CN108616497A - Data integrity verification method and system, terminal and authentication server under cloud environment - Google Patents

Data integrity verification method and system, terminal and authentication server under cloud environment Download PDF

Info

Publication number
CN108616497A
CN108616497A CN201810004777.3A CN201810004777A CN108616497A CN 108616497 A CN108616497 A CN 108616497A CN 201810004777 A CN201810004777 A CN 201810004777A CN 108616497 A CN108616497 A CN 108616497A
Authority
CN
China
Prior art keywords
authenticator
ciphertext blocks
ciphertext
partly
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810004777.3A
Other languages
Chinese (zh)
Inventor
赵远杰
颜雪薇
韩欣
陈幼雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CEC CYBERSPACE GREAT WALL Co Ltd
Original Assignee
CEC CYBERSPACE GREAT WALL Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CEC CYBERSPACE GREAT WALL Co Ltd filed Critical CEC CYBERSPACE GREAT WALL Co Ltd
Priority to CN201810004777.3A priority Critical patent/CN108616497A/en
Publication of CN108616497A publication Critical patent/CN108616497A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses data integrity verification methods under a kind of cloud environment, including:Accessed visitor's attribute is allowed to be encrypted to form ciphertext file configuration;Ciphertext block is formed into multiple ciphertext blocks, identifier is generated to each ciphertext blocks, authenticator is generated according to identifier and private key;Integrality verification request is sent to authentication server, authentication server interacts to choose at least partly ciphertext blocks with cloud storage service device, and calculate at least partly aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks, so that authentication server is carried out integrity verification according to aggregation authenticator, linear combination and public key again and verification result is back to terminal, aggregation authenticator is that the company of at least partly random number power of the authenticator of ciphertext blocks multiplies, and linear combination is that at least partly ciphertext blocks are summed after being respectively multiplied with random number.The present invention can reduce the transmission quantity of data, and user experience is high.

Description

Data integrity verification method and system, terminal and authentication server under cloud environment
Technical field
The present invention relates to field of information security technology, more particularly under a kind of cloud environment data integrity verification method and System, terminal and authentication server.
Background technology
With the rapid development of cloud computing, resource is locally stored in order to save in more and more personal and enterprises, can be him Sensitive data be stored in remote cloud server.In practical applications, typically at least there is following two points requirement:First, it protects Close property requirement requires nothing more than the user that satisfaction offer data person offers and checks;Second, the integrity demands of data, it is desirable that number It is complete according to remaining.
However, in the prior art for integrity demands for data, using regularly by the data on Cloud Server It sends back to be checked, since the data volume periodically transmitted is larger, user can not be made to enjoy cloud service well The facility that device is brought, that is, poor user experience.
Invention content
To solve one of the technical problems existing in the prior art, the present invention provides data integrity under a kind of cloud environment Verification method and system, terminal and authentication server, it is possible to reduce volume of transmitted data, user experience are high.
The present invention provides data integrity verification method under a kind of cloud environment, application terminal, the integrity verification sides Method includes the following steps:
File configuration is allowed accessed visitor's attribute to be encrypted to form ciphertext and be uploaded to cloud storage service device Storage;
The ciphertext block is formed into multiple ciphertext blocks, identifier is generated to each ciphertext blocks, according to the identifier and Private key generates authenticator, and the ciphertext blocks and the authenticator are uploaded to cloud storage service device and are stored;
Integrality verification request is sent to authentication server, so that authentication server interacts to select with cloud storage service device It takes at least partly ciphertext blocks, and calculates linear group of at least partly aggregation authenticator of ciphertext blocks and at least partly ciphertext blocks It closes, then so that the authentication server is carried out integrity verification according to the aggregation authenticator, the linear combination and public key and incite somebody to action Verification result is back to terminal, wherein aggregation authenticator is the company of at least partly random number power of the authenticator of ciphertext blocks Multiply, linear combination is that at least partly ciphertext blocks are summed after being respectively multiplied with random number.
Preferably, include the following steps:
Allow the attribute of accessed visitor different for different file configurations.
Preferably, the authenticator σ of the τ ciphertext blocks is calculated as followsτ
τ=1 ..., n
Wherein, n is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
idτIndicate the identifier of the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
The present invention also provides data integrity verification method under a kind of cloud environment, application verification server, including following step Suddenly:
Receive the integrality verification request that terminal is sent;
The integrality verification request sent according to the terminal interacts to choose at least partly ciphertext with cloud storage service device Block, and at least partly the aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks is calculated, and according to institute Aggregation authenticator, the linear combination and public key is stated to carry out integrity verification and verification result is back to terminal, cloud storage clothes The ciphertext that the terminal uploads is stored in business device, and the respective identifier of multiple ciphertext blocks and private key being divided by ciphertext The authenticator of generation.
Preferably, the step of progress integrity verification, including:
Judge the whether true carry out integrity verification of following equation, if so, then file is complete, the file if invalid It is imperfect:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
The present invention also provides a kind of terminals, including:
Encrypting module to form ciphertext and upload for allowing accessed visitor's attribute to be encrypted file configuration It is stored to cloud storage service device;
Authenticator generation module generates each ciphertext blocks and identifies for the ciphertext block to be formed multiple ciphertext blocks Symbol generates authenticator according to the identifier and private key, and the ciphertext blocks and the authenticator is uploaded to cloud storage service Device is stored;
Checking request generates sending module, for sending integrality verification request to authentication server, so that the service for checking credentials Device interacts to choose at least partly ciphertext blocks according to the integrality verification request with cloud storage service device, and calculates at least portion The linear combination of the aggregation authenticator of point ciphertext blocks and at least partly ciphertext blocks, then make authentication server according to the aggregation Authenticator, the linear combination and public key carry out integrity verification and verification result are back to terminal, wherein aggregation certification Symbol be at least partly random number power of the authenticator of ciphertext blocks company multiply, linear combination be at least partly ciphertext blocks respectively with Random number is summed after being multiplied.
Preferably, the encrypting module, for allowing the attribute of accessed visitor for different file configurations not Together.
Preferably, the authenticator generation module, the certification for calculating the τ ciphertext blocks according to following manner Accord with στ
τ=1 ..., n;
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
The present invention also provides a kind of authentication servers, including:
Receiving module, the integrality verification request for receiving terminal transmission;
Intermediate parameters obtain module, the integrality verification request for being sent according to the terminal and cloud storage service device It interacts to choose at least partly ciphertext blocks, and calculates at least partly the aggregation authenticator of ciphertext blocks and at least partly ciphertext The linear combination of block, or receive that the cloud storage service device calculates this at least partly the aggregation authenticator of ciphertext blocks and The linear combination of at least partly ciphertext blocks;Assemble authenticator for at least partly random number power of the authenticator of ciphertext blocks Lian Cheng, linear combination are that at least partly ciphertext blocks are summed after being respectively multiplied with random number;
Authentication module, for carrying out integrity verification according to the aggregation authenticator, the linear combination and public key and inciting somebody to action Verification result is back to terminal, and the ciphertext that the terminal uploads is stored in cloud storage service device, and is divided by ciphertext more The authenticator of a ciphertext blocks respective identifier and private key generation.
Preferably, the authentication module judges the whether true carry out integrity verification of following equation for passing through, if at Vertical, then file is complete, and file is imperfect if invalid:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
The present invention also provides data integrity validation systems under a kind of cloud environment, including terminal, authentication server and cloud to deposit Server is stored up, the terminal uses above-mentioned terminal;The authentication server uses above-mentioned authentication server;The cloud storage clothes The ciphertext that the terminal uploads is stored in business device, and the respective identifier of multiple ciphertext blocks and private key being divided by ciphertext The authenticator of generation.
The invention has the advantages that:
For the present invention when needing to carry out integrity verification to file, terminal (being located at data uploader side) only needs will be public Key is sent to authentication server, and authentication server can have been carried out in conjunction with result of calculation (including aggregation authenticator and linear combination) Integrity verification, this substantially reduces volume of transmitted data compared with needing periodically to return to total data in the prior art and check, Communication fee is saved, user experience is high.
Description of the drawings
Fig. 1 is the working timing figure of data integrity verification method under cloud environment provided in an embodiment of the present invention;
Fig. 2 is the functional block diagram of terminal provided in an embodiment of the present invention;
Fig. 3 is the functional block diagram of authentication server provided in an embodiment of the present invention.
Specific implementation mode
To make those skilled in the art more fully understand technical scheme of the present invention, below in conjunction with the accompanying drawings to the present invention Data integrity verification method and system, terminal and authentication server are described in detail under the cloud environment of offer.
Embodiment 1
The environment that data integrity verification method is applied under cloud environment provided in an embodiment of the present invention is terminal, storage clothes Business device and authentication server, wherein terminal is in data uploader side, and storage server and authentication server are in server Side.
Data integrity verification method under cloud environment provided in an embodiment of the present invention is described in detail with reference to Fig. 1, specifically Ground includes the following steps:
S1, to file configuration allow accessed visitor's attribute be encrypted to form ciphertext and be uploaded to cloud storage clothes Business device storage.
Wherein, file belongs to semi-shared file.Terminal-pair file configuration allows accessed visitor's attribute, in this way, tool Have the visitor of the attribute can allow access this document, actually it is, to paper formulation access strategy (M, p) into Row encryption, to ensure the safety of this document.
Furthermore it is preferred that terminal for different file configurations allow the attribute of accessed visitor it is different (or Say, the different access strategies of use are encrypted) in this way, can prevent from after visitor obtains some file, utilizing gained To attribute key other files are decrypted.
S2 forms multiple ciphertext blocks, each ciphertext blocks CH of terminal-pair according to terminal-pair ciphertext block is uploadedτ(τ=1, 2 ... ... n) generate identifier idτ(τ=1,2 ... ... n, n are the sum of ciphertext blocks);According to indications idτWith private key SKDO (being held by data uploader) generates ciphertext blocks CHτAuthenticator στ, and by ciphertext blocks CHτWith authenticator στIt is uploaded to cloud Storage server, cloud storage service device preserve corresponding ciphertext blocks CHτWith authenticator στ
Preferably, the authenticator of the τ ciphertext blocks calculates as follows:
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
Preferably, cloud storage service device stores ciphertext blocks and corresponding authenticator with following storage format:Identifier | | authenticator | | ciphertext blocks.
S3, terminal send out integrality verification request to authentication server.
S4, authentication server choose at least partly ciphertext blocks and are sent to cloud storage service device.
Specifically, authentication server chooses at least partly ciphertext, and sequence is ch={ (idτ,fτ)}τ∈D, wherein D={ s1,s2,……scIt is the subset gathered in [1, n], wherein fτFor random number,For using p as in the residual class ring of mould Nonzero element set, p is prime number.
For the relatively whole ciphertext blocks of authentication server selected part ciphertext blocks, it is possible to reduce calculation amount, so as to To improve the efficiency of integrity verification.
S5, cloud storage service device calculate at least partly ciphertext blocks CHτAggregation authenticator σ and part ciphertext blocks CHτ's Linear combination μ is simultaneously sent to authentication server.
Wherein, aggregation authenticator σ is at least partly ciphertext blocks CHτAuthenticator στThe company of random number power multiply:
Wherein, fτFor random number.
Linear combination μ is at least partly ciphertext blocks CHτWith sum after being multiplied of random number:
μ=∑τ∈DfτCHτ, wherein fτFor random number.
S6, authentication server is according to aggregation authenticator σ, linear combination μ and public key PKDOIt (is held by data uploader Have) carry out integrity verification.
Preferably, judge the whether true carry out integrity verification of following equation, if so, then file is complete, if invalid Then file is imperfect:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
Described herein to be, the calculating process of above-mentioned equation is as follows:
In verification process stipulations to discrete logarithm problem, show that verification process is safely and effectively.
Described herein to be, Bilinear map mapping has following property:
If G and GTIt is two p rank multiplicative cyclic groups, p is the random generation member that prime number .g is crowd G, if mapping e:G×G→ GTFollowing three properties can be met, then claim e:G×G→GTIt is mapped for Bilinear map:
Bilinearity:ForWithThere are e (ua,vb)=e (u, v)ab
Non-degeneracy:e(g,g)≠1;
Computability:ForThere are an algorithms, and e (u, v) is calculated within effective time.
Verification result is back to terminal by S7, authentication server.
From the foregoing, it will be observed that data integrity verification method under cloud environment provided in an embodiment of the present invention, terminal carries out ciphertext Piecemeal simultaneously combines private key to generate authenticator, and ciphertext, ciphertext blocks and authenticator are uploaded and are stored in cloud storage service device, When needing to carry out integrity verification to file, terminal only needs public key being sent to authentication server, and authentication server can be tied Close the result of calculation (including aggregation authenticator and linear combination) that cloud storage service device returns and carry out integrity verification, this with it is existing Have and need periodically to compare total data return inspection in technology, substantially reduces volume of transmitted data, saved communication fee, User experience is high.
Need it is described herein be, although be in the present embodiment cloud storage service device calculate at least partly ciphertext blocks CHτ Aggregation authenticator σ and at least partly ciphertext blocks CHτLinear combination μ and be sent to authentication server, still, the present invention Do not limit to and this can send ciphertext blocks and certification with cloud storage service device to authentication server in practical applications Symbol, authentication server calculate aggregation authenticator σ and linear combination μ according to ciphertext blocks and authenticator, are finally tied further according to calculating Fruit and public key carry out integrity verification.
Embodiment 2
Fig. 2 is the functional block diagram that Fig. 2 provided in an embodiment of the present invention is terminal provided in an embodiment of the present invention;It please refers to Fig. 2, terminal 10 provided in an embodiment of the present invention include:Encrypting module 101, authenticator generation module 102 and request to generate transmission Module 103.
Wherein, encrypting module 101 is for allowing accessed visitor's attribute to be encrypted to form ciphertext file configuration And it is uploaded to the storage of cloud storage service device;
Authenticator generation module 102 is used to ciphertext block forming multiple ciphertext blocks, generates and identifies to each ciphertext blocks Symbol generates authenticator according to identifier and private key, and ciphertext blocks and authenticator is uploaded to cloud storage service device and are stored;
Sending module 103 is requested to generate for sending integrality verification request to authentication server, so that authentication server It is interacted according to integrality verification request with cloud storage service device to choose at least partly ciphertext blocks, and calculates at least partly ciphertext The linear combination of the aggregation authenticator of block and at least partly ciphertext blocks, then make authentication server according to aggregation authenticator, linearly Combination and public key carry out integrity verification and verification result are back to terminal, wherein aggregation authenticator is at least partly close The company of the random number power of the authenticator of literary block multiplies, and linear combination is that at least partly ciphertext blocks are asked after being respectively multiplied with random number With.
Preferably, encrypting module 101 is used to allow the attribute of accessed visitor not for different file configurations Together.
Preferably, authenticator generation module 102 is used to calculate the authenticator of the τ ciphertext blocks according to following manner σττ=1 ..., n
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
The particularly relevant content of terminal provided in this embodiment can be found in the related content in above-described embodiment 1, herein not It is described in detail again.
Embodiment 3
Fig. 3 is the functional block diagram of authentication server provided in an embodiment of the present invention;Referring to Fig. 2, the embodiment of the present invention carries The authenticator server 20 of confession includes:Receiving module 201, intermediate parameters obtain module 202 and authentication module 203.
Wherein, receiving module 201 is used to receive the integrality verification request of terminal transmission.
Intermediate parameters obtain the integrality verification request that module 202 is used to send according to terminal and are handed over cloud storage service device At least partly ciphertext blocks mutually are chosen, and calculate at least partly the aggregation authenticator of ciphertext blocks and at least partly ciphertext blocks Linear combination, or at least partly aggregation authenticator of ciphertext blocks and should that receives that the cloud storage service device calculates At least partly linear combination of ciphertext blocks.
Authentication module 203 is used to carry out integrity verification according to aggregation authenticator, linear combination and public key and ties verification Fruit is back to terminal, and the ciphertext that the terminal uploads is stored in cloud storage service device, and the multiple ciphertexts being divided by ciphertext The authenticator that the respective identifier of block and private key generate.
The authentication module judges the whether true carry out integrity verification of following equation for passing through, if so, it is then literary Part is complete, and file is imperfect if invalid:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
The particularly relevant content of authentication server provided in this embodiment can be found in the related content in above-described embodiment 1, This will not be detailed here.
Embodiment 4
Data integrity validation system includes under cloud environment provided in an embodiment of the present invention:Terminal 10, authentication server 20 With cloud storage service device, terminal uses the terminal that above-described embodiment 2 provides;Authentication server uses the verification of above-described embodiment 3 Server;The ciphertext of terminal upload is stored in cloud storage service device, and the respective mark of multiple ciphertext blocks being divided by ciphertext Know the authenticator that symbol and private key generate.
The course of work of data integrity validation system refers to above-mentioned implementation under cloud environment provided in an embodiment of the present invention Data integrity verification method under the cloud environment that example 1 provides, this will not be detailed here.
Data integrity validation system under cloud environment provided in an embodiment of the present invention is needing to carry out integrality to file When verification, terminal only needs public key being sent to authentication server, the meter that authentication server can be returned in conjunction with cloud storage service device Calculate result (including aggregation authenticator and linear combination) and carry out integrity verification, this with need in the prior art periodically will be whole Data return to inspection and compare, and substantially reduce volume of transmitted data, have saved communication fee, and user experience is high.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary reality that uses Mode is applied, however the present invention is not limited thereto.For those skilled in the art, the present invention is not being departed from Spirit and essence in the case of, various changes and modifications can be made therein, these variations and modifications be also considered as the present invention protection Range.

Claims (11)

1. data integrity verification method under a kind of cloud environment, application terminal, which is characterized in that the integrity verification method packet Include following steps:
To file configuration allow accessed visitor's attribute be encrypted to form ciphertext and be uploaded to cloud storage service device storage;
The ciphertext block is formed into multiple ciphertext blocks, identifier is generated to each ciphertext blocks, according to the identifier and private key Authenticator is generated, and the ciphertext blocks and the authenticator are uploaded to cloud storage service device and are stored;
Integrality verification request is sent to authentication server, so that authentication server interacts to choose at least with cloud storage service device Part ciphertext blocks, and at least partly aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks are calculated, then make The authentication server according to the aggregation authenticator, the linear combination and public key carries out integrity verification and by verification result It is back to terminal, wherein aggregation authenticator is that the company of at least partly random number power of the authenticator of ciphertext blocks multiplies, linear combination It sums after being respectively multiplied with random number at least partly ciphertext blocks.
2. the data integrity verification method under cloud environment according to claim 1, which is characterized in that including following step Suddenly:
Allow the attribute of accessed visitor different for different file configurations.
3. the data integrity verification method under cloud environment according to claim 1, which is characterized in that as follows Calculate the authenticator σ of the τ ciphertext blocksτ
τ=1 ..., n
Wherein, n is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
idτIndicate the identifier of the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
4. data integrity verification method under a kind of cloud environment, application verification server, which is characterized in that include the following steps:
Receive the integrality verification request that terminal is sent;
The integrality verification request sent according to the terminal interacts to choose at least partly ciphertext blocks with cloud storage service device, and At least partly the aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks is calculated, and according to the aggregation Authenticator, the linear combination and public key carry out integrity verification and verification result are back to terminal, in cloud storage service device It is stored with the ciphertext that the terminal uploads, and recognizing of generating of the respective identifier of multiple ciphertext blocks and private key being divided by ciphertext Card symbol.
5. data integrity verification method under cloud environment according to claim 4, which is characterized in that the carry out integrality The step of verification, including:
Judge the whether true carry out integrity verification of following equation, if so, then file is complete, and file is endless if invalid It is whole:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
6. a kind of terminal, which is characterized in that including:
Encrypting module, for allowing accessed visitor's attribute to be encrypted to form ciphertext and be uploaded to cloud and deposit file configuration Store up server storage;
Authenticator generation module generates identifier, root for the ciphertext block to be formed multiple ciphertext blocks to each ciphertext blocks Authenticator is generated according to the identifier and private key, and the ciphertext blocks and the authenticator are uploaded to cloud storage service device and are carried out Storage;
Checking request generates sending module, for sending integrality verification request to authentication server, so that authentication server root It is interacted with cloud storage service device to choose at least partly ciphertext blocks according to the integrality verification request, and calculates at least partly ciphertext The aggregation authenticator of block and the linear combination of at least partly ciphertext blocks, then make authentication server according to the aggregation authenticator, The linear combination and public key carry out integrity verification and verification result are back to terminal, wherein aggregation authenticator is at least The company of the random number power of the authenticator of part ciphertext blocks multiplies, and linear combination is that at least partly ciphertext blocks are respectively multiplied with random number After sum.
7. terminal according to claim 6, which is characterized in that the encrypting module, for being directed to different file configurations Allow the attribute of accessed visitor different.
8. terminal according to claim 7, which is characterized in that the authenticator generation module, for according to following manner Calculate the authenticator σ of the τ ciphertext blocksτ
τ=1 ..., n;
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
9. a kind of authentication server, which is characterized in that including:
Receiving module, the integrality verification request for receiving terminal transmission;
Intermediate parameters obtain module, for the integrality verification request that is sent according to the terminal interacted with cloud storage service device come At least partly ciphertext blocks are chosen, and calculate the linear of at least partly the aggregation authenticator of ciphertext blocks and at least partly ciphertext blocks Combination, or receive that the cloud storage service device calculates this at least partly the aggregation authenticator of ciphertext blocks and this at least partly The linear combination of ciphertext blocks;Aggregation authenticator is that the company of at least partly random number power of the authenticator of ciphertext blocks multiplies, linear group It is combined into after at least partly ciphertext blocks are respectively multiplied with random number and sums;
Authentication module, for carrying out integrity verification according to the aggregation authenticator, the linear combination and public key and will verify As a result it is back to terminal, the ciphertext that the terminal uploads is stored in cloud storage service device, and is divided by ciphertext multiple close The authenticator of literary block respective identifier and private key generation.
10. according to authentication server shown in claim 9, which is characterized in that the authentication module, for as follows by judging The whether true carry out integrity verification of equation, if so, then file is complete, and file is imperfect if invalid:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
11. data integrity validation system under a kind of cloud environment, which is characterized in that including terminal, authentication server and cloud storage Server, the terminal is using the terminal described in claim 6-8 any one;
The authentication server is using the authentication server described in claim 9-10 any one;
It is stored with the ciphertext that the terminal uploads in the cloud storage service device, and the multiple ciphertext blocks being divided by ciphertext are respectively Identifier and private key generate authenticator.
CN201810004777.3A 2018-01-03 2018-01-03 Data integrity verification method and system, terminal and authentication server under cloud environment Pending CN108616497A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810004777.3A CN108616497A (en) 2018-01-03 2018-01-03 Data integrity verification method and system, terminal and authentication server under cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810004777.3A CN108616497A (en) 2018-01-03 2018-01-03 Data integrity verification method and system, terminal and authentication server under cloud environment

Publications (1)

Publication Number Publication Date
CN108616497A true CN108616497A (en) 2018-10-02

Family

ID=63658334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810004777.3A Pending CN108616497A (en) 2018-01-03 2018-01-03 Data integrity verification method and system, terminal and authentication server under cloud environment

Country Status (1)

Country Link
CN (1) CN108616497A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547413A (en) * 2018-10-23 2019-03-29 莆田学院 The access control method of convertible data cloud storage with data source authentication
CN109871698A (en) * 2019-01-14 2019-06-11 深圳市奥特尔软件技术有限公司 Data processing method, device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
CN106790303A (en) * 2017-03-23 2017-05-31 西安电子科技大学 The data integrity verification method completed by third party in cloud storage
CN107172071A (en) * 2017-06-19 2017-09-15 陕西师范大学 A kind of cloud Data Audit method and system based on attribute

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699851A (en) * 2013-11-22 2014-04-02 杭州师范大学 Remote data completeness verification method facing cloud storage
CN104811450A (en) * 2015-04-22 2015-07-29 电子科技大学 Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing
CN106790303A (en) * 2017-03-23 2017-05-31 西安电子科技大学 The data integrity verification method completed by third party in cloud storage
CN107172071A (en) * 2017-06-19 2017-09-15 陕西师范大学 A kind of cloud Data Audit method and system based on attribute

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ROUSELAKIS Y等: "Practical Constructions and New Proof Methods for Large Universe Attribute-Based Encryption", 《PROCEEDINGS OF THE 20TH ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 *
YANG G等: "Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability", 《JOURNAL OF SYSTEMS AND SOFTWARE》 *
YANJIANG YANG等: "Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data", 《PROCEEDINGS OF THE 20TH EUROPEAN SYMPOSIUM ON》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547413A (en) * 2018-10-23 2019-03-29 莆田学院 The access control method of convertible data cloud storage with data source authentication
CN109547413B (en) * 2018-10-23 2021-04-27 莆田学院 Access control method of convertible data cloud storage with data source authentication
CN109871698A (en) * 2019-01-14 2019-06-11 深圳市奥特尔软件技术有限公司 Data processing method, device, computer equipment and storage medium
CN109871698B (en) * 2019-01-14 2021-10-26 深圳市奥特尔软件技术有限公司 Data processing method, data processing device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
Zhao et al. Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems
CN111259070B (en) Method and related device for storing and acquiring service data
Ren et al. Mutual verifiable provable data auditing in public cloud storage
CN106254374B (en) A kind of cloud data public audit method having duplicate removal function
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
CN106357701B (en) The integrity verification method of data in cloud storage
CN107800688A (en) A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption
CN103731261B (en) Secret key distribution method under encrypted repeating data deleted scene
CN105721158A (en) Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system
CN109194466A (en) A kind of cloud data integrity detection method and system based on block chain
US9071445B2 (en) Method and system for generating implicit certificates and applications to identity-based encryption (IBE)
CN110213042A (en) A kind of cloud data duplicate removal method based on no certification agency re-encryption
CN102611749A (en) Cloud-storage data safety auditing method
CN107483585A (en) The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN106487786B (en) Cloud data integrity verification method and system based on biological characteristics
CN105978695A (en) Batch self-auditing method for cloud storage data
CN103425941A (en) Cloud storage data integrity verification method, equipment and server
CN108123934A (en) A kind of data integrity verifying method towards mobile terminal
CN105227317A (en) A kind of cloud data integrity detection method and system supporting authenticator privacy
CN105515778B (en) Cloud storage data integrity services signatures method
CN107864037A (en) SM9 Combination with Digital endorsement method and device
CN113886856A (en) Dual verifiable cloud storage method based on block chain
CN110932854A (en) Block chain key distribution system and method for Internet of things
CN106790311A (en) Cloud Server stores integrality detection method and system
CN105376064A (en) Anonymous message authentication system and message signing method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181002

RJ01 Rejection of invention patent application after publication