[go: up one dir, main page]

CN109495254A - One kind can search for symmetric encryption method, device and equipment - Google Patents

One kind can search for symmetric encryption method, device and equipment Download PDF

Info

Publication number
CN109495254A
CN109495254A CN201811480681.0A CN201811480681A CN109495254A CN 109495254 A CN109495254 A CN 109495254A CN 201811480681 A CN201811480681 A CN 201811480681A CN 109495254 A CN109495254 A CN 109495254A
Authority
CN
China
Prior art keywords
ciphertext file
file set
ciphertext
index table
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811480681.0A
Other languages
Chinese (zh)
Inventor
吴晓鸰
黄艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201811480681.0A priority Critical patent/CN109495254A/en
Publication of CN109495254A publication Critical patent/CN109495254A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开了一种可搜索对称加密方法应用于代理服务器,包括:接收云服务器发送的检索请求;根据陷门信息及索引表从密文文件集中查找包含关键词的目标密文文件;索引表中包括不同关键词与不同密文文件之间的对应关系;将目标密文文件发送至数据使用者,以使数据使用者通过密钥对目标密文文件解密。可见,在本方案中,将可搜索对称加密中的根据关键词对密文进行检索的步骤放到数据拥有者与云服务器端之间的代理服务器上,实现将计算和搜索的工作从云服务器上的卸载与迁移,使云服务提供商不知道关键词和密文对应的关系。从而保证了数据的安全性。本发明还公开了一种可搜索对称加密装置及设备,同样能实现上述技术效果。

The invention discloses a searchable symmetric encryption method applied to a proxy server, comprising: receiving a retrieval request sent by a cloud server; searching for a target ciphertext file containing keywords from a set of ciphertext files according to trapdoor information and an index table; and the index table It includes the correspondence between different keywords and different ciphertext files; the target ciphertext file is sent to the data user, so that the data user can decrypt the target ciphertext file through the key. It can be seen that in this scheme, the step of retrieving ciphertext according to keywords in searchable symmetric encryption is placed on the proxy server between the data owner and the cloud server, so that the calculation and search work can be transferred from the cloud server. The offloading and migration on the cloud service provider makes the cloud service provider unaware of the corresponding relationship between keywords and ciphertext. Thereby ensuring the security of the data. The invention also discloses a searchable symmetric encryption device and equipment, which can also achieve the above technical effects.

Description

One kind can search for symmetric encryption method, device and equipment
Technical field
The present invention relates to data searching technology fields, can search for symmetric encryption method, device more specifically to one kind And equipment.
Background technique
In recent years, with social networks, sensor technology, Internet technology fast development and the data number that sharply expands Amount is so that the storage of data becomes a problem.Big data calculates and cloud storage technology allows the network user by the number of oneself Cloud is moved to according to from local.Again not to cloud provider while user wants to transfer to cloud service provider to manage data Reveal any data association message.Although being uploaded after data encryption and solving privacy concern, when user needs to use some When file, user must all download the ciphertext data for being uploaded to cloud, and the content of oneself is searched for after locally decryption, It greatly wastes bandwidth resources and efficiency is extremely low.
Traditional search technique is the search technique based on plaintext, i.e., no matter inquires the keyword of user's submission or service Data information in device database is provided with plaintext version.This has also resulted in very serious information leakage, because appointing The malicious server of meaning can obtain the information such as searching keyword, the query result of inquiry user, seriously endanger personal peace Complete and privacy.And based on ciphertext scan for inquiry can search for encryption technology, be to ensure that user privacy information and Personal safety, the technical solution are usually that will can search for symmetric encryption scheme to apply under cloud computing environment, and data are with ciphertext side Formula is stored on Cloud Server, and the query and search of keyword is carried out using the powerful calculating ability of Cloud Server, finally will retrieval Result afterwards returns to user and is decrypted.
However due to the opening and sharing in cloud itself, lead to store Information Security beyond the clouds by very big Challenge, the safety problem the shortcomings that prior art mainly under the conditions of cloud storage.Although the data of data owner by Encryption, but Cloud Server may ask summed result to steal the sensitivity of user by analysis encryption data and index, statistical query Data.May be revealed during being retrieved according to keyword to ciphertext on Cloud Server simultaneously keyword and ciphertext it Between corresponding relationship.It cannot be guaranteed that the safety of user data.
Therefore, how in it can search for symmetric encryption scheme, the safety of corresponding relationship between keyword and ciphertext is improved, It is those skilled in the art's problem to be solved.
Summary of the invention
The purpose of the present invention is to provide one kind can search for symmetric encryption method, device and equipment, with improve keyword with The safety of corresponding relationship between ciphertext, so that it is guaranteed that the safety of data stored in cloud server.
To achieve the above object, the embodiment of the invention provides following technical solutions:
One kind can search for symmetric encryption method, is applied to proxy server, which comprises
Receive the retrieval request that Cloud Server is sent;The trapdoor letter that data consumer sends is carried in the retrieval request Breath, the trap door information are generated using key and keyword;
The target ciphertext text searched comprising the keyword is concentrated from cryptograph files according to the trap door information and concordance list Part;It include the corresponding relationship between different keywords and different cryptograph files in the concordance list;
The target cryptograph files are sent to the data consumer, so that the data consumer passes through the key The target cryptograph files are decrypted.
Wherein, before the retrieval request for receiving Cloud Server transmission, further includes:
Receive data owner send the cryptograph files collection encrypted by the key, and with the cryptograph files collection Corresponding concordance list;
The cryptograph files collection and the concordance list are stored, and the cryptograph files collection and the concordance list are uploaded to institute State cloud server.
Wherein, the cryptograph files collection and the concordance list are sent to the cloud server, comprising:
Secondary encryption is carried out to the cryptograph files collection, and will be on secondary encrypted cryptograph files collection and the concordance list Reach Cloud Server.
One kind can search for symmetric cryptography device, is applied to proxy server, and described device includes:
Retrieval request receiving module, for receiving the retrieval request of Cloud Server transmission;Number is carried in the retrieval request According to the trap door information that user sends, the trap door information is generated using key and keyword;
Cryptograph files collection retrieval module, for including from cryptograph files concentration lookup according to the trap door information and concordance list The target cryptograph files of the keyword;It include the corresponding pass between different keywords and different cryptograph files in the concordance list System;
Cryptograph files collection sending module, for the target cryptograph files to be sent to the data consumer, so that institute Data consumer is stated to decrypt by target cryptograph files described in the key pair.
Wherein, this programme further include:
Receiving module, the cryptograph files collection encrypted by the key that owner sends for receiving data, Yi Jiyu The corresponding concordance list of the cryptograph files collection;
Memory module, for storing the cryptograph files collection and the concordance list;
Uploading module, for the cryptograph files collection and the concordance list to be uploaded to the cloud server.
Wherein, the uploading module includes:
Secondary encryption unit, for carrying out secondary encryption to the cryptograph files collection;
Uploading unit, for secondary encrypted cryptograph files collection and the concordance list to be uploaded to the cloud service Device.
One kind can search for symmetric encryption system, comprising:
Cloud Server, for sending retrieval request to proxy server;Data consumer's hair is carried in the retrieval request The trap door information sent, the trap door information are generated using key and keyword;
The proxy server, for receiving the retrieval request of Cloud Server transmission;According to the trap door information and index Table is concentrated from cryptograph files and searches the target cryptograph files comprising the keyword;In the concordance list include different keywords with Corresponding relationship between different cryptograph files;The target cryptograph files are sent to the data consumer, so that the number It is decrypted according to user by target cryptograph files described in the key pair.
Wherein, the proxy server is also used to:
Receive data owner send the cryptograph files collection encrypted by the key, and with the cryptograph files collection Corresponding concordance list;The cryptograph files collection and the concordance list are stored, and will be on the cryptograph files collection and the concordance list Reach the cloud server.
Wherein, the agency service implement body carries out secondary encryption to the cryptograph files collection, and will be secondary encrypted Cryptograph files collection and the concordance list are uploaded to Cloud Server.
One kind can search for symmetric cryptography equipment, comprising:
Memory, for storing computer program;
Processor realizes above-mentioned the step of can search for symmetric encryption method when for executing the computer program.
By above scheme it is found that one kind provided in an embodiment of the present invention, which can search for symmetric encryption method, is applied to agency's clothes Business device, which comprises receive the retrieval request that Cloud Server is sent;Data consumer is carried in the retrieval request to send Trap door information, the trap door information is generated using key and keyword;According to the trap door information and concordance list from ciphertext The target cryptograph files comprising the keyword are searched in file set;It include different keywords and different ciphertexts in the concordance list Corresponding relationship between file;The target cryptograph files are sent to the data consumer, so that the data consumer It is decrypted by target cryptograph files described in the key pair.
As it can be seen that in the present solution, putting in symmetric cryptography the step of retrieval according to keyword to ciphertext will be can search for Onto the proxy server between data owner and cloud server end, realize the work that will be calculated and search for from Cloud Server Unloading and migration, so that cloud service provider is not known keyword and the corresponding relationship of ciphertext.After data owner's encryption simultaneously Cryptograph files collection carried out secondary encryption further through proxy server during being uploaded to Cloud Server, even if attacker Data beyond the clouds are stored come decrypted user by technological means, what is obtained after decryption is also encryption file.To ensure that number According to safety.The invention also discloses one kind can search for symmetric cryptography device and equipment, is equally able to achieve above-mentioned technical effect.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is that one kind disclosed by the embodiments of the present invention can search for symmetric encryption method flow diagram;
Fig. 2 is a kind of general frame schematic diagram that can search for symmetric encryption method disclosed by the embodiments of the present invention;
Fig. 3 is a kind of overall flow schematic diagram that can search for symmetric encryption method disclosed by the embodiments of the present invention;
Fig. 4 is that one kind disclosed by the embodiments of the present invention can search for symmetric cryptography apparatus structure schematic diagram;
Fig. 5 is that another kind disclosed by the embodiments of the present invention can search for symmetric cryptography apparatus structure schematic diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
The embodiment of the invention discloses one kind can search for symmetric encryption method, device and equipment, with improve keyword with it is close The safety of corresponding relationship between text, so that it is guaranteed that the safety of data stored in cloud server.
Referring to Fig. 1, one kind provided in an embodiment of the present invention can search for symmetric encryption method, be applied to proxy server, institute The method of stating includes:
S101, the retrieval request that Cloud Server is sent is received;Falling into for data consumer's transmission is carried in the retrieval request Door information, the trap door information are generated using key and keyword;
It should be noted that this programme is before receiving the retrieval request that Cloud Server is sent, further includes:
Receive data owner send the cryptograph files collection encrypted by the key, and with the cryptograph files collection Corresponding concordance list;The cryptograph files collection and the concordance list are stored, and will be on the cryptograph files collection and the concordance list Reach the cloud server.It is wherein, described that the cryptograph files collection and the concordance list are sent to the cloud server, It include: secondary encryption to be carried out to the cryptograph files collection, and secondary encrypted cryptograph files collection and the concordance list are uploaded To Cloud Server.
Specifically, in the present embodiment, aiming at the problem that can search for mode, the safety etc. of symmetric cryptography, in original Some data owners, Cloud Server between data consumer, increase a proxy server;Referring to fig. 2, Fig. 2 is the present invention A kind of general frame schematic diagram can search for symmetric encryption method disclosed in embodiment;It can be seen that this programme by the figure to exist It can search in symmetric cryptography, increase a proxy server between data owner and Cloud Server, data owner extracts Key word information in clear text file indexes to establish, the established cryptograph files collection for indexing and passing through key encryption and generate It is sent to proxy server.Specifically, the encryption of clear text file collection is mainly included the following steps:
1.1, key generates: K=KeyGen (1λ);It is executed by data owner, wherein λ is security parameter, passes through key Generating algorithm generates key K according to security parameter λ.
1.2, file primary encryption: (I, C)=Encrypt (K, D);The key K that data owner will generate in step 1.1 To clear text file set D=(D1,D2,...,Dn) encrypted, the file index I and cryptograph files collection C after output encryption =(C1,C2,...,Cn) and be uploaded to proxy server.
Proxy server in this programme using carry domestic cryptographic algorithm can computing module, by the firmware of safety and Software makes proxy server become trusted servers.After proxy server receives the encryption file of data owner, agency's clothes Business device carries out secondary encryption to index and cryptograph files collection and is uploaded to Cloud Server again, and proxy server not external disclosure from Oneself key.Even if attacker is decrypted by technological means obtains the data of user's storage beyond the clouds, after attacker's decryption What is arrived is also encryption file, greatly protects the safety of data.It specifically, mainly include such as to the encryption of cryptograph files collection Lower step:
1.3, file secondary encryption (I', C')=Encrypt (K', C): proxy server is by Encryption Algorithm to step The cryptograph files collection uploaded in 1.2 is uploaded to Cloud Server after carrying out secondary encryption again, and proxy server is in ciphering process In key K' only oneself retain, not external disclosure.
It is understood that when data consumer wants to include the file of keyword from Cloud Server retrieval, it can be from data Owner obtains key, which is the key encrypted to clear text file;Trapdoor letter is generated by the key and keyword Breath, is sent to Cloud Server for the trap door information.After Cloud Server obtains the request of data consumer, inquiry inspection can't be executed Rope operation, but the trap door information that data consumer submits is forwarded to proxy server, specifically, the generation of trapdoor is main Include the following steps:
1.4, trapdoor generates TW=Trapdoor (K, W): the algorithm is mainly executed by data consumer, in step 1.1 Key K and data consumer need the keyword W that inquires as input, generate the corresponding trapdoor TW of keyword W.
S102, concentrate target of the lookup comprising the keyword close from cryptograph files according to the trap door information and concordance list File;It include the corresponding relationship between different keywords and different cryptograph files in the concordance list;
Specifically, due to the concordance list and cryptograph files that originally just store data owner's upload in proxy server Collection, therefore, proxy server can be according to the trap door information of data consumer and the concordance list of data owner to cryptograph files It scans for, searching the cryptograph files comprising keyword is the target cryptograph files in the present embodiment, specifically, ciphertext The retrieval of file mainly includes the following steps:
1.5, query and search C (W)=Search (I, TW): data consumer submits to the trap door information TW of step 1.4 Cloud Server, and initiate query and search request to Cloud Server, Cloud Server by trap door information that data consumer submits with ask It asks and is transmitted to proxy server, the index I of file in the trapdoor TW and step 1.2 that proxy server is generated according to step 1.4 The file comprising keyword W, the file set C (W) of output and input Keywords matching are scanned on file set C.
As can be seen that this programme will be put on the proxy server stage that ciphertext scans for according to keyword, generation Reason server realizes the migration calculated with search mission come the work for calculating and searching for.So that cloud service provider does not know pass Keyword and the corresponding relationship of ciphertext, realize and quickly and accurately find required file by can search for symmetric encryption method On the basis of, and can guarantee the safety problem of corresponding relationship between keyword and ciphertext, to guarantee the safety of user data.
S103, the target cryptograph files are sent to the data consumer, so that the data consumer passes through institute State the decryption of target cryptograph files described in key pair.
After retrieving the target cryptograph files comprising keyword through the above steps, need to send the target cryptograph files To data consumer, data consumer is decrypted to obtain clear text file according to key pair target cryptograph files.Specifically, close The decrypting process of file mainly includes the following steps:
1.6, file decryption: Di=Decrypt (K, Ci);Data consumer is using the key K of step 1.1 to cryptograph files Ci(Ci∈ C) it is decrypted, generate clear text file Di(Di∈D)。
Referring to Fig. 3, Fig. 3 is a kind of overall flow signal that can search for symmetric encryption method disclosed by the embodiments of the present invention Figure;Data owner is locally encrypting the file that will be uploaded using encryption key, and is formed with ciphertext keyword set Concordance list upload proxy server together.Proxy server uploads to Cloud Server after carrying out secondary encryption to it again.By The data consumer of data owner's authorization generates trap door information using key pair keyword to be checked, is sent to cloud service Device.Cloud Server can't execute query and search operation, but the request that the data consumer is initiated is believed to relevant trapdoor Breath transfers to proxy server to handle.On trap door information that proxy server is submitted according to data consumer and combined data owner The concordance list for passing in proxy server each upper transmitting file is retrieved, return include trapdoor keyword cryptograph files.Number It is decrypted according to user using the cryptograph files that decruption key returns to proxy server.
Through overtesting, this programme compares the symmetric cryptography that can search under existing cloud computing environment, and proxy server is to ciphertext File carry out it is secondary encryption and on proxy server according to keyword to ciphertext carry out retrieval than on Cloud Server execute should Operational safety is higher.
That is, this programme increases a proxy server between Cloud Server and data owner, and act on behalf of clothes Business device is mainly situated in client, i.e. this end of data owner.Ciphertext is inquired according to the concordance list that keyword generates Retrieval, realizes the unloading and migration of calculating task.In it can search for symmetric cryptography, ciphertext of the proxy server to data owner File and index upload to Cloud Server after carrying out secondary encryption again.By it is this by can search in symmetric cryptography according to key Word scans for being put on proxy server without the work for calculating and retrieving on Cloud Server to ciphertext, takes cloud Business provider does not know keyword and the corresponding relationship of ciphertext.In view of beyond the clouds clothes may be acted on behalf of by various security attacks Business device is by the encryption to encryption file secondary, the still encryption file for obtaining attacker.Better assure that the peace of data Quan Xingyu privacy.
The symmetric cryptography device provided in an embodiment of the present invention that can search for is introduced below, it is described below to can search for pair Claim encryption device can be cross-referenced with the above-described symmetric encryption method that can search for.
Referring to fig. 4, one kind provided in an embodiment of the present invention can search for symmetric cryptography device, be applied to proxy server, institute Stating device includes:
Retrieval request receiving module 110, for receiving the retrieval request of Cloud Server transmission;It is carried in the retrieval request The trap door information that data consumer sends, the trap door information are generated using key and keyword;
Cryptograph files collection retrieval module 120 is searched for being concentrated according to the trap door information and concordance list from cryptograph files Target cryptograph files comprising the keyword;It include pair between different keywords and different cryptograph files in the concordance list It should be related to;
Cryptograph files collection sending module 130, for the target cryptograph files to be sent to the data consumer, so that The data consumer is decrypted by target cryptograph files described in the key pair.
Referring to Fig. 5, another kind provided in an embodiment of the present invention can search for symmetric cryptography apparatus structure schematic diagram, in this implementation In example, which includes:
Retrieval request receiving module 110, for receiving the retrieval request of Cloud Server transmission;It is carried in the retrieval request The trap door information that data consumer sends, the trap door information are generated using key and keyword;
Cryptograph files collection retrieval module 120 is searched for being concentrated according to the trap door information and concordance list from cryptograph files Target cryptograph files comprising the keyword;It include pair between different keywords and different cryptograph files in the concordance list It should be related to;
Cryptograph files collection sending module 130, for the target cryptograph files to be sent to the data consumer, so that The data consumer is decrypted by target cryptograph files described in the key pair.
Receiving module 140, the cryptograph files collection encrypted by the key that owner sends for receiving data, and Concordance list corresponding with the cryptograph files collection;
Memory module 150, for storing the cryptograph files collection and the concordance list;
Uploading module 160, for the cryptograph files collection and the concordance list to be uploaded to the cloud server;Its In, uploading module 160 includes: secondary encryption unit 161, for carrying out secondary encryption to the cryptograph files collection;
Uploading unit 162 takes for secondary encrypted cryptograph files collection and the concordance list to be uploaded to the cloud Business device.
The symmetric encryption system provided in an embodiment of the present invention that can search for is introduced below, it is described below to can search for pair Claim encryption system can be cross-referenced with the above-described symmetric encryption method that can search for.
One kind provided in an embodiment of the present invention can search for symmetric encryption system, comprising:
Cloud Server, for sending retrieval request to proxy server;Data consumer's hair is carried in the retrieval request The trap door information sent, the trap door information are generated using key and keyword;
The proxy server, for receiving the retrieval request of Cloud Server transmission;According to the trap door information and index Table is concentrated from cryptograph files and searches the target cryptograph files comprising the keyword;In the concordance list include different keywords with Corresponding relationship between different cryptograph files;The target cryptograph files are sent to the data consumer, so that the number It is decrypted according to user by target cryptograph files described in the key pair.
Wherein, the proxy server is also used to:
Receive data owner send the cryptograph files collection encrypted by the key, and with the cryptograph files collection Corresponding concordance list;The cryptograph files collection and the concordance list are stored, and will be on the cryptograph files collection and the concordance list Reach the cloud server.
Wherein, the proxy server is specifically used for carrying out the cryptograph files collection secondary encryption, and by secondary encryption Cryptograph files collection and the concordance list afterwards is uploaded to Cloud Server.
The embodiment of the invention also discloses one kind can search for symmetric cryptography equipment, comprising:
Memory, for storing computer program;
Processor, realize when for executing the computer program can search for symmetrically described in above-mentioned any means embodiment The step of encryption method.
The embodiment of the invention also discloses a kind of computer readable storage medium, deposited on the computer readable storage medium Computer program is contained, the computer program is realized when being executed by processor can search for described in above-mentioned any means embodiment The step of symmetric encryption method.
Wherein, the storage medium may include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. are various can store program The medium of code.
To sum up, this of this programme proposition can search for symmetric cryptography mode, key of the data owner to source file Word extracts generation concordance list, and encrypting plaintext file generated cryptograph files collection, then uploads proxy server.Agency service Device is uploaded to Cloud Server after carrying out secondary encryption to concordance list, cryptograph files collection.Data consumer's retrieval file, passes through first Exit passageway obtains the key from data owner and generates trap door information.Cloud Server receives trap door information and takes to agency Device of being engaged in issues query and search request and carries out relevant search, and proxy server is simultaneously sent to number for the search result after the operation is executed According to user.After data consumer gets the search result of proxy server, file destination is obtained with key decryption to it.
Namely: this programme will can search for being put into data to the process that ciphertext is retrieved according to keyword in symmetric cryptography On proxy server between user and cloud server end, realizing will be calculated and the work of search is from the unloading on Cloud Server With migration, cloud service provider is made not know keyword and the corresponding relationship of ciphertext, to ensure that the safety of data.Into And proxy server is by the encryption to encryption file secondary, make that attacker obtains or encryption file.It better assures that The safety of data and privacy.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other The difference of embodiment, the same or similar parts in each embodiment may refer to each other.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1.一种可搜索对称加密方法,其特征在于,应用于代理服务器,所述方法包括:1. A searchable symmetric encryption method, characterized in that, applied to a proxy server, the method comprising: 接收云服务器发送的检索请求;所述检索请求中携带数据使用者发送的陷门信息,所述陷门信息是利用密钥和关键词生成;Receive the retrieval request sent by the cloud server; the retrieval request carries the trapdoor information sent by the data user, and the trapdoor information is generated by using a key and a keyword; 根据所述陷门信息及索引表从密文文件集中查找包含所述关键词的目标密文文件;所述索引表中包括不同关键词与不同密文文件之间的对应关系;According to the trapdoor information and the index table, the target ciphertext file containing the keyword is searched from the ciphertext file set; the index table includes the correspondence between different keywords and different ciphertext files; 将所述目标密文文件发送至所述数据使用者,以使所述数据使用者通过所述密钥对所述目标密文文件解密。Sending the target ciphertext file to the data user, so that the data user can decrypt the target ciphertext file by using the key. 2.根据权利要求1所述的方法,其特征在于,所述接收云服务器发送的检索请求之前,还包括:2. The method according to claim 1, wherein before receiving the retrieval request sent by the cloud server, the method further comprises: 接收数据拥有者发送的通过所述密钥加密的密文文件集,以及与所述密文文件集对应的索引表;receiving the ciphertext file set encrypted by the key and sent by the data owner, and the index table corresponding to the ciphertext file set; 存储所述密文文件集和所述索引表,并将所述密文文件集和所述索引表上传至所述云端服务器。The ciphertext file set and the index table are stored, and the ciphertext file set and the index table are uploaded to the cloud server. 3.根据权利要求2所述的方法,其特征在于,所述将所述密文文件集和所述索引表发送至所述云端服务器,包括:3. The method according to claim 2, wherein the sending the ciphertext file set and the index table to the cloud server comprises: 对所述密文文件集进行二次加密,并将二次加密后的密文文件集和所述索引表上传至云服务器。Perform secondary encryption on the ciphertext file set, and upload the secondary encrypted ciphertext file set and the index table to the cloud server. 4.一种可搜索对称加密装置,其特征在于,应用于代理服务器,所述装置包括:4. A searchable symmetric encryption device, characterized in that, applied to a proxy server, the device comprising: 检索请求接收模块,用于接收云服务器发送的检索请求;所述检索请求中携带数据使用者发送的陷门信息,所述陷门信息是利用密钥和关键词生成;A retrieval request receiving module is used to receive a retrieval request sent by the cloud server; the retrieval request carries trapdoor information sent by a data user, and the trapdoor information is generated by using a key and a keyword; 密文文件集检索模块,用于根据所述陷门信息及索引表从密文文件集中查找包含所述关键词的目标密文文件;所述索引表中包括不同关键词与不同密文文件之间的对应关系;The ciphertext file set retrieval module is used for searching the target ciphertext file containing the keyword from the ciphertext file set according to the trapdoor information and the index table; the index table includes the relationship between different keywords and different ciphertext files. Correspondence between; 密文文件集发送模块,用于将所述目标密文文件发送至所述数据使用者,以使所述数据使用者通过所述密钥对所述目标密文文件解密。A ciphertext file set sending module, configured to send the target ciphertext file to the data user, so that the data user can decrypt the target ciphertext file through the key. 5.根据权利要求4所述的装置,其特征在于,还包括:5. The apparatus of claim 4, further comprising: 接收模块,用于接收数据拥有者发送的通过所述密钥加密的密文文件集,以及与所述密文文件集对应的索引表;a receiving module, configured to receive the ciphertext file set encrypted by the key and sent by the data owner, and an index table corresponding to the ciphertext file set; 存储模块,用于存储所述密文文件集和所述索引表;a storage module for storing the ciphertext file set and the index table; 上传模块,用于将所述密文文件集和所述索引表上传至所述云端服务器。An uploading module, configured to upload the ciphertext file set and the index table to the cloud server. 6.根据权利要求5所述的装置,其特征在于,所述上传模块包括:6. The apparatus according to claim 5, wherein the uploading module comprises: 二次加密单元,用于对所述密文文件集进行二次加密;a secondary encryption unit, configured to perform secondary encryption on the ciphertext file set; 上传单元,用于将二次加密后的密文文件集和所述索引表上传至所述云端服务器。The uploading unit is configured to upload the ciphertext file set after secondary encryption and the index table to the cloud server. 7.一种可搜索对称加密系统,其特征在于,包括:7. A searchable symmetric encryption system, characterized in that, comprising: 云服务器,用于向代理服务器发送检索请求;所述检索请求中携带数据使用者发送的陷门信息,所述陷门信息是利用密钥和关键词生成;The cloud server is used to send a retrieval request to the proxy server; the retrieval request carries the trapdoor information sent by the data user, and the trapdoor information is generated by using a key and a keyword; 所述代理服务器,用于接收云服务器发送的检索请求;根据所述陷门信息及索引表从密文文件集中查找包含所述关键词的目标密文文件;所述索引表中包括不同关键词与不同密文文件之间的对应关系;将所述目标密文文件发送至所述数据使用者,以使所述数据使用者通过所述密钥对所述目标密文文件解密。The proxy server is used to receive a retrieval request sent by the cloud server; search for a target ciphertext file containing the keyword from the ciphertext file set according to the trapdoor information and the index table; the index table includes different keywords Correspondence between different ciphertext files; sending the target ciphertext file to the data user, so that the data user decrypts the target ciphertext file through the key. 8.根据权利要求7所述的系统,其特征在于,所述代理服务器还用于:8. The system according to claim 7, wherein the proxy server is further used for: 接收数据拥有者发送的通过所述密钥加密的密文文件集,以及与所述密文文件集对应的索引表;存储所述密文文件集和所述索引表,并将所述密文文件集和所述索引表上传至所述云端服务器。Receive the ciphertext file set encrypted by the key sent by the data owner, and the index table corresponding to the ciphertext file set; store the ciphertext file set and the index table, and convert the ciphertext file set The file set and the index table are uploaded to the cloud server. 9.根据权利要求8所述的系统,其特征在于,所述代理服务器具体用于对所述密文文件集进行二次加密,并将二次加密后的密文文件集和所述索引表上传至云服务器。9 . The system according to claim 8 , wherein the proxy server is specifically configured to perform secondary encryption on the ciphertext file set, and encrypt the ciphertext file set after the secondary encryption and the index table. 10 . Upload to cloud server. 10.一种可搜索对称加密设备,其特征在于,包括:10. A searchable symmetric encryption device, comprising: 存储器,用于存储计算机程序;memory for storing computer programs; 处理器,用于执行所述计算机程序时实现如权利要求1至3任一项所述可搜索对称加密方法的步骤。The processor is configured to implement the steps of the searchable symmetric encryption method according to any one of claims 1 to 3 when executing the computer program.
CN201811480681.0A 2018-12-05 2018-12-05 One kind can search for symmetric encryption method, device and equipment Pending CN109495254A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811480681.0A CN109495254A (en) 2018-12-05 2018-12-05 One kind can search for symmetric encryption method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811480681.0A CN109495254A (en) 2018-12-05 2018-12-05 One kind can search for symmetric encryption method, device and equipment

Publications (1)

Publication Number Publication Date
CN109495254A true CN109495254A (en) 2019-03-19

Family

ID=65698268

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811480681.0A Pending CN109495254A (en) 2018-12-05 2018-12-05 One kind can search for symmetric encryption method, device and equipment

Country Status (1)

Country Link
CN (1) CN109495254A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835731A (en) * 2020-06-19 2020-10-27 北京航空航天大学 A new dynamic symmetric searchable encryption method and device against file injection attacks
CN111914289A (en) * 2020-07-15 2020-11-10 中国民航信息网络股份有限公司 Protection method and device for application program configuration information
CN112182630A (en) * 2020-10-28 2021-01-05 青岛大学 Symmetric searchable encryption method, device, equipment and medium
CN112311746A (en) * 2019-07-31 2021-02-02 华为技术有限公司 Data sharing method and related equipment
CN112887427A (en) * 2021-03-05 2021-06-01 杭州奕锐电子有限公司 Cloud platform encryption system and method
CN113034136A (en) * 2021-03-10 2021-06-25 全球能源互联网研究院有限公司 Data management method and device based on block chain and electronic equipment
CN113742738A (en) * 2020-05-27 2021-12-03 富泰华工业(深圳)有限公司 Model parameter safety protection method, safety protection device and computer device
CN114168802A (en) * 2021-12-09 2022-03-11 青岛大学 Data generation method and device, query method, device and system of node relationship
CN115622700A (en) * 2022-11-28 2023-01-17 南方电网数字电网研究院有限公司 Encrypted search method, device, computer equipment and storage medium for electricity data
US12197615B2 (en) 2022-07-19 2025-01-14 IronCore Labs, Inc. Secured search for ready-made search software

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103049466A (en) * 2012-05-14 2013-04-17 深圳市朗科科技股份有限公司 Full-text search method and system based on distributed cipher-text storage
CN103685473A (en) * 2013-11-20 2014-03-26 宇龙计算机通信科技(深圳)有限公司 Client, proxy server, retrieval method and retrieval system
CN104780161A (en) * 2015-03-23 2015-07-15 南京邮电大学 Searchable encryption method supporting multiple users in cloud storage
CN106059761A (en) * 2016-07-19 2016-10-26 广东工业大学 Encrypted image search method in support of group sharing and key update in cloud storage environment
US9515994B2 (en) * 2014-02-13 2016-12-06 Infosys Limited Keyword ordered storage, search and retrieval on encrypted data for multiuser scenario
US20170078251A1 (en) * 2015-09-11 2017-03-16 Skyhigh Networks, Inc. Wildcard search in encrypted text using order preserving encryption
CN106599719A (en) * 2016-12-12 2017-04-26 西安电子科技大学 Ciphertext retrieval method supporting efficient key management
CN108304733A (en) * 2018-01-23 2018-07-20 深圳大普微电子科技有限公司 Encryption data searching method and the data-storage system that search can be encrypted

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103049466A (en) * 2012-05-14 2013-04-17 深圳市朗科科技股份有限公司 Full-text search method and system based on distributed cipher-text storage
CN103685473A (en) * 2013-11-20 2014-03-26 宇龙计算机通信科技(深圳)有限公司 Client, proxy server, retrieval method and retrieval system
US9515994B2 (en) * 2014-02-13 2016-12-06 Infosys Limited Keyword ordered storage, search and retrieval on encrypted data for multiuser scenario
CN104780161A (en) * 2015-03-23 2015-07-15 南京邮电大学 Searchable encryption method supporting multiple users in cloud storage
US20170078251A1 (en) * 2015-09-11 2017-03-16 Skyhigh Networks, Inc. Wildcard search in encrypted text using order preserving encryption
CN106059761A (en) * 2016-07-19 2016-10-26 广东工业大学 Encrypted image search method in support of group sharing and key update in cloud storage environment
CN106599719A (en) * 2016-12-12 2017-04-26 西安电子科技大学 Ciphertext retrieval method supporting efficient key management
CN108304733A (en) * 2018-01-23 2018-07-20 深圳大普微电子科技有限公司 Encryption data searching method and the data-storage system that search can be encrypted

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112311746A (en) * 2019-07-31 2021-02-02 华为技术有限公司 Data sharing method and related equipment
CN112311746B (en) * 2019-07-31 2022-01-14 华为技术有限公司 Data sharing method and device and computer storage medium
CN113742738A (en) * 2020-05-27 2021-12-03 富泰华工业(深圳)有限公司 Model parameter safety protection method, safety protection device and computer device
US11829476B2 (en) 2020-05-27 2023-11-28 Hon Hai Precision Industry Co., Ltd. Computing device and model parameters security protection method
CN111835731A (en) * 2020-06-19 2020-10-27 北京航空航天大学 A new dynamic symmetric searchable encryption method and device against file injection attacks
CN111914289A (en) * 2020-07-15 2020-11-10 中国民航信息网络股份有限公司 Protection method and device for application program configuration information
CN111914289B (en) * 2020-07-15 2023-11-24 中国民航信息网络股份有限公司 Application program configuration information protection method and device
CN112182630A (en) * 2020-10-28 2021-01-05 青岛大学 Symmetric searchable encryption method, device, equipment and medium
CN112182630B (en) * 2020-10-28 2023-03-03 青岛大学 Symmetric searchable encryption method, device, equipment and medium
CN112887427A (en) * 2021-03-05 2021-06-01 杭州奕锐电子有限公司 Cloud platform encryption system and method
CN113034136A (en) * 2021-03-10 2021-06-25 全球能源互联网研究院有限公司 Data management method and device based on block chain and electronic equipment
CN114168802A (en) * 2021-12-09 2022-03-11 青岛大学 Data generation method and device, query method, device and system of node relationship
US12197615B2 (en) 2022-07-19 2025-01-14 IronCore Labs, Inc. Secured search for ready-made search software
CN115622700A (en) * 2022-11-28 2023-01-17 南方电网数字电网研究院有限公司 Encrypted search method, device, computer equipment and storage medium for electricity data
CN115622700B (en) * 2022-11-28 2023-03-31 南方电网数字电网研究院有限公司 Electricity consumption data encryption searching method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109495254A (en) One kind can search for symmetric encryption method, device and equipment
Chinnasamy et al. Efficient data security using hybrid cryptography on cloud computing
Ren et al. Privacy-preserving using homomorphic encryption in Mobile IoT systems
Mollah et al. Secure data sharing and searching at the edge of cloud-assisted internet of things
CN110096899B (en) Data query method and device
Ahmad et al. Hybrid cryptographic approach to enhance the mode of key management system in cloud environment.
KR102185350B1 (en) Network node and method for operating the network node
CN103731432B (en) Multi-user supported searchable encryption method
US9454673B1 (en) Searchable encryption for cloud storage
Hoang et al. A secure searchable encryption framework for privacy-critical cloud storage services
Ma et al. CP‐ABE‐based secure and verifiable data deletion in cloud
Pitchai et al. Searchable encrypted data file sharing method using public cloud service for secure storage in cloud computing
CN105556890B (en) Encryption processing method, encryption system and server
KR102386717B1 (en) Data access control system based anonymous user attribute and method thereof
Zubair et al. A hybrid algorithm-based optimization protocol to ensure data security in the cloud
Pachala et al. l-PEES-IMP: lightweight proxy re-encryption-based identity management protocol for enhancing privacy over multi-cloud environment
Nguyen et al. Detection of DoH tunneling using semi-supervised learning method
Scientific Enhancing cloud security based on the kyber key encapsulation mechanism
Tang et al. A secure and lightweight cloud data deduplication scheme with efficient access control and key management
Zhang et al. Network traffic identification of several open source secure proxy protocols
CN106295366B (en) Sensitive data identification method and device
Singh et al. Handshake comparison between tls v 1.2 and tls v 1.3 protocol
US20240380615A1 (en) REAL-TIME IoT DATA SHARING SYSTEM SUPPORTING ATTRIBUTE-BASED ACCESS CONTROL AND METHOD THEREOF
Mahapatra et al. Security model for preserving privacy of image in cloud
CN112637233B (en) Safe averaging method based on multi-user data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190319