[go: up one dir, main page]

CN115544531A - Data transmission method and equipment - Google Patents

Data transmission method and equipment Download PDF

Info

Publication number
CN115544531A
CN115544531A CN202110737183.5A CN202110737183A CN115544531A CN 115544531 A CN115544531 A CN 115544531A CN 202110737183 A CN202110737183 A CN 202110737183A CN 115544531 A CN115544531 A CN 115544531A
Authority
CN
China
Prior art keywords
ciphertext
key
attribute
data
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110737183.5A
Other languages
Chinese (zh)
Inventor
林玥
高雪松
田永鸿
陈维强
张淯易
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Group Holding Co Ltd
Original Assignee
Hisense Group Holding Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Group Holding Co Ltd filed Critical Hisense Group Holding Co Ltd
Priority to CN202110737183.5A priority Critical patent/CN115544531A/en
Publication of CN115544531A publication Critical patent/CN115544531A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a data transmission method and equipment, which are used for realizing data retrieval through an intelligent contract, meeting the light-weight requirements of data request equipment, data source equipment and other Internet of things equipment while meeting the mass requirement of the data retrieval. The data transmission method provided by the embodiment of the application comprises the following steps: performing attribute encryption on an access structure predefined by data source equipment and a first secret key used for encrypting a plaintext document stored in the data source equipment to obtain an attribute ciphertext; and generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract.

Description

Data transmission method and equipment
Technical Field
The present application relates to the field of information technologies, and in particular, to a data transmission method and device.
Background
The existing access control technology of the internet of things usually adopts a centralized authorization decision, so that the problem of safety trust between equipment exists, and single-point faults are easy to generate. And at present, the access control models are not mature, and the characteristics of the Internet of things on the large scale and the light weight of equipment are not uniformly considered.
The existing block chain and attribute encryption combination method has the problems that the block storage capacity is limited, and a plurality of access strategies are difficult to deploy in real time in a transaction mode. And the attribute set of the data requester is encapsulated in the transaction information and is broadcast to all nodes in the whole network to be publicly visible, so that the attribute set is extremely easy to be embezzled by a malicious node to generate a correct user key.
Disclosure of Invention
The embodiment of the application provides a data transmission method and device, which are used for realizing data retrieval through an intelligent contract, meeting the light-weight requirements of data request equipment, data source equipment and other Internet of things equipment while meeting the mass requirement of data retrieval.
On the data source device side, a data transmission method provided in the embodiment of the present application includes:
performing attribute encryption on an access structure predefined by data source equipment and a first key used for encrypting a plaintext document stored in the data source equipment to obtain an attribute ciphertext;
and generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract.
According to the method, an access structure predefined by data source equipment and a first key used for encrypting a plaintext document stored in the data source equipment are subjected to attribute encryption to obtain an attribute ciphertext; and generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract, so that data retrieval is realized through the intelligent contract, the light-weight requirements of data request equipment, data source equipment and other Internet of things equipment are met while the mass requirement of the data retrieval is met, the management difficulty of large-scale data access equipment can be simplified, and the management burden of the Internet of things equipment is reduced.
Optionally, generating, by using the attribute ciphertext, a security index for acquiring the plaintext document, specifically including:
extracting keywords from a ciphertext document obtained by encrypting the plaintext document to obtain a keyword set;
aiming at each keyword in the keyword set, constructing an array corresponding to the keyword, wherein the array is used for representing the corresponding relation between the keyword and each ciphertext document;
encrypting each keyword by using a second key to obtain an encrypted keyword;
and generating a safety index, wherein the safety index comprises the corresponding relation among the encrypted key words, the attribute ciphertext and the arrays.
Optionally, the method further comprises:
and sending the ciphertext document to a cloud server or a server for providing a verification intelligent contract.
Optionally, the method further comprises:
and respectively carrying out hash value calculation on the ciphertext document, and sending the obtained hash value and the second secret key to an authorization center.
On the data request device side, a data transmission method provided in an embodiment of the present application includes:
obtaining an attribute ciphertext from a server for providing a secure search intelligent contract; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and a first key for encrypting a plaintext document stored in the data source equipment by the data source equipment;
and recovering the first key from the attribute ciphertext, and decrypting the ciphertext document containing the current keyword required to be queried by using the first key to obtain the plaintext document containing the current keyword required to be queried.
Optionally, the method further comprises:
sending a data access request to an authorization center, wherein the data access request comprises the identification of the data request equipment and the data access attribute;
acquiring a third key provided by the authorization center and generated for the data access attribute of the data request device, and a hash value and a second key obtained by calculating the hash value of a ciphertext document, wherein the second key is used for encrypting keywords, and the keywords are keywords extracted from the ciphertext document;
encrypting the keywords which need to be inquired at present by using the second key to obtain a keyword trapdoor;
the attribute ciphertext is obtained from a server for providing a secure search intelligence contract using the key trapdoor.
Optionally, the obtaining, by using the key trapdoor, the attribute ciphertext from a server for providing a secure search intelligent contract includes:
and sending the keyword trapdoor to a server for providing a security retrieval intelligent contract, and calling the security retrieval intelligent contract to search an attribute ciphertext corresponding to the keyword trapdoor.
Optionally, the ciphertext document containing the keyword currently to be queried is obtained from a server for providing an authentication intelligent contract in the following manner:
further acquiring an array which is corresponding to the keyword trapdoor and used for representing the corresponding relation between the keywords and the ciphertext document by calling the security retrieval intelligent contract;
and determining the hash value set of the ciphertext document containing the keyword which needs to be inquired currently according to the array, sending the hash value set to a server for providing an intelligent verification contract, calling the intelligent verification contract to carry out integrity verification on the hash value set of the ciphertext document containing the keyword which needs to be inquired currently, and receiving the ciphertext document containing the keyword which needs to be inquired currently, which is sent by the server for providing the intelligent verification contract if the verification is passed.
Optionally, recovering the first key from the attribute ciphertext specifically includes:
and when the third key conforms to the access structure, recovering the first key from the attribute ciphertext.
On a server side for providing a secure search intelligent contract, a data transmission method provided by the embodiment of the application includes:
receiving a security index sent by data source equipment; the security index is generated by the data source equipment by using the attribute ciphertext and used for acquiring the plaintext document; the attribute ciphertext is an attribute ciphertext obtained by the data source device performing attribute encryption on a predefined access structure and a first key used for encrypting a plaintext document stored in the data source device;
and when a keyword trapdoor sent by data request equipment is received, searching an attribute ciphertext corresponding to the keyword trapdoor through the safety index, and sending the attribute ciphertext to the data request equipment.
Optionally, while the attribute ciphertext corresponding to the keyword trapdoor is searched, an array corresponding to the keyword trapdoor and used for representing the correspondence between the keyword and the ciphertext document is also searched, and the array and the attribute ciphertext are sent to the data request device.
On a server side for providing a verification intelligent contract, a data transmission method provided by an embodiment of the present application includes:
receiving a hash value set of a ciphertext document containing a keyword which is required to be inquired currently by data request equipment and sent by the data request equipment;
and carrying out integrity verification on the hash value set, and sending a ciphertext document containing the key word which needs to be inquired at present to the data request equipment when the verification is passed.
Optionally, the method further comprises:
and acquiring the ciphertext document from the cloud server.
On the authorization center side, a data transmission method provided by the embodiment of the application includes:
when a data access request sent by data request equipment is received, acquiring an identifier and a data access attribute of the data request equipment from the data access request;
generating a third key for a data access attribute of the data requesting device;
sending the third key to the data request device; when the third key conforms to the predefined access structure of the data source device, the data request device recovers the first key for decrypting the ciphertext document from the attribute ciphertext; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and the first key by the data source equipment.
Optionally, the method further comprises:
receiving a hash value and a second key sent by data source equipment; the hash value is obtained by calculating the hash value of the ciphertext document by the data source equipment; the second key is used for encrypting the key word which needs to be inquired currently by the data request equipment;
and sending the hash value and the second key to the data request equipment.
Another embodiment of the present application provides a data transmission device, which includes a memory and a processor, wherein the memory is used for storing program instructions, and the processor is used for calling the program instructions stored in the memory and executing any one of the above methods according to the obtained program.
Another embodiment of the present application provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic diagram of a system framework provided by an embodiment of the present application;
FIG. 2 is a schematic view of an access structure provided in an embodiment of the present application;
fig. 3 is a schematic overall flowchart of a data transmission method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a data transmission method at a data source device side according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a data transmission method at a data request device side according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a data transmission method on a server side for providing secure search intelligent contracts according to an embodiment of the present application;
fig. 7 is a schematic flowchart of a data transmission method on a server side for providing a verification intelligent contract according to an embodiment of the present application;
fig. 8 is a schematic flowchart of a data transmission method at the authorization center side according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a data transmission device at a data source device side according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a data transmission device on a data request device side according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of a data transmission device on a server side for providing secure search intelligent contracts according to an embodiment of the present application;
fig. 13 is a schematic structural diagram of a data transmission device on a server side for providing a verification intelligent contract according to an embodiment of the present application;
fig. 14 is a schematic structural diagram of a data transmission device on the authorization center side according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a data transmission method and data transmission equipment, which are used for realizing data retrieval through an intelligent contract, meeting the mass requirement of data retrieval and meeting the lightweight requirements of Internet of things equipment such as data request equipment and data source equipment.
The method and the device are based on the same application concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not described again.
Various embodiments of the present application will be described in detail below with reference to the drawings. It should be noted that the display sequence of the embodiment of the present application only represents the sequence of the embodiment, and does not represent the merits of the technical solutions provided by the embodiments.
The technical scheme provided by the embodiment of the application is oriented to the smart home scene of the lightweight intelligent device, and mainly relates to the technology of block chains, attribute encryption and keyword ciphertext retrieval.
The technical scheme provided by the embodiment of the application can solve the following technical problems:
the current intelligent terminal equipment has the advantages of high volume and light weight. The massive nature brings more complex management difficulty for access control, and massive users, terminal equipment, various equipment types, data types and more complex applications need to be managed; the lightweight of the device means that the device does not provide much computing and memory capacity for access control.
When the intelligent equipment communicates through the cloud, the intelligent terminal equipment manufacturer can acquire sensitive information of equipment users through the cloud server, and once the private information is revealed, the user can be greatly lost. Since the user loses actual control over the data, the data needs to be encrypted before being uploaded by the user in consideration of the incredibility of the cloud server and the guarantee of privacy and safety of the user data, but the encryption operation cannot be used by the keyword retrieval technology based on the plaintext.
In the conventional identity encryption scheme, identity information of an encryptor must be determined in a decryption process, and the decryption is one-to-one. Therefore, the traditional identity encryption scheme can realize simple one-to-one encryption and decryption, but cannot realize one-to-many resource access.
The embodiment of the application aims to provide a safety retrieval and access control scheme suitable for massive and lightweight terminal equipment.
Specifically, as shown in fig. 1, the system framework provided in the embodiment of the present application includes 5 participants, which are: a Data Source Device (DSD), a Data Request Device (DRD), a Cloud Server (CS), an Authorization Center (AC), a server (i.e., a block chain) for providing a Smart Contract (SC), wherein the Smart Contract server includes a server for providing an authentication Smart Contract and a server for providing a security retrieval Smart Contract, and the two servers may also be the same server, i.e., the same server provides the authentication Smart Contract and the security retrieval Smart Contract.
The smart contract described in the embodiments of the present application is essentially a state machine that includes a set of executable functions, state variables, and an identification address. After the contract deployer designates the relevant authority confirmation logic and uploads the compiled contract to the block chain, other users can initiate a transaction to the designated contract through the identification address, so as to trigger the corresponding execution function in the corresponding contract, return the execution result and update the state of the contract. Therefore, the intelligent contract endows the blockchain with computing processing capacity, and a developer can manage and control data on the chain through a reasonable logic function.
The embodiment of the application is suitable for a one-to-many search model, the data source device uploads the ciphertext set to the cloud, and the document can be decrypted only when the attribute private key of the user meets the access structure.
The data transmission method provided by the embodiment of the present application is described below from a data source device side and a data request device side, respectively.
A data source device:
and 101, encrypting and uploading data to a cloud server. Assuming that n plaintext documents form a set D = { D1, D2, \8230;, dn }, the data source device DSD generates a key K1 through a key generation algorithm as a symmetric encryption key of the data document to encrypt the plaintext document, C = Enc K1 (D) And respectively carrying out Hash value calculation on the ciphertext documents C = { C1, C2, \8230;, cn }, wherein i belongs to (1, n), and obtaining the Hash (C) = Hash (C1, C2, \8230;, cn). And uploading the ciphertext document C to a cloud server, or uploading the ciphertext document C to a block chain, for example, directly uploading the ciphertext document C to a server providing an intelligent contract for verification.
The key generation algorithm described in the embodiment of the present application may adopt an algorithm in the prior art, and the present application is not limited.
And 102, encrypting the key. For the encryption key K1, the data source device defines the access structure Ac in advance, as shown in the example in fig. 1, and executes the CP-ABE encryption algorithm to embed the access structure Ac and the encryption key K1 (which may also be referred to as a first key for distinction) into the attribute ciphertext
Figure BDA0003142006390000081
In (1). Wherein, the access structure Ac, as shown in fig. 2, is for example: the relationship of temperature sensor and switch sensor is OR, one of which is satisfied, and the gateway is MAC1, the access structure is conformed. The CP-ABE encryption algorithm is an attribute encryption algorithm and is used for performing attribute encryption on the secret key K1 and the access structure Ac to obtain an attribute ciphertext C k1 =KeyEnc(K1,Ac)。
And step 103, index generation. The data source device DSD extracts a set of keywords W = { W1, W2, \8230;, wm } from the data document D, where m is different from n above, that is, the number m of keywords extracted from the data document D may be more than the number n of plaintext documents or less than the number n of plaintext documents.
For each keyword W in the set of keywords W = { W1, W2, \8230;, wm }, each keyword W i Construct array DB (w) i ) For representing a keyword w i Correspondence with each document, here i belongs to (1,m).
Then, a search key SKs (which may be referred to as a second key for distinction) is generated by a key generation algorithm, and each keyword is encrypted to obtain T wi And indexing the security
Figure BDA0003142006390000091
And the uplink is sent to a server for providing the security retrieval intelligent contract, and the security retrieval intelligent contract is called to store the security index I. The secure index I comprises T wi
Figure BDA0003142006390000092
And DB (w) i ) Said safety searching intelligent contract maintains a searching table, T wi Can find
Figure BDA0003142006390000093
And DB (w) i )。
It should be noted that in the embodiment of the present application, i represents different meanings in different parameters, and i in different parameters does not take a value in a unified manner. For example, ci represents any ciphertext document, w, in the set of ciphertext documents C = { C1, C2, \8230;, cn } i The method represents any keyword in the keyword W = { W1, W2, \8230;, wm } set, and the two i have no relation with each other, and do not need to take the same value at the same time.
And 104, uploading the data. And the data source device DSD transmits the Hash value Hash (C) and the retrieval key SKs to the authorization center through a secure channel.
The data request device:
step 201, access request. When a data request device DRD i (DRD i Representing any data requesting device) sends a data access request, the authorization center receives the DRD i And a corresponding set of attributes Au i . For example: the attribute set Au1 of the data request device DRD1 is: { gateway MAC1, temperature sensor }, the attribute set Au2 of the data request device DRD2 is: { gateway MAC2, temperature sensor }. The data requesting device DRD1 then conforms to the access structure defined by the previous data source device, while the data requesting deviceDRD2 does not.
The authorization center executes the CP-ABE key generation algorithm to request DRD for the data device i Generates an attribute private key SKu i (also referred to as a third key for differentiation) and an attribute private key SKu i The issuance of a search key SKs and a Hash (C) to a data requesting device DRD i
Wherein the attribute private key SKu i Corresponding to the access structure Ac, the access structure Ac is equivalent to a public key, and only the attribute private key SKu is needed in the following process i If the access structure Ac is satisfied, the attribute ciphertext can be decrypted, and the secret key K1 can be obtained from the attribute ciphertext.
Step 202, key trapdoor generation phase. Data request device DRD i After obtaining the corresponding retrieval key SKs, generating a key trapdoor T according to the current key kw to be queried kw Encrypting the key word kw by using the retrieval key SKs to obtain T kw
Step 203, search phase. Data request device DRD i Will T kw As the input parameter, the safety search intelligent contract is called, the process executes the search algorithm, namely the server for providing the safety search intelligent contract executes the safety search intelligent contract, and searches the corresponding safety search intelligent contract according to the search table
Figure BDA0003142006390000101
And DB (w) kw )。
After the safety search intelligent contract search is completed, the safety search intelligent contract search method will be used
Figure BDA0003142006390000102
And DB (w) kw ) DRD returned to invoke secure search intelligence contracts i . The intelligent contract is retrieved through the safety retrieval, the retrieval function is transferred to the block chain, and the malicious property of the cloud server can be dealt with.
Step 204, verification phase. DRD i In reading DB (w) kw ) Then, the set Hash value of the ciphertext document containing the keyword kw can be clarified kw (C) And invoking the verification intelligent contract to Hash kw (C) Uplink, i.e. to be sent for liftingAnd the server is used for verifying the intelligent contract so as to facilitate the integrity verification of the data document of the subsequent contract.
The cloud server is reading DB (w) kw ) Then, the ciphertext document C containing the keyword kw can be clearly obtained kw And the ciphertext document C is verified by calling the verification intelligent contract kw Sending the document to a server for providing the verification intelligent contract, and verifying the ciphertext document C through the server for providing the verification intelligent contract kw By a server providing a verification intelligence contract kw (C) And Hash (C) kw ) Whether the two are equal or not, if so, the server for providing the verification intelligent contract sends a ciphertext document C kw To the data requesting device. Therefore, the correctness of the returned result of the cloud server is verified by verifying the intelligent contract, so that the DRD can be used i The correct ciphertext document can be obtained always without local re-verification, and the calculation expense of the intelligent equipment is reduced.
Wherein, DB (w) kw ) The server for providing the security retrieval intelligent contract sends the security retrieval intelligent contract to the cloud server. For example, a server providing secure search intelligent contracts is receiving T kw Thereafter, DB (w) kw ) Sending to the cloud server, the cloud server passing DB (w) kw ) Searching ciphertext document C corresponding to keyword kw kw And sent to a server for providing the validated intelligent contract.
Step 205, decryption, D kw =Dec(C kw ,K1)。DRD i Receive the correct ciphertext C kw (the server providing the verified intelligent contract gets from the cloud server and sends to the DRD i Of course, if C kw Directly stored in the server for providing the verified intelligent contract and directly sent to the DRD by the server for providing the verified intelligent contract i ) Then, executing CP-ABE decryption algorithm if attribute private key SKu i If the access structure Ac is satisfied, the symmetric encryption key K1 can be correctly recovered from the attribute ciphertext. After obtaining the symmetric key K1 by decryption, decrypting the read ciphertext document C kw Obtaining a plaintext document D containing the query keyword kw kw And (4) collecting.
The flow of the above steps can be specifically shown in fig. 3, wherein the intelligent contract server for security retrieval, that is, the short for the server for providing the intelligent contract for security retrieval is referred to; and the verification intelligent contract server is a server for providing the verification intelligent contract.
In summary, in order to meet the requirement of mass, the technical solution provided in the embodiment of the present application simplifies the management difficulty of large-scale devices by constructing an association relationship of { attribute, access structure }. The use of the attribute encryption technology can realize one-to-many fine-grained access control, and reduce the public key management burden of equipment and the extra cost brought by the revocation of the public key. The keyword ciphertext retrieval can complete the search of the encrypted data under the condition of not revealing the privacy of the user data. The utilization of the intelligent contracts deploys parts needing large-scale calculation and verification in a block chain, and supports lightweight Internet of things equipment.
Referring to fig. 4, at a data source device side, a data transmission method provided in an embodiment of the present application includes:
s401, performing attribute encryption on an access structure predefined by data source equipment and a first secret key used for encrypting a plaintext document stored in the data source equipment to obtain an attribute ciphertext;
wherein the first key is, for example, the encryption key K1.
Said attribute cryptogram, e.g. said
Figure BDA0003142006390000111
S402, generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract.
According to the method, an access structure predefined by data source equipment and a first key used for encrypting a plaintext document stored in the data source equipment are subjected to attribute encryption to obtain an attribute ciphertext; and generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract, so that data retrieval is realized through the intelligent contract, the light-weight requirements of data request equipment, data source equipment and other Internet of things equipment are met while the mass requirement of the data retrieval is met, the management difficulty of large-scale data access equipment can be simplified, and the management burden of the Internet of things equipment is reduced.
Optionally, generating, by using the attribute ciphertext, a security index for acquiring the plaintext document, specifically including:
extracting keywords from a ciphertext document obtained by encrypting the plaintext document to obtain a keyword set;
aiming at each keyword in the keyword set, constructing an array corresponding to the keyword, wherein the array is used for representing the corresponding relation between the keyword and each ciphertext document;
encrypting each keyword by using a second key to obtain an encrypted keyword;
and generating a safety index, wherein the safety index comprises the corresponding relation among the encrypted keyword, the attribute ciphertext and the array.
Wherein the second key is, for example, the retrieval key SKs.
Optionally, the method further comprises:
and sending the ciphertext document to a cloud server or a server for providing an intelligent contract for verification.
Optionally, the method further comprises:
and respectively calculating the hash value of the ciphertext document, and sending the obtained hash value and the second key to an authorization center.
Referring to fig. 5, at a data request device side, a data transmission method provided in an embodiment of the present application includes:
s501, obtaining an attribute ciphertext from a server for providing a security retrieval intelligent contract; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and a first key for encrypting a plaintext document stored in the data source equipment by the data source equipment;
s502, the first secret key is recovered from the attribute ciphertext, the ciphertext document containing the keyword which needs to be inquired at present is decrypted by the first secret key, and a plaintext document containing the keyword which needs to be inquired at present is obtained.
Optionally, the method further comprises:
sending a data access request to an authorization center, wherein the data access request comprises the identification of the data request equipment and the data access attribute;
acquiring a third key provided by the authorization center and generated for the data access attribute of the data request device, and a hash value and a second key obtained by calculating the hash value of a ciphertext document, wherein the second key is used for encrypting keywords, and the keywords are keywords extracted from the ciphertext document;
encrypting the keywords which need to be inquired currently by using the second key to obtain a keyword trapdoor;
the attribute ciphertext is obtained from a server for providing a secure search intelligence contract using the key trapdoor.
Optionally, the obtaining, by using the key trapdoor, the attribute ciphertext from a server for providing a secure search intelligent contract includes:
and sending the keyword trapdoor to a server for providing a security retrieval intelligent contract, and calling the security retrieval intelligent contract to search an attribute ciphertext corresponding to the keyword trapdoor.
Optionally, the ciphertext document containing the keyword currently to be queried is obtained from a server for providing the verification intelligent contract in the following manner:
further acquiring an array which is corresponding to the keyword trapdoor and used for representing the corresponding relation between the keywords and the ciphertext document by calling the security retrieval intelligent contract;
and determining the hash value set of the ciphertext document containing the keyword which needs to be inquired currently according to the array, sending the hash value set to a server for providing an intelligent verification contract, calling the intelligent verification contract to carry out integrity verification on the hash value set of the ciphertext document containing the keyword which needs to be inquired currently, and receiving the ciphertext document containing the keyword which needs to be inquired currently and sent by the server for providing the intelligent verification contract if the verification is passed.
Optionally, recovering the first key from the attribute ciphertext specifically includes:
and when the third key conforms to the access structure, recovering the first key from the attribute ciphertext.
Referring to fig. 6, on a server side for providing a secure search intelligent contract, a data transmission method provided in an embodiment of the present application includes:
s601, receiving a security index sent by data source equipment; the security index is generated by the data source equipment by using the attribute ciphertext and used for acquiring the plaintext document; the attribute ciphertext is an attribute ciphertext obtained by the data source device performing attribute encryption on a predefined access structure and a first key used for encrypting a plaintext document stored in the data source device;
s602, when a keyword trapdoor sent by data request equipment is received, searching an attribute ciphertext corresponding to the keyword trapdoor through the security index, and sending the attribute ciphertext to the data request equipment.
Optionally, while the attribute ciphertext corresponding to the keyword trapdoor is searched, an array corresponding to the keyword trapdoor and used for representing the correspondence between the keyword and the ciphertext document is also searched, and the array and the attribute ciphertext are sent to the data request device.
Referring to fig. 7, on a server side for providing a verification intelligent contract, a data transmission method provided in an embodiment of the present application includes:
s701, receiving a hash value set of a ciphertext document which is sent by a data request device and contains a keyword which needs to be inquired by the data request device at present;
s702, carrying out integrity verification on the hash value set, and sending a ciphertext document containing the key word needing to be inquired to the data request equipment when the verification is passed.
Optionally, the method further comprises:
and acquiring the ciphertext document from the cloud server.
Referring to fig. 8, on the authorization center side, a data transmission method provided in an embodiment of the present application includes:
s801, when a data access request sent by a data request device is received, acquiring an identifier and a data access attribute of the data request device from the data access request;
s802, generating a third key for the data access attribute of the data request equipment;
s803, the third key is sent to the data request equipment; when the third key conforms to the predefined access structure of the data source device, the data request device recovers the first key for decrypting the ciphertext document from the attribute ciphertext; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and the first key by the data source equipment.
Optionally, the method further comprises:
receiving a hash value and a second key sent by data source equipment; the hash value is obtained by calculating the hash value of the ciphertext document by the data source equipment; the second key is used for encrypting the key word which needs to be inquired currently by the data request equipment;
and sending the hash value and the second key to the data request equipment.
Referring to fig. 9, a data transmission device provided in an embodiment of the present application includes: a memory 901 and a processor 902.
1. When the data transmission device is used as a data source device, the memory 901 is configured to store program instructions, and the processor 902 is configured to call the program instructions stored in the memory, and execute, according to an obtained program:
performing attribute encryption on an access structure predefined by data source equipment and a first key used for encrypting a plaintext document stored in the data source equipment to obtain an attribute ciphertext;
and generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract.
Optionally, generating, by using the attribute ciphertext, a security index for acquiring the plaintext document, specifically including:
extracting keywords from a ciphertext document obtained by encrypting the plaintext document to obtain a keyword set;
for each keyword in the keyword set, constructing an array corresponding to the keyword, wherein the array is used for representing the corresponding relation between the keyword and each ciphertext document;
encrypting each keyword by using a second key to obtain an encrypted keyword;
and generating a safety index, wherein the safety index comprises the corresponding relation among the encrypted key words, the attribute ciphertext and the arrays.
Wherein the second key is, for example, the retrieval key SKs.
Optionally, the processor 902 is further configured to:
and sending the ciphertext document to a cloud server or a server for providing an intelligent contract for verification.
Optionally, the processor 902 is further configured to:
and respectively calculating the hash value of the ciphertext document, and sending the obtained hash value and the second key to an authorization center.
2. When the data transmission device is used as a data request device, the memory 901 is used to store program instructions, and the processor 902 is used to call the program instructions stored in the memory, and execute the following steps according to the obtained program:
acquiring an attribute ciphertext from a server for providing a secure search intelligent contract; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and a first key for encrypting a plaintext document stored in the data source equipment by the data source equipment;
and recovering the first key from the attribute ciphertext, and decrypting the ciphertext document containing the keyword which needs to be queried currently by using the first key to obtain a plaintext document containing the keyword which needs to be queried currently.
Optionally, the processor 902 is further configured to:
sending a data access request to an authorization center, wherein the data access request comprises the identification of data request equipment and data access attributes;
acquiring a third key provided by the authorization center and generated for the data access attribute of the data request device, and a hash value and a second key obtained by calculating the hash value of a ciphertext document, wherein the second key is used for encrypting keywords, and the keywords are keywords extracted from the ciphertext document;
encrypting the keywords which need to be inquired currently by using the second key to obtain a keyword trapdoor;
the attribute ciphertext is obtained from a server for providing a secure search intelligence contract using the key trapdoor.
Optionally, the obtaining, by using the key trapdoor, the attribute ciphertext from a server for providing a secure search intelligent contract includes:
and sending the key trapdoor to a server for providing a security retrieval intelligent contract, and calling the security retrieval intelligent contract to search for an attribute ciphertext corresponding to the key trapdoor.
Optionally, the ciphertext document containing the keyword currently to be queried is obtained from a server for providing the verification intelligent contract in the following manner:
further acquiring an array which is corresponding to the keyword trapdoor and used for representing the corresponding relation between the keywords and the ciphertext document by calling the security retrieval intelligent contract;
and determining the hash value set of the ciphertext document containing the keyword which needs to be inquired currently according to the array, sending the hash value set to a server for providing an intelligent verification contract, calling the intelligent verification contract to carry out integrity verification on the hash value set of the ciphertext document containing the keyword which needs to be inquired currently, and receiving the ciphertext document containing the keyword which needs to be inquired currently, which is sent by the server for providing the intelligent verification contract if the verification is passed.
Optionally, recovering the first key from the attribute ciphertext includes:
and when the third key conforms to the access structure, recovering the first key from the attribute ciphertext.
3. When the data transmission device is used as a server for providing secure search intelligent contracts, the memory 901 is used for storing program instructions, and the processor 902 is used for calling the program instructions stored in the memory and executing the following steps according to the obtained program:
receiving a security index sent by data source equipment; the security index is generated by the data source equipment by using the attribute ciphertext and used for acquiring the plaintext document; the attribute ciphertext is an attribute ciphertext obtained by the data source device performing attribute encryption on a predefined access structure and a first key used for encrypting a plaintext document stored in the data source device;
and when a keyword trapdoor sent by data request equipment is received, searching an attribute ciphertext corresponding to the keyword trapdoor through the safety index, and sending the attribute ciphertext to the data request equipment.
Optionally, while the attribute ciphertext corresponding to the keyword trapdoor is searched, an array corresponding to the keyword trapdoor and used for representing the correspondence between the keyword and the ciphertext document is also searched, and the array and the attribute ciphertext are sent to the data request device.
4. When the data transmission device is used as a server for providing the verification intelligent contract, the memory 901 is used for storing program instructions, and the processor 902 is used for calling the program instructions stored in the memory and executing the following steps according to the obtained program:
receiving a hash value set of a ciphertext document containing a keyword which is required to be inquired currently by data request equipment and is sent by the data request equipment;
and carrying out integrity verification on the hash value set, and sending a ciphertext document containing the key word needing to be queried currently to the data request equipment when the verification is passed.
Optionally, the processor 902 is further configured to:
and acquiring the ciphertext document from the cloud server.
5. When the data transmission device is used as a data request device, the memory 901 is used to store program instructions, and the processor 902 is used to call the program instructions stored in the memory, and execute the following steps according to the obtained program:
when a data access request sent by data request equipment is received, acquiring an identifier and a data access attribute of the data request equipment from the data access request;
generating a third key for a data access attribute of the data requesting device;
sending the third key to the data request device; when the third key conforms to the predefined access structure of the data source device, the data request device recovers the first key for decrypting the ciphertext document from the attribute ciphertext; and the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and the first key by the data source equipment.
Optionally, the processor 902 is further configured to:
receiving a hash value and a second key sent by data source equipment; the hash value is obtained by calculating the hash value of the ciphertext document by the data source equipment; the second key is used for encrypting the keyword which needs to be inquired currently by the data request equipment;
and sending the hash value and the second key to the data request equipment.
The processor 902 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or a Complex Programmable Logic Device (CPLD).
Referring to fig. 10, at a data source device side, a data transmission device provided in an embodiment of the present application includes:
a first unit 11, configured to perform attribute encryption on an access structure predefined by a data source device and a first key used to encrypt a plaintext document stored in the data source device, to obtain an attribute ciphertext;
and a second unit 12, configured to generate, by using the attribute ciphertext, a security index for obtaining the plaintext document, and send the security index to a server for providing a security retrieval intelligent contract.
Optionally, generating, by using the attribute ciphertext, a security index for acquiring the plaintext document, specifically including:
extracting keywords from a ciphertext document obtained by encrypting the plaintext document to obtain a keyword set;
for each keyword in the keyword set, constructing an array corresponding to the keyword, wherein the array is used for representing the corresponding relation between the keyword and each ciphertext document;
encrypting each keyword by using a second key to obtain an encrypted keyword;
and generating a safety index, wherein the safety index comprises the corresponding relation among the encrypted key words, the attribute ciphertext and the arrays.
Wherein the second key is, for example, the retrieval key SKs.
Optionally, the first unit 11 is further configured to:
and sending the ciphertext document to a cloud server or a server for providing a verification intelligent contract.
Optionally, the first unit 11 is further configured to:
and respectively calculating the hash value of the ciphertext document, and sending the obtained hash value and the second key to an authorization center.
Referring to fig. 11, at a data request device side, a data transmission device provided in an embodiment of the present application includes:
an obtaining unit 21 configured to obtain an attribute ciphertext from a server for providing a secure search intelligence contract; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and a first key for encrypting a plaintext document stored in the data source equipment by the data source equipment;
and the decryption unit 22 is configured to recover the first key from the attribute ciphertext, and decrypt, by using the first key, a ciphertext document that includes the keyword that needs to be queried currently, to obtain a plaintext document that includes the keyword that needs to be queried currently.
Optionally, the obtaining unit 21 is further configured to:
sending a data access request to an authorization center, wherein the data access request comprises the identification of the data request equipment and the data access attribute;
acquiring a third key provided by the authorization center and generated for the data access attribute of the data request device, and a hash value and a second key obtained by calculating the hash value of a ciphertext document, wherein the second key is used for encrypting keywords, and the keywords are keywords extracted from the ciphertext document;
encrypting the keywords which need to be inquired at present by using the second key to obtain a keyword trapdoor;
the attribute ciphertext is obtained from a server for providing a secure search intelligence contract using the key trapdoor.
Optionally, the obtaining, by using the key trapdoor, the attribute ciphertext from a server for providing a secure search intelligent contract includes:
and sending the key trapdoor to a server for providing a security retrieval intelligent contract, and calling the security retrieval intelligent contract to search for an attribute ciphertext corresponding to the key trapdoor.
Optionally, the ciphertext document containing the keyword currently to be queried is obtained from a server for providing the verification intelligent contract in the following manner:
further acquiring an array which is corresponding to the keyword trapdoor and used for representing the corresponding relation between the keywords and the ciphertext document by calling the security retrieval intelligent contract;
and determining the hash value set of the ciphertext document containing the keyword which needs to be inquired currently according to the array, sending the hash value set to a server for providing an intelligent verification contract, calling the intelligent verification contract to carry out integrity verification on the hash value set of the ciphertext document containing the keyword which needs to be inquired currently, and receiving the ciphertext document containing the keyword which needs to be inquired currently, which is sent by the server for providing the intelligent verification contract if the verification is passed.
Optionally, recovering the first key from the attribute ciphertext specifically includes:
and when the third key conforms to the access structure, recovering the first key from the attribute ciphertext.
Referring to fig. 12, on a server side for providing a secure search intelligent contract, a data transmission device provided in an embodiment of the present application includes:
a receiving unit 31, configured to receive a security index sent by a data source device; the security index is generated by the data source equipment by using the attribute ciphertext and used for acquiring the plaintext document; the attribute ciphertext is an attribute ciphertext obtained by the data source device performing attribute encryption on a predefined access structure and a first key used for encrypting a plaintext document stored in the data source device;
and the searching unit 32 is configured to, when a keyword trapdoor sent by a data requesting device is received, search an attribute ciphertext corresponding to the keyword trapdoor through the security index, and send the attribute ciphertext to the data requesting device.
Optionally, while the attribute ciphertext corresponding to the keyword trapdoor is searched, an array corresponding to the keyword trapdoor and used for representing the correspondence between the keyword and the ciphertext document is also searched, and the array and the attribute ciphertext are sent to the data request device.
Referring to fig. 13, on a server side for providing an intelligent contract for authentication, a data transmission device provided in an embodiment of the present application includes:
a receiving unit 41, configured to receive a hash value set of a ciphertext document that contains a keyword that needs to be queried currently by a data request device and is sent by the data request device;
and the verification unit 42 is configured to perform integrity verification on the hash value set, and when the verification is passed, send a ciphertext document containing a keyword that needs to be queried currently to the data request device.
Optionally, the receiving unit 41 is further configured to:
and acquiring the ciphertext document from the cloud server.
Referring to fig. 14, on the authorization center side, a data transmission method provided in an embodiment of the present application includes:
an obtaining unit 51, configured to, when receiving a data access request sent by a data requesting device, obtain an identifier and a data access attribute of the data requesting device from the data access request;
a key generation unit 52 configured to generate a third key for the data access attribute of the data request apparatus;
a sending unit 53, configured to send the third key to the data requesting device; when the third key conforms to the predefined access structure of the data source device, the data request device recovers the first key for decrypting the ciphertext document from the attribute ciphertext; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and the first key by the data source equipment.
Optionally, the obtaining unit 51 is further configured to receive the hash value and the second key sent by the data source device; the hash value is obtained by calculating the hash value of the ciphertext document by the data source equipment; the second key is used for encrypting the keyword which needs to be inquired currently by the data request equipment;
the sending unit 53 is further configured to send the hash value and the second key to the data requesting device.
It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiment of the present application provides a computing device, which may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The computing device may include a Central Processing Unit (CPU), memory, input/output devices, etc., the input devices may include a keyboard, mouse, touch screen, etc., and the output devices may include a Display device, such as a Liquid Crystal Display (LCD), cathode Ray Tube (CRT), etc.
The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In the embodiments of the present application, the memory may be used for storing a program of any one of the methods provided by the embodiments of the present application.
The processor is used for executing any one of the methods provided by the embodiment of the application according to the obtained program instructions by calling the program instructions stored in the memory.
Embodiments of the present application provide a computer storage medium for storing computer program instructions for an apparatus provided in the embodiments of the present application, which includes a program for executing any one of the methods provided in the embodiments of the present application.
The computer storage media may be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memories (NAND FLASH), solid State Disks (SSDs)), etc.
The method provided by the embodiment of the application can be applied to terminal equipment and network equipment.
The Terminal device may also be referred to as a User Equipment (User Equipment, abbreviated as "UE"), a Mobile Station (MS "), a Mobile Terminal (Mobile Terminal), or the like, and optionally, the Terminal may have a capability of communicating with one or more core networks through a Radio Access Network (RAN), for example, the Terminal may be a Mobile phone (or referred to as a" cellular "phone), or a computer with Mobile property, and for example, the Terminal may also be a portable, pocket, handheld, computer-embedded, or vehicle-mounted Mobile device.
The above method process flow may be implemented by a software program, which may be stored in a storage medium, and when the stored software program is called, the above method steps are performed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (15)

1. A method of data transmission, the method comprising:
performing attribute encryption on an access structure predefined by data source equipment and a first key used for encrypting a plaintext document stored in the data source equipment to obtain an attribute ciphertext;
and generating a security index for acquiring the plaintext document by using the attribute ciphertext, and sending the security index to a server for providing a security retrieval intelligent contract.
2. The method according to claim 1, wherein generating a security index for obtaining the plaintext document using the attribute ciphertext specifically comprises:
extracting keywords from a ciphertext document obtained by encrypting the plaintext document to obtain a keyword set;
aiming at each keyword in the keyword set, constructing an array corresponding to the keyword, wherein the array is used for representing the corresponding relation between the keyword and each ciphertext document;
encrypting each keyword by using a second key to obtain an encrypted keyword;
and generating a safety index, wherein the safety index comprises the corresponding relation among the encrypted key words, the attribute ciphertext and the arrays.
3. The method of claim 2, further comprising:
and sending the ciphertext document to a cloud server or a server for providing an intelligent contract for verification.
4. A method according to claim 2 or 3, characterized in that the method further comprises:
and respectively carrying out hash value calculation on the ciphertext document, and sending the obtained hash value and the second secret key to an authorization center.
5. A method of data transmission, the method comprising:
obtaining an attribute ciphertext from a server for providing a secure search intelligent contract; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and a first key for encrypting a plaintext document stored in the data source equipment by the data source equipment;
and recovering the first key from the attribute ciphertext, and decrypting the ciphertext document containing the current keyword required to be queried by using the first key to obtain the plaintext document containing the current keyword required to be queried.
6. The method of claim 5, further comprising:
sending a data access request to an authorization center, wherein the data access request comprises the identification of the data request equipment and the data access attribute;
acquiring a third key provided by the authorization center and generated for the data access attribute of the data request device, and a hash value and a second key obtained by calculating the hash value of a ciphertext document, wherein the second key is used for encrypting keywords, and the keywords are keywords extracted from the ciphertext document;
encrypting the keywords which need to be inquired at present by using the second key to obtain a keyword trapdoor;
the attribute ciphertext is obtained from a server for providing a secure search intelligence contract using the key trapdoor.
7. The method of claim 6, wherein obtaining the attribute ciphertext from a server for providing a secure search intelligence contract using the key trapdoor comprises:
and sending the keyword trapdoor to a server for providing a security retrieval intelligent contract, and calling the security retrieval intelligent contract to search an attribute ciphertext corresponding to the keyword trapdoor.
8. The method of claim 7, wherein the ciphertext document containing the key currently needing to be queried is obtained from a server for providing the verification intelligence contract in the following manner:
further acquiring an array which is corresponding to the keyword trapdoor and used for representing the corresponding relation between the keywords and the ciphertext document by calling the security retrieval intelligent contract;
and determining the hash value set of the ciphertext document containing the keyword which needs to be inquired currently according to the array, sending the hash value set to a server for providing an intelligent verification contract, calling the intelligent verification contract to carry out integrity verification on the hash value set of the ciphertext document containing the keyword which needs to be inquired currently, and receiving the ciphertext document containing the keyword which needs to be inquired currently, which is sent by the server for providing the intelligent verification contract if the verification is passed.
9. The method according to claim 6, wherein recovering the first key from the attribute ciphertext comprises:
and when the third key conforms to the access structure, recovering the first key from the attribute ciphertext.
10. A method of data transmission, the method comprising:
receiving a security index sent by data source equipment; the security index is generated by the data source equipment by using the attribute ciphertext and used for acquiring the plaintext document; the attribute ciphertext is an attribute ciphertext obtained by performing attribute encryption on a predefined access structure and a first key for encrypting a plaintext document stored in the data source equipment by the data source equipment;
and when a keyword trapdoor sent by data request equipment is received, searching an attribute ciphertext corresponding to the keyword trapdoor through the safety index, and sending the attribute ciphertext to the data request equipment.
11. The method according to claim 10, wherein while the attribute ciphertext corresponding to the keyword trapdoor is searched, an array corresponding to the keyword trapdoor and used for representing the correspondence between the keyword and the ciphertext document is also searched, and the array and the attribute ciphertext are sent to the data request device.
12. A method of data transmission, the method comprising:
receiving a hash value set of a ciphertext document containing a keyword which is required to be inquired currently by data request equipment and sent by the data request equipment;
and carrying out integrity verification on the hash value set, and sending a ciphertext document containing the key word needing to be queried currently to the data request equipment when the verification is passed.
13. The method of claim 12, further comprising:
and acquiring the ciphertext document from the cloud server.
14. A method of data transmission, the method comprising:
when a data access request sent by data request equipment is received, acquiring an identifier and a data access attribute of the data request equipment from the data access request;
generating a third key for a data access attribute of the data requesting device;
sending the third key to the data request device; when the third key conforms to the predefined access structure of the data source device, the data request device recovers the first key for decrypting the ciphertext document from the attribute ciphertext; the attribute ciphertext is obtained by performing attribute encryption on a predefined access structure and the first key by the data source equipment.
15. The method of claim 14, further comprising:
receiving a hash value and a second key sent by data source equipment; the hash value is obtained by calculating the hash value of the ciphertext document by the data source equipment; the second key is used for encrypting the keyword which needs to be inquired currently by the data request equipment;
and sending the hash value and the second key to the data request equipment.
CN202110737183.5A 2021-06-30 2021-06-30 Data transmission method and equipment Pending CN115544531A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110737183.5A CN115544531A (en) 2021-06-30 2021-06-30 Data transmission method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110737183.5A CN115544531A (en) 2021-06-30 2021-06-30 Data transmission method and equipment

Publications (1)

Publication Number Publication Date
CN115544531A true CN115544531A (en) 2022-12-30

Family

ID=84705518

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110737183.5A Pending CN115544531A (en) 2021-06-30 2021-06-30 Data transmission method and equipment

Country Status (1)

Country Link
CN (1) CN115544531A (en)

Similar Documents

Publication Publication Date Title
CN107948146B (en) Connection keyword retrieval method based on attribute encryption in hybrid cloud
US20190139047A1 (en) Block chain based resource management
US10911538B2 (en) Management of and persistent storage for nodes in a secure cluster
Liu et al. EMK-ABSE: Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination
CN115603934B (en) Multi-user searchable encryption method and device based on blockchain
CN103107889A (en) System and method for cloud computing environment data encryption storage and capable of searching
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
CN114048448A (en) Block chain based dynamic searchable encryption method and device
Ma et al. CP‐ABE‐Based Secure and Verifiable Data Deletion in Cloud
US11924178B2 (en) Method and system for secure information distribution based on group shared key
Li et al. Secure and temporary access delegation with equality test for cloud-assisted IoV
CN114021196A (en) Fair searchable encryption method and system
CN115459967A (en) Ciphertext database query method and system based on searchable encryption
CN117454414A (en) Dynamic searchable encryption method and system based on distributed storage
KR102250430B1 (en) Method for using service with one time id based on pki, and user terminal using the same
CN114866236B (en) Alliance chain-based IoT data sharing method in the cloud
CN112423300A (en) Wireless network access authentication method and device
CN113836571B (en) Medical data possession terminal position matching method and system based on cloud and blockchain
EP3609120B1 (en) Distributed data storage
CN117828673B (en) Block chain-based data circulation and privacy protection method and device
CN115086337A (en) File processing method and device, storage medium and electronic equipment
CN113468584A (en) Information management method and device, electronic equipment and storage medium
Yang et al. Privacy‐Preserving Query Scheme (PPQS) for Location‐Based Services in Outsourced Cloud
CN110232570B (en) Information supervision method and device
Yan et al. Secure and efficient big data deduplication in fog computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination