloud storage service service provider,
Saving network flow;The calculating operation burden of computer is reduced, power consumption is reduced;Lifting encryption data sharing efficiency, works as data
Owner has many files and when each file may have a different recipient group, and this shared efficiency of algorithm is higher
And effect is preferably, for data owner, she is to need to encrypt each file every time, and gives each recipient meter every time
ReKey is calculated, for specifying user, he is to need to recover Rekey from data owner there every time;The generation of key
Computing need not be participated in by any server, and will not individually allow anyone to decrypt file from encryption file, encrypted
The confidentiality of file still depends on the confidentiality of data owner and specified user's private cipher key, even in encryption file quilt
After shared, security is seamlessly realized with the integrated of existing shared mechanism of cloud data main side, more strengthens data
Security;Consumer's Experience is also strengthened, while user cipher and living things feature recognition are not enforceable, the user cipher
Become may be selected item so as to provide the double authentication more insured;It is practical, it is applied widely, it is easy to promote.
Brief description of the drawings
Accompanying drawing 1 is the high in the clouds data sharing flow chart of prior art.
Accompanying drawing 2 realizes flow chart for of the invention.
Specific embodiment
The invention will be further described with specific embodiment below in conjunction with the accompanying drawings.
A kind of user terminal cloud data sharing solution of the invention, its overall design philosophy is:Can by using uniqueness
The content key protection mass data file of differentiation, by all differentiable content key encryptions, by all of encrypted data
File and encrypted content key upload to cloud data storage, then use a constant size in hardware tab carrier
Specific information fetches all of data file.Based on this mentality of designing, it implements process and is:
Data owner is encrypted by content key on hardware tab carrier to data file, while to all interior
Hold key encryption, all of encrypted data file and encrypted content key are uploaded into cloud data main side, be i.e. cloud data are deposited
Storage server end;
The hardware tab carrier of data owner is called, the re-encrypted private key that generation has been encrypted is calculated, and this has been encrypted
Re-encrypted private key cloud data main side by specify user obtain;
According to the re-encrypted private key encrypted for receiving, specified user calls the hardware tab carrier of oneself, to having added
Close re-encrypted private key is decrypted into re-encrypted private key, specifies user to encrypt according to re-encrypted private key decryption is all of
And the data file uploaded by data owner.
The hardware tab carrier for using refers to the USB flash disk for including AES encryption hardware.
Public-key cryptography and private cipher key, corresponding, the re-encrypted private key encrypted are included in the hardware tab carrier
Generating process be:
The public-key cryptography of the private cipher key of data owner and specified user produces a re-encrypted private key Rekey, should
Re-encrypted private key Rekey produces a re-encrypted private key encrypted with the public-key cryptography of specified user;
The decrypting process of the re-encrypted private key encrypted is:
User is specified after the re-encrypted private key encrypted is received, is added again by what the private cipher key pair of oneself had been encrypted
Key is decrypted as re-encrypted private key Rekey, afterwards, the private cipher key of re-encrypted private key Rekey and specified user
Use simultaneously, complete decryption.
The re-encrypted private key generation encrypted realizes that the enciphering and deciphering algorithm has with decrypting process by enciphering and deciphering algorithm
Body process is:
The first, the systematic parameter of the algorithm is set:
One security parameter k of input, such as k=256, algorithm produces a set G in sequence q, for example:| q |=k.
Without loss of generality, G is thought multiplicative group by us in actual conditions, or G can also be thought into module.G is allowed as the group of G
Generation unit, so that conclusive Diffie-Hellman problems are difficult to be solved in G.Algorithm can also produce two hash functions
H1And H2, each it is mapped to Z from Gq.Message space M is decided to be G.The systematic parameter of PRE be set to params=(G, q,
g,H1,H2)。
In aforesaid operations, security parameter k is a variable, and its span is then a prime number for 160~512, q,
In " bit " quantity, the length of q is equal with k, randomly generates in practice.
G is that in number theory " group ", after q and g is selected, G is automatically defined, and its domain is the value for depending on q and g.Q and
The production method of g is some standard methods in Digital Theory, therefore be will not be repeated here.
All living creatures is also that, in Digital Theory Plays, it has determination number when actually used into the generation method of first g
Word, because the content belongs to industry standard, therefore will not be described in detail herein.
In practice, H1And H2Generating process be:First select a basic hash function, such as SHA-256, then
An element of the transformation from G is output into a string of binary characters, and with SHA-256 and counter by its hashed.
Final output is calculated by the module simplification performed for q.For H1And H2For, they can be according to here
What is described is carried out, but, to output hashed, works as H when with counter2Should be to string of binary characters " 0002 " Hash
During change, H1Also should be to string of binary characters " 0001 " hashed.
Message space M defines all possible information that can be encrypted by the encryption method.
2nd, key is produced:
Setting private cipher key ski=(xi,1,xi,2), xi,1,xi,2It is separate and be selected from Zq;
Calculate public-key cryptography pki=(pki,1,pki,2)=(gxi,1,gxi,2)。
3rd, file is encrypted:
One public-key cryptography pk of inputi=(pki,1,pki,2) and come from the message m of message space M, by following
Step produces ciphertext Ci:
From ZqRandom selection r;
Calculate E=mgr;
Calculate F=(pki,1 H2(pki,2)pki,2)r;
Setting Ci=(E, F).
4th, weight key is produced:
It is random to select V from G, from ZqSelection u;
Calculate v=H1(V)(xi,1H2(pki,2)+xi,2)-1modq;
Calculate U=Vgu;
Calculate W=pkj,2 u;
Output ReKeyi-j=(v, U, W).
5th, re-encryption:
Input re-encrypted private key ReKeyi-j=(v, U, a W) and ciphertext Ci=(E, F), calculates F '=Fv, export Cj=
(E,F’,U,W)。
6th, decrypt:
One private cipher key sk=(x of input1,x2) an and ciphertext C, message m is regained by algorithm, when C=(E,
F it is) original cipher text, calculates t=xi,1H2(pki,2)+xi,2Modq and m=E (F1/t)-1;When C=(E, F ', U, W) is close re-encryption
Text, calculates V=U (W1/xi,2)-1, then m=E (F '1/H1(V))-1。
The specified user also obtains the access port of raw data file, the initial data simultaneously when obtaining re-encrypted private key
The access port of file refer to raw data file be already encrypted and be uploaded to after cloud data storage server address link and
Determined by data owner.
By the above method, its encryption performance is as shown in the table:
Encrypt | 2EXP+1PreEXP |
ReEncrypt | 1EXP |
DecryptO | 1EXP |
DecryptR | 2EXP |
|CO| | 2|G| |
|CR| | 4|G| |
|ReKey| | 2|G|+|Zq| |
In list above, EXP represents exponentiation in G (it is assumed that G is a multiplication group, in addition, if G is one
The addition group as elliptic curve group, EXP then represents Elliptic Curve Scalar Multiplication method), PreEXP represents advance computable in G
Exponentiation.DecryptORepresent the decryption cost of original cipher text, DecryptRThe decryption cost of re-encryption information is represented, | CO|
The size of original cipher text is represented, | CR| the size of re-encryption information is represented, | ReKey | represents the size of re-encrypted private key.
In the implementation of the invention, core technology is the cryptographic primitives for acting on behalf of re-encryption.As shown in Figure 2, number
Be A according to owner, A wants to share her encryption data and gives friend B, further, above-mentioned steps by following detailed contents come
Description:
Data owner has a hardware tab carrier comprising key information, and the data owner will access high in the clouds clothes
Business device, and by data F1,F2,…,FnCloud data main side is encrypted and backups to, at this moment, data owner needs to complete following dynamic
Make:
Hardware tab carrier is connected to cloud data main side first.
Hardware tab carrier generation n of the data owner can be distinguished and random content key K1,…,Kn, and hard
To data F on part labeled vector1,…,FnEncryption turns into the C existed with cryptogram form1,…,Cn。
The hardware tab carrier is also gone to encrypt K with key information1,…,Kn, and they are converted into cryptogram form CK1,…,
CKn。
Data owner uploads C by network1,…,CnAnd CK1,…,CKnTo cloud data storage server.
At this moment, if the friend of certain or some data owners is intended to share the upload data as specified user, need
Complete following actions:
Specify users to share F1,…,Fn, call hardware tab carrier to calculate one re-encrypted private key encrypted of generation.
By accessing the cloud data main side of data owner, specify user to obtain the re-encrypted private key encrypted, specify and use
Family connects the hardware tab carrier of oneself to the cloud data main side of oneself, and downloads CK from cloud data storage server1,…,
CKnAnd C1,…,Cn。
The re-encrypted private key decryption for specifying the hardware tab carrier of user first to encrypt obtains re-encrypted private key Rekey,
Then go to decrypt CK using it1,…,CKnSo that hardware tab carrier can recover corresponding K1,…,Kn, and therefore, it is possible to
Decryption C1,…,CnTo F1,…,Fn。
Embodiment:
Assuming that Alice is data owner, as long as Alice wants to share the friend of her encryption data, agency with it
Re-encryption allows Alice her private cipher key and the public-key cryptography of friend, produces a re-encrypted private key ReKey.For example, this
Individual friend is Bob, and when the private cipher key with him is used together, this re-encrypted private key ReKey can allow Bob to decrypt and encrypt
Content key.
If this functionality, for the friend that each Alice thinks shared encryption data, Alice is only
Need to produce a re-encrypted private key ReKey.It is independently of each by the computational complexity and the size of ReKey that produce ReKey to bring
The quantity of the encryption file shared with Bob.First, we reduce the computation burden of Alice;Secondly as only this is heavy
Encryption key ReKey will not allow anyone from encryption file in recover file, so it will ensure that encryption file security,
Even if opponent forces Dropbox to compromise and obtains the copy of ReKey.In other words, the confidentiality of encryption file is still depended on
The confidentiality of Alice and Bob private cipher keys, even after encryption file is shared.
Using the method for above-mentioned offer, using Velosti USB devices as hardware tab carrier.
User Alice uses the USB flash disk of Velosti, wherein public-key cryptography and private cipher key and hardware comprising Alice add
Close processor, and one be called encryption high in the clouds data client management tool software (brief says, we term it visitor
Family end software).In order to strengthen data safety, data encryption and key handling all will pass through encryption in the USB flash disk of Velosti
Device is completed.In the Dropbox files of Alice, client software creates a sub-folder for being named as Velosti, institute
Having file of the storage in Velosti sub-folders can be encrypted by Hybrid Encryption mode same as above, but be by using
The USB flash disk of Velosti.In order to connect encryption file, Alice must be inserted into Velosti USB flash disks in the computer networked and hold
Row client software.
Additionally, in the Dropbox open files folder of Alice, the public-key cryptography copy of a Alice can be generated.Once
After being aware of the Dropbox account accounts of Alice, all of Dropbox user can obtain Alice public-key cryptography copy.
It is also same for other users.For example:Bob, in his Dropbox open files folder, also have it is a he
Public-key cryptography is copied.
Assuming that Alice will share several encryption files in " Velosti " file with Bob.By client
Software, Alice specifies the encryption file that she wants to be shared with Bob.Client software can want the text shared with Bob using Alice
The Dropbox api interfaces of part notify Dropbox.Next, Dropbox can be notified using Dropbox existing datas are shared
Agreement notifies the Bob relevant current shared.Even so, because these files are all encrypted, the especially content of these files
Key is encrypted by Alice public-key cryptography, Bob or other people cannot all decode these files.Therefore, except notifying
The client software of Dropbox, Alice can also access the Dropbox open files folder of Bob, so as to obtain Bob public-key cryptography
Copy, and private cipher key and one re-encrypted private key ReKey of public-key cryptography calculating generation of Bob with Alice.In generation weight
After encryption key ReKey, Alice is with Bob public key encryptions Rekey and uploads this part of encryption ReKey and copies Alice to
Open file folder in.
Receive from Dropbox one it is shared notify after, Bob leads to obtain the re-encrypted private key ReKey of encryption
The open file folder that his client software have accessed Alice is crossed, it is decrypted using his private cipher key and is simultaneously recovered ReKey.
By using this re-encrypted private key ReKey and his private cipher key, in the Dropbox that following Bob can share from Alice
Encryption file is downloaded, and decrypts them.
In this is based on acting on behalf of re-encryption solution, it is not necessary to use any server.Security is with Dropbox's
The integrated of existing shared mechanism is seamlessly realized.By using Velosti USB devices, Consumer's Experience is also added
By force, so that user cipher is not enforceable, it is on the contrary that they become may be selected to provide extra double authentication.
Above-mentioned specific embodiment is only specific case of the invention, and scope of patent protection of the invention is included but is not limited to
Above-mentioned specific embodiment, it is any meet a kind of the claims of user terminal cloud data sharing solution of the invention and
The appropriate change or replacement that any person of an ordinary skill in the technical field is done to it, should all fall into patent of the invention and protect
Shield scope.
Claims (4)
1. a kind of user terminal cloud data sharing solution, it is characterised in that it implements process and is:
Data owner is encrypted by content key on hardware tab carrier to data file, while close to all the elements
Key is encrypted, and all of encrypted data file and encrypted content key are uploaded into cloud data main side, i.e. cloud data storage clothes
Business device end;
The hardware tab carrier of data owner is called, life is calculated using the private cipher key of oneself and the public-key cryptography of specified user
Into the re-encrypted private key encrypted, and this re-encrypted private key is encrypted into cloud data main side by specifying user to obtain;
According to the re-encrypted private key encrypted for receiving, specified user calls the hardware tab carrier of oneself, and uses oneself
The re-encrypted private key encrypted of private cipher key pair be decrypted into re-encrypted private key, by using this re-encrypted private key and from
Oneself private cipher key, specifies user to decrypt data file that is all of having encrypted and being uploaded by data owner;
The hardware tab carrier for using refers to the USB flash disk for including AES encryption hardware;
Public-key cryptography and private cipher key, corresponding, the life of the re-encrypted private key encrypted are included in the hardware tab carrier
It is into process:
The public-key cryptography of the private cipher key of data owner and specified user produces a re-encrypted private key Rekey, this it is heavy plus
Key Rekey produces a re-encrypted private key encrypted with the public-key cryptography of specified user;
The decrypting process of the re-encrypted private key encrypted is:
Specify user after the re-encrypted private key encrypted is received, the re-encryption encrypted by the private cipher key pair of oneself is close
Key is decrypted as re-encrypted private key Rekey, and afterwards, the private cipher key of re-encrypted private key Rekey and specified user is simultaneously
Use, complete decryption.
2. a kind of user terminal cloud data sharing solution according to claim 1, it is characterised in that:It is described to have encrypted
Re-encrypted private key is generated to be realized with decrypting process by enciphering and deciphering algorithm, and the enciphering and deciphering algorithm detailed process is:
The first, the systematic parameter of the algorithm is set:
It is params=(G, q, g, H by the system parameter settings1,H2), wherein G is multiplicative group or module, and the G is algorithm
Produce a set in sequence q;| q |=k and k is a given security parameter;G is all living creatures Cheng Yuan of G;H1And H2It is
Two hash functions that the algorithm is produced, are each mapped to Z from Gq, the ZqRepresentative set 0,1 ..., q-1 };Message space
M is decided to be the domain that G, i.e. plaintext space are decided to be crowd G;
2nd, key is produced:
Setting private cipher key ski=(xi,1,xi,2), xi,1,xi,2It is separate and be selected from Zq;
Calculate public-key cryptography pki=(pki,1,pki,2)=(gxi,1,gxi,2);
3rd, file is encrypted:
One public-key cryptography pk of inputi=(pki,1,pki,2) and come from the message m of message space M, by following step
Produce ciphertext Ci:
From ZqRandom selection r;
Calculate E=mgr;
Calculate F=(pki,1 H2(pki,2)pki,2)r;
Setting Ci=(E, F);
4th, weight key is produced:
It is random to select V from G, from ZqSelection u;
Calculate v=H1(V)(xi,1H2(pki,2)+xi,2)-1modq;
Calculate U=Vgu;
Calculate W=pkj,2 u;
Output ReKeyi-j=(v, U, W);
5th, re-encryption:
Input re-encrypted private key ReKeyi- j=(v, U, a W) and ciphertext Ci=(E, F), calculates F '=Fv, export Cj=(E,
F’,U,W);
6th, decrypt:
One private cipher key sk=(x of input1,x2) and a ciphertext C, message m is regained by algorithm, when C=(E, F) is
Original cipher text, calculates t=xi,1H2(pki,2)+xi,2Modq and m=E (F1/t)-1;When C=(E, F ', U, W) is re-encryption ciphertext,
Calculate V=U (W1/xi,2)-1, then m=E (F '1/H1(V))-1。
3. a kind of user terminal cloud data sharing solution according to claim 2, it is characterised in that:The security parameter
The span of k is 160~512.
4. a kind of user terminal cloud data sharing solution according to claim 1, it is characterised in that:The specified user
The access port of raw data file is also obtained when obtaining re-encrypted private key simultaneously, the access port of the raw data file refers to original
Data file is already encrypted and is uploaded to the address link after cloud data storage server and determined by data owner.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410409232.2A CN104158880B (en) | 2014-08-19 | 2014-08-19 | User-end cloud data sharing solution |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410409232.2A CN104158880B (en) | 2014-08-19 | 2014-08-19 | User-end cloud data sharing solution |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104158880A CN104158880A (en) | 2014-11-19 |
CN104158880B true CN104158880B (en) | 2017-05-24 |
Family
ID=51884285
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410409232.2A Active CN104158880B (en) | 2014-08-19 | 2014-08-19 | User-end cloud data sharing solution |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104158880B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109412788A (en) * | 2018-09-20 | 2019-03-01 | 如般量子科技有限公司 | Cloud storage method of controlling security and system are acted on behalf of in anti-quantum calculation based on public keys pond |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468627B (en) * | 2014-12-30 | 2018-09-04 | 成都三零瑞通移动通信有限公司 | A kind of data ciphering method and system carrying out terminal data backup by server |
CN106161000A (en) * | 2015-03-30 | 2016-11-23 | 日本电气株式会社 | The method and system that data file is encrypted and decrypted |
CN104834868A (en) * | 2015-04-28 | 2015-08-12 | 一铂有限公司 | Electronic data protection method, device and terminal equipment |
CN105516102A (en) * | 2015-11-30 | 2016-04-20 | 英业达科技有限公司 | File transfer system and method thereof |
CN109302283B (en) * | 2018-09-20 | 2020-09-08 | 如般量子科技有限公司 | Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool |
CN111342961B (en) * | 2020-03-04 | 2023-09-12 | 贵州弈趣云创科技有限公司 | Method for realizing data cross-platform sharing by configuring key pair |
CN112784303B (en) * | 2021-01-26 | 2022-11-22 | 政采云有限公司 | File encryption method, device, system and storage medium |
CN114143098B (en) * | 2021-12-03 | 2023-08-15 | 建信金融科技有限责任公司 | Data storage method and data storage device |
CN117056983B (en) * | 2023-10-13 | 2024-01-02 | ***紫金(江苏)创新研究院有限公司 | Multistage controllable data sharing authorization method, device and blockchain system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101483518A (en) * | 2009-02-20 | 2009-07-15 | 北京天威诚信电子商务服务有限公司 | Customer digital certificate private key management method and system |
CN101958796A (en) * | 2010-09-27 | 2011-01-26 | 北京联合智华微电子科技有限公司 | Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof |
CN102594824A (en) * | 2012-02-21 | 2012-07-18 | 北京国泰信安科技有限公司 | Security electronic document distribution method based on multiple security protection mechanisms |
CA2829197A1 (en) * | 2011-03-07 | 2012-09-13 | Security First Corp. | Secure file sharing method and system |
CN103427989A (en) * | 2012-05-16 | 2013-12-04 | 王志良 | Data encryption and identity authentication method oriented in environment of internet of things |
CN103812650A (en) * | 2012-11-12 | 2014-05-21 | 华为技术有限公司 | Information processing method, user device and encryption device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103609059B (en) * | 2010-09-20 | 2016-08-17 | 安全第一公司 | The system and method shared for secure data |
-
2014
- 2014-08-19 CN CN201410409232.2A patent/CN104158880B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101483518A (en) * | 2009-02-20 | 2009-07-15 | 北京天威诚信电子商务服务有限公司 | Customer digital certificate private key management method and system |
CN101958796A (en) * | 2010-09-27 | 2011-01-26 | 北京联合智华微电子科技有限公司 | Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof |
CA2829197A1 (en) * | 2011-03-07 | 2012-09-13 | Security First Corp. | Secure file sharing method and system |
CN102594824A (en) * | 2012-02-21 | 2012-07-18 | 北京国泰信安科技有限公司 | Security electronic document distribution method based on multiple security protection mechanisms |
CN103427989A (en) * | 2012-05-16 | 2013-12-04 | 王志良 | Data encryption and identity authentication method oriented in environment of internet of things |
CN103812650A (en) * | 2012-11-12 | 2014-05-21 | 华为技术有限公司 | Information processing method, user device and encryption device |
Non-Patent Citations (1)
Title |
---|
开放网络环境下敏感数据安全与防泄密关键技术研究;闫玺玺;《中国博士学位论文全文数据库》;20120501(第2013年01期);全文 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109412788A (en) * | 2018-09-20 | 2019-03-01 | 如般量子科技有限公司 | Cloud storage method of controlling security and system are acted on behalf of in anti-quantum calculation based on public keys pond |
Also Published As
Publication number | Publication date |
---|---|
CN104158880A (en) | 2014-11-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104158880B (en) | User-end cloud data sharing solution | |
WO2020259635A1 (en) | Method and apparatus for sharing blockchain data | |
CN109246096B (en) | Multifunctional fine-grained access control method suitable for cloud storage | |
US20190318356A1 (en) | Offline storage system and method of use | |
CN104038341B (en) | A kind of cross-system of identity-based acts on behalf of re-encryption method | |
CN103795533B (en) | Encryption based on identifier, the method and its performs device of decryption | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN106375346B (en) | Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment | |
CN107359986A (en) | The outsourcing encryption and decryption CP ABE methods of user revocation | |
JP6363032B2 (en) | Key change direction control system and key change direction control method | |
CN105933345B (en) | It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing | |
CN104735070B (en) | A kind of data sharing method between general isomery encryption cloud | |
CN105072107A (en) | System and method for enhancing data transmission and storage security | |
CN107078906A (en) | Public key encryp | |
CN112883399B (en) | Method and system for realizing secure sharing of encrypted file | |
CN114513327B (en) | Block chain-based Internet of things private data rapid sharing method | |
CN108462575A (en) | Upload data ciphering method based on no trusted party thresholding Hybrid Encryption | |
CN103607278A (en) | Safe data cloud storage method | |
CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
CN105721146B (en) | A kind of big data sharing method towards cloud storage based on SMC | |
Dong et al. | SECO: Secure and scalable data collaboration services in cloud computing | |
CN106878322A (en) | A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key | |
CN114697042A (en) | Block chain-based Internet of things security data sharing proxy re-encryption method | |
CN109743162A (en) | A kind of operated using ideal lattice carries out the matched encryption method of identity attribute | |
WO2013163861A1 (en) | Method, device and system for proxy transformation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |