Nothing Special   »   [go: up one dir, main page]

CN103107889A - System and method for cloud computing environment data encryption storage and capable of searching - Google Patents

System and method for cloud computing environment data encryption storage and capable of searching Download PDF

Info

Publication number
CN103107889A
CN103107889A CN2013100487802A CN201310048780A CN103107889A CN 103107889 A CN103107889 A CN 103107889A CN 2013100487802 A CN2013100487802 A CN 2013100487802A CN 201310048780 A CN201310048780 A CN 201310048780A CN 103107889 A CN103107889 A CN 103107889A
Authority
CN
China
Prior art keywords
key
data
ciphertext
server
index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013100487802A
Other languages
Chinese (zh)
Other versions
CN103107889B (en
Inventor
张兴
陈幼雷
张雅哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CEC CYBERSPACE GREAT WALL Co Ltd
Original Assignee
CEC CYBERSPACE GREAT WALL Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CEC CYBERSPACE GREAT WALL Co Ltd filed Critical CEC CYBERSPACE GREAT WALL Co Ltd
Priority to CN201310048780.2A priority Critical patent/CN103107889B/en
Publication of CN103107889A publication Critical patent/CN103107889A/en
Application granted granted Critical
Publication of CN103107889B publication Critical patent/CN103107889B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a system and a method for cloud computing environment data encryption storage and capable of searching. The system for cloud computing environment data encryption storage comprises a key management server, an encryption and decryption server, a user side, a ciphertext indexing server and a cloud platform which are all respectively connected with a key mapping server and exchange data with the key mapping server. Due to the fact that only mapping relation of user identification, key identification and data storage addresses is stored in the key mapping server, only the key identification and key values are stored in the key management server, only ciphertext index containing relative relation of indexing key words and data storage address is stored in the ciphertext indexing server, and only ciphertext data is stored in the cloud platform, so that direct relation between the key values and the ciphertext data which are used in the encryption and decryption server is broken. The key values and the ciphertext data do not exist simultaneously in the position storing the key mapping relation, the key values and the key mapping relation do not exist simultaneously in the position storing the ciphertext data and the key mapping relation and the ciphertext data do not exist simultaneously in the position storing the key values.

Description

Searchable cloud computing environment data encryption storage system and method
Technical Field
The invention relates to an information security system and an information security method, in particular to a searchable cloud computing environment data encryption storage system and a searchable cloud computing environment data encryption storage method.
Background
Cloud computing is an internet-oriented distributed computing service, and is a delivery and use model of IT resources and services, which can realize the convenient and on-demand acquisition of required resources (such as networks, servers, storage, applications, services and the like) from a configurable computing resource sharing pool anytime and anywhere, and the resources can be rapidly provided and released, and meanwhile, the management cost or the intervention of a service provider is minimized. Cloud computing is the most popular technical term in the IT world in recent years, and many experts believe that cloud computing can change the technical foundation of the internet and even influence the structure of the whole industry. At present, almost all IT industries in the world are invested in research and application industries of cloud computing.
When the object of the cloud computing system operation processing is the storage and management of mass data, a large number of storage devices need to be configured in the cloud computing system, and different types of storage devices are integrated through software to cooperatively work, so that data storage service is provided for the outside. Therefore, the back end of the cloud computing system is a huge cloud platform seen by a user, the cloud platform is shared by a large number of users, and the user can upload data to the cloud platform without concerning how the data are stored. However, the private data of the user A and the data of the user B are likely to be stored on the same storage server, even the same disk. The second user has a chance to steal data stored in the cloud platform by using the virtual machine, and if the data of the first user is a plaintext, the data of the first user is difficult to protect, and can be illegally used or modified, and finally leakage is caused.
In order to solve the data security problem in the cloud platform, a typical solution in the prior art is to encrypt the full data by using an encryption technology, and store the encrypted data to the cloud platform. However, data in a ciphertext state cannot be searched for data, and in order to search for needed data, a user has to download the data to the local, decrypt the data and then perform a search action, which causes the efficiency of acquiring the data to be very low.
Disclosure of Invention
Aiming at the problem that encrypted data cannot be directly retrieved in a cloud computing environment in the prior art, the invention provides a searchable cloud computing environment data encryption storage system which can effectively solve the problems of data security storage and encrypted data search in the cloud computing environment by comprehensively applying a key mapping technology and a searchable encryption technology, and a searchable cloud computing environment data encryption storage method of the system is realized.
The technical scheme of the invention is as follows:
a searchable cloud computing environment data encryption storage system, characterized by: the system comprises a key management server, an encryption and decryption server, a user side, a ciphertext index server and a cloud platform, wherein the key management server is respectively connected with a key mapping server and exchanges data with the key mapping server; the user side puts forward a storage request comprising the storage request comprising a user identifier, an index keyword and user data or a data request comprising the user identifier and the index keyword to the key mapping server; the cloud platform stores the encrypted ciphertext data of the user data and generates a data storage address; the key mapping server generates a key identifier according to the storage request, associates the index key word with a data storage address returned by the cloud platform, encrypts the index key word into a ciphertext index in an encryption and decryption server through a searchable encryption algorithm, and stores the ciphertext index in the ciphertext index server; searching a data storage address contained in a ciphertext index matched with the index key word in the ciphertext index server according to a search ciphertext encrypted by the index key word in the data request; the key mapping server requests the cloud platform for encrypted data according to the data storage address; the key management server generates a key value corresponding to the key identification and required by the encryption and decryption server;
the key mapping server only stores the mapping relation among the user identification, the key identification and the data storage address, the key management server only stores the key identification and the key value, and the ciphertext index server only stores the ciphertext index.
The key mapping server is used for using the key identification to make a key request to the key management server and receiving a data encryption key value and an index encryption key value generated by the key management server; or the data encryption key value and the user data are input into the encryption and decryption server, the encryption and decryption server converts the user data into ciphertext data, and the key mapping server inputs the ciphertext data into a cloud platform for storage and receives a data storage address output by the cloud platform; or after associating the index key word with the data storage address, inputting the index key word and the index encryption key value into the encryption and decryption server to be encrypted into a ciphertext index, then storing the ciphertext index into the ciphertext index server, and then deleting the data encryption key value, the index encryption key value, the user data, the index key word, the ciphertext data and the ciphertext index;
or receiving a search key value which is generated by the key management server and corresponds to the key identifier according to the data request of the user side, inputting the index key word and the search key value into the encryption and decryption server to generate a search ciphertext, sending the search ciphertext to the ciphertext index server to search the ciphertext index matched with the search ciphertext, and returning a data storage address contained in the ciphertext index to the key mapping server by the ciphertext index server; or inputting the data storage address to the cloud platform, and receiving the ciphertext data corresponding to the data storage address; or requesting the key management server to return the data encryption key value according to the key identification corresponding to the data storage address, inputting the ciphertext data and the data encryption key value into the encryption and decryption server together, receiving the decrypted user data and returning the decrypted user data to the user side, and deleting the data encryption key value, the search ciphertext, the user data, the index key word and the ciphertext data by the key mapping server.
The key values include a data encryption key value, an index encryption key value, and a search key value; the encryption and decryption server is configured to encrypt the user data input by the key mapping server into ciphertext data using the data encryption key value, decrypt the ciphertext data into the user data, encrypt an index key in the data request into a search ciphertext using the search key value, and encrypt the associated index key and the data storage address input by the key mapping server into a ciphertext index using the index encryption key value through a searchable encryption algorithm.
The cloud platform is used for storing the ciphertext data input by the key mapping server and returning the data storage address to the key mapping server; or searching the corresponding ciphertext data according to the data storage address input by the key mapping server, and outputting the ciphertext data to the key mapping server.
The index key includes a key word input by a user and/or metadata information including a file name, an author, a file extension, and a modification date.
The key mapping server, the key management server and the cloud platform are independent of each other.
A searchable cloud computing environment data encryption storage method for realizing the searchable cloud computing environment data encryption storage system comprises the steps of constructing a key management server, an encryption and decryption server, a user side, a ciphertext index server and a cloud platform, wherein the key management server, the encryption and decryption server, the user side, the ciphertext index server and the cloud platform are respectively connected with a key mapping server and perform data exchange with the key mapping server;
the user data encryption storage step comprises the following steps:
1) the user side transmits the user identification, the index key words and the user data to the key mapping server;
2) the key mapping server generates a key identifier corresponding to the user identifier and receives a key value generated by the key management server corresponding to the key identifier and used for encryption and decryption in the encryption and decryption server, and the key management server stores the key identifier and the key value;
3) the key mapping server sends the user data to the encryption and decryption server to be encrypted into ciphertext data;
4) the cloud platform stores the ciphertext data and then sends a data storage address to the key mapping server; the key mapping server associates the data storage address with the index key word and then sends the data storage address to the encryption and decryption server to be encrypted into a ciphertext index by using a searchable encryption algorithm;
5) the key mapping server inputs the ciphertext index into the ciphertext index server;
the user data search step includes:
I) the user side transmits the user identification and the index key words to the key mapping server;
II) the key mapping server inputs the key identification to the key manager, and the key management server retrieves and returns a key value corresponding to the key identification;
III) the key mapping server inputs the index key and the key value into the encryption and decryption server to encrypt the index key and the key value into a search ciphertext, and sends the search ciphertext to the ciphertext index server;
IV) the ciphertext index server searches a data storage address contained in the ciphertext index matched with the search ciphertext in the ciphertext index and returns the data storage address to the key mapping server;
v) the key mapping server makes a ciphertext data request to the cloud platform according to the data storage address and receives ciphertext data returned by the cloud platform;
VI) the cipher text data is input into the encryption and decryption server by the key mapping server and decrypted into user data, and the user data is returned to the user side.
The key mapping server only stores the mapping relation among the user identification, the key identification and the data storage address, the key management server only stores the key identification and the key value, and the ciphertext index server only stores the ciphertext index.
The key values include a data encryption key value for encrypting the user data, an index encryption key value for encrypting the index key, and a search key value for generating a search ciphertext in conjunction with the index key.
The index key includes a key word input by a user and/or metadata information including a file name, an author, a file extension, and a modification date.
The invention has the following technical effects:
the invention discloses a searchable cloud computing environment data encryption storage system and a searchable cloud computing environment data encryption storage method, which are characterized in that: the system comprises a key management server, an encryption and decryption server, a user side, a ciphertext index server and a cloud platform, wherein the key management server is respectively connected with a key mapping server and exchanges data with the key mapping server; because only the mapping relation among the user identification, the key identification and the data storage address is stored in the key mapping server, only the key identification and the key value are stored in the key management server, only the ciphertext index containing the association relation between the index key and the data storage address is stored in the ciphertext index server, and only the ciphertext data is stored in the cloud platform, the direct relation between the key value and the ciphertext data used in the encryption and decryption server is broken through. And after the data storage address is sent to the user side, or after the user data is sent to the user side, the key mapping server deletes the key value, searches the ciphertext, the user data, the index key word, the ciphertext data and the ciphertext index; and after the encryption and decryption server completes encryption or decryption, deleting the key value, the user data, the ciphertext data and the ciphertext index. Therefore, the key value and the ciphertext data cannot exist at the position for storing the key mapping relation at the same time, the key value and the key mapping relation cannot exist at the position for storing the ciphertext data at the same time, the key mapping relation and the ciphertext data cannot exist at the position for storing the key value at the same time, the three-party independence of the key value, the ciphertext data and the key mapping relation is achieved, the data safety of a user is effectively guaranteed, and the problem that the user data is maliciously tampered or leaked is solved.
Because the index key words are encrypted by using the retrievable encryption technology in the encryption and decryption server to generate the ciphertext indexes, the ciphertext indexes can be searched by the search ciphertext carrying the encryption information of the index key words in the ciphertext index server, so that the data storage addresses contained in the ciphertext indexes matched with the index key words are found, a user can search in a cloud computing environment directly according to the index key words, all ciphertext data do not need to be downloaded to local and decrypted into user data, and the searching can be realized, and the working efficiency is greatly improved.
Since the same user end may upload multiple copies of user data, the user identifier is unique to the user end, the key identifier is generated for each storage request, and the data storage addresses have a one-to-one correspondence relationship to each key identifier. Because the ciphertext index server is introduced to store the ciphertext indexes after the index key words and the data storage addresses are associated, the data storage addresses of the user side do not need to be stored for each user data in the user side. When the user data uploaded before is searched in the cloud computing environment, the corresponding user data can be obtained only by inputting the index key words.
The index key and the data storage address are encrypted into a ciphertext index by using a searchable encryption algorithm and stored in the ciphertext index server in a ciphertext mode, and each time data search is carried out, the ciphertext index server receives only a search ciphertext generated by the operation of the search key value and the search key, the ciphertext index server does not know the search key value, and although matching operation can be carried out, any plaintext information of the search key cannot be obtained. The whole searching process is carried out in a ciphertext state, and the key mapping server does not know the data storage address corresponding to the index key word (plaintext), so that the key mapping server can only search in the ciphertext index server; the ciphertext index server only searches through the ciphertext and does not know the index key corresponding to the encrypted search ciphertext. Therefore, no matter which link can not obtain the direct corresponding relation between the index key word and the Data storage address Data url, the searching habit of the user and the user Data are protected to the maximum degree, and the method has great practical application significance.
Drawings
FIG. 1 is a schematic structural diagram of a searchable cloud computing environment data encryption storage system of the present invention
FIG. 2 is a flow chart illustrating a user data encryption storage process of the present invention
FIG. 3 is a flow chart illustrating a user data search process of the present invention
Detailed Description
The present invention will be described with reference to the accompanying drawings.
In the following description, numerous specific details are set forth to provide a thorough understanding of the present invention to those skilled in the computer art. In embodiments, elements that perform particular functions are illustrated in schematic or block diagram form in order to highlight technical emphasis without obscuring the present invention in unnecessary detail. For example, because those skilled in the art will understand that they can include details of common sense disclosed in the art for network communications, electromagnetic signal command techniques, user interface or input/output techniques, etc., those skilled in the art will be able to omit such details to the fullest extent in the embodiments, and such details are not considered to be essential features for achieving the full scope of the invention.
As shown in fig. 1, the system of the present invention includes a key mapping server 1, a key management server 2, an encryption/decryption server 3, a user side 4, and a ciphertext index server 5, where the key mapping server 1 is connected to the key management server 2, the encryption/decryption server 3, the user side 4, and the ciphertext index server 5, respectively, and performs data exchange, and the key mapping server 1 is further connected to a cloud platform 6, so as to implement uploading and downloading of ciphertext data. Wherein,
the user terminal 4, as a user of the cloud computing system, may make a storage request for uploading user data or a data request for receiving user data to the key mapping server 1. The content of the storage request is User identification User _ id, User Data Plain _ Data and keyword keys, and the content of the Data request is User identification User _ id, keyword keys and/or metadata information Meta _ Data. The Keywords are words screened from the user Data Plain _ Data by the user, and words or words of the content of the user Data Plain _ Data can be summarized to the greatest extent.
The Key mapping server 1 randomly generates a Key identification Key _ id corresponding to the User identification User _ id according to each storage request of the User side 4, and uses the Key identification Key _ id to make a Key request to the Key management server 2, and the Key management server 2 generates a data encryption Key value Key1, an index encryption Key value Key2 and a search Key value Key3, but returns only the data encryption Key value Key1 and the index encryption Key value Key2 to the Key mapping server 1; or inputting a Data encryption Key value Key1 and a user Data plan _ Data request to the encryption and decryption server 3 to encrypt the user Data plan _ Data into ciphertext Data Cipher _ Data, inputting the ciphertext Data Cipher _ Data into the cloud platform 6 to be stored by the Key mapping server 1, and returning a Data storage address Data _ url which is output by the cloud platform 6 and used for identifying the storage position of the ciphertext Data in the cloud platform 4 to the Key mapping server 1; or extracting metadata information Meta _ Data (such as file name, author, file extension, modification date and the like) according to the attribute content of user Data Plain _ Data input by the user terminal 4, establishing an index Keyword Context _ Keyword by the Keyword Keywords Keyword and the metadata information Meta _ Data, associating the index Keyword Context _ Keyword with the Data storage address Data _ url, inputting an index encryption Key value Key2, an index Key word Context _ Keyword and a Data storage address Data _ url to the encryption and decryption server 3, encrypting the association between the index Key word Context _ Keyword and the Data storage address Data _ url into a ciphertext index Cipher _ Context by using a searchable encryption algorithm, inputting the ciphertext index Cipher _ Context into the ciphertext index server 5 for storage, returning a message successfully established by the ciphertext index Cipher _ Context to the Key mapping server 1 by the ciphertext index server 5, and then returning a message successfully established by the Data storage to a user by the Key mapping server. When the Key mapping server 1 receives the message that the ciphertext index Cipher _ Context is successfully established, only the mapping relation between the User identification User _ id, the Key identification Key _ id and the Data storage address Data _ url is reserved in the Key mapping server 1, and the Data encryption Key value Key1, the index encryption Key value Key2, the User Data Plain _ Data, the index Keyword Context _ Keyword, the ciphertext Data Cipher _ Data and the ciphertext index Cipher _ Context are deleted;
or after verifying the User identification User _ id inputted by the User terminal 4 according to the Data request of the User terminal 4, requesting the Key management server 2 to return a search Key value Key3 generated in pair with the index encryption Key value Key2 at the same time in the Data storage stage, inputting the Keyword and/or metadata information Meta _ Data and the search Key value Key3 into the encryption/decryption server 3 by the Key mapping server 1 to be encrypted into a search ciphertext containing the ciphertext state of the Keyword and/or metadata information Meta _ Data information, then sending the search ciphertext to the ciphertext index server 5 to perform encrypted Data search, performing matching operation on all ciphertext indexes Cipher _ Context and search ciphertext of the ciphertext index server 5, searching the Data storage address Data url associated with the index Keyword ext _ Data matched with the Keyword and/or metadata information Meta _ Data, then returning the Data storage address Data _ url to the key mapping server 1; or a ciphertext Data request is submitted to the cloud platform 6 according to the Data storage address Data _ url obtained by the ciphertext index server 5, and then ciphertext Data Cipher _ Data which is output by the cloud platform 6 and corresponds to the Data storage address Data _ url is received; or requesting the Key management server 2 to return the Data encryption Key value Key1 according to the mapping relationship between the Key identifier Key _ id and the Data storage address Data _ url, then inputting the ciphertext Data Cipher _ Data and the Data encryption Key value Key1 into the encryption and decryption server 3 together, requesting to decrypt the ciphertext Data Cipher _ Data into user Data Plain _ Data, and returning the decrypted user Data Plain _ Data to the user terminal 4. After the Key mapping server 1 returns the User Data Plain _ Data to the User terminal 4, only the mapping relationship between the User identification User _ id, the Key identification Key _ id and the Data storage address Data _ url is reserved in the Key mapping server 1, and the Data encryption Key value Key1, the index encryption Key value Key2, the search Key value Key3, the search ciphertext, the User Data Plain _ Data, the Keyword, the metadata information Meta _ Data and the ciphertext Data Cipher _ Data are deleted.
In order to solve the problem of searching encrypted Data, the invention uses a searchable encryption algorithm in the encryption and decryption server 3 to encrypt an index Keyword Context _ Keyword containing Keywords and metadata information Meta _ Data. The main method of the searchable encryption algorithm is to establish a security index for the index key Context _ Keyword in the Data storage stage, that is, to establish a Data structure for storing the mapping relationship between the index key Context _ Keyword and the Data storage address Data _ url, and to protect the security index by using the searchable encryption algorithm. The searchable encryption algorithm will generate two keys, an indexed encryption Key2 and a search Key value Key 3. The searchable encryption algorithm uses the index encryption Key2 to encrypt the mapping relationship between the index Key Context _ Key and the Data storage address Data _ url, forming the ciphertext index Cipher _ Context. When the ciphertext index Cipher _ Context needs to be searched in the Data request stage, the search Key value Key3 is used for encrypting the index Key word Context _ Keyword to generate a search ciphertext, the ciphertext index server 5 is searched through the search ciphertext, and a Data storage address Data _ url corresponding to the index Key word Context _ Keyword is obtained.
The Key management server 2 generates a data encryption Key value Key1, an index encryption Key value Key2, and a search Key value Key3 corresponding to the Key identification Key _ id for the user side 4 at a Key request of the Key mapping server 1, and manages and maintains Key information.
The encryption/decryption server 3 is configured to provide Data encryption/decryption services, such as encrypting the user Data Plain _ Data by using a high-efficiency packet or stream encryption algorithm, encrypting the user Data Plain _ Data into ciphertext Data Cipher _ Data according to the Data encryption Key value Key1 and the user Data Plain _ Data input by the Key mapping server 1, and returning the ciphertext Data Cipher _ Data to the Key mapping server 1; or according to the index encryption Key value Key2, the index Key word Context _ Keyword and the associated Data storage address Data _ url input by the Key mapping server 1, encrypting the index Key word Context _ Keyword and the Data storage address Data _ url into a ciphertext index Cipher _ Context, and returning the ciphertext index Cipher _ Context to the Key mapping server 1; or generating a search ciphertext by encrypting the search Key value Key3 and the index Key Context Keyword input by the Key mapping server 1 and returning the search ciphertext to the Key mapping server 1; or the ciphertext Data Cipher _ Data is decrypted into the user Data Plain _ Data according to the Data encryption Key value Key1 and the ciphertext Data Cipher _ Data input by the Key mapping server 1, and then the user Data Plain _ Data is returned to the Key mapping server 1. After the encryption operation or the decryption operation is completed, the encryption/decryption server 3 deletes the Data encryption Key value Key1 and the index encryption Key value Key2, the search Key value Key3, the search ciphertext, the user Data Plain _ Data, the index Key Context _ Key, the Data storage address Data _ url, the ciphertext Data Cipher _ Data, and the ciphertext index Cipher _ Context.
The ciphertext index server 5 is used for storing a ciphertext index Cipher _ Context generated by associating and encrypting an index Keyword Context _ Keyword which is input by the key mapping server 1 and contains the Keyword with a Data storage address Data _ url; or receiving a search ciphertext generated by combining the keyword Keywords and/or the metadata information Meta _ Data with the search Key value Key3 and input by the Key mapping server 1 to search encrypted Data, and returning the Data storage address Data _ url to the Key mapping server 1 after searching a Data storage address Data _ url contained in a ciphertext index Cipher _ Context matched with the keyword Keywords and/or the metadata information Meta _ Data.
The cloud platform 6 is a cloud computing service platform and is used for providing computing or storage service for the user terminal 4, storing ciphertext Data Cipher _ Data input by the key mapping server 1 and returning a Data storage address Data _ url to the key mapping server 1; or searching the corresponding ciphertext Data Cipher _ Data according to the Data storage address Data _ url input by the key mapping server 1, and outputting the ciphertext Data Cipher _ Data to the key mapping server 1.
For the above embodiment, the key mapping server 1, the key management server 2, and the cloud platform 6 are independent three-party entities, and user Data Plain _ Data of the user end 4 cannot be obtained by collusion or Data leakage of any two parties. The key mapping server 1 and the encryption/decryption server 3 may be two server entities completely independent from the user side 4, or may be functional modules integrated into the user side 4, that is, a key mapping module and an encryption/decryption module.
Each User terminal 4 has a User identification User _ id for authenticating the User identity on entities such as the Key mapping server 1, each User Data Plain _ Data uploaded by the User terminal 4 has an independent Data encryption Key value Key1 for encryption, and an index Key Context _ Key for distinguishing the User Data Plain _ Data is encrypted by using an index encryption Key value Key2, even if the ciphertext index server 5 cannot obtain any information of search Data.
The searchable cloud computing environment data encryption storage method mainly comprises two processes of user data encryption storage and user data search. Wherein:
as shown in fig. 2, the user Data encryption storage process describes a process in which the user terminal 4 stores user Data plane _ Data in an encrypted form to the cloud platform 6, and simultaneously establishes an index Keyword Context _ key in the key mapping server 1 for the user Data plane _ Data Keyword and metadata information Meta _ Data, encrypts the index Keyword Context _ key into a ciphertext index Cipher _ Context by using a searchable encryption technology, and stores the ciphertext index Cipher into the ciphertext index server 5. The method comprises the following steps:
1) the User terminal 4 transmits the User identification User _ id, the keyword Keywords and the User Data Plain _ Data to the key mapping server 1 by using a secure transmission channel, such as an SSL encryption channel, and puts forward a storage request for uploading the User Data;
2) the Key mapping server 1 randomly generates a Key identifier Key _ id corresponding to the User identifier User _ id according to the storage request of the User side 4, and uses the Key identifier Key _ id to send a Key request to the Key management server 2;
3) the Key management server 2 generates a data encryption Key value Key1 and an index encryption Key value Key2 and a search Key value Key3 corresponding to the Key identification Key _ id for the user side 4 in response to a Key request of the Key mapping server 1, and stores Key information (Key _ id, Key1, Key2, Key3) into the Key management server 2;
4) the Key management server 4 returns Key information (Key _ id, Key1, Key2) to the Key mapping server 1;
5) the key mapping server 1 generates metadata information Meta _ Data according to user Data Plain _ Data input by the user terminal 4, and establishes an index Keyword Context _ Keyword according to the Keyword Keywords and the metadata information Meta _ Data input by the user terminal 4;
6) the Key mapping server 1 makes an encryption request to the encryption/decryption server 3 with the input Data encryption Key value Key1 and the user Data Plain _ Data;
7) the encryption and decryption server 3 encrypts the user Data Plain _ Data into ciphertext Data Cipher _ Data according to the received Data encryption Key value Key1 and the user Data Plain _ Data;
8) the encryption and decryption server 3 returns the encrypted ciphertext Data Cipher _ Data to the key mapping server 1, and the key mapping server 1 inputs the ciphertext Data Cipher _ Data into the cloud platform 6;
9) the cloud platform 6 stores the ciphertext Data Cipher _ Data and returns a Data storage address Data _ url to the key mapping server 1;
10) the Key mapping server 1 associates the index Key Context _ Keyword with the Data storage address Data _ url, and inputs the associated index Key Context _ Keyword, Data storage address Data _ url and index encryption Key value Key2 into the encryption and decryption server 3 for encryption;
11) the encryption and decryption server 3 uses a searchable encryption algorithm to perform correlation on the index Key word Context _ Keyword, the Data storage address Data _ url and the index encryption Key value Key2, and returns the encrypted ciphertext index Cipher _ Context to the Key mapping server 1; then deleting the Data encryption Key value Key1, the index encryption Key value Key2, the user Data Plain _ Data, the index Key word Context _ Keyword, the Data storage address Data _ url, the ciphertext Data Cipher _ Data and the ciphertext index Cipher _ Context;
12) the key mapping server 1 inputs the ciphertext index Cipher _ Context into the ciphertext index server 5;
13) the ciphertext index Cipher _ Context is stored in the ciphertext index server 5;
14) the ciphertext index server 5 returns a message that the ciphertext index Cipher _ Context is successfully stored to the key mapping server 1;
15) only the mapping relation among the User identification User _ id, the Key identification Key _ id and the Data storage address Data _ url is reserved in the Key mapping server 1, and the Data encryption Key value Key1, the index encryption Key value Key2, the User Data Plain _ Data, the index Key word Context _ Keyword, the ciphertext Data Cipher _ Data and the ciphertext index Cipher _ Context are deleted;
16) the key mapping server 1 returns a data storage success message to the user terminal 4.
As shown in fig. 3, the user Data search process describes a process in which the user terminal 4 searches ciphertext Data Cipher _ Data stored on the cloud platform 6 using a keyword Keywords. The user data searching process satisfies the following conditions: the search process must not leak any plaintext data information, and even the cloud platform 6 and the ciphertext index server 5 cannot infer the actual content of the user search. Which comprises the following steps:
I) the User terminal 4 transmits a User identification User _ id, Keywords and/or metadata information Meta _ Data to the key mapping server 1 according to the Data use requirement, and proposes a Data request for receiving User Data;
II) after verifying the User identification User _ id input by the User terminal 4, the key mapping server 1 provides a key request to the key management server 2;
III) the Key management server 2 searches for the search Key value Key3 corresponding to the User identification User _ id;
IV) the Key management server 2 returns the search Key value Key3 to the Key mapping server 1;
v) the Key mapping server 1 inputs keyword Keywords and/or metadata information Meta _ Data and search Key value Key3 into the encryption and decryption server 3 to generate a search ciphertext, and the encryption and decryption server 3 deletes the keyword Keywords and/or metadata Meta _ Data, search Key value Key3 and the search ciphertext after returning the search ciphertext;
VI) the key mapping server 1 sends the search ciphertext to the ciphertext index server 5;
VII) the ciphertext index server 5 searches all ciphertext indexes Cipher _ Context according to the search ciphertext;
VIII) the ciphertext index server 5 returns the search result, i.e., the Data storage address Data _ url contained in the ciphertext index Cipher _ Context matched with the keyword Keywords and/or the metadata information Meta _ Data, to the key mapping server 1;
IX) the key mapping server 1 sends a ciphertext Data request to the cloud platform 6 from the Data storage address Data _ url;
x) the cloud platform 6 retrieves according to the Data storage address Data _ url;
XI) the cloud platform 6 returns ciphertext Data Cipher _ Data corresponding to the Data storage address Data _ url to the key mapping server 1;
XII) the Key mapping server 1 makes a Key request to the Key management server 2 according to the Key identification Key _ id corresponding to the Data storage address Data _ url;
XIII) the Key management server 2 queries the relevant data encryption Key value Key1 based on the Key identification Key _ id;
XIV) the Key management server 2 returns the data encryption Key value Key1 to the Key mapping server 1;
XV) the Key mapping server 1 sends the ciphertext Data Cipher _ Data and the Data encryption Key value Key1 together to the encryption and decryption server 3 for decryption operation;
XVI) the encryption/decryption server 3 converts the ciphertext Data Cipher _ Data into user Data Plain _ Data;
XVII) the encryption/decryption server 3 inputs the user Data Plain _ Data to the Key mapping server 1, and then deletes the Data encryption Key value Key1, the user Data Plain _ Data, and the ciphertext Data Cipher _ Data;
XVIII) the Key mapping server 1 returns the user Data Plain _ Data to the user terminal 4, and deletes the Data encryption Key value Key1, the index encryption Key value Key2, the user Data Plain _ Data, the index Key _ Key, the ciphertext Data Cipher _ Data, and the ciphertext index Cipher _ Context.
It should be noted that the above-mentioned embodiments enable a person skilled in the art to more fully understand the invention, without restricting it in any way. Therefore, although the present invention has been described in detail with reference to the drawings and examples, it will be understood by those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention.

Claims (10)

1. A searchable cloud computing environment data encryption storage system, characterized by: the system comprises a key management server, an encryption and decryption server, a user side, a ciphertext index server and a cloud platform, wherein the key management server is respectively connected with a key mapping server and exchanges data with the key mapping server; the user side puts forward a storage request comprising the storage request comprising a user identifier, an index keyword and user data or a data request comprising the user identifier and the index keyword to the key mapping server; the cloud platform stores the encrypted ciphertext data of the user data and generates a data storage address; the key mapping server generates a key identifier according to the storage request, associates the index key word with a data storage address returned by the cloud platform, encrypts the index key word into a ciphertext index in an encryption and decryption server through a searchable encryption algorithm, and stores the ciphertext index in the ciphertext index server; searching a data storage address contained in a ciphertext index matched with the index key word in the ciphertext index server according to a search ciphertext encrypted by the index key word in the data request; the key mapping server requests the cloud platform for encrypted data according to the data storage address; the key management server generates a key value corresponding to the key identification and required by the encryption and decryption server;
the key mapping server only stores the mapping relation among the user identification, the key identification and the data storage address, the key management server only stores the key identification and the key value, and the ciphertext index server only stores the ciphertext index.
2. The searchable cloud computing environment data encryption storage system according to claim 1, wherein: the key mapping server is used for using the key identification to make a key request to the key management server and receiving a data encryption key value and an index encryption key value generated by the key management server; or the data encryption key value and the user data are input into the encryption and decryption server, the encryption and decryption server converts the user data into ciphertext data, and the key mapping server inputs the ciphertext data into a cloud platform for storage and receives a data storage address output by the cloud platform; or after associating the index key word with the data storage address, inputting the index key word and the index encryption key value into the encryption and decryption server to be encrypted into a ciphertext index, then storing the ciphertext index into the ciphertext index server, and then deleting the data encryption key value, the index encryption key value, the user data, the index key word, the ciphertext data and the ciphertext index;
or receiving a search key value which is generated by the key management server and corresponds to the key identifier according to the data request of the user side, inputting the index key word and the search key value into the encryption and decryption server to generate a search ciphertext, sending the search ciphertext to the ciphertext index server to search the ciphertext index matched with the search ciphertext, and returning a data storage address contained in the ciphertext index to the key mapping server by the ciphertext index server; or inputting the data storage address to the cloud platform, and receiving the ciphertext data corresponding to the data storage address; or requesting the key management server to return the data encryption key value according to the key identification corresponding to the data storage address, inputting the ciphertext data and the data encryption key value into the encryption and decryption server together, receiving the decrypted user data and returning the decrypted user data to the user side, and deleting the data encryption key value, the search ciphertext, the user data, the index key word and the ciphertext data by the key mapping server.
3. The searchable cloud computing environment data encryption storage system according to claim 1, wherein: the key values include a data encryption key value, an index encryption key value, and a search key value; the encryption and decryption server is configured to encrypt the user data input by the key mapping server into ciphertext data using the data encryption key value, decrypt the ciphertext data into the user data, encrypt an index key in the data request into a search ciphertext using the search key value, and encrypt the associated index key and the data storage address input by the key mapping server into a ciphertext index using the index encryption key value through a searchable encryption algorithm.
4. The searchable cloud computing environment data encryption storage system according to claim 1, wherein: the cloud platform is used for storing the ciphertext data input by the key mapping server and returning the data storage address to the key mapping server; or searching the corresponding ciphertext data according to the data storage address input by the key mapping server, and outputting the ciphertext data to the key mapping server.
5. The searchable cloud computing environment data encryption storage system according to claim 1, 2, 3 or 4, wherein: the index key includes a key word input by a user and/or metadata information including a file name, an author, a file extension, and a modification date.
6. The searchable cloud computing environment data encryption storage system according to claim 1, 2, 3 or 4, wherein: the key mapping server, the key management server and the cloud platform are independent of each other.
7. A searchable cloud computing environment data encryption storage method for implementing the searchable cloud computing environment data encryption storage system according to any one of claims 1 to 6, comprising constructing a key management server, an encryption and decryption server, a user side, a ciphertext index server, and a cloud platform, each of which is connected to and exchanges data with a key mapping server;
the user data encryption storage step comprises the following steps:
1) the user side transmits the user identification, the index key words and the user data to the key mapping server;
2) the key mapping server generates a key identifier corresponding to the user identifier and receives a key value generated by the key management server corresponding to the key identifier and used for encryption and decryption in the encryption and decryption server, and the key management server stores the key identifier and the key value;
3) the key mapping server sends the user data to the encryption and decryption server to be encrypted into ciphertext data;
4) the cloud platform stores the ciphertext data and then sends a data storage address to the key mapping server; the key mapping server associates the data storage address with the index key word and then sends the data storage address to the encryption and decryption server to be encrypted into a ciphertext index by using a searchable encryption algorithm;
5) the key mapping server inputs the ciphertext index into the ciphertext index server;
the user data search step includes:
I) the user side transmits the user identification and the index key words to the key mapping server;
II) the key mapping server inputs the key identification to the key manager, and the key management server retrieves and returns a key value corresponding to the key identification;
III) the key mapping server inputs the index key and the key value into the encryption and decryption server to encrypt the index key and the key value into a search ciphertext, and sends the search ciphertext to the ciphertext index server;
IV) the ciphertext index server searches a data storage address contained in the ciphertext index matched with the search ciphertext in the ciphertext index and returns the data storage address to the key mapping server;
v) the key mapping server makes a ciphertext data request to the cloud platform according to the data storage address and receives ciphertext data returned by the cloud platform;
VI) the cipher text data is input into the encryption and decryption server by the key mapping server and decrypted into user data, and the user data is returned to the user side.
8. The searchable cloud computing environment data encryption storage method according to claim 7, wherein: the key mapping server only stores the mapping relation among the user identification, the key identification and the data storage address, the key management server only stores the key identification and the key value, and the ciphertext index server only stores the ciphertext index.
9. The searchable cloud computing environment data encryption storage method according to claim 7 or 8, wherein: the key values include a data encryption key value for encrypting the user data, an index encryption key value for encrypting the index key, and a search key value for generating a search ciphertext in conjunction with the index key.
10. The searchable cloud computing environment data encryption storage method according to claim 7 or 8, wherein: the index key includes a key word input by a user and/or metadata information including a file name, an author, a file extension, and a modification date.
CN201310048780.2A 2013-02-06 2013-02-06 A kind of cloud computing environment data encryption storage system and method that can search for Active CN103107889B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310048780.2A CN103107889B (en) 2013-02-06 2013-02-06 A kind of cloud computing environment data encryption storage system and method that can search for

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310048780.2A CN103107889B (en) 2013-02-06 2013-02-06 A kind of cloud computing environment data encryption storage system and method that can search for

Publications (2)

Publication Number Publication Date
CN103107889A true CN103107889A (en) 2013-05-15
CN103107889B CN103107889B (en) 2016-08-03

Family

ID=48315475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310048780.2A Active CN103107889B (en) 2013-02-06 2013-02-06 A kind of cloud computing environment data encryption storage system and method that can search for

Country Status (1)

Country Link
CN (1) CN103107889B (en)

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457733A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data sharing method and system under cloud computing environment
CN103593476A (en) * 2013-11-28 2014-02-19 中国科学院信息工程研究所 Multi-keyword plaintext and ciphertext retrieving method and device oriented to cloud storage
CN103731475A (en) * 2013-12-06 2014-04-16 中国科学院深圳先进技术研究院 Data protection system
CN104158827A (en) * 2014-09-04 2014-11-19 中电长城网际系统应用有限公司 Cryptograph data sharing method and device, inquiring server and data uploading client terminal
CN104168118A (en) * 2014-08-29 2014-11-26 宇龙计算机通信科技(深圳)有限公司 Early warning method and system based on user location
CN104363288A (en) * 2014-11-18 2015-02-18 深圳市大成天下信息技术有限公司 Document management system and method
CN104468121A (en) * 2014-11-27 2015-03-25 重庆邮电大学 Public-key searchable encryption method supporting multi-secret-key encryption based on designated server
CN104580181A (en) * 2014-12-29 2015-04-29 华为技术有限公司 Device and method for data encryption and encryption accelerator engine
CN104821876A (en) * 2015-04-16 2015-08-05 华中科技大学 Dynamic searchable symmetrical encryption method supporting physical deletion
CN105320896A (en) * 2015-10-21 2016-02-10 成都卫士通信息产业股份有限公司 Cloud storage encryption and ciphertext retrieval methods and systems
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
WO2017024804A1 (en) * 2015-08-12 2017-02-16 腾讯科技(深圳)有限公司 Data encryption method, decryption method, apparatus, and system
CN106487763A (en) * 2015-08-31 2017-03-08 腾讯科技(深圳)有限公司 A kind of data access method based on cloud computing platform and user terminal
CN106936907A (en) * 2017-03-09 2017-07-07 腾讯科技(深圳)有限公司 A kind of document handling method, logical server, access server and system
CN106936868A (en) * 2015-12-30 2017-07-07 北京明朝万达科技股份有限公司 A kind of application system data security protection method combined with cloud storage and system
CN107077469A (en) * 2014-10-21 2017-08-18 三菱电机株式会社 Server unit, searching system, terminal installation, search method, server program and terminal program
CN107124271A (en) * 2017-04-28 2017-09-01 成都梆梆信息科技有限公司 A kind of data encryption, decryption method and equipment
CN107295069A (en) * 2017-05-27 2017-10-24 广东欧珀移动通信有限公司 Data back up method, device, storage medium and server
CN108090370A (en) * 2018-01-10 2018-05-29 芯盾网安(北京)科技发展有限公司 Instant messaging encryption method and system based on index
CN108304733A (en) * 2018-01-23 2018-07-20 深圳大普微电子科技有限公司 Encryption data searching method and the data-storage system that search can be encrypted
CN108768978A (en) * 2018-05-16 2018-11-06 浙江大学 A kind of remote storage method of servicing and system based on SGX
WO2018223777A1 (en) * 2017-06-06 2018-12-13 北京京东尚科信息技术有限公司 Data exchange system, method, and device
CN109361679A (en) * 2018-11-08 2019-02-19 蓝信移动(北京)科技有限公司 Message monitoring method and system and key server
CN109413029A (en) * 2018-08-29 2019-03-01 国网河南省电力公司电力科学研究院 Value data cut-in method, apparatus and system
CN109726584A (en) * 2018-12-12 2019-05-07 西安得安信息技术有限公司 Cloud database key management system
CN109858263A (en) * 2019-01-21 2019-06-07 北京城市网邻信息技术有限公司 Search data memory method, apparatus, electronic equipment and storage medium
CN110391895A (en) * 2019-07-31 2019-10-29 阿里巴巴集团控股有限公司 Data preprocessing method, ciphertext data capture method, device and electronic equipment
WO2020063002A1 (en) * 2018-09-28 2020-04-02 华为技术有限公司 Data management method and apparatus, and server
CN111224974A (en) * 2019-12-31 2020-06-02 北京安码科技有限公司 Method, system, electronic device and storage medium for network communication content encryption
CN111460480A (en) * 2020-03-31 2020-07-28 中国电子科技集团公司第三十研究所 Secure ciphertext file sharing method in ciphertext search system
US10790961B2 (en) 2019-07-31 2020-09-29 Alibaba Group Holding Limited Ciphertext preprocessing and acquisition
CN114584325A (en) * 2022-05-06 2022-06-03 四川野马科技有限公司 Bid quoted price data hybrid storage system and method based on block chain and cloud storage
US11895227B1 (en) * 2023-05-23 2024-02-06 Cloudflare, Inc. Distributed key management system with a key lookup service
US12088698B2 (en) 2021-06-23 2024-09-10 Arris Enterprises Llc System and method for securely delivering keys and encrypting content in cloud computing environments

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300351A1 (en) * 2008-05-30 2009-12-03 Nec (China) Co., Ltd. Fast searchable encryption method
CN101971186A (en) * 2008-04-10 2011-02-09 日本电气株式会社 Information leak prevention device, and method and program thereof
CN102075542A (en) * 2011-01-26 2011-05-25 中国科学院软件研究所 Cloud computing data security supporting platform
CN102184261A (en) * 2011-06-09 2011-09-14 北京斯马图科技有限公司 Cloud search service authentication method and cloud search service system with authentication function

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101971186A (en) * 2008-04-10 2011-02-09 日本电气株式会社 Information leak prevention device, and method and program thereof
US20090300351A1 (en) * 2008-05-30 2009-12-03 Nec (China) Co., Ltd. Fast searchable encryption method
CN102075542A (en) * 2011-01-26 2011-05-25 中国科学院软件研究所 Cloud computing data security supporting platform
CN102184261A (en) * 2011-06-09 2011-09-14 北京斯马图科技有限公司 Cloud search service authentication method and cloud search service system with authentication function

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王映康等: "云存储环境下多用户可搜索加密方案", 《研究与开发》, 30 November 2012 (2012-11-30) *

Cited By (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457733B (en) * 2013-08-15 2016-12-07 中电长城网际系统应用有限公司 A kind of cloud computing environment data sharing method and system
CN103457733A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Data sharing method and system under cloud computing environment
CN103593476A (en) * 2013-11-28 2014-02-19 中国科学院信息工程研究所 Multi-keyword plaintext and ciphertext retrieving method and device oriented to cloud storage
CN103593476B (en) * 2013-11-28 2017-01-25 中国科学院信息工程研究所 Multi-keyword plaintext and ciphertext retrieving method and device oriented to cloud storage
CN103731475A (en) * 2013-12-06 2014-04-16 中国科学院深圳先进技术研究院 Data protection system
CN104168118A (en) * 2014-08-29 2014-11-26 宇龙计算机通信科技(深圳)有限公司 Early warning method and system based on user location
CN104168118B (en) * 2014-08-29 2018-03-16 宇龙计算机通信科技(深圳)有限公司 Method for early warning and system based on customer location
CN104158827A (en) * 2014-09-04 2014-11-19 中电长城网际系统应用有限公司 Cryptograph data sharing method and device, inquiring server and data uploading client terminal
CN104158827B (en) * 2014-09-04 2018-07-31 中电长城网际系统应用有限公司 Ciphertext data sharing method, device, inquiry server and upload data client
CN105471826B (en) * 2014-09-04 2019-08-20 中电长城网际系统应用有限公司 Ciphertext data query method, apparatus and cryptogram search server
CN105471826A (en) * 2014-09-04 2016-04-06 中电长城网际系统应用有限公司 Ciphertext data query method, device and ciphertext query server
CN107077469A (en) * 2014-10-21 2017-08-18 三菱电机株式会社 Server unit, searching system, terminal installation, search method, server program and terminal program
CN104363288A (en) * 2014-11-18 2015-02-18 深圳市大成天下信息技术有限公司 Document management system and method
CN104468121B (en) * 2014-11-27 2018-08-14 重庆邮电大学 The encrypted public key of support multi-key cipher based on given server can search for encryption method
CN104468121A (en) * 2014-11-27 2015-03-25 重庆邮电大学 Public-key searchable encryption method supporting multi-secret-key encryption based on designated server
CN104580181A (en) * 2014-12-29 2015-04-29 华为技术有限公司 Device and method for data encryption and encryption accelerator engine
CN104821876B (en) * 2015-04-16 2018-02-16 华中科技大学 A kind of dynamic for supporting that physics is deleted can search for symmetric encryption method
CN104821876A (en) * 2015-04-16 2015-08-05 华中科技大学 Dynamic searchable symmetrical encryption method supporting physical deletion
CN106452770A (en) * 2015-08-12 2017-02-22 深圳市腾讯计算机系统有限公司 Data encryption method and apparatus, data decryption method and apparatus, and system
US10659226B2 (en) 2015-08-12 2020-05-19 Tencent Technology (Shenzhen) Company Limited Data encryption method, decryption method, apparatus, and system
WO2017024804A1 (en) * 2015-08-12 2017-02-16 腾讯科技(深圳)有限公司 Data encryption method, decryption method, apparatus, and system
US10250613B2 (en) 2015-08-31 2019-04-02 Tencent Technology (Shenzhen) Company Limited Data access method based on cloud computing platform, and user terminal
CN106487763B (en) * 2015-08-31 2020-01-10 腾讯科技(深圳)有限公司 Data access method based on cloud computing platform and user terminal
CN106487763A (en) * 2015-08-31 2017-03-08 腾讯科技(深圳)有限公司 A kind of data access method based on cloud computing platform and user terminal
CN105320896A (en) * 2015-10-21 2016-02-10 成都卫士通信息产业股份有限公司 Cloud storage encryption and ciphertext retrieval methods and systems
CN105320896B (en) * 2015-10-21 2018-04-06 成都卫士通信息产业股份有限公司 A kind of cloud storage encryption and its cipher text retrieval method and system
CN106936868A (en) * 2015-12-30 2017-07-07 北京明朝万达科技股份有限公司 A kind of application system data security protection method combined with cloud storage and system
CN106936907A (en) * 2017-03-09 2017-07-07 腾讯科技(深圳)有限公司 A kind of document handling method, logical server, access server and system
CN106936907B (en) * 2017-03-09 2020-07-03 腾讯科技(深圳)有限公司 File processing method, logic server, access server and system
CN107124271A (en) * 2017-04-28 2017-09-01 成都梆梆信息科技有限公司 A kind of data encryption, decryption method and equipment
CN107295069B (en) * 2017-05-27 2020-06-02 Oppo广东移动通信有限公司 Data backup method and device, storage medium and server
CN107295069A (en) * 2017-05-27 2017-10-24 广东欧珀移动通信有限公司 Data back up method, device, storage medium and server
WO2018223777A1 (en) * 2017-06-06 2018-12-13 北京京东尚科信息技术有限公司 Data exchange system, method, and device
US11283778B2 (en) 2017-06-06 2022-03-22 Beijing Jingdong Shangke Information Technology Co., Ltd. Data exchange system, method and device
CN108090370B (en) * 2018-01-10 2021-03-16 河南芯盾网安科技发展有限公司 Instant communication encryption method and system based on index
CN108090370A (en) * 2018-01-10 2018-05-29 芯盾网安(北京)科技发展有限公司 Instant messaging encryption method and system based on index
CN108304733A (en) * 2018-01-23 2018-07-20 深圳大普微电子科技有限公司 Encryption data searching method and the data-storage system that search can be encrypted
CN108304733B (en) * 2018-01-23 2020-06-02 深圳大普微电子科技有限公司 Encrypted data searching method and data storage system capable of encrypted searching
CN108768978A (en) * 2018-05-16 2018-11-06 浙江大学 A kind of remote storage method of servicing and system based on SGX
CN109413029A (en) * 2018-08-29 2019-03-01 国网河南省电力公司电力科学研究院 Value data cut-in method, apparatus and system
CN110968413A (en) * 2018-09-28 2020-04-07 华为技术有限公司 Data management method and device and server
WO2020063002A1 (en) * 2018-09-28 2020-04-02 华为技术有限公司 Data management method and apparatus, and server
US11567675B2 (en) 2018-09-28 2023-01-31 Huawei Technologies Co., Ltd. Data management method and apparatus, and server
CN109361679A (en) * 2018-11-08 2019-02-19 蓝信移动(北京)科技有限公司 Message monitoring method and system and key server
CN109726584A (en) * 2018-12-12 2019-05-07 西安得安信息技术有限公司 Cloud database key management system
CN109726584B (en) * 2018-12-12 2023-08-25 西安得安信息技术有限公司 Cloud database key management system
CN109858263B (en) * 2019-01-21 2021-05-14 北京城市网邻信息技术有限公司 Data storage and retrieval method and device, electronic equipment and storage medium
CN109858263A (en) * 2019-01-21 2019-06-07 北京城市网邻信息技术有限公司 Search data memory method, apparatus, electronic equipment and storage medium
CN110391895B (en) * 2019-07-31 2020-10-27 创新先进技术有限公司 Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
CN110391895A (en) * 2019-07-31 2019-10-29 阿里巴巴集团控股有限公司 Data preprocessing method, ciphertext data capture method, device and electronic equipment
US10790961B2 (en) 2019-07-31 2020-09-29 Alibaba Group Holding Limited Ciphertext preprocessing and acquisition
CN111224974A (en) * 2019-12-31 2020-06-02 北京安码科技有限公司 Method, system, electronic device and storage medium for network communication content encryption
CN111460480B (en) * 2020-03-31 2022-03-18 中国电子科技集团公司第三十研究所 Secure ciphertext file sharing method in ciphertext search system
CN111460480A (en) * 2020-03-31 2020-07-28 中国电子科技集团公司第三十研究所 Secure ciphertext file sharing method in ciphertext search system
US12088698B2 (en) 2021-06-23 2024-09-10 Arris Enterprises Llc System and method for securely delivering keys and encrypting content in cloud computing environments
CN114584325A (en) * 2022-05-06 2022-06-03 四川野马科技有限公司 Bid quoted price data hybrid storage system and method based on block chain and cloud storage
US11895227B1 (en) * 2023-05-23 2024-02-06 Cloudflare, Inc. Distributed key management system with a key lookup service

Also Published As

Publication number Publication date
CN103107889B (en) 2016-08-03

Similar Documents

Publication Publication Date Title
CN103107889B (en) A kind of cloud computing environment data encryption storage system and method that can search for
CN106127075B (en) Encryption method can search for based on secret protection under a kind of cloud storage environment
Li et al. A hybrid cloud approach for secure authorized deduplication
Wang et al. Enabling secure and efficient ranked keyword search over outsourced cloud data
CN105610793B (en) A kind of outsourcing data encryption storage and cryptogram search system and its application process
CN103944711B (en) Cloud storage ciphertext retrieval method and system
CN114329599B (en) Data query method and device and storage medium
CN106254324A (en) A kind of encryption method storing file and device
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CN104065680A (en) Information processing method and apparatus, information retrieval method and apparatus, user terminal and server
CN103457733A (en) Data sharing method and system under cloud computing environment
CN105320896A (en) Cloud storage encryption and ciphertext retrieval methods and systems
CN106961427B (en) A kind of ciphertext data search method based on 5g communication standard
CN103955537A (en) Method and system for designing searchable encrypted cloud disc with fuzzy semantics
US11652642B2 (en) Digital data locker system providing enhanced security and protection for data storage and retrieval
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
KR102290605B1 (en) Message transmission system, communication terminal, server device, message transmission method and program
CN104992124A (en) Document safety access method for cloud storage environment
CN104065623A (en) Information processing method, trust server and cloud server
Yan et al. Secure and efficient big data deduplication in fog computing
CN109672525B (en) Searchable public key encryption method and system with forward index
Sun et al. Research of data security model in cloud computing platform for SMEs
CN109981614A (en) Data ciphering method, decryption method, querying method and device based on user group
Kumar et al. Secure query processing over encrypted database through cryptdb
Chen et al. Searchable encryption system for big data storage

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant