CN108616497A - Data integrity verification method and system, terminal and authentication server under cloud environment - Google Patents
Data integrity verification method and system, terminal and authentication server under cloud environment Download PDFInfo
- Publication number
- CN108616497A CN108616497A CN201810004777.3A CN201810004777A CN108616497A CN 108616497 A CN108616497 A CN 108616497A CN 201810004777 A CN201810004777 A CN 201810004777A CN 108616497 A CN108616497 A CN 108616497A
- Authority
- CN
- China
- Prior art keywords
- authenticator
- ciphertext blocks
- ciphertext
- partly
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses data integrity verification methods under a kind of cloud environment, including:Accessed visitor's attribute is allowed to be encrypted to form ciphertext file configuration;Ciphertext block is formed into multiple ciphertext blocks, identifier is generated to each ciphertext blocks, authenticator is generated according to identifier and private key;Integrality verification request is sent to authentication server, authentication server interacts to choose at least partly ciphertext blocks with cloud storage service device, and calculate at least partly aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks, so that authentication server is carried out integrity verification according to aggregation authenticator, linear combination and public key again and verification result is back to terminal, aggregation authenticator is that the company of at least partly random number power of the authenticator of ciphertext blocks multiplies, and linear combination is that at least partly ciphertext blocks are summed after being respectively multiplied with random number.The present invention can reduce the transmission quantity of data, and user experience is high.
Description
Technical field
The present invention relates to field of information security technology, more particularly under a kind of cloud environment data integrity verification method and
System, terminal and authentication server.
Background technology
With the rapid development of cloud computing, resource is locally stored in order to save in more and more personal and enterprises, can be him
Sensitive data be stored in remote cloud server.In practical applications, typically at least there is following two points requirement:First, it protects
Close property requirement requires nothing more than the user that satisfaction offer data person offers and checks;Second, the integrity demands of data, it is desirable that number
It is complete according to remaining.
However, in the prior art for integrity demands for data, using regularly by the data on Cloud Server
It sends back to be checked, since the data volume periodically transmitted is larger, user can not be made to enjoy cloud service well
The facility that device is brought, that is, poor user experience.
Invention content
To solve one of the technical problems existing in the prior art, the present invention provides data integrity under a kind of cloud environment
Verification method and system, terminal and authentication server, it is possible to reduce volume of transmitted data, user experience are high.
The present invention provides data integrity verification method under a kind of cloud environment, application terminal, the integrity verification sides
Method includes the following steps:
File configuration is allowed accessed visitor's attribute to be encrypted to form ciphertext and be uploaded to cloud storage service device
Storage;
The ciphertext block is formed into multiple ciphertext blocks, identifier is generated to each ciphertext blocks, according to the identifier and
Private key generates authenticator, and the ciphertext blocks and the authenticator are uploaded to cloud storage service device and are stored;
Integrality verification request is sent to authentication server, so that authentication server interacts to select with cloud storage service device
It takes at least partly ciphertext blocks, and calculates linear group of at least partly aggregation authenticator of ciphertext blocks and at least partly ciphertext blocks
It closes, then so that the authentication server is carried out integrity verification according to the aggregation authenticator, the linear combination and public key and incite somebody to action
Verification result is back to terminal, wherein aggregation authenticator is the company of at least partly random number power of the authenticator of ciphertext blocks
Multiply, linear combination is that at least partly ciphertext blocks are summed after being respectively multiplied with random number.
Preferably, include the following steps:
Allow the attribute of accessed visitor different for different file configurations.
Preferably, the authenticator σ of the τ ciphertext blocks is calculated as followsτ:
τ=1 ..., n
Wherein, n is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
idτIndicate the identifier of the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
The present invention also provides data integrity verification method under a kind of cloud environment, application verification server, including following step
Suddenly:
Receive the integrality verification request that terminal is sent;
The integrality verification request sent according to the terminal interacts to choose at least partly ciphertext with cloud storage service device
Block, and at least partly the aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks is calculated, and according to institute
Aggregation authenticator, the linear combination and public key is stated to carry out integrity verification and verification result is back to terminal, cloud storage clothes
The ciphertext that the terminal uploads is stored in business device, and the respective identifier of multiple ciphertext blocks and private key being divided by ciphertext
The authenticator of generation.
Preferably, the step of progress integrity verification, including:
Judge the whether true carry out integrity verification of following equation, if so, then file is complete, the file if invalid
It is imperfect:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
The present invention also provides a kind of terminals, including:
Encrypting module to form ciphertext and upload for allowing accessed visitor's attribute to be encrypted file configuration
It is stored to cloud storage service device;
Authenticator generation module generates each ciphertext blocks and identifies for the ciphertext block to be formed multiple ciphertext blocks
Symbol generates authenticator according to the identifier and private key, and the ciphertext blocks and the authenticator is uploaded to cloud storage service
Device is stored;
Checking request generates sending module, for sending integrality verification request to authentication server, so that the service for checking credentials
Device interacts to choose at least partly ciphertext blocks according to the integrality verification request with cloud storage service device, and calculates at least portion
The linear combination of the aggregation authenticator of point ciphertext blocks and at least partly ciphertext blocks, then make authentication server according to the aggregation
Authenticator, the linear combination and public key carry out integrity verification and verification result are back to terminal, wherein aggregation certification
Symbol be at least partly random number power of the authenticator of ciphertext blocks company multiply, linear combination be at least partly ciphertext blocks respectively with
Random number is summed after being multiplied.
Preferably, the encrypting module, for allowing the attribute of accessed visitor for different file configurations not
Together.
Preferably, the authenticator generation module, the certification for calculating the τ ciphertext blocks according to following manner
Accord with στ:
τ=1 ..., n;
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
The present invention also provides a kind of authentication servers, including:
Receiving module, the integrality verification request for receiving terminal transmission;
Intermediate parameters obtain module, the integrality verification request for being sent according to the terminal and cloud storage service device
It interacts to choose at least partly ciphertext blocks, and calculates at least partly the aggregation authenticator of ciphertext blocks and at least partly ciphertext
The linear combination of block, or receive that the cloud storage service device calculates this at least partly the aggregation authenticator of ciphertext blocks and
The linear combination of at least partly ciphertext blocks;Assemble authenticator for at least partly random number power of the authenticator of ciphertext blocks
Lian Cheng, linear combination are that at least partly ciphertext blocks are summed after being respectively multiplied with random number;
Authentication module, for carrying out integrity verification according to the aggregation authenticator, the linear combination and public key and inciting somebody to action
Verification result is back to terminal, and the ciphertext that the terminal uploads is stored in cloud storage service device, and is divided by ciphertext more
The authenticator of a ciphertext blocks respective identifier and private key generation.
Preferably, the authentication module judges the whether true carry out integrity verification of following equation for passing through, if at
Vertical, then file is complete, and file is imperfect if invalid:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
The present invention also provides data integrity validation systems under a kind of cloud environment, including terminal, authentication server and cloud to deposit
Server is stored up, the terminal uses above-mentioned terminal;The authentication server uses above-mentioned authentication server;The cloud storage clothes
The ciphertext that the terminal uploads is stored in business device, and the respective identifier of multiple ciphertext blocks and private key being divided by ciphertext
The authenticator of generation.
The invention has the advantages that:
For the present invention when needing to carry out integrity verification to file, terminal (being located at data uploader side) only needs will be public
Key is sent to authentication server, and authentication server can have been carried out in conjunction with result of calculation (including aggregation authenticator and linear combination)
Integrity verification, this substantially reduces volume of transmitted data compared with needing periodically to return to total data in the prior art and check,
Communication fee is saved, user experience is high.
Description of the drawings
Fig. 1 is the working timing figure of data integrity verification method under cloud environment provided in an embodiment of the present invention;
Fig. 2 is the functional block diagram of terminal provided in an embodiment of the present invention;
Fig. 3 is the functional block diagram of authentication server provided in an embodiment of the present invention.
Specific implementation mode
To make those skilled in the art more fully understand technical scheme of the present invention, below in conjunction with the accompanying drawings to the present invention
Data integrity verification method and system, terminal and authentication server are described in detail under the cloud environment of offer.
Embodiment 1
The environment that data integrity verification method is applied under cloud environment provided in an embodiment of the present invention is terminal, storage clothes
Business device and authentication server, wherein terminal is in data uploader side, and storage server and authentication server are in server
Side.
Data integrity verification method under cloud environment provided in an embodiment of the present invention is described in detail with reference to Fig. 1, specifically
Ground includes the following steps:
S1, to file configuration allow accessed visitor's attribute be encrypted to form ciphertext and be uploaded to cloud storage clothes
Business device storage.
Wherein, file belongs to semi-shared file.Terminal-pair file configuration allows accessed visitor's attribute, in this way, tool
Have the visitor of the attribute can allow access this document, actually it is, to paper formulation access strategy (M, p) into
Row encryption, to ensure the safety of this document.
Furthermore it is preferred that terminal for different file configurations allow the attribute of accessed visitor it is different (or
Say, the different access strategies of use are encrypted) in this way, can prevent from after visitor obtains some file, utilizing gained
To attribute key other files are decrypted.
S2 forms multiple ciphertext blocks, each ciphertext blocks CH of terminal-pair according to terminal-pair ciphertext block is uploadedτ(τ=1,
2 ... ... n) generate identifier idτ(τ=1,2 ... ... n, n are the sum of ciphertext blocks);According to indications idτWith private key SKDO
(being held by data uploader) generates ciphertext blocks CHτAuthenticator στ, and by ciphertext blocks CHτWith authenticator στIt is uploaded to cloud
Storage server, cloud storage service device preserve corresponding ciphertext blocks CHτWith authenticator στ。
Preferably, the authenticator of the τ ciphertext blocks calculates as follows:
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
Preferably, cloud storage service device stores ciphertext blocks and corresponding authenticator with following storage format:Identifier
| | authenticator | | ciphertext blocks.
S3, terminal send out integrality verification request to authentication server.
S4, authentication server choose at least partly ciphertext blocks and are sent to cloud storage service device.
Specifically, authentication server chooses at least partly ciphertext, and sequence is ch={ (idτ,fτ)}τ∈D, wherein
D={ s1,s2,……scIt is the subset gathered in [1, n], wherein fτFor random number,For using p as in the residual class ring of mould
Nonzero element set, p is prime number.
For the relatively whole ciphertext blocks of authentication server selected part ciphertext blocks, it is possible to reduce calculation amount, so as to
To improve the efficiency of integrity verification.
S5, cloud storage service device calculate at least partly ciphertext blocks CHτAggregation authenticator σ and part ciphertext blocks CHτ's
Linear combination μ is simultaneously sent to authentication server.
Wherein, aggregation authenticator σ is at least partly ciphertext blocks CHτAuthenticator στThe company of random number power multiply:
Wherein, fτFor random number.
Linear combination μ is at least partly ciphertext blocks CHτWith sum after being multiplied of random number:
μ=∑τ∈DfτCHτ, wherein fτFor random number.
S6, authentication server is according to aggregation authenticator σ, linear combination μ and public key PKDOIt (is held by data uploader
Have) carry out integrity verification.
Preferably, judge the whether true carry out integrity verification of following equation, if so, then file is complete, if invalid
Then file is imperfect:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
Described herein to be, the calculating process of above-mentioned equation is as follows:
In verification process stipulations to discrete logarithm problem, show that verification process is safely and effectively.
Described herein to be, Bilinear map mapping has following property:
If G and GTIt is two p rank multiplicative cyclic groups, p is the random generation member that prime number .g is crowd G, if mapping e:G×G→
GTFollowing three properties can be met, then claim e:G×G→GTIt is mapped for Bilinear map:
Bilinearity:ForWithThere are e (ua,vb)=e (u, v)ab;
Non-degeneracy:e(g,g)≠1;
Computability:ForThere are an algorithms, and e (u, v) is calculated within effective time.
Verification result is back to terminal by S7, authentication server.
From the foregoing, it will be observed that data integrity verification method under cloud environment provided in an embodiment of the present invention, terminal carries out ciphertext
Piecemeal simultaneously combines private key to generate authenticator, and ciphertext, ciphertext blocks and authenticator are uploaded and are stored in cloud storage service device,
When needing to carry out integrity verification to file, terminal only needs public key being sent to authentication server, and authentication server can be tied
Close the result of calculation (including aggregation authenticator and linear combination) that cloud storage service device returns and carry out integrity verification, this with it is existing
Have and need periodically to compare total data return inspection in technology, substantially reduces volume of transmitted data, saved communication fee,
User experience is high.
Need it is described herein be, although be in the present embodiment cloud storage service device calculate at least partly ciphertext blocks CHτ
Aggregation authenticator σ and at least partly ciphertext blocks CHτLinear combination μ and be sent to authentication server, still, the present invention
Do not limit to and this can send ciphertext blocks and certification with cloud storage service device to authentication server in practical applications
Symbol, authentication server calculate aggregation authenticator σ and linear combination μ according to ciphertext blocks and authenticator, are finally tied further according to calculating
Fruit and public key carry out integrity verification.
Embodiment 2
Fig. 2 is the functional block diagram that Fig. 2 provided in an embodiment of the present invention is terminal provided in an embodiment of the present invention;It please refers to
Fig. 2, terminal 10 provided in an embodiment of the present invention include:Encrypting module 101, authenticator generation module 102 and request to generate transmission
Module 103.
Wherein, encrypting module 101 is for allowing accessed visitor's attribute to be encrypted to form ciphertext file configuration
And it is uploaded to the storage of cloud storage service device;
Authenticator generation module 102 is used to ciphertext block forming multiple ciphertext blocks, generates and identifies to each ciphertext blocks
Symbol generates authenticator according to identifier and private key, and ciphertext blocks and authenticator is uploaded to cloud storage service device and are stored;
Sending module 103 is requested to generate for sending integrality verification request to authentication server, so that authentication server
It is interacted according to integrality verification request with cloud storage service device to choose at least partly ciphertext blocks, and calculates at least partly ciphertext
The linear combination of the aggregation authenticator of block and at least partly ciphertext blocks, then make authentication server according to aggregation authenticator, linearly
Combination and public key carry out integrity verification and verification result are back to terminal, wherein aggregation authenticator is at least partly close
The company of the random number power of the authenticator of literary block multiplies, and linear combination is that at least partly ciphertext blocks are asked after being respectively multiplied with random number
With.
Preferably, encrypting module 101 is used to allow the attribute of accessed visitor not for different file configurations
Together.
Preferably, authenticator generation module 102 is used to calculate the authenticator of the τ ciphertext blocks according to following manner
στ:τ=1 ..., n
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
The particularly relevant content of terminal provided in this embodiment can be found in the related content in above-described embodiment 1, herein not
It is described in detail again.
Embodiment 3
Fig. 3 is the functional block diagram of authentication server provided in an embodiment of the present invention;Referring to Fig. 2, the embodiment of the present invention carries
The authenticator server 20 of confession includes:Receiving module 201, intermediate parameters obtain module 202 and authentication module 203.
Wherein, receiving module 201 is used to receive the integrality verification request of terminal transmission.
Intermediate parameters obtain the integrality verification request that module 202 is used to send according to terminal and are handed over cloud storage service device
At least partly ciphertext blocks mutually are chosen, and calculate at least partly the aggregation authenticator of ciphertext blocks and at least partly ciphertext blocks
Linear combination, or at least partly aggregation authenticator of ciphertext blocks and should that receives that the cloud storage service device calculates
At least partly linear combination of ciphertext blocks.
Authentication module 203 is used to carry out integrity verification according to aggregation authenticator, linear combination and public key and ties verification
Fruit is back to terminal, and the ciphertext that the terminal uploads is stored in cloud storage service device, and the multiple ciphertexts being divided by ciphertext
The authenticator that the respective identifier of block and private key generate.
The authentication module judges the whether true carry out integrity verification of following equation for passing through, if so, it is then literary
Part is complete, and file is imperfect if invalid:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
The particularly relevant content of authentication server provided in this embodiment can be found in the related content in above-described embodiment 1,
This will not be detailed here.
Embodiment 4
Data integrity validation system includes under cloud environment provided in an embodiment of the present invention:Terminal 10, authentication server 20
With cloud storage service device, terminal uses the terminal that above-described embodiment 2 provides;Authentication server uses the verification of above-described embodiment 3
Server;The ciphertext of terminal upload is stored in cloud storage service device, and the respective mark of multiple ciphertext blocks being divided by ciphertext
Know the authenticator that symbol and private key generate.
The course of work of data integrity validation system refers to above-mentioned implementation under cloud environment provided in an embodiment of the present invention
Data integrity verification method under the cloud environment that example 1 provides, this will not be detailed here.
Data integrity validation system under cloud environment provided in an embodiment of the present invention is needing to carry out integrality to file
When verification, terminal only needs public key being sent to authentication server, the meter that authentication server can be returned in conjunction with cloud storage service device
Calculate result (including aggregation authenticator and linear combination) and carry out integrity verification, this with need in the prior art periodically will be whole
Data return to inspection and compare, and substantially reduce volume of transmitted data, have saved communication fee, and user experience is high.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary reality that uses
Mode is applied, however the present invention is not limited thereto.For those skilled in the art, the present invention is not being departed from
Spirit and essence in the case of, various changes and modifications can be made therein, these variations and modifications be also considered as the present invention protection
Range.
Claims (11)
1. data integrity verification method under a kind of cloud environment, application terminal, which is characterized in that the integrity verification method packet
Include following steps:
To file configuration allow accessed visitor's attribute be encrypted to form ciphertext and be uploaded to cloud storage service device storage;
The ciphertext block is formed into multiple ciphertext blocks, identifier is generated to each ciphertext blocks, according to the identifier and private key
Authenticator is generated, and the ciphertext blocks and the authenticator are uploaded to cloud storage service device and are stored;
Integrality verification request is sent to authentication server, so that authentication server interacts to choose at least with cloud storage service device
Part ciphertext blocks, and at least partly aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks are calculated, then make
The authentication server according to the aggregation authenticator, the linear combination and public key carries out integrity verification and by verification result
It is back to terminal, wherein aggregation authenticator is that the company of at least partly random number power of the authenticator of ciphertext blocks multiplies, linear combination
It sums after being respectively multiplied with random number at least partly ciphertext blocks.
2. the data integrity verification method under cloud environment according to claim 1, which is characterized in that including following step
Suddenly:
Allow the attribute of accessed visitor different for different file configurations.
3. the data integrity verification method under cloud environment according to claim 1, which is characterized in that as follows
Calculate the authenticator σ of the τ ciphertext blocksτ:
τ=1 ..., n
Wherein, n is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
idτIndicate the identifier of the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
4. data integrity verification method under a kind of cloud environment, application verification server, which is characterized in that include the following steps:
Receive the integrality verification request that terminal is sent;
The integrality verification request sent according to the terminal interacts to choose at least partly ciphertext blocks with cloud storage service device, and
At least partly the aggregation authenticator of ciphertext blocks and the linear combination of at least partly ciphertext blocks is calculated, and according to the aggregation
Authenticator, the linear combination and public key carry out integrity verification and verification result are back to terminal, in cloud storage service device
It is stored with the ciphertext that the terminal uploads, and recognizing of generating of the respective identifier of multiple ciphertext blocks and private key being divided by ciphertext
Card symbol.
5. data integrity verification method under cloud environment according to claim 4, which is characterized in that the carry out integrality
The step of verification, including:
Judge the whether true carry out integrity verification of following equation, if so, then file is complete, and file is endless if invalid
It is whole:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
6. a kind of terminal, which is characterized in that including:
Encrypting module, for allowing accessed visitor's attribute to be encrypted to form ciphertext and be uploaded to cloud and deposit file configuration
Store up server storage;
Authenticator generation module generates identifier, root for the ciphertext block to be formed multiple ciphertext blocks to each ciphertext blocks
Authenticator is generated according to the identifier and private key, and the ciphertext blocks and the authenticator are uploaded to cloud storage service device and are carried out
Storage;
Checking request generates sending module, for sending integrality verification request to authentication server, so that authentication server root
It is interacted with cloud storage service device to choose at least partly ciphertext blocks according to the integrality verification request, and calculates at least partly ciphertext
The aggregation authenticator of block and the linear combination of at least partly ciphertext blocks, then make authentication server according to the aggregation authenticator,
The linear combination and public key carry out integrity verification and verification result are back to terminal, wherein aggregation authenticator is at least
The company of the random number power of the authenticator of part ciphertext blocks multiplies, and linear combination is that at least partly ciphertext blocks are respectively multiplied with random number
After sum.
7. terminal according to claim 6, which is characterized in that the encrypting module, for being directed to different file configurations
Allow the attribute of accessed visitor different.
8. terminal according to claim 7, which is characterized in that the authenticator generation module, for according to following manner
Calculate the authenticator σ of the τ ciphertext blocksτ:
τ=1 ..., n;
Wherein, idτFor the identifier of ciphertext blocks;
N is the sum of ciphertext blocks;
CHτIndicate the τ ciphertext blocks;
SKDOIndicate private key;
H is hash function, and u is a random element of p rank multiplicative cyclic groups, and p is prime number.
9. a kind of authentication server, which is characterized in that including:
Receiving module, the integrality verification request for receiving terminal transmission;
Intermediate parameters obtain module, for the integrality verification request that is sent according to the terminal interacted with cloud storage service device come
At least partly ciphertext blocks are chosen, and calculate the linear of at least partly the aggregation authenticator of ciphertext blocks and at least partly ciphertext blocks
Combination, or receive that the cloud storage service device calculates this at least partly the aggregation authenticator of ciphertext blocks and this at least partly
The linear combination of ciphertext blocks;Aggregation authenticator is that the company of at least partly random number power of the authenticator of ciphertext blocks multiplies, linear group
It is combined into after at least partly ciphertext blocks are respectively multiplied with random number and sums;
Authentication module, for carrying out integrity verification according to the aggregation authenticator, the linear combination and public key and will verify
As a result it is back to terminal, the ciphertext that the terminal uploads is stored in cloud storage service device, and is divided by ciphertext multiple close
The authenticator of literary block respective identifier and private key generation.
10. according to authentication server shown in claim 9, which is characterized in that the authentication module, for as follows by judging
The whether true carry out integrity verification of equation, if so, then file is complete, and file is imperfect if invalid:
Wherein, e refers to Bilinear map mapping;
E (g, σ) indicates a Bilinear map operation;
G indicates the random generation member of p rank multiplicative cyclic groups, and p is prime number;
σ indicates aggregation authenticator;
μ indicates linear combination;
fτFor random number,For using p as the nonzero element set in the residual class ring of mould;
U is a random element of p rank multiplicative cyclic groups;
PKDOIndicate public key.
11. data integrity validation system under a kind of cloud environment, which is characterized in that including terminal, authentication server and cloud storage
Server, the terminal is using the terminal described in claim 6-8 any one;
The authentication server is using the authentication server described in claim 9-10 any one;
It is stored with the ciphertext that the terminal uploads in the cloud storage service device, and the multiple ciphertext blocks being divided by ciphertext are respectively
Identifier and private key generate authenticator.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810004777.3A CN108616497A (en) | 2018-01-03 | 2018-01-03 | Data integrity verification method and system, terminal and authentication server under cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810004777.3A CN108616497A (en) | 2018-01-03 | 2018-01-03 | Data integrity verification method and system, terminal and authentication server under cloud environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108616497A true CN108616497A (en) | 2018-10-02 |
Family
ID=63658334
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810004777.3A Pending CN108616497A (en) | 2018-01-03 | 2018-01-03 | Data integrity verification method and system, terminal and authentication server under cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108616497A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547413A (en) * | 2018-10-23 | 2019-03-29 | 莆田学院 | The access control method of convertible data cloud storage with data source authentication |
CN109871698A (en) * | 2019-01-14 | 2019-06-11 | 深圳市奥特尔软件技术有限公司 | Data processing method, device, computer equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103699851A (en) * | 2013-11-22 | 2014-04-02 | 杭州师范大学 | Remote data completeness verification method facing cloud storage |
CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
CN106790303A (en) * | 2017-03-23 | 2017-05-31 | 西安电子科技大学 | The data integrity verification method completed by third party in cloud storage |
CN107172071A (en) * | 2017-06-19 | 2017-09-15 | 陕西师范大学 | A kind of cloud Data Audit method and system based on attribute |
-
2018
- 2018-01-03 CN CN201810004777.3A patent/CN108616497A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103699851A (en) * | 2013-11-22 | 2014-04-02 | 杭州师范大学 | Remote data completeness verification method facing cloud storage |
CN104811450A (en) * | 2015-04-22 | 2015-07-29 | 电子科技大学 | Data storage method based on identity in cloud computing and integrity verification method based on identity in cloud computing |
CN106790303A (en) * | 2017-03-23 | 2017-05-31 | 西安电子科技大学 | The data integrity verification method completed by third party in cloud storage |
CN107172071A (en) * | 2017-06-19 | 2017-09-15 | 陕西师范大学 | A kind of cloud Data Audit method and system based on attribute |
Non-Patent Citations (3)
Title |
---|
ROUSELAKIS Y等: "Practical Constructions and New Proof Methods for Large Universe Attribute-Based Encryption", 《PROCEEDINGS OF THE 20TH ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 * |
YANG G等: "Enabling public auditing for shared data in cloud storage supporting identity privacy and traceability", 《JOURNAL OF SYSTEMS AND SOFTWARE》 * |
YANJIANG YANG等: "Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data", 《PROCEEDINGS OF THE 20TH EUROPEAN SYMPOSIUM ON》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547413A (en) * | 2018-10-23 | 2019-03-29 | 莆田学院 | The access control method of convertible data cloud storage with data source authentication |
CN109547413B (en) * | 2018-10-23 | 2021-04-27 | 莆田学院 | Access control method of convertible data cloud storage with data source authentication |
CN109871698A (en) * | 2019-01-14 | 2019-06-11 | 深圳市奥特尔软件技术有限公司 | Data processing method, device, computer equipment and storage medium |
CN109871698B (en) * | 2019-01-14 | 2021-10-26 | 深圳市奥特尔软件技术有限公司 | Data processing method, data processing device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhao et al. | Blockchain-based privacy-preserving remote data integrity checking scheme for IoT information systems | |
CN111259070B (en) | Method and related device for storing and acquiring service data | |
Ren et al. | Mutual verifiable provable data auditing in public cloud storage | |
CN106254374B (en) | A kind of cloud data public audit method having duplicate removal function | |
Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
CN106357701B (en) | The integrity verification method of data in cloud storage | |
CN107800688A (en) | A kind of high in the clouds data deduplication and integrality auditing method based on convergent encryption | |
CN103731261B (en) | Secret key distribution method under encrypted repeating data deleted scene | |
CN105721158A (en) | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system | |
CN109194466A (en) | A kind of cloud data integrity detection method and system based on block chain | |
US9071445B2 (en) | Method and system for generating implicit certificates and applications to identity-based encryption (IBE) | |
CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
CN102611749A (en) | Cloud-storage data safety auditing method | |
CN107483585A (en) | The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment | |
CN106487786B (en) | Cloud data integrity verification method and system based on biological characteristics | |
CN105978695A (en) | Batch self-auditing method for cloud storage data | |
CN103425941A (en) | Cloud storage data integrity verification method, equipment and server | |
CN108123934A (en) | A kind of data integrity verifying method towards mobile terminal | |
CN105227317A (en) | A kind of cloud data integrity detection method and system supporting authenticator privacy | |
CN105515778B (en) | Cloud storage data integrity services signatures method | |
CN107864037A (en) | SM9 Combination with Digital endorsement method and device | |
CN113886856A (en) | Dual verifiable cloud storage method based on block chain | |
CN110932854A (en) | Block chain key distribution system and method for Internet of things | |
CN106790311A (en) | Cloud Server stores integrality detection method and system | |
CN105376064A (en) | Anonymous message authentication system and message signing method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181002 |
|
RJ01 | Rejection of invention patent application after publication |