CN109872787A - A kind of publication of distributed data and method for subscribing - Google Patents
A kind of publication of distributed data and method for subscribing Download PDFInfo
- Publication number
- CN109872787A CN109872787A CN201910107787.4A CN201910107787A CN109872787A CN 109872787 A CN109872787 A CN 109872787A CN 201910107787 A CN201910107787 A CN 201910107787A CN 109872787 A CN109872787 A CN 109872787A
- Authority
- CN
- China
- Prior art keywords
- data
- publication
- distributed
- subscribing
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 230000007246 mechanism Effects 0.000 claims abstract description 21
- 238000013475 authorization Methods 0.000 claims abstract description 14
- 238000012946 outsourcing Methods 0.000 claims abstract description 10
- 230000008569 process Effects 0.000 claims description 16
- 238000013507 mapping Methods 0.000 claims description 12
- 239000011159 matrix material Substances 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 5
- 238000012360 testing method Methods 0.000 claims description 5
- 239000008186 active pharmaceutical agent Substances 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 238000005457 optimization Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000004744 fabric Substances 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000004576 sand Substances 0.000 description 1
- 235000015170 shellfish Nutrition 0.000 description 1
- 238000000547 structure data Methods 0.000 description 1
- 230000032258 transport Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of publication of distributed data and method for subscribing, include the following steps: S1) attribute management is distributed to distributed independent insincere authorization server by single Centre Authorization Service device to construct the attribute base access control mechanisms of distributed non-stop layer;S2) the searching ciphertext strategy for supporting monotone Boolean function is dissolved into during data subscription;S3) the issue mechanism combined using on-line/off-line data, and outsourcing data subscription mechanism.Distributed data publication provided by the invention and method for subscribing support dull boolean's searching ciphertext strategy and efficiently calculate outsourcing, have flexible data sharing and access control mechanisms, can be realized the safe and efficient data publication under distributed environment and subscribe to.
Description
Technical field
It issues and orders the present invention relates to a kind of data publication and method for subscribing more particularly to a kind of non-stop layer distributed data
Read method.
Background technique
The purpose of data publication and method for subscribing is to provide flexible data sharing and the data acquisition of optional theme takes
Business.
Data subscription person can subscribe to relevant data according to their interest topic from data publisher.For example, section
The worker of grinding can subscribe to interested paper information from specified research institution, meanwhile, in electronic medical system, doctor can also
To obtain relevant patient, case research data etc. from system according to existing illness information.
Since data volume is big, required processing speed is fast, it is difficult to deposit on the basis of existing infrastructure and tool
Store up, manage, share, analyze and visualize these mass datas.
The mass data generated in these daily lifes, the data servers such as cloud platform are powerful by economical
Storage and computing resource, free from controvery become most suitable data publication and subscribe to platform.
The data being stored on data server are sensitive information, such as the case data of patient etc. a bit.In addition, subscribing to
The interested subject information of person also contains the concern of subscriber, also belongs to sensitive information.
However, the data servers such as Cloud Server may be half believable, it can the scheduled friendship of honest execution
Mutual agreement, but can be to letters such as the privacy informations of data publisher and subscriber, including clear data, searching interest, search key
It ceases interested, and attempts to obtain the unauthorized access to these data.
Half due to data server is credible, and data publication and ordering system have three personal secrets: first
It is the privacy of data text, that is, prevents server or other unauthorized users from accessing sensitive data text itself;Secondly, by
In in data publication and ordering system, the data of publication are generally bound with one group of theme label, and label contains data text
Originally the subject key words having, it is therefore necessary to guarantee that label can not reveal these subject key words;Finally, the inspection of data subscription person
Rope token contains the information deeply concerned (theme etc.) of subscriber, should not also reveal these information.
Data encryption is the method for effective protection data privacy.However, traditional encryption method is copied more due to ciphertext
The cipher key management considerations (symmetric cryptography) of shellfish (public key encryption) and complexity, are not suitable for encrypting mass data and being shared.
Flexible data sharing may be implemented in encryption (ABE) based on attribute, it generates the copy of a ciphertext for multiple users, relies on
It encrypts predicate and realizes fine-grained access control, therefore can be applied in the data publication ordering system of one-to-many.
However, directly applying ABE in data publication ordering system, and regard theme label the method for attribute as not
It is feasible, because traditional ABE method does not have the mechanism of protection label privacy.Meanwhile directly retrieval token being equal to
There is the risk of leakage privacy of user in the way of private key for user, and generate " authorization center-user " interaction machine that private key is based on
System can also bring biggish computing cost to system.
Can search for encryption (SE) mechanism may be implemented to label and retrieves the secret protection of token.However, many SE schemes
Only support sole user's retrieval, and search strategy is only supported simple essentially equal or matched with door, cannot achieve flexible
Search strategy.
Meanwhile most of SE schemes all consider in centralization environment, the distribution at trusted authorization center complete for non-stop layer
How flexible and efficient data publication and subscription service are realized in formula environment, and there are no effective solution schemes.In addition, due to moving
Moved end is popularized, and scheme efficiency also becomes the bottleneck of practical application, the storage computing cost of terminal user is reduced, for side
The application of case is of great significance.
Summary of the invention
Technical problem to be solved by the invention is to provide a kind of publication of distributed data and method for subscribing, support dull cloth
That searching ciphertext strategy and efficiently calculating outsourcing, have flexible data sharing and access control mechanisms, can be realized distribution
Safe and efficient data publication and subscription under environment.
The present invention is to solve above-mentioned technical problem and the technical solution adopted is that providing a kind of publication of distributed data and ordering
Read method, include the following steps: S1) attribute management is distributed to by single Centre Authorization Service device it is distributed independent insincere
Authorization server is to construct the attribute base access control mechanisms of distributed non-stop layer;S2 the close of monotone Boolean function) will be supported
Literary search strategy is dissolved into during data subscription;S3) the issue mechanism combined using on-line/off-line data, and outsourcing number
According to subscribing mechanism.
Above-mentioned distributed data publication and method for subscribing, wherein the step S1 is awarded using distribution is independent mutually
Power server is managed control to the attribute of data publisher and data subscription person.
Above-mentioned distributed data publication and method for subscribing, wherein the step S2 realizes number using two layers of predicate structure
According to publication and subscription procedure: first layer encrypts predicate structure and is used for matched data Subscriber Properties, and the second layer retrieves predicate structure
Data subject for matched data subscriber's concern.
Above-mentioned distributed data publication and method for subscribing, wherein the step S2 further includes specifying for data subscription person
Interested Data subject keyword, and construct and retrieve predicate and subscription about the monotone Boolean function of Data subject keyword
Token Token, to realize the data subscription of user's concern.
Above-mentioned distributed data publication and method for subscribing, wherein the step S2 using it is linear share strategy LSSS into
The expression of row strategy and token computation;Meanwhile only covering the matrix data in LSSS in token and upload server, and incite somebody to action
Mapping function is stored in local.
Above-mentioned distributed data publication and method for subscribing, wherein the step S3 is in the issuing process of data, first
Data are based on encryption predicate to be encrypted to obtain ciphertext CT, and then label will be used as after the encryption of the subject key words of data correlation
Tag={ tag1,tag2,…,tagnBe attached on CT, and issue CT | | on Tag to data server.
Above-mentioned distributed data publication and method for subscribing, wherein the step S3 by the issuing process of data be divided into from
Line Offline stage and online Online stage;The online Online stage is responsible for processing and data text, encryption predicate and master
Inscribe the relevant lightweight operation of keyword;The offline Offline stage is used to handle complicated data publication operation, including is had
Limit the exponent arithmetic on group G or Bilinear map operation.
Above-mentioned distributed data publication and method for subscribing, wherein data subscription mechanism is divided into data by the step S3
Positioning stage, proxy data decryption phase and user's decryption phase;In data positioning stage, data server detects first
Subscriber Properties whether the encryption predicate of matched data, if mismatch if abandon current data;Otherwise, it is submitted according to subscriber
Subscription token Token, calculating judge whether the theme label of current data matches with Token, if it does, illustrating that data are
User's concern data, server carry out part decryption using Token in proxy data decryption phase, and return to User Part decryption
Ciphertext;Finally plaintext ordered by user is formed in user's decryption phase.
Above-mentioned distributed data publication and method for subscribing, wherein the offline Offline stage only inputs in the step S3
System common parameter, server public key and authorization center public key, export offline ciphertext and intermediate state;For subject key words
The specified maximum keyword number in part simultaneously establishes offline label;In the step S3 the online Online stage input publication data, in
Between state and offline label, export practical ciphertext and encrypt label;The step S3 will be offline in proxy data decryption phase
Ciphertext and online ciphertext are assembled into ciphertext to be decrypted.
Above-mentioned distributed data publication and method for subscribing, wherein the step S3 further includes by the public affairs of data server
Key is dissolved into data publication and token generating process, and given server executes Data subject Keywords matching process, and resists
Offline keyword test attack;The token is generated using randomized algorithm, unrelated between each token, and the token can
It is transmitted in open channel.
The present invention, which compares the prior art, to be had following the utility model has the advantages that distributed data provided by the invention is issued and subscriber
Method introduces monotone Boolean function as subject key words search strategy and constitutes search predicate to improve subscription flexibility, introduces
The publication of line/off-line data and calculate outsourcing mechanism and improve terminal user and store computational efficiency, introduce non-stop layer attribute management with
Key generting machanism passes through flexible data sharing and access is controlled to construct the data publication method for subscribing of distributed non-stop layer
Making mechanism is realized the safe and efficient data publication under distributed environment and is subscribed to.
Detailed description of the invention
Fig. 1 is the system model configuration diagram of distributed data of the present invention publication and method for subscribing;
Fig. 2 is that distributed data of the present invention is issued and subscribes to flow chart.
Specific embodiment
The invention will be further described with reference to the accompanying drawings and examples.
Fig. 1 is the system model configuration diagram of distributed data of the present invention publication and method for subscribing.
Referring to Figure 1, include four class entities in the method for the present invention: being independently distributed authorization center AA, the data server of formula
DS, data publisher Publisher and data subscription person Subscriber.
Between distributed independent authentication centre AA there is no communication, can it is independent according to oneself monitoring attribute be number
Key is generated according to publisher and subscriber, AA may be broken through and be revealed by opponent its private key, can also conspire with data subscription person
Attack attempts to obtain the subscription power of the data of unauthorized.
DS has data storage and computing capability, can store the data of publication, and interested for data subscription person positioning
Data, be data subscription person ciphertext data to mitigate subscriber's local computing pressure.
Data publisher defines encryption predicate and subject key words, and encryption data and theme label, data publication
Person is believable in systems.
Data subscription person is locally generated retrieval token, and is sent to the end DS for subscribing to data, decrypts receiving part
After ciphertext, subscriber can obtain interested clear data after executing lesser calculation amount.Data subscription person is insincere
, collusion attack can be executed or steal the private key data in AA.
Distributed data provided by the invention publication and method for subscribing are a kind of dull boolean's searching ciphertext strategies of supports with
Efficiently calculate distributed data publication and the method for subscribing of outsourcing, including following procedure:
1): in order to realize data publication and method for subscribing in non-stop layer environment, the attribute management of user being distributed to
In multiple independent authorization centers, the key of user is generated also by authorization center complete independently, since not global system is close
Key exists, because the method does not need the complete trusted authorization server at center;Meanwhile it not being deposited between multiple independent authorization centers
In communication interaction, to improve system whole efficiency;
2): to realize flexible data publication and subscription service, constructing two layers of predicate structure, first layer predicate structure is used for
Matched data Subscriber Properties, second layer predicate structure are used for the Data subject of matched data subscriber concern;
3): encryption predicate structure and retrieval predicate structure are based on linear privacy sharing LSSS and realize, so as to support
Monotone Boolean function is as control strategy;
4): for the storage and computational efficiency for improving terminal user, using and calculate outsourcing mechanism, data subscription service is torn open
It is divided into three parts, i.e. data positioning, proxy data decryption and user's decryption phase;The operation of large amount of complex is outsourced to clothes
Business device end, so that subscriber can obtain subscription information with lesser expense;
5): being realized using overall situation identity GID and resist collusion attack;Data subject keyword is executed by given server
With process to resist offline keyword test attack;Other data text privacy, label privacy, token independent
It is achieved.
As a further optimization solution of the present invention, process 1) in each independent authorization center AAjIt is based only on to be controlled
The attribute information of system generates the public private key pair { PK for being directed to each attributej, SKJ}。
As a further optimization solution of the present invention, process 2) in encryption predicate structure will be as the defeated of data issuing process
Which kind of enter, for the specified accessible data of data subscription person with attribute of publisher;Secondly, search predicate will be as retrieval
The input of token generating algorithm, for the specified data wished acquisition and which kind of theme logic there is of data subscription person.
As a further optimization solution of the present invention, process 3) in search predicate expressed with LSSS, that is, include a matrix
And mapping function;In order to protect the theme deeply concerned of subscriber only not believe comprising matrix in token by search predicate leakage
Breath hides mapping function;Correspondingly, server needs to reconstruct mapping function in data positioning stage.
As a further optimization solution of the present invention, process 3) in mapping function restructuring procedure be different from solve search meaning
The mapping function of word itself;Specifically, the row of matrix is mapped as the interested theme of subscriber by the mapping function of search predicate
Information, therefore contain the sensitive information of subscriber;And mapping function reconfiguration scheme is intended to find the data in matrix with publication
Subject key words matching those of row;For formalization, server mappings function restructuring procedure is to solve for set Ire=i | ρw
(i)=wk, wk∈Wc, wherein WcFor the subject key words set for issuing data, ρwFor the mapping function for searching for predicate.
As a further optimization solution of the present invention, process 4) in further consider for data issuing process to be split as two
Stage, i.e., offline Offline stage and online online stage;The offline Offline stage lays particular emphasis on the complicated data hair of processing
Cloth operation (such as finite groupOn exponent arithmetic or Bilinear map operation), but with specific data text, encryption predicate and master
It is unrelated to inscribe keyword;The online Online stage is responsible for processing lightweight relevant to data text, encryption predicate and theme and transports
It calculates (such asUpper operation) etc..Since off-line phase is unrelated with publication data, can be calculated at publisher's free time, it can also
Only to be calculated once for different publication texts, to effectively improve the storage computational efficiency of publisher's terminal.
Fig. 2 is that distributed data of the present invention is issued and subscribes to flow chart.
Continuing with referring to fig. 2, system flow of the invention is divided into five parts: system initialization System on the whole
Initialization, key generate Secret Key Generation, token generates Trapdoor Generation, data
Issue Data Publish and data subscription Data Subscribe.
For system initialisation phase for generating system common parameter, the public and private key of AA and data server DS's is public and private
Key.Wherein the public and private key of AA and DS can be generated by their own, and not have to interact.
Key generation phase is that data publisher and data subscriber generate key by AA.Key is generated to be bound with attribute,
AA is only responsible for generating the key of its attribute monitored.
For token generation phase by data subscription person in local runtime, data subscription person defines search predicate, according to oneself
Key generates retrieval token Token.
The data publication stage is run by data publisher, off-line phase execute large amount of complex operation, on-line stage be responsible for
The specific related lightweight of data of issuing calculates.
The data subscription stage is divided into three parts: the data positioning Locate stage is executed by DS, is responsible for finding theme key
The publication data of retrieval predicate matching in word and token;Proxy data decryption phase Partial Decryption is held by DS
Row is responsible in the matched situation of attribute, subject key words partially decryption and issues data to mitigate subscriber's local computing pressure
Power;User decryption phase User Decryption is executed by data subscription person, obtains final subscription data
Distributed data publication provided by the invention and method for subscribing support dull boolean's searching ciphertext strategy and efficiently meter
Calculate distributed data publication and the method for subscribing of outsourcing.It is realized flexibly by introducing attribute base encryption policy in non-stop layer environment
Access control, incorporate and support dull boolean's searching ciphertext mechanism, realize that the data publication based on attribute and Keywords matching is ordered
The service of readding;Introduce the storage and computational efficiency for calculating outsourcing mechanism improvement method.
The first step constructs the attribute base access control mechanisms of non-stop layer;By the attribute pipe of center trusted authorization server
Reason generates work with key and is distributed on the authorization server of multiple independent no interactions, and authorization server may be broken and reveal
Key message, it might even be possible to the data of unauthorized are attempted to obtain with data subscription person collusion.
Data issuing process is split as offline Offline stage and online Online stage by second step, and will with it is specific
The unrelated complicated calculations of publication data, encryption predicate, subject key words are put into the offline stage, and the Online stage is only responsible for
It is simple to calculate, it due to off-line calculation and data decoupler, can be run at publisher's free time, multiple publications can also be directed to
Data are only run once, to improve data publisher's storage and computational efficiency.
Offline_Enc (PP, PKs, { PKj}J ∈ [1, N])→{CTOFF, IS }, this algorithm is used for off-line phase, merely enters and is
Unite common parameter PP, server public key PKsAnd authorization center public key { PKj}J ∈ [1, N], export offline ciphertextAnd intermediate stateWherein it is directed to subject key words part, the specified maximum keyword number l of algorithmmaxAnd it establishes
Offline label
Ciphertext is divided into offline ciphertext CTOFFPurpose with intermediate state IS be proxy data decryption phase with it is online close
Literary CTonlineIt is assembled into ciphertext CT to be decryptedWait, such data publisher only needs to be implemented the meter of minimum cost in on-line stage
Calculation obtains CTonline?.
This algorithm is used for on-line stage.Input
The data of publicationCommon parameter PP, server public key PKs, encrypt predicateWherein MeFor le×neMatrix,
The subject key words set W and CT of off-line phase outputOFF, IS, idx, outputAnd obtain practical ciphertext CT={ CTonline, CTOFF, IS } and encryption labelPublisher is by CT | | Tag is published on data server.
Data subscription person can use the private key SK of oneselfGIDVoluntarily generate retrieval token Token, do not need with authorization in
Heart interaction, reduces overhead.
Token generating algorithm input search predicateAnd other
Common parameter and private key for user SKGID, output retrieval token Token.WhereinIn only by lw×nwMatrix Mw
It is inserted partially intoIn,
InFor data subscription person's attribute set.Meanwhile data subscription person is by ρwIt is hidden in local, puts only data server or Dolve-
Yao attacker fromInfer the interested theme of subscriber.
Data server executes two operations: data position Locate and proxy data decrypts Partial
Decryption., for judging that subject key words match, the latter is subscriber part ciphertext data to reduce subscriber's sheet for the former
Ground calculation amount.
Locate (PP, Tag, PKs, SKs, Token) → { 0,1 } algorithm output 1 indicate token in search strategy and number
It is matched according to label Tag, otherwise exports 0.Data server, will be in Tag firstly the need of mapping function reconstruct is carried outIn TokenSubstitute into equationIf equation is set up, ρw(i)=wk, and then can be with construction set Ire=i | ρw(i)
=wk,wk∈Wc}。
rk, tiIt is generated respectively by data publisher and subscriber,WithPoint
Not Wei data publisher and data subscription person private key.gα, gβBelong to system common parameter.
Data server is in reconstruct IreLater, equation is brought intoWherein { v, x } is data server private key, lwFor
IreCorresponding subject key words number, i.e. lw=| Ire|,C4i∈ CT corresponds toMiddle matrix MeI row, leFor
Encrypt predicateMiddle matrix MeLine number, bj, ciThe parameter that predicate is linearly shared with encryption predicate LSSS is searched for for reconstruct, i.e.,λj, μiRespectively 1 and μ existsUnder LSSS linearly share.If equation is set up,
Illustrate the subject key words and search predicate in TagMatching, which belongs to the data subscription interested data of person, data
Server will execute proxy decryption operation.
Wherein s2, θ is that data publisher randomly selects.V, X
For data server public key,
Partial_Decryption (PP, CT, PKs, SKs, Token) and → CTIM, this algorithm is for Partial
Decryption proxy data decryption phase.It is that data subscription person decrypts ciphertext that data server, which executes this proxy decryption algorithm,.
Data server is primarily based on CTOFF, IS combines to obtain ciphertext CT to be decryptedWait.It is decrypted to obtain part decryption ciphertext laterAnd returned data subscriber.
Data subscription person executes User_DataDecrypt algorithm and obtains in plain textIt is specific:
Wherein z is generated in Trapdoor algorithm and is stored in data
Subscriber is local.
The data publication proposed and subscription are proved by the selection plaintext secure (IND-CPA) of definition selection undistinguishable
The data privacy of method;For subject key words privacy, the selection keyword safety (IND- of definition selection undistinguishable
CKA it) is proved, while considering the safety of data server opponent and external opponent;It is attacked for the test of offline keyword
It hits, defines the offline keyword test attack (IND-KGA) of undistinguishable and the token secure of proof scheme;Finally, being directed to
Conspiracy attack (including data subscription person conspires, data subscription person and authorization center conspiracy, data subscription person and data server close
Scheme), the Security Proof of conspiracy attack is carried out using random oracle model and discrete logarithm.
By the above safety analysis, it can prove that the method for the present invention can issue the privacy (number of data with effective protection
According to privacy itself and associated subject key words privacy), data subscription person privacy (the theme interest of subscriber), and all
Such as the safety having in Dolve-Yao model, to demonstrate the actual application ability of the method for the present invention.
Although the present invention is disclosed as above with preferred embodiment, however, it is not to limit the invention, any this field skill
Art personnel, without departing from the spirit and scope of the present invention, when can make a little modification and perfect therefore of the invention protection model
It encloses to work as and subject to the definition of the claims.
Claims (10)
1. a kind of distributed data publication and method for subscribing, which comprises the steps of:
S1 attribute management) is distributed to distributed independent insincere authorization server by single Centre Authorization Service device to construct
The attribute base access control mechanisms of distributed non-stop layer;
S2) the searching ciphertext strategy for supporting monotone Boolean function is dissolved into during data subscription;
S3) the issue mechanism combined using on-line/off-line data, and outsourcing data subscription mechanism.
2. distributed data publication as described in claim 1 and method for subscribing, which is characterized in that the step S1 is using distribution
Independent authorization server is managed control to the attribute of data publisher and data subscription person to formula mutually.
3. distributed data publication as described in claim 1 and method for subscribing, which is characterized in that the step S2 is utilized two layers
Predicate structure realizes data publication and subscription procedure: first layer encrypts predicate structure and is used for matched data Subscriber Properties, and second
Layer retrieval predicate structure is used for the Data subject of matched data subscriber concern.
4. distributed data as claimed in claim 3 publication and method for subscribing, which is characterized in that the step S2 further include for
Data subscription person specifies interested Data subject keyword, and constructs and examine about the monotone Boolean function of Data subject keyword
Rope predicate and subscription token Token, to realize the data subscription of user's concern.
5. distributed data publication as claimed in claim 4 and method for subscribing, which is characterized in that the step S2 is using linearly
Share strategy LSSS and carries out tactful expression and token computation;Meanwhile only the matrix data in LSSS being covered in token simultaneously
Upload server, and mapping function is stored in local.
6. distributed data publication as claimed in claim 3 and method for subscribing, which is characterized in that the step S3 is in data
In issuing process, data are based on encryption predicate first and are encrypted to obtain ciphertext CT, and then the theme of data correlation is crucial
Label Tag={ tag is used as after word encryption1,tag2,…,tagnBe attached on CT, and issue CT | | Tag to data server
On.
7. distributed data as described in claim 1 publication and method for subscribing, which is characterized in that the step S3 is by data
Issuing process is divided into offline Offline stage and online Online stage;The online Online stage be responsible for processing and data text,
Encrypt predicate and the relevant lightweight operation of subject key words;The offline Offline stage is used to handle complicated data publication
Operation, including carrying out exponent arithmetic or Bilinear map operation on finite group G.
8. distributed data publication as claimed in claim 7 and method for subscribing, which is characterized in that the step S3 orders data
The mechanism of readding is divided into data positioning stage, proxy data decryption phase and user's decryption phase;In data positioning stage, data
Server detect first Subscriber Properties whether the encryption predicate of matched data, if mismatch if abandon current data;Otherwise,
According to the subscription token Token that subscriber submits, calculating judges whether the theme label of current data matches with Token, if
Matching illustrates that data are user's concern data, and server carries out part decryption using Token in proxy data decryption phase, and
It returns to User Part and decrypts ciphertext;Finally plaintext ordered by user is formed in user's decryption phase.
9. distributed data publication as claimed in claim 8 and method for subscribing, which is characterized in that offline in the step S3
Offline stage only input system common parameter, server public key and authorization center public key export offline ciphertext and intermediate shape
State;For the specified maximum keyword number in subject key words part and establish offline label;Online Online rank in the step S3
Section input publication data, intermediate state and offline label, export practical ciphertext and encryption label;The step S3 is acting on behalf of number
Offline ciphertext and online ciphertext are assembled into ciphertext to be decrypted according to decryption phase.
10. distributed data as described in claim 1 publication and method for subscribing, which is characterized in that the step S3 further includes
The public key of data server is dissolved into data publication and token generating process, given server executes Data subject keyword
Matching process, and resist offline keyword test attack;The token is generated using randomized algorithm, is mutually not related between each token
Connection, and the token can be transmitted in open channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910107787.4A CN109872787A (en) | 2019-02-02 | 2019-02-02 | A kind of publication of distributed data and method for subscribing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910107787.4A CN109872787A (en) | 2019-02-02 | 2019-02-02 | A kind of publication of distributed data and method for subscribing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109872787A true CN109872787A (en) | 2019-06-11 |
Family
ID=66918583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910107787.4A Pending CN109872787A (en) | 2019-02-02 | 2019-02-02 | A kind of publication of distributed data and method for subscribing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109872787A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474893A (en) * | 2019-07-30 | 2019-11-19 | 同济大学 | A kind of isomery is across the close state data safety sharing method of trust domain and system |
| CN110808833A (en) * | 2019-11-12 | 2020-02-18 | 电子科技大学 | Lightweight online and offline certificateless signature method |
| CN111913981A (en) * | 2020-06-09 | 2020-11-10 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
| CN112953940A (en) * | 2021-02-20 | 2021-06-11 | 同济大学 | Safe publishing and subscribing system and method based on hybrid encryption algorithm and key attribute filtering |
| CN113949541A (en) * | 2021-09-30 | 2022-01-18 | 南京航空航天大学 | DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy |
| CN114095204A (en) * | 2021-10-14 | 2022-02-25 | 北京天融信网络安全技术有限公司 | Information equipment linkage method based on subscription mechanism, protection center and safety equipment |
| CN114615049A (en) * | 2022-03-08 | 2022-06-10 | 斑马网络技术有限公司 | Authority checking method and system for event subscription |
| CN118228319A (en) * | 2024-05-24 | 2024-06-21 | 北京大学 | Data sharing method, system, equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414903A (en) * | 2007-10-16 | 2009-04-22 | 吴显平 | Method for generating sharing cipher key, and enciphering and deciphering method |
| US20090254572A1 (en) * | 2007-01-05 | 2009-10-08 | Redlich Ron M | Digital information infrastructure and method |
| CN201657327U (en) * | 2009-12-04 | 2010-11-24 | 同济大学 | Key exchange and agreement system between mobile device and secure access gateway |
| CN201667721U (en) * | 2009-12-01 | 2010-12-08 | 上海龙健信息技术科技有限公司 | Mobile phone service menu management device |
| CN103973449A (en) * | 2014-04-23 | 2014-08-06 | 南通大学 | ABOOE method capable of being proved to be safe |
| US20140287723A1 (en) * | 2012-07-26 | 2014-09-25 | Anonos Inc. | Mobile Applications For Dynamic De-Identification And Anonymity |
| CN107634829A (en) * | 2017-09-12 | 2018-01-26 | 南京理工大学 | Encrypted electronic medical records system and encryption method can search for based on attribute |
| CN107689947A (en) * | 2016-08-05 | 2018-02-13 | 华为国际有限公司 | A kind of method and apparatus of data processing |
| WO2018070932A1 (en) * | 2016-10-14 | 2018-04-19 | Huawei International Pte. Ltd. | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure |
| CN108197138A (en) * | 2017-11-21 | 2018-06-22 | 北京邮电大学 | The method and system for the matching subscription information that releases news in publish/subscribe system |
| CN108418681A (en) * | 2018-01-22 | 2018-08-17 | 南京邮电大学 | A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption |
-
2019
- 2019-02-02 CN CN201910107787.4A patent/CN109872787A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090254572A1 (en) * | 2007-01-05 | 2009-10-08 | Redlich Ron M | Digital information infrastructure and method |
| CN101414903A (en) * | 2007-10-16 | 2009-04-22 | 吴显平 | Method for generating sharing cipher key, and enciphering and deciphering method |
| CN201667721U (en) * | 2009-12-01 | 2010-12-08 | 上海龙健信息技术科技有限公司 | Mobile phone service menu management device |
| CN201657327U (en) * | 2009-12-04 | 2010-11-24 | 同济大学 | Key exchange and agreement system between mobile device and secure access gateway |
| US20140287723A1 (en) * | 2012-07-26 | 2014-09-25 | Anonos Inc. | Mobile Applications For Dynamic De-Identification And Anonymity |
| CN103973449A (en) * | 2014-04-23 | 2014-08-06 | 南通大学 | ABOOE method capable of being proved to be safe |
| CN107689947A (en) * | 2016-08-05 | 2018-02-13 | 华为国际有限公司 | A kind of method and apparatus of data processing |
| WO2018070932A1 (en) * | 2016-10-14 | 2018-04-19 | Huawei International Pte. Ltd. | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure |
| CN107634829A (en) * | 2017-09-12 | 2018-01-26 | 南京理工大学 | Encrypted electronic medical records system and encryption method can search for based on attribute |
| CN108197138A (en) * | 2017-11-21 | 2018-06-22 | 北京邮电大学 | The method and system for the matching subscription information that releases news in publish/subscribe system |
| CN108418681A (en) * | 2018-01-22 | 2018-08-17 | 南京邮电大学 | A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption |
Non-Patent Citations (2)
| Title |
|---|
| ALLISON LEWKO: "Decentralizing Attribute-Based Encryption", 《EUROCRYPT 2011》 * |
| 陈冬冬等: "在线/离线密文策略属性基可搜索加密", 《计算机研究与发展》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110474893A (en) * | 2019-07-30 | 2019-11-19 | 同济大学 | A kind of isomery is across the close state data safety sharing method of trust domain and system |
| CN110474893B (en) * | 2019-07-30 | 2021-10-08 | 同济大学 | Heterogeneous cross-trust domain secret data secure sharing method and system |
| CN110808833A (en) * | 2019-11-12 | 2020-02-18 | 电子科技大学 | Lightweight online and offline certificateless signature method |
| CN110808833B (en) * | 2019-11-12 | 2021-08-06 | 电子科技大学 | Lightweight online and offline certificateless signature method |
| CN111913981A (en) * | 2020-06-09 | 2020-11-10 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
| CN111913981B (en) * | 2020-06-09 | 2022-04-22 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
| CN112953940A (en) * | 2021-02-20 | 2021-06-11 | 同济大学 | Safe publishing and subscribing system and method based on hybrid encryption algorithm and key attribute filtering |
| CN113949541A (en) * | 2021-09-30 | 2022-01-18 | 南京航空航天大学 | DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy |
| CN114095204A (en) * | 2021-10-14 | 2022-02-25 | 北京天融信网络安全技术有限公司 | Information equipment linkage method based on subscription mechanism, protection center and safety equipment |
| CN114095204B (en) * | 2021-10-14 | 2024-03-15 | 北京天融信网络安全技术有限公司 | Subscription mechanism-based information equipment linkage method, protection center and safety equipment |
| CN114615049A (en) * | 2022-03-08 | 2022-06-10 | 斑马网络技术有限公司 | Authority checking method and system for event subscription |
| CN118228319A (en) * | 2024-05-24 | 2024-06-21 | 北京大学 | Data sharing method, system, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110474893B (en) | Heterogeneous cross-trust domain secret data secure sharing method and system | |
| CN109872787A (en) | A kind of publication of distributed data and method for subscribing | |
| CN105049196B (en) | The encryption method that multiple keywords of designated position can search in cloud storage | |
| CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
| Zhang et al. | Multi-server assisted data sharing supporting secure deduplication for metaverse healthcare systems | |
| Sun et al. | A searchable personal health records framework with fine-grained access control in cloud-fog computing | |
| CN110162998B (en) | Identity encryption equivalence test method, device, system and medium based on user group | |
| CN108171066A (en) | The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection | |
| Xu et al. | A CP-ABE scheme with hidden policy and its application in cloud computing | |
| CN114036240A (en) | Multi-service provider private data sharing system and method based on block chain | |
| Yin et al. | Attribute-based multiparty searchable encryption model for privacy protection of text data | |
| Zhang et al. | Blockchain-enabled decentralized attribute-based access control with policy hiding for smart healthcare | |
| Yan et al. | Traceable and weighted attribute-based encryption scheme in the cloud environment | |
| Raj et al. | Enhanced encryption for light weight data in a multi-cloud system | |
| US20240179150A1 (en) | Management of access rights to digital files with possible delegation of the rights | |
| Wang et al. | Fine‐Grained Task Access Control System for Mobile Crowdsensing | |
| CN116248289A (en) | Industrial Internet identification analysis access control method based on ciphertext attribute encryption | |
| CN112765669B (en) | Regular language searchable encryption system based on time authorization | |
| Ding et al. | Secure Multi‐Keyword Search and Access Control over Electronic Health Records in Wireless Body Area Networks | |
| Yang et al. | Federated medical learning framework based on blockchain and homomorphic encryption | |
| Yao et al. | Online/offline attribute-based boolean keyword search for internet of things | |
| Zhao et al. | A revocable publish-subscribe scheme using CP-ABE with efficient attribute and user revocation capability for cloud systems | |
| Shi et al. | Secure government data sharing based on blockchain and attribute-based encryption | |
| Shaheen | Application of Attribute-Based Encryption in Fog Infrastructure for Securing Health Related Data | |
| Li et al. | A multi-user shared searchable encryption scheme supporting SQL query |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20231229 |
|
| AD01 | Patent right deemed abandoned |