CN113489591B - Traceable comparison attribute encryption method based on multiple authorization centers - Google Patents

Traceable comparison attribute encryption method based on multiple authorization centers Download PDF

Info

Publication number
CN113489591B
CN113489591B CN202110624902.2A CN202110624902A CN113489591B CN 113489591 B CN113489591 B CN 113489591B CN 202110624902 A CN202110624902 A CN 202110624902A CN 113489591 B CN113489591 B CN 113489591B
Authority
CN
China
Prior art keywords
key
attribute
user
data
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110624902.2A
Other languages
Chinese (zh)
Other versions
CN113489591A (en
Inventor
孟倩
梁焯阳
陈克非
沈忠华
王付群
张仁军
胡宸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Normal University
Original Assignee
Hangzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Normal University filed Critical Hangzhou Normal University
Priority to CN202110624902.2A priority Critical patent/CN113489591B/en
Publication of CN113489591A publication Critical patent/CN113489591A/en
Application granted granted Critical
Publication of CN113489591B publication Critical patent/CN113489591B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a traceable comparison attribute encryption method based on multiple authorization centers, which solves the problems of high cost and single-point performance bottleneck of a single central authorization center along with data increase in the prior art, and comprises the following steps: s1, initializing a system; s2, encrypting the data; s3, user verification and final data generation; s4, decrypting the data; s5, tracking. The invention provides an effective method of 0 code and 1 code, which can make the comparability attribute be used for random comparison, and the method is suitable for ABE system, reduces the expanded memory cost by half, greatly reduces the cost calculation amount of encryption and decryption, adopts a central authorization center and an attribute authorization center, reduces the burden of the central authorization center, accelerates the identity verification and key generation of users, avoids single-point performance bottleneck, and adds a tracking mechanism to supervise the attribute authorization center.

Description

Traceable comparison attribute encryption method based on multiple authorization centers
Technical Field
The invention relates to the technical field of cryptography, in particular to a traceable comparison attribute encryption method based on a multi-authorization center.
Background
Attribute-BASED encryption (ABE) is a popular research topic in the field of cryptography in recent years. It provides a flexible way to fine-grained access control, flexibly managing the association between ciphertexts and the user's effective security keys. ABE is therefore suitable for many situations, such as cloud computing, cloud healthcare, social networking, and so on.
There are two different implementations of ABE, encryption based on key policy attributes (KP-ABE) and encryption based on ciphertext policy attributes (CP-ABE), respectively. The main difference between these two categories is the way in which the access policy is embedded. In KP-ABE, the access policy is embedded in the user's security key, with the ciphertext being associated with several attributes. Whereas CP-ABE, in contrast, has its access policy embedded in the corresponding ciphertext, the user's key is associated with the attribute. Both methods use the same rule: decryption can be successful if and only if the properties of one entity meet the access policy of a certain element.
In the current ABE system, the comparison of the security key and the attribute of the ciphertext is not flexible enough in practical application, and is difficult to apply in practice. There are always some attributes in the access policy expressed as a range of values, such as: "{ age >18 }"). Range values like this attribute are not comparable using a boolean function. Because the result of the comparison with boolean functions of "{ age=20 }" and "{ age >18}" is not consistent. A simple way to handle comparable attributes in the current ABE is to use all allowed attribute values to represent the range, i.e. change the range value to a union, such as: "V" { age=19 } "V" { age=20 } "v..v" { age=100 }. But this approach increases linearly with the overhead of the data.
Preliminary attempts were made by bethencourt et al to solve the above problems. Their solution is to divide these numerical properties into several sub-properties in bits to solve this problem. However, the mechanism for designing numerical comparison strategies is overly complex, the most fundamental being that the overhead is still relatively high.
Furthermore, most existing ABE systems are designed around a central authority, in which case a central authority needs to perform time-consuming user authentication and key distribution. This also results in a single central authority being a single point of performance bottleneck, e.g., inefficiency, etc., of a large-scale distributed cloud system. If this central authority is destroyed or taken offline, cloud services will also be affected.
Disclosure of Invention
The invention provides a traceable comparison attribute encryption method based on multiple authorization centers, which aims to solve the problem that the cost is large along with the increase of data in the prior art, and provides a hierarchical authorization center structure, which comprises a central authorization center and a plurality of mutually independent attribute authorization centers, so that the problem of large calculation cost caused by performance bottleneck, namely authorization user certificate authentication and key distribution, of a traditional single authorization center based on an attribute ciphertext retrieval algorithm is solved.
The second object of the present invention is to solve the problem of single point performance bottlenecks of a single central authority, allowing not only any attribute authority to perform part of the key generation operations, the central authority to perform the final key generation, but also the central authority to track malicious attribute authorities.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a traceable comparison attribute encryption method based on multiple authorization centers comprises the following steps:
s1, initializing a system;
s2, encrypting the data;
s3, user verification and final data generation;
s4, decrypting the data;
s5, tracking.
The data owner encrypts the data and formulates an access strategy, and expands an attribute set by using a 0 code and a 1 code for the compared attributes in the normative strategy to reconstruct an access decision, and uploads the encrypted data and the access decision tree to a cloud server, wherein each user can obtain a unique identifier UId from a central authorization center. In order to generate a final key for each user, the central authorization center cooperates with the attribute authorization center selected by the user, the authorized user firstly acquires a certificate from the central authorization center and submits the certificate to the selected attribute authorization center, then the attribute authorization center verifies the validity of the user certificate and generates an intermediate key for the user according to the attribute set of the user, finally the central authorization center generates the final key for the user by utilizing the intermediate key generated by the attribute authorization center, the user can download any ciphertext data interested by the user from the cloud server, and the user can decrypt only when the key attribute in the user is matched with the access decision tree.
In the system model of the scheme, five entities are involved: a central authority (Central Authority, CA), an attribute authority (Attribute Authorities, AAs), a user (data user, DU), a data owner (data owner, DO) and a cloud service provider (cloud service provider, CSP).
CA: the CA is a key generation management center of the system. Unique identifications and certificates thereof are generated for AAs and DUs. And generates a final key for the DU after receiving the intermediate key from the AA authentication DU. In addition, the CA may keep track of malicious AAs of intermediate keys generated for suspicious DUs.
AA: each AA has sufficient storage and computing power to authenticate any user independently. The AA will perform its certificate verification based on the attributes submitted by the DU and generate the corresponding intermediate key on behalf of the CA. It is worth mentioning that: the goal of introducing multiple AAs is to alleviate the heavy task of CA certificate verification and key generation, further reducing the possibility of single point performance bottlenecks.
CSP: CSP has a large storage space and a powerful computing power to provide data storage and information retrieval services for DUs and DOs, respectively.
DO: DO establishes an access policy for its data and encrypts the file according to the defined policy. And transmitting the encrypted whole data and the encrypted symmetric key to the CSP. So as to share its data with a plurality of DUs and significantly reduce the local storage and computation burden.
DU: the DU obtains a unique identification from the CA and itself has the attributes of a set of related information. The DU will select any one of the AA's for authentication of the identity information, and after passing the authentication of the AA, the CA will generate the final key associated with its set of attributes. The DU may obtain encrypted data of interest from the CSP. The user can decrypt the encrypted data if and only if the set of attributes of the DU satisfies the access policy embedded in the encrypted data.
Preferably, the S1 includes the following:
the central authority center selects two multiplication cyclic groups G and G with the same prime order p Wherein the parameter G is the generator of G, and a binary mapping e is defined on G, G x G → G p Then the central authority randomly selects a, b, alpha, beta E Z p * As master key, also for each attribute Att i (i=1, 2,., V) randomly generates a public key Q 1 ,Q 2 ,...,Q V
Set H (0, 1) * G is a hash function, and any binary character string is mapped to a random element of G;
the public keys issued are as follows:
PK=G p ,G,H,g,g α ,h=g β ,e(g,g) α ,Q 1 ,Q 2 ,...,Q V
the master key is as follows:
MSK=a,b,α,β,g α
the master key will be hidden within the system.
Preferably, the S1 further includes the following:
the central authority center is also responsible for the registration of each attribute authority center and the user;
first, the central authority generates a pair of keys (sk) CA ,vk CA ) For signing and verifying, where vk CA Is disclosed, and can be made known to every entity in the system;
during registration, each attribute authority transmits a registration request to the central authority, which assigns a unique identity Aid e Z to each legitimate attribute authority p * Then randomly selecting a private key k Aid ∈Z p * And calculates its corresponding public key PK Aid =g kAid
The central authority will then generate a public key PK containing Aid Cert certificate Cert of (C) Aid And willWhich is associated with a corresponding private key k Aid Together to an attribute authority having an identity Aid;
in addition, each user needs to acquire own UId and private key k from the central authority center U i d And certificate Cert U id。
Preferably, the step S2 includes the steps of:
s21, encrypting the data;
s22, constructing a strategy tree T.
Preferably, the S21 includes the following:
the data owner completes the encryption of the data by himself;
to improve system performance, the data owner selects a random number K ε G p S is from Z as a symmetric key p * Encrypting the plaintext data M by means of a symmetric encryption algorithm;
the encrypted data is recorded asC=h s ,/>
Preferably, the S22 includes the following:
all nodes of the policy tree T are assigned a secret number from the root R to the leaf node as follows:
the root R is given a secret s corresponding to C generated in the previous step;
for being assigned a secret s p Is a non-leaf node p of (a), the threshold value is k p The algorithm randomly generates a polynomial q p It contains the following three characters:
polynomial q p The number of times of (d) must be satisfied p =k p -1;
The values of this polynomial are: q p (0)=s p The method comprises the steps of carrying out a first treatment on the surface of the This property relates the polynomial to the secret of the corresponding node x;
each having no differenceValue q of same index z p (z) each child node assigned to p;
for leaf node P, it has been assigned a secret s p And represents the attribute Att i Calculate C Atti '=g sp
C Atti "=H(y) sp ,y∈X 1
The ciphertext is as follows:
preferably, the step S3 includes the steps of:
S31、U j →AA i : when having a unique identification UId j User U of (2) j When issuing the application for obtaining the secret key, the user selects the legal attribute authorization center with the unique identifier Aid through a certain scheduling algorithm and sends the certificate Cert Uidj Some may display U j Proof of owned attribute sets;
S32、AA i CA: the user authentication process may be designed to be manual authentication or AA i An executed authentication protocol;
after successful user authentication, AA i Acquiring a current time point as a threshold TS, and calculating t 1 =H 1 (Uid j TS 0) and t 2 =H 1 (Uid j |ts|1), and generates an intermediate keyThe method comprises the following steps:
will beThe generated intermediate secret key is sent to a central authorization center;
S33、CA→AA i →U j : the central authority receives the AA i After the intermediate key of (2), according to AA i Aid of (F) i To obtain the corresponding storage public key
The central authority then checks whether the time interval Tt of the transmission delay is within the allowed time interval range;
assuming the current time is T ', if T' -TS > Tt, the central authority will stop executing and send a reject request message to the AA i
If T' -TS < Tt, the central authority recalculates T 1 =H 1 (Uid j TS 0) and t 2 =H 1 (Uid j TS 1), ensuring t 1 And t 2 Is not reused by the same user;
this step can prevent collusion attacks by the attribute authority; then the central authorization center generates a final key for the user and returns the final key to the user through the attribute authorization center;
the final key (FUSK) is specifically as follows:
wherein the method comprises the steps ofx is epsilon Att; mu and r are two types of security parameters, which are not known to the user, r y Representing different r-type parameters.
Preferably, the step S4 includes the steps of:
s41, obtaining a secret S corresponding to the root of the access strategy tree T;
the access decision tree is processed as follows:
for any X 2 One attribute in the access decision tree is matched with the attribute represented by the leaf node in the access decision tree, and the corresponding attribute is set as y, secretThe secret value is s x The method comprises the steps of carrying out a first treatment on the surface of the The algorithm is as follows:
for the non-leaf node p, if there is not less than k in its child nodes p The sub-node of (a) passes the decryption algorithm, then the decrypted set of sub-nodes is denoted S p The following algorithm is continued:
in the above formulaS x,z Representing a S without z element p The set, this equation will return TRUE because the nodes are in the same polynomial, and s x Is the secret value of this polynomial;
when the root node returns a true value, we get s=e (g, g) μ·s As an input parameter for the second step;
s42, decrypting the data content by using the reconstructed S;
the algorithm is as follows:
only if the user expands the attribute set X 2 When the security key is matched with the access policy tree T, the user can decrypt the data by using the security key; otherwise, the user cannot decrypt even if all ciphertext is downloaded from the cloud server.
Preferably, the S5 includes the following:
after the attribute authorization center verifies the identity of the user successfully, an intermediate secret key is generated and sent to the central authorization center, and after the central authorization center receives the intermediate secret key, the identity of the user is not verified for the second time, but a final secret key is directly issued;
the system also comprises a tracking mechanism which is executed regularly to supervise the attribute authorization center; the tracking mechanism is specifically as follows:
the central authority, when starting tracking, forces to ask the suspicious user U in order to confirm the user's key ownership j Uploading L, K', TS in the final secret key, randomly selecting one x E Att in the attribute of the suspicious user, and calculating t by a central authorization center 1 =H 1 (Uid j ||TS||0)、t 2 =H 1 (Uid j TS 1) and K x '=Q x αt2 ·g -b(t1+t2) It is then verified whether the following equation holds:
e(Q x ,L)=e(g,K'K x ')
continuing to execute the next step if the equation is true; what is to be confirmed next is which AA replaces the suspected U j Generating an intermediate key;
the CA recovers the public key corresponding to the particular AA using the master key MSK as follows:
PK'=(L·g -αt2 ) 1/βt1 =g kAidiβt1/βt1 =g kAidi
CA searches for AA using PK' as an index;
if a certain unique identifier is Aid i AA of (2) i Having a public key equal to PK' means AA i Maliciously or erroneously verify the U j Legitimacy of (2); the discovered malicious property authority should be penalized.
Since the attribute authority is an incompletely trusted authority and the user validity verification is performed manually, the attribute authority may maliciously or erroneously generate an intermediate key for the unverified attribute set. Further, a malicious user will attempt any possible method to obtain a key associated with a particular set of attributes to obtain data access rights. Under this assumption, the user often experiences some unusual behavior. In order to prevent the occurrence of the above situation, it is necessary to add a tracking mechanism to be executed periodically so as to supervise the attribute authority.
Therefore, the invention has the following beneficial effects:
1. an efficient method of 0-code and 1-code is presented, enabling comparable properties to be used for arbitrary comparisons, and this method is applicable to ABE systems;
2. the lightweight and efficient CABE structure is provided; compared with other related schemes, the structure reduces the expanded storage overhead by half on average, and greatly reduces the calculated amount of the overhead for encryption and decryption;
3. in the scheme, a central authorization center and an attribute authorization center are adopted, so that the burden of the central authorization center is reduced, the authentication and key generation of a user are accelerated, and the single-point performance bottleneck is avoided;
4. a tracking mechanism is added to supervise the attribute authority.
Drawings
Fig. 1 is a system model diagram of the present embodiment.
Fig. 2 is an access policy model of embodiment 2.
Detailed Description
The invention is further described below with reference to the drawings and detailed description.
Example 1:
the embodiment provides a traceable comparison attribute encryption method based on multiple authorization centers, as shown in fig. 1, in the following system model, mainly involving five entities: a central authority (Central Authority, CA), an attribute authority (Attribute Authorities, AAs), a user (data user, DU), a data owner (data owner, DO) and a cloud service provider (cloud service provider, CSP).
CA: the CA is a key generation management center of the system. Unique identifications and certificates thereof are generated for AAs and DUs. And generates a final key for the DU after receiving the intermediate key from the AA authentication DU. In addition, the CA may keep track of malicious AAs of intermediate keys generated for suspicious DUs.
AA: each AA has sufficient storage and computing power to authenticate any user independently. The AA will perform its certificate verification based on the attributes submitted by the DU and generate the corresponding intermediate key on behalf of the CA. It is worth mentioning that: the goal of introducing multiple AAs is to alleviate the heavy task of CA certificate verification and key generation, further reducing the possibility of single point performance bottlenecks.
CSP: CSP has a large storage space and a powerful computing power to provide data storage and information retrieval services for DUs and DOs, respectively.
DO: DO establishes an access policy for its data and encrypts the file according to the defined policy. And transmitting the encrypted whole data and the encrypted symmetric key to the CSP. So as to share its data with a plurality of DUs and significantly reduce the local storage and computation burden.
DU: the DU obtains a unique identification from the CA and itself has the attributes of a set of related information. The DU will select any one of the AA's for authentication of the identity information, and after passing the authentication of the AA, the CA will generate the final key associated with its set of attributes. The DU may obtain encrypted data of interest from the CSP. The user can decrypt the encrypted data if and only if the set of attributes of the DU satisfies the access policy embedded in the encrypted data.
The embodiment comprises the following steps:
s1, initializing a system;
CA selects two multiplication cyclic groups G and G with same prime order p (parameter G is generator of G) and defines a binary mapping e on G: G x G → G p CA then randomly selects a, b, alpha, beta, E Z p * As master key, also for each attribute Att i (i=1, 2,., V) randomly generates a public key Q 1 ,Q 2 ,...,Q V . Then, let H (0, 1) * G is a hash function, mapping any binary string to a random element of G. The public keys issued are as follows:
PK=G p ,G,H,g,g α ,h=g β ,e(g,g) α ,Q 1 ,Q 2 ,...,Q V
the master key is as follows:
MSK=a,b,α,β,g α
the master key will be hidden within the system and not be available to other entities.
The CA also has to do with the registration of AAs and users. First, the CA generates a pair of keys (sk CA ,vk CA ) For signing and verifying, where vk CA Is disclosed and may be made known to every entity in the system. During registration, each AA sends a registration application to the CA. For each legitimate AA, CA will assign a unique identified Aid ε Z p * Then randomly selecting a private key k Aid ∈Z p * And calculates its corresponding public key PK Aid =g kAid . The CA will then generate a PK containing the public key Aid Cert certificate Cert of (C) Aid And associates it with the corresponding private key k Aid Together to the AA with the identity Aid. In addition, each user obtains its own UId, private key k from CA Uid And certificate Cert Uid
S2, encrypting the data;
in order to achieve data sharing of DO under access policy T, the following two steps must be completed: 1. encrypting the data; 2. and constructing a strategy tree T.
In the first step, the DO itself completes encryption of the data. In order to improve system performance, DO selects a random number K ε G p S is from Z as a symmetric key p * The plaintext data M is encrypted by means of a symmetric encryption algorithm. The encrypted data is recorded asC=h s ,/>
Second, all nodes of T are assigned a secret number from the root R to the leaf node, as follows:
the root R is given a secret s corresponding to C generated in the previous step. For being assigned a secret s p Non-leaf nodes p (including R) of (a) with a threshold of k p Algorithm randomly generatesForming a polynomial q p It contains the following three characters:
polynomial q p The number of times of (d) must be satisfied p =k p -1
The values of this polynomial are: q p (0)=s p . This property relates the polynomial to the secret of the corresponding node x.
Each having a value q of a different index z p (z) is assigned to each child node of p.
For leaf node P, it has been assigned a secret s p And represents the attribute Att i Calculate C Atti '=g sp ,C Atti "=H(y) sp ,y∈X 1
The ciphertext is as follows:
s3, user verification and final data generation;
this process involves the designated user, the selected AA, and the CA. The method comprises the following 3 steps:
U j →AA i : when having a unique identification UId j User U of (2) j When issuing the application for obtaining the secret key, the user selects legal AA with unique identifier Aid through a certain scheduling algorithm and sends a certificate Cert Uidj Some may display U j Proof of the owned property set.
(2)AA i CA: the user authentication process may be designed to be manual authentication or AA i And (3) executing an authentication protocol. After successful user authentication, AA i Acquiring a current time point as a threshold TS, and calculating t 1 =H 1 (Uid j TS 0) and t 2 =H 1 (Uid j |ts|1), and generates an intermediate keyThe method comprises the following steps:
will beThe generated intermediate key is issued to the CA.
CA→AA i →U j : CA is receiving AA i After the intermediate key of (2), according to AA i Aid of (F) i To obtain the corresponding storage public key PK Aidi . The CA then checks whether the time interval Tt of the transmission delay is within the allowable time interval range. Assuming the current time is T ', if T' -TS > Tt, then CA will stop executing and send a reject request message to AA i . If T' -TS < Tt, CA recalculates T 1 =H 1 (Uid j TS 0) and t 2 =H 1 (Uid j TS 1), ensuring t 1 And t 2 Are not reused by the same user. This step may prevent collusion attacks by the AA. The CA then generates the final key for the user and returns it to the user through the AA. The final key (FUSK) is specifically as follows:
wherein the method comprises the steps ofx is epsilon Att; mu and r are two types of security parameters, which are not known to the user, r y Representing different r-type parameters.
S4, decrypting the data;
the decryption operation is also divided into two steps, the first step being aimed at obtaining the secret s corresponding to the one hidden in the root of the access decision tree T; and secondly, decrypting the data content by using the reconstructed s.
The first step, the access decision tree is processed as follows:
for any X 2 One of the generaThe attribute is matched with the attribute represented by the leaf node in the access decision tree, the corresponding attribute is set as y, and the secret value is set as s x . The algorithm is as follows:
for the non-leaf node p, if there is not less than k in its child nodes p The sub-node of (a) passes the decryption algorithm, then the decrypted set of sub-nodes is denoted S p The following algorithm is continued:
in the above formulaS x,z Representing a S without z element p The set, this equation will return TRUE because the nodes are in the same polynomial, and s x Is the secret value of this polynomial.
When the root node returns a true value, we get s=e (g, g) μ·s As input parameters for the second step. The second step, the algorithm is as follows:
only if the user expands the attribute set X 2 When matching the access policy tree T, the user can decrypt the data using the security key. Otherwise, the user cannot decrypt even if all ciphertext is downloaded from the cloud server.
S5, tracking;
the AA generates an intermediate key to send to the CA after verifying the identity of the user. After the CA receives the intermediate key, it will not verify the identity of the user a second time, but will issue the final key directly to him. Since AA is an incompletely trusted mechanism and user validity verification is performed manually, AAs may maliciously or erroneously generate intermediate keys for unverified property sets. Further, a malicious user will attempt any possible method to obtain a key associated with a particular set of attributes to obtain data access rights. Under this assumption, the user often experiences some unusual behavior. In order to prevent the occurrence of the above situation, it is necessary to add a tracking mechanism to periodically execute, so as to supervise the AA. The tracking mechanism is specifically as follows:
the CA forces to ask the suspicious user U when starting tracking in order to confirm the user's key ownership j Uploading L, K', TS in the final key, randomly selecting one x E Att in the attribute of the suspicious user, and then CA calculating t 1 =H 1 (Uid j ||TS||0)、t 2 =H 1 (Uid j TS 1) and K x '=Q x αt2 ·g -b(t1+t2) It is then verified whether the following equation holds: e (Q) x ,L)=e(g,K'K x ')
If the equation is true, the next step is continued. What is to be confirmed next is which AA replaces the suspected U j An intermediate key is generated. The CA recovers the public key corresponding to the particular AA using the master key MSK as follows:
PK'=(L·g -αt2 ) 1/βt1 =g kAidiβt1/βt1 =g kAidi
CA searches for AA using PK' as an index. If a certain unique identifier is Aid i AA of (2) i Having a public key equal to PK' means AA i Maliciously or erroneously verify the U j Is the legitimacy of (2). The discovered malicious AA should be punished.
Example 2:
as shown in fig. 2, the access policy model of the present embodiment is structured as an access policy tree.
There are always some attributes in the access policy of CP-ABE/KP-ABE expressed as a range value, for example: "{ age >18 }"). Range values like this attribute are not comparable using a boolean function. Because the result of the comparison with boolean functions of "{ age=20 }" and "{ age >18}" is not consistent. Unless the range value is changed to a union, such as: "V" { age=19 } "V" { age=20 } "v..v" { age=100 }. But this approach increases linearly with the overhead of the data.
Our scheme uses a 0 code and a 1 code approach for the attribute of such range values. We assume an n-bit binary number x.
x=x 1 x 2 ...x n ∈{0,1} n
0 coding: converting x into a set if x i (i.ltoreq.n) equals 0, x is taken as i The number of the first i bits is converted into 1, and then the number of the first i bits is taken as one element.
X x 0 ={x 1 x 2 ...x i-1 1|x i =0,1≤i≤n}
1, coding: converting x into a set if x i (i.ltoreq.n) is equal to 1, and the number of the first i bits is taken as one element.
X x 1 ={x 1 x 2 ...x i |x i =1,1≤i≤n}
For comparison to be small, let us assume two n-bit binary numbers y and z, y is converted into X by 1-encoding y 1 Convert z to X by 0 encoding z 0 . If X y 1 And X z 0 Is not an empty set, y can be determined>z. Conversely, X y 0 And Xz 1 Is an empty set, and y can be determined as well>z. The formula is as follows:
as a specific example, assume that there are two 4-bit binary numbers y=11 (1011 2 ) And z=6 (0110) 2 ) Their 0 and 1 codes are shown below.
X y 0 ={11} X y 1 ={1,101,1011}
X z 0 ={1,0111} X z 1 ={01,011}
Because ofSo y is>And z, conforming to a real result.
Let Att= { Att Att 1 ,Att 2 ,...,Att v When Att i (i=1, 2,., V) represents a range value, if Att i > e, extending this property to Set ie0 (Att i ,e)={(Att i ||">e"||c)|c∈X ei 0 -a }; if it is Att i < e, extend this property to Set ie1 (Att i ,e)={(Att i ||"<e"||c)|c∈X ei 1 -a }; these two combinations are referred to as the expansion set X 1 . If it is Att i Extension of this attribute into two sets Set =e ie0 (Att i ,e)={(Atti||">e"||c)|c∈X ei 0 } and Set ie1 (Att i ,e)={(Atti||"<e"||c)|c∈X ei 1 "this is called expansion set X 2
The scope attribute of the access policy will be extended to X as is typically the case 1 The user's attributes will be extended to X 2 . The attribute values herein refer to comparable numerical types, excluding character types.
In fig. 2, the nodes of the tree are represented by "circles", and the circle with "a" represents an attribute; the circle with "OR" represents an exclusive OR gate. Each triangle represents a subtree composed of some nodes, and the threshold gate is composed of a plurality of non-leaf nodes; "0-encoded subtree" and "1-encoded subtree" are single-layered subtrees composed of an exclusive-OR gate and leaf nodes, respectively, representing Set ie0 (Att i E) or Set ie1 (Att i Elements in e).
Each non-leaf node of the access policy tree T actually represents a threshold according to its number of children and the threshold of the sharing policy. Such as: for a non-cotyledon node x, if its sharing policy is (t, n), its number of child nodes is n, and t represents its threshold. This threshold is an "OR" gate if t=1, AND an "AND" gate if t=n.
The foregoing embodiments are provided for further explanation of the present invention and are not to be construed as limiting the scope of the present invention, and some insubstantial modifications and variations of the present invention, which are within the scope of the invention, will be suggested to those skilled in the art in light of the foregoing teachings.

Claims (1)

1. A traceable comparison attribute encryption method based on a plurality of authorization centers is characterized by comprising the following steps:
s1, initializing a system;
s2, encrypting the data;
s3, user verification and final data generation;
s4, decrypting the data;
s5, tracking;
the S1 comprises the following contents:
the central authority center selects two multiplication cyclic groups G and G with the same prime order p Wherein the parameter G is the generator of G, and a binary mapping e is defined on G, G x G → G p Then the central authority randomly selects a, b, a, beta E Z p * ,Z p * Is an integer ring of modulo p, as master key, and also for each attribute Att i (i=1, 2,., V) randomly generates a public key Q 1 ,Q 2 ,...,Q V
Set H (0, 1) * G is a hash function, and any binary character string is mapped to a random element of G;
the public keys issued are as follows:
PK=G p ,G,H,g,g α ,h=g β ,e(g,g) α ,Q 1 ,Q 2 ,...,Q V
h is the publicPart of the key, G is the generator of the finite cyclic group G, and beta is at Z p * Randomly selected parameters; e (g, g) is a binary mapping, which is a mapping value obtained by inputting g and g;
the master key is as follows:
MSK=a,b,a,β,g α
the master key will be hidden in the system;
the S1 further comprises the following contents:
the central authority center is also responsible for the registration of each attribute authority center and the user;
first, the central authority generates a pair of keys (sk) CA ,vk CA ) For signing and verifying, where vk CA Is disclosed, and can be made known to every entity in the system;
during registration, each attribute authority transmits a registration request to the central authority, which assigns a unique identity Aid e Z to each legitimate attribute authority p * Then randomly selecting a private key k Aid ∈Z p * And calculates its corresponding public key PK Aid =g kAid
The central authority will then generate a public key PK containing Aid Cert certificate Cert of (C) Aid And associates it with the corresponding private key k Aid Together to an attribute authority having an identity Aid;
in addition, each user needs to acquire own unique identification number UId and private key k from the central authority center Uid And certificate Cert Uid
The step S2 comprises the following steps:
s21, encrypting the data;
s22, constructing a strategy tree T;
the S21 includes the following:
the data owner completes the encryption of the data by himself;
to improve system performance, the data owner selects a random number K ε G p G as a symmetric key p Is of order pFinite circulation group, s is from Z p * Encrypting the plaintext data M by means of a symmetric encryption algorithm;
the encrypted data is recorded as Respectively represent three different ciphertexts, E K Is a symmetric encryption algorithm, M is plaintext data, K is G p S is from Z as a symmetric key p * Is a random key of (a) in Z p * Randomly selected parameters;
the S22 includes the following:
all nodes of the policy tree T are assigned a secret number from the root R to the leaf node as follows:
the root R is given a secret s corresponding to C generated in the previous step;
for being assigned a secret s p Is a non-leaf node p of (a), the threshold value is k p The algorithm randomly generates a polynomial q p It contains the following three characters:
polynomial q p The number of times of (d) must be satisfied p =k p -1;
The values of this polynomial are: q p (0)=s p The method comprises the steps of carrying out a first treatment on the surface of the This property relates the polynomial to the secret of the corresponding node x;
each having a value q of a different index z p (z) each child node assigned to p;
for leaf node P, it has been assigned a secret s p And represents the attribute Att i Calculate C Atti '=g sp ,C Atti "=H(y) sp ,y∈X 1 ,X 1 Is an extended set, H (y) is a hash function, y represents the input;
the ciphertext is as follows:
the step S3 comprises the following steps:
S31、U j →AA i : when having a unique identification UId j User U of (2) j When issuing the application for obtaining the secret key, the user selects the legal attribute authorization center with the unique identifier Aid through a certain scheduling algorithm and sends the certificate Cert Uidj Some may display U j Proof of owned attribute sets;
S32、AA i CA: the user authentication process may be designed to be manual authentication or AA i An executed authentication protocol;
after successful user authentication, AA i Acquiring a current time point as a threshold TS, and calculating t 1 =H 1 (Uid j TS 0) and t 2 =H 1 (Uid j |ts|1), and generates an intermediate key IC Aidi,Uidj The method is characterized by comprising the following steps:
will { UId j ,Aid i ,Att,IC Aidi,Uidj The intermediate key generated by TS is sent to a central authorization center;
wherein AA is i Representing the ith attribute authority, CA represents the central authority, t 1 And t 2 Is a variable generated during the user registration process, verifies t 1 And t 2 Collusion attack of the attribute authorization center can be prevented; h 1 Is a hash function, UId j Representing the unique identification number of user j, TS represents AA i Acquiring the current time as a threshold value, aid i Unique identification number, Q, representing the ith attribute authority x Is a public key, k Aidi The private key representing the ith AA with unique identification number, x is the element in Att, K x And J x Is part of the intermediate key; att is the attribute set, X 2 Is an extended set;
S33、CA→AA i →U j : the central authority receives the AA i After the intermediate key of (2), according to AA i Aid of (F) i To obtain the corresponding storage public key PK Aidi
The central authority then checks whether the time interval Tt of the transmission delay is within the allowed time interval range;
assuming that the current time is T ', if T' -TS>Tt, the central authority will stop executing and send out a refusal request message to the AA i
If T' -TS < Tt, the central authority recalculates T 1 =H 1 (Uid j TS 0) and t 2 =H 1 (Uid j TS 1), ensuring t 1 And t 2 Is not reused by the same user;
this step can prevent collusion attacks by the attribute authority; then the central authorization center generates a final key for the user and returns the final key to the user through the attribute authorization center;
the final key (FUSK) is specifically as follows:
wherein l= (PK Aidi ) βt1 g αt2 =(g kAidi ) βt1 g αt2 ,K'=Q x kAidiβt1 ·g b(t1+t2) ,x∈Att;D y ,D y ' is part of the final key, μ and r are two types of security parameters, not known to the user, r y Representing different r-type parameters; the step S4 comprises the following steps:
s41, obtaining a secret S corresponding to the root of the access strategy tree T;
the access decision tree is processed as follows:
for any X 2 One attribute of the access decision tree is matched with the attribute represented by the leaf node in the access decision tree, the corresponding attribute is set as y, and the secret value is set as s x The method comprises the steps of carrying out a first treatment on the surface of the The algorithm is as follows:
for the non-leaf node p, if there is not less than k in its child nodes p The sub-node of (a) passes the decryption algorithm, then the decrypted set of sub-nodes is denoted S p The following algorithm is continued:
in the above formulaS x,z Representing a S without z element p The set, this equation will return TRUE because the nodes are in the same polynomial, and s x Is the secret value of this polynomial;
when the root node returns a true value, we get s=e (g, g) μ·s As an input parameter for the second step;
s42, decrypting the data content by using the reconstructed S;
the algorithm is as follows:
only if the user expands the attribute set X 2 When the security key is matched with the access policy tree T, the user can decrypt the data by using the security key; otherwise, the user cannot decrypt even if all ciphertext is downloaded from the cloud server;
wherein a, b, alpha, beta, E Z p * ;F z And F is equal to x Is the same formula and represents different inputs; q z Representing a random polynomial;
the S5 comprises the following contents:
after the attribute authorization center verifies the identity of the user successfully, an intermediate secret key is generated and sent to the central authorization center, and after the central authorization center receives the intermediate secret key, the identity of the user is not verified for the second time, but a final secret key is directly issued;
the system also comprises a tracking mechanism which is executed regularly to supervise the attribute authorization center; the tracking mechanism is specifically as follows:
the central authority, when starting tracking, forces to ask the suspicious user U in order to confirm the user's key ownership j Uploading L, K', TS in the final secret key, randomly selecting one x E Att in the attribute of the suspicious user, and calculating t by a central authorization center 1 =H 1 (Uid j ||TS||0)、t 2 =H 1 (Uid j TS 1) and K x '=Q x αt2 ·g -b(t1+t2) It is then verified whether the following equation holds:
e(Q x ,L)=e(g,K'K x ')
continuing to execute the next step if the equation is true; what is to be confirmed next is which AA replaces the suspected U j Generating an intermediate key;
the CA recovers the public key corresponding to the particular AA using the master key MSK as follows:
PK'=(L·g -αt2 ) 1/βt1 =g kAidiβt1/βt1 =g kAidi
CA searches for AA using PK' as an index;
if a certain unique identifier is Aid i AA of (2) i Having a public key equal to PK' means AA i Maliciously or erroneously verify the U j Legitimacy of (2); the discovered malicious attribute authority should be penalized;
K x 'is the attribute key that the CA computes during the tracking process, and PK' is the public key that the CA recovers corresponding to a particular AA using the master key MSK.
CN202110624902.2A 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers Active CN113489591B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110624902.2A CN113489591B (en) 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110624902.2A CN113489591B (en) 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers

Publications (2)

Publication Number Publication Date
CN113489591A CN113489591A (en) 2021-10-08
CN113489591B true CN113489591B (en) 2023-09-12

Family

ID=77934717

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110624902.2A Active CN113489591B (en) 2021-06-04 2021-06-04 Traceable comparison attribute encryption method based on multiple authorization centers

Country Status (1)

Country Link
CN (1) CN113489591B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001730B (en) * 2022-03-02 2023-09-05 上海交通大学 Access control system and method based on role attribute in distributed scene
CN114629640B (en) * 2022-03-10 2024-01-09 东南大学 White box disciplinable attribute-based encryption system and method for solving key escrow problem
CN114430321B (en) * 2022-04-07 2022-07-12 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) DFA self-adaptive security-based black box traceable key attribute encryption method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012039244A (en) * 2010-08-04 2012-02-23 Nippon Hoso Kyokai <Nhk> Content server, content receiver, attribute key issue server, user key issue server, access control system, content distribution program, and content reception program
CN103401839A (en) * 2013-07-02 2013-11-20 河海大学 Attribute protection based multiple authorization center encryption method
CN106549758A (en) * 2016-12-09 2017-03-29 四川师范大学 Support the encryption method based on attribute of non-monotonic access structure
CN110830473A (en) * 2019-11-08 2020-02-21 浙江工业大学 Multi-authorization access control system and method based on attribute encryption

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012039244A (en) * 2010-08-04 2012-02-23 Nippon Hoso Kyokai <Nhk> Content server, content receiver, attribute key issue server, user key issue server, access control system, content distribution program, and content reception program
CN103401839A (en) * 2013-07-02 2013-11-20 河海大学 Attribute protection based multiple authorization center encryption method
CN106549758A (en) * 2016-12-09 2017-03-29 四川师范大学 Support the encryption method based on attribute of non-monotonic access structure
CN110830473A (en) * 2019-11-08 2020-02-21 浙江工业大学 Multi-authorization access control system and method based on attribute encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
改进的基于证书条件代理重加密方案;徐洁如;陈克非;沈忠华;徐晓栋;刘艳;;密码学报(第04期);全文 *

Also Published As

Publication number Publication date
CN113489591A (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
CN112019591B (en) Cloud data sharing method based on block chain
CN113489591B (en) Traceable comparison attribute encryption method based on multiple authorization centers
Zuo et al. Fine-grained two-factor protection mechanism for data sharing in cloud storage
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
WO2021022246A1 (en) Systems and methods for generating signatures
Guo et al. TABE-DAC: Efficient traceable attribute-based encryption scheme with dynamic access control based on blockchain
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
JP6497747B2 (en) Key exchange method, key exchange system
JP2005537711A (en) Certificate-based encryption and public key structure infrastructure
CN112383550B (en) Dynamic authority access control method based on privacy protection
CN114219483B (en) Method, equipment and storage medium for sharing block chain data based on LWE-CPBE
Xu et al. Multi-authority proxy re-encryption based on CPABE for cloud storage systems
Tiwari et al. SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation
Li et al. Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud
CN116418560A (en) System and method for online quick identity authentication based on blockchain intelligent contract
CN116702191A (en) Federally learned local model parameter aggregation method
CN117118600A (en) Block chain agent re-encryption method and system based on lattice password improvement
CN108763944B (en) Multi-center large-attribute domain attribute-based encryption method capable of being safely revoked in fog computing
CN113836571B (en) Medical data possession terminal position matching method and system based on cloud and blockchain
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
KR100974628B1 (en) Method and System of distributing group key using broadcasting message authentication on wireless sensor network and Recording medium using this
CN114844649B (en) Secret key distribution method containing trusted third party based on superlattice PUF
CN114726503A (en) Privacy protection data subscription method in block chain Internet of vehicles
CN117155692B (en) Smart grid data aggregation method and system based on security mask

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant