CN104735070B - A kind of data sharing method between general isomery encryption cloud - Google Patents

A kind of data sharing method between general isomery encryption cloud Download PDF

Info

Publication number
CN104735070B
CN104735070B CN201510136203.8A CN201510136203A CN104735070B CN 104735070 B CN104735070 B CN 104735070B CN 201510136203 A CN201510136203 A CN 201510136203A CN 104735070 B CN104735070 B CN 104735070B
Authority
CN
China
Prior art keywords
key
user
encryption
ciphertext
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510136203.8A
Other languages
Chinese (zh)
Other versions
CN104735070A (en
Inventor
金海�
徐君
徐鹏
邹德清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201510136203.8A priority Critical patent/CN104735070B/en
Publication of CN104735070A publication Critical patent/CN104735070A/en
Application granted granted Critical
Publication of CN104735070B publication Critical patent/CN104735070B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the data sharing method between a kind of general isomery encryption cloud, belong to computer security technique field.The present invention includes:Encrypt data sharing between data sharing and isomery encryption cloud storage system in cloud storage system.Data sharing in system, with session key to data encryption, then the private key encryption session key with sender, high in the clouds use the re-encrypted private key re-encryption session key that user authorizes, data ciphertext and re-encryption ciphertext finally are sent into recipient.Inter-system data is shared, first temporary identity is bound for the user in non-sent end system, and interim public private key pair corresponding to generating, then corresponding re-encryption ciphertext is generated according to shared step in system, the public key encryption temporary private of recipient is used again, the temporary private encrypted, re-encryption ciphertext and data ciphertext is then sent to recipient, recipient decrypts to obtain temporary private with one's own side's private key, decrypted to obtain session key with temporary private again, finally decrypted with session key.

Description

A kind of data sharing method between general isomery encryption cloud
Technical field
The invention belongs to computer security technique field, more particularly, to the number between a kind of general isomery encryption cloud According to sharing method.
Background technology
In existing cloud storage technology, data storage is in the uncontrollable high in the clouds of user, in order to protect the peace of sensitive data Full property and privacy, it will usually the safety of data is protected using the method for data encryption.Conventional symmetric encryption scheme is present Safety issue, wherein, the key of encryption data only has one, and receiving-transmitting sides are all encrypted using same data key And decryption, this requires decryption side to must be known by encryption key in advance, and the security of such key just cannot be guaranteed, therefore right Encryption system is claimed to be unsuitable for distributed file storage system.Therefore, in order to ensure the confidentiality of high in the clouds data and privacy, encrypt Cloud storage system usually requires to encrypt the data of user using public-key cryptosystem (asymmetry sampling).At present, public key Cipher system wide variety, main flow have based on certificate encryption system (Certificate-Based Encryption, abbreviation CBE), Identity-based encryption system (Identity-Based Encryption, abbreviation IBE), based on encryption attribute system (Attribute-Based Encryption, abbreviation ABE) and without certificate encryption system (Certificateless Encryption, abbreviation CLE).
Proxy re-encryption (proxy re-encryption, hereinafter referred to as PRE) is the transformation mechanism between a kind of ciphertext, is Itd is proposed by Blaze et al. in the European cryptography annual meeting of 1998, and by Ateniese et al. 2005 network and Rule are given on the american computer association Computers and Communication security conference that Distributed System Security seminar is negotiated peace 2007 The formal definitions of model.In PRE, one and half trusted agent sides are by transition key RK caused by agent authorization people A with awarding The ciphertext of power people A public key PKA encryptions is converted into the ciphertext of the public key PKB encryptions with licensee (Delegate) B, at this During, agent cannot get the cleartext information of data, so as to reduce leaking data risk.And corresponding to the two ciphertexts It is the same in plain text, makes to realize data sharing between donor A and licensee B.PRE is applied in cloud storage system, can On the premise of secure user data and privacy is ensured, to improve the flexibility of users to share data.PRE is that public key is added The extension of dense body, therefore corresponding PRE also has polytype, CB-PRE, IB-PRE, AB-PRE and CL-PRE.
Different cloud storage systems is likely to use different PRE schemes, then is shared between the user of internal system Data can be very convenient, and the data sharing between different PRE encryption cloud storage systems can have problem.Due to different Ciphertext between PRE schemes is usually what can not mutually be converted, therefore the data sharing of isomery system be present.For difference Between public encryption system ciphertext conversion, presently, there are some technologies attempt solve the problems, such as it is such.Matsuo exists within 2007 " mixing generation is proposed in the texts of Proxy re-encryption systems for identity-based Encryption " one The concept of re-encryption is managed, the ciphertext that the scheme proposed in its article then solves CBE to the BB-IBE of ElGamal types turns Change.Then Matsuo scheme, there is IBE to CBE, ABE to IBE, CLE to CBE Blended Agent re-encryption scheme again.Such Blended Agent re-encryption scheme enables to use between different public encryption systems or the system of identical system different schemes Cryptograph Sharing become more to facilitate.But existing method or technique is entered both for specific special cryptography scheme at present Row conversion, and be required for making more or less change to original encryption cloud storage system, it can not be fully solved and presently, there are Isomery encryption cloud storage system between Cryptograph Sharing problem, and can not dispose well in actual applications.
The content of the invention
For the disadvantages described above or Improvement requirement of prior art, the present invention provides the number between a kind of general isomery encryption cloud According to sharing method, to realize the Cryptograph Sharing between all kinds encryption cloud.The present invention is realized using the method for interim public and private key The proxy re-encryption scheme of ciphertext data between general isomery encryption cloud storage, the encryption cloud storage of isomery can be should With different types of encryption system either identical encryption system but different cryptography schemes, and farthest reduce Change to original encryption cloud system, so as to improve practicality.
The present invention provides the data sharing method between a kind of general isomery encryption cloud, comprises the following steps:
Its system initialization algorithm of two isomeries of step 1 encryption each self-operating of cloud system α, β, generation is corresponding open respectively Parameter, secret parameter are to (MPα, MSα) and (MPβ, MSβ), wherein, MP represents that Your Majesty opens parameter;MS represents main secret parameter;And Choose symmetric encipherment algorithm (K, SE, SD) and be used as ciphering user data algorithm, wherein, K represents symmetric key space;SE and SD points Biao Shi not symmetric cryptography and decipherment algorithm;
The respective key generation centre of α, beta system described in step 2 for its internal system user distribute public private key pair (PK, SK), wherein, PK represents the public key of user;SK represents the private key of user;
The first user is that clear data M generates session symmetric key k in beta system described in step 3, runs symmetric encipherment algorithm Encrypt the clear data M and obtain ciphertext data CA, 1, key corresponding to the operation AES generation session symmetric key k Ciphertext CA, 2, then by the ciphertext data CA, 1With the key ciphertext CA, 2It is uploaded to high in the clouds storage;
Step 4 judges the ciphertext data CA, 1It is to ask for or share, if the first user oneself takes in the beta system The ciphertext data CA, 1Step 5 is then performed, otherwise performs step 6;
The first user downloads the ciphertext data C from the high in the clouds in beta system described in step 5A, 1With the key ciphertext CA, 2, run decipherment algorithm and obtain the session symmetric key k, the symmetrical decipherment algorithm that reruns decrypts the ciphertext data CA, 1 To the clear data M;
Step 6 judges that the first user is whether in same system in recipient and the beta system, if then performing step 7, Otherwise step 8 is performed;
The first user runs re-encrypted private key generating algorithm generation re-encrypted private key first in beta system described in step 7And send it to the high in the clouds;Re-encryption algorithm generation re-encrypted private key ciphertext C ' is run by the high in the clouds againA; The recipient fetches the shared data (C of the first user in the beta system from the high in the cloudsA, 1, C 'A), run re-encryption ciphertext Decipherment algorithm obtains the session symmetric key k, and the symmetrical decipherment algorithm that reruns decrypts the ciphertext data CA, 1Obtain being stated clearly Literary data M;
It is that the first user generation is interim public and private in the α systems if step 8 recipient is the first user in the α systems Key (PKt, SKt) and generate re-encrypted private key between systemWherein, PKtRepresent temporary public key;SKtRepresent temporary private;
High in the clouds described in step 9 parses re-encrypted private key between the systemObtain interim re-encrypted private key Operation re-encryption algorithm obtains re-encrypted private key ciphertext C ', by re-encryption ciphertext { C ', C between systemαBe sent in the α systems First user;
The first user gets re-encryption ciphertext { C ', the C in α systems described in step 10α, first parsing obtains interim close Key ciphertext Cα, the decipherment algorithm for running the α systems obtains the temporary private SKt, the re-encryption for the beta system that reruns is close Literary decipherment algorithm obtains the session symmetric key k, finally runs symmetrical decipherment algorithm and decrypts the ciphertext data CA, 1Obtain institute State clear data M.
In general, by the contemplated above technical scheme of the present invention compared with prior art, have below beneficial to effect Fruit:
(1) versatility of isomery encryption cloud data sharing.When this scheme is applied in existing system, what the system used Either which kind of proxy re-encryption scheme, when user needs its shared data of safety to its exterior user, as long as the reception is used System where family is the public-key cryptosystem used, and this data sharing operations can be achieved;
(2) convenience of plan implementation.Due to the technical program when extending original PRE encryption storage system need not pair Parameter or data in original system being currently running are made an amendment, and maintain original proxy-encrypted cloud storage system to greatest extent The advantage of system, therefore when disposing this technical scheme with very strong convenience.
Brief description of the drawings
Fig. 1 is the flow chart that the general isomery of the present invention encrypts the data sharing method between cloud;
Fig. 2 interaction diagrams that re-encrypted private key generates between present system.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.As long as in addition, technical characteristic involved in each embodiment of invention described below Conflict can is not formed each other to be mutually combined.
Fig. 1 show the flow chart of the data sharing method between the general isomery encryption cloud of the present invention, specifically includes following Step:
Step 1 system initialization.There are two encryptions cloud system α, β in embodiments of the present invention, wherein, system α is for example adopted With based on the proxy re-encryption scheme CL-PRE without certificate, by algorithm (Setupα, PartialSKGenα, PKGenα, SKGenα, Encα, Dec-1α, RKα, ReEncα, Dec-2α) composition, each algorithm is respectively scheme initialization, the generation of part private key, public key life Into, private key generation, encryption, original decryption, re-encrypted private key generation, re-encryption, the decryption of re-encryption ciphertext;System β for example with The proxy re-encryption scheme IB-PRE of identity-based, by algorithm (Setupβ, Extracβ, Encβ, Dec-1β, RKβ, ReEncβ, Dec-2β) composition, each algorithm be respectively scheme initialization, key generation, encryption, it is original decryption, re-encrypted private key generation, again plus Close, re-encryption ciphertext decryption.Each free-running system initialization algorithm of α, β two systems (such as Setup (1k) algorithm) and respectively The corresponding open parameter of generation, secret parameter are to (MPα, MSα) and (MPβ, MSβ), wherein, MP represents that Your Majesty opens parameter;MS is represented Main secret parameter;And choose symmetric encipherment algorithm (K, SE, SD) and be used as ciphering user data algorithm, wherein, K represents symmetric key Space;SE and SD represent symmetric cryptography and decipherment algorithm respectively.
Step 2 key is distributed.The respective key generation centre of α, beta system (Key Generating Center, it is simple below Claim KGC) operation Extrac (MPx, MSx, auxx) algorithm for its internal system user distribute public private key pair (PK, SK), wherein, PK represents the public key of user;SK represents the private key of user;Aux be user auxiliary information (such as:Identity information, attribute information, It is then random number etc. for traditional proxy re-encryption);X={ α, β }.It is as follows in detail:User A distributes to place system β key Mechanism KGCβSubmit the identity information ID of oneselfAAs public key, KGCβRun ExtracβAlgorithm generates private key SK for itA, then it is public Private key is to for (IDA, SKA).Similarly, user B obtains its public private key pair (ID in beta systemB, SKB).User C is to place system α Cipher key distribution mechanism KGCαSubmit the identity information ID of oneselfC, KGCαRun algorithm PartialSKGenαFor its generating portion Private key DKc, user C chooses a Your Majesty and opens parameter MP againαRandom number r combination identity informations ID in the Algebraic Structure of determinationCWith Part private key DKcIt is separately operable algorithm PKGenαAnd SKGenαGenerate public private key pair (PKC, SKC)。
Step 3 encryption data simultaneously uploads.User A is intended to clear data M being uploaded to high in the clouds, is generated first for clear data M Session symmetric key k, operation symmetric encipherment algorithm SE (k, M) obtain ciphertext data CA, 1, operation AES Enc (MPβ, IDA, K) key ciphertext C corresponding to session symmetric key k is generatedA, 2, then by ciphertext data CA, 1With key ciphertext CA, 2It is uploaded to high in the clouds Storage.
Step 4 judges ciphertext data CA, 1It is to ask for or share, step is performed if user A oneself takes ciphertext data 5, step 6 is otherwise performed, i.e. shared data gives other people.
Step 5 downloads ciphertext data CA, 1And key ciphertext CA, 2And decrypt.If user A needs to use clear data M, from Download ciphertext data C in high in the cloudsA, 1With key ciphertext CA, 2, then run decipherment algorithm Dec-1β(MPβ, SKA, CA, 2) obtain session pair Claim key k, rerun symmetrical decipherment algorithm SD (k, CA, 1) obtain clear data M.
Step 6 judges recipient and sender (i.e. user A) whether in same system, if recipient with sender same Step 7 is then performed in one system, step 8 is otherwise performed, that is, shares to its exterior user.
Step 7 shared system internal user.User A is intended to oneself data sharing of storage beyond the clouds giving it in same system User B in system.User A runs re-encrypted private key generating algorithm RK firstβ(MPβ, PKB, SKA) generation re-encrypted private keyAnd send it to high in the clouds;Re-encryption algorithm ReEnc is run by high in the clouds againβ(CA, 2) generation re-encryption Key ciphertext C 'A;User B fetches user A shared data (C from high in the cloudsA, 1, C 'A), operation re-encryption ciphertext decipherment algorithm Dec- 2β(MPβ, SKB, C 'A) session symmetric key k is obtained, rerun symmetrical decipherment algorithm SD (k, CA, 1) obtain clear data M.
Step 8 user A is intended to data sharing generating the flow of interim public and private key such as to the user C in α systems for user C Shown in Fig. 2, following sub-step is specifically included:
(8-1) user A randomly selects an interim auxiliary information Aux firsttTo identify casual user.Specifically, i.e. For the identity information ID in beta systemt, send it to the KGC of beta systemβ
(8-2)KGCβRun key schedule Extracβ(MPβ, MSβ, IDt) it is interim corresponding to identity information generation Public and private key (PKt, SKt) and be sent to user A, wherein, PKtRepresent temporary public key;SKtRepresent temporary private;
(8-3) user A operation re-encrypted private key generating algorithms RKβ(MPβ, PKt, SKA) the interim re-encrypted private key of generation
(8-4) user A runs the AES Enc of α systemsα(MPα, PKC, SKt) temporary private is encrypted to obtain it is interim close Key ciphertext Cα
(8-5) is by re-encrypted private key between systemIt is sent to high in the clouds.
Re-encrypted private key between the resolution system of step 9 high in the cloudsObtain interim re-encrypted private keyOperation adds again Close algorithm ReEncβ(CA, 2) re-encrypted private key ciphertext C ' is obtained, by re-encryption ciphertext { C ', C between systemαSend Give user C.
Step 10 user C gets re-encryption ciphertext { C ', C between systemα, first parsing obtains temporary key ciphertext Cα, operation The decipherment algorithm Dec-1 of α systemsα(MPα, SKC, Cα) obtain temporary private SKt, the re-encryption ciphertext decryption calculation for the beta system that reruns Method Dec-2β(MPβ, SKt, C ') and session symmetric key k is obtained, finally run symmetrical decipherment algorithm SD (k, CA, 1) obtain plaintext number According to M.
Proxy re-encryption scheme in the present invention includes but is not limited to listed type:Traditional agency based on PKI Re-encryption PKI-PRE, the proxy re-encryption IB-PRE of identity-based, the proxy re-encryption AB-PRE based on attribute and based on without card The proxy re-encryption CL-PRE of book.α, beta system use two isomery proxy re-encryption schemes, can be the above-mentioned type scheme it Between all combinations;Also include in same type, all combinations between different instances scheme, instantiation scheme is each algorithm Calculating details embody type scheme;Also include same instance scheme but employ different security parameters, open ginseng All combinations between several implementations, implementation are security parameter, the instantiation scheme of open parameter materialization.
The data safety that the present invention encrypts cloud storage to PKE encryption cloud storages widenable to PRE is shared.That is PRE encrypts cloud User in storage system can share to its data safety encrypts another user in cloud storage system with the PKE of PRE isomeries, Otherwise can not.PRE schemes are PKE in extension functionally, and the scheme in α in above-described embodiment is replaced with into PKE encryption sides Case.Now PRE and PKE isomery is shown as:Different cipher key schemes is employed in key schedule, or is employed Identical cipher key scheme, but used different security parameters, open parameter.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to The limitation present invention, all any modification, equivalent and improvement made within the spirit and principles of the invention etc., all should be included Within protection scope of the present invention.

Claims (3)

  1. A kind of 1. data sharing method between general isomery encryption cloud, it is characterised in that including:
    Its system initialization algorithm of two isomeries of step 1 encryption each self-operating of cloud system α, β, the respectively corresponding open ginseng of generation Number, secret parameter are to (MPα, MSα) and (MPβ, MSβ), wherein, MP represents that Your Majesty opens parameter;MS represents main secret parameter;And select Symmetric encipherment algorithm (K, SE, SD) is taken to be used as ciphering user data algorithm, wherein, K represents symmetric key space;SE and SD difference Represent symmetric cryptography and decipherment algorithm;
    The respective key generation centre of α, beta system described in step 2 distributes public private key pair (PK, SK) for the user of its internal system, Wherein, PK represents the public key of user;SK represents the private key of user;
    The first user is that clear data M generates session symmetric key k, operation symmetric encipherment algorithm encryption in beta system described in step 3 The clear data M obtains ciphertext data CA, 1, key ciphertext corresponding to the operation AES generation session symmetric key k CA, 2, then by the ciphertext data CA, 1With the key ciphertext CA, 2It is uploaded to high in the clouds storage;
    Step 4 judges the ciphertext data CA, 1It is to ask for or share, if described in the first user oneself takes in the beta system Ciphertext data CA, 1Step 5 is then performed, otherwise performs step 6;
    The first user downloads the ciphertext data C from the high in the clouds in beta system described in step 5A, 1With the key ciphertext CA, 2, fortune Row decipherment algorithm obtains the session symmetric key k, and the symmetrical decipherment algorithm that reruns decrypts the ciphertext data CA, 1Obtain described Clear data M;
    Step 6 judges that the first user is whether in same system in recipient and the beta system, if then performing step 7, otherwise Perform step 8;
    The first user runs re-encrypted private key generating algorithm generation re-encrypted private key RK first in beta system described in step 7β, A → B, and Send it to the high in the clouds;Re-encryption algorithm generation re-encrypted private key ciphertext C ' is run by the high in the clouds againA;The recipient Shared data (the C of the first user in the beta system is fetched from the high in the cloudsA, 1, C 'A), operation re-encryption ciphertext decipherment algorithm obtains To the session symmetric key k, the symmetrical decipherment algorithm that reruns decrypts the ciphertext data CA, 1Obtain the clear data M;
    It is the interim public and private key of the first user generation in the α systems if step 8 recipient is the first user in the α systems (PKt, SKt) and generate re-encrypted private key RK between systemA→C, wherein, PKtRepresent temporary public key;SKtRepresent temporary private;
    High in the clouds described in step 9 parses re-encrypted private key RK between the systemA→CObtain interim re-encrypted private key RKβ, A → PKt, operation weight AES obtains re-encrypted private key ciphertext C ', by re-encryption ciphertext { C ', C between systemαIt is sent to the first use in the α systems Family;
    The first user gets re-encryption ciphertext { C ', the C in α systems described in step 10α, it is close to obtain temporary key for first parsing Literary Cα, the decipherment algorithm for running the α systems obtains the temporary private SKt, the re-encryption ciphertext solution for the beta system that reruns Close algorithm obtains the session symmetric key k, finally runs symmetrical decipherment algorithm and decrypts the ciphertext data CA, 1Obtain being stated clearly Literary data M.
  2. 2. the method as described in claim 1, it is characterised in that in the step 2, user in the beta system is to described System β cipher key distribution mechanism KGCβSubmit the identity information ID of oneselfAAs public key, the cipher key distribution mechanism of the system β KGCβPrivate key SK is generated for itA, then its public private key pair is (IDA, SKA);The key of user in the α systems to the system α Distributing mechanism KGCαSubmit the identity information ID of oneselfC, the cipher key distribution mechanism KGC of the system ααFor its generating portion private key DKc, the user in the α systems chooses a Your Majesty and opens parameter MP againαRandom number r in the Algebraic Structure of determination is with reference to described Identity information IDCWith the part private key DKcGenerate public private key pair (PKC, SKC)。
  3. 3. method as claimed in claim 1 or 2, it is characterised in that the step 8 includes following sub-step:
    The first user randomly selects an interim auxiliary information Aux in (8-1) described beta systemtTo identify casual user, by it It is sent to the key generation centre KGC of the beta systemβ
    The key generation centre KGC of (8-2) described beta systemβOperation key schedule is the interim auxiliary information AuxtIt is raw Into corresponding interim public and private key (PKt, SKt) and be sent to the first user in the beta system;
    The first user runs re-encrypted private key generating algorithm and generates interim re-encrypted private key RK in (8-3) described beta systemβ, A → PKt
    The first user runs the AESs of the α systems by the temporary private SK in (8-4) described beta systemtEncryption is faced When key ciphertext Cα
    (8-5) is by re-encrypted private key RK between the systemA→C={ RKβ, A → PKt, CαIt is sent to the high in the clouds.
CN201510136203.8A 2015-03-26 2015-03-26 A kind of data sharing method between general isomery encryption cloud Active CN104735070B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510136203.8A CN104735070B (en) 2015-03-26 2015-03-26 A kind of data sharing method between general isomery encryption cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510136203.8A CN104735070B (en) 2015-03-26 2015-03-26 A kind of data sharing method between general isomery encryption cloud

Publications (2)

Publication Number Publication Date
CN104735070A CN104735070A (en) 2015-06-24
CN104735070B true CN104735070B (en) 2017-12-08

Family

ID=53458505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510136203.8A Active CN104735070B (en) 2015-03-26 2015-03-26 A kind of data sharing method between general isomery encryption cloud

Country Status (1)

Country Link
CN (1) CN104735070B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105373346B (en) * 2015-10-23 2018-06-29 成都卫士通信息产业股份有限公司 A kind of virtualization storage method and storage device
US10250385B2 (en) * 2016-02-18 2019-04-02 Cloud9 Technologies, LLC Customer call logging data privacy in cloud infrastructure
CN107086912B (en) * 2017-04-10 2020-02-07 国家电网公司 Ciphertext conversion method, decryption method and system in heterogeneous storage system
CN108156232A (en) * 2017-12-22 2018-06-12 王轶捷 Data sharing method and device
CN109413092B (en) * 2018-11-20 2021-03-12 国网浙江省电力有限公司电力科学研究院 Key heterogeneous defense method
CN110310117A (en) * 2019-06-25 2019-10-08 杭州趣链科技有限公司 A kind of secure data method of commerce based on proxy re-encryption
CN110505233A (en) * 2019-08-29 2019-11-26 苏州同济区块链研究院有限公司 A kind of method of anti-conspiracy/secret protection proxy re-encryption
CN110493263B (en) * 2019-09-17 2022-05-24 北京元安物联技术有限公司 Gateway offline authentication method, device and system and computer readable storage medium
CN110610102B (en) * 2019-09-23 2021-06-25 郑州师范学院 Data access method, device and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655508A (en) * 2012-04-19 2012-09-05 华中科技大学 Method for protecting privacy data of users in cloud environment
CN103647642A (en) * 2013-11-15 2014-03-19 河海大学 Certificate-based agent heavy encryption method and system
CN103685532A (en) * 2013-12-20 2014-03-26 代玉松 Safety guarantee system and method used during data transmission process among enterprises based on cloud service
CN103905557A (en) * 2014-04-09 2014-07-02 曙光云计算技术有限公司 Data storage method and device used for cloud environment and downloading method and device
CN103916477A (en) * 2014-04-09 2014-07-09 曙光云计算技术有限公司 Data storage method and device and data downloading method and device for cloud environment
CN103957109A (en) * 2014-05-22 2014-07-30 武汉大学 Cloud data privacy protection security re-encryption method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655508A (en) * 2012-04-19 2012-09-05 华中科技大学 Method for protecting privacy data of users in cloud environment
CN103647642A (en) * 2013-11-15 2014-03-19 河海大学 Certificate-based agent heavy encryption method and system
CN103685532A (en) * 2013-12-20 2014-03-26 代玉松 Safety guarantee system and method used during data transmission process among enterprises based on cloud service
CN103905557A (en) * 2014-04-09 2014-07-02 曙光云计算技术有限公司 Data storage method and device used for cloud environment and downloading method and device
CN103916477A (en) * 2014-04-09 2014-07-09 曙光云计算技术有限公司 Data storage method and device and data downloading method and device for cloud environment
CN103957109A (en) * 2014-05-22 2014-07-30 武汉大学 Cloud data privacy protection security re-encryption method

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
A DFA-Based Functional Proxy Re-encryption Scheme for Secure Public Cloud Data Sharing;Kaitai Liang,Man Ho Au,Joseph K. Liu,Willy Susilo etc.;《IEEE Transactions on Information Forensics and Security》;20140807;第9卷(第10期);全文 *
Hierarchical attribute based proxy re-encryption access control in cloud computing;P. Praveen Chandar,D. Mutkuraman,M. Rathinrai;《2014 International Conference on Circuits, Power and Computing Technologies》;20140321;全文 *
Secure, Efficient and Fine-Grained Data Access Control Mechanism for P2P Storage Cloud;Heng He,Ruixuan Li,Xinhua Dong,Zhao Zhang;《IEEE Transactions on Cloud Computing》;20141223;第2卷(第4期);全文 *
一种大数据平台敏感数据安全共享的框架;董新华,李瑞轩,何亨,周湾湾,薛正元,王聪;《科技导报》;20141130;第32卷(第34期);全文 *
基于代理重加密优化算法的云用户数据隐私保护机制;陈宏武;《中国优秀硕士论文全文数据库》;20140615;正文第28-33页 *

Also Published As

Publication number Publication date
CN104735070A (en) 2015-06-24

Similar Documents

Publication Publication Date Title
CN104735070B (en) A kind of data sharing method between general isomery encryption cloud
CN102624522B (en) A kind of key encryption method based on file attribute
Jiang et al. Dynamic encrypted data sharing scheme based on conditional proxy broadcast re-encryption for cloud storage
CN103107992B (en) Multistage authority management method for cloud storage enciphered data sharing
US20140208117A1 (en) Server apparatus and program
JP6115573B2 (en) Cryptographic system, data storage system, and apparatus and method used therefor
Huang et al. Secure data group sharing and dissemination with attribute and time conditions in public cloud
CN104158880B (en) User-end cloud data sharing solution
CN105933345B (en) It is a kind of that outsourcing attribute base encryption method can verify that based on linear privacy sharing
Kaaniche et al. ID based cryptography for cloud data storage
CN114513327B (en) Block chain-based Internet of things private data rapid sharing method
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
JP2019102970A (en) Data sharing server device, key generation server device, communication terminal, and program
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
Yao et al. A lightweight access control mechanism for mobile cloud computing
Singh et al. Fuzzy elliptic curve cryptography based cipher text policy attribute based encryption for cloud security
Sanchol et al. A mobile cloud-based access control with efficiently outsourced decryption
CN108462677A (en) A kind of file encrypting method and system
Mishra et al. A certificateless authenticated key agreement protocol for digital rights management system
Mo et al. A dynamic re-encrypted ciphertext-policy attributed-based encryption scheme for cloud storage
JP2010113181A (en) Key management method, key generation method, encryption processing method, decryption processing method, access control method, communication network system
JP2008176040A (en) Key management method, key creation method, code processing method, transfer method for decryption authority, and communication network system
Kim et al. Certificateless Group to Many Broadcast Proxy Reencryptions for Data Sharing towards Multiple Parties in IoTs
Zhang et al. Research on the Secure Communication Model of Instant Messaging
Suma et al. An efficient scheme for cloud services based on access policies

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant