阅读说明：本技术 用于数据资源安全访问的数据加密系统及方法 (Data encryption system and method for data resource safety access ) 是由 杨艳 刘欣 果欣然 赵俊俊 刘鑫 任志宇 单棣斌 杨智 于 2021-07-17 设计创作，主要内容包括：本发明属于数据安全访问技术领域,特别涉及一种用于数据资源安全访问的数据加密系统及方法,通过获取请求方和服务方的用户属性集及密码管理服务器生成的公共参数、用户属性私钥和对称密钥,其中,用户属性集中至少包含每个用户身份信息、用户属性信息；利用对称密钥通过SM4算法对请求方和服务方双方生成的隐私数据加密生成数据密文；并根据数据拥有者定义的访问控制策略通过属性加密算法CP-ABE对对称密钥进行属性加密,生成对称密钥密文；通过云端存储数据密文和对称密钥密文,供请求方或服务方解密密文实现细粒度访问控制。本发明能够实现高效、安全对密文数据的细粒度访问控制,具有较好的应用前景。(The invention belongs to the technical field of data security access, and particularly relates to a data encryption system and a data encryption method for data resource security access, wherein public parameters, user attribute private keys and symmetric keys generated by a password management server are acquired through user attribute sets of a requesting party and a service party, and the user attribute sets at least comprise each piece of user identity information and user attribute information; encrypting private data generated by a requester and a server by using a symmetric key through an SM4 algorithm to generate a data ciphertext; performing attribute encryption on the symmetric key through an attribute encryption algorithm CP-ABE according to an access control strategy defined by a data owner to generate a symmetric key ciphertext; and the data ciphertext and the symmetric key ciphertext are stored through the cloud end, so that a requester or a server can decrypt the ciphertext to realize fine-grained access control. The invention can realize high-efficiency and safe fine-grained access control on the ciphertext data and has better application prospect.)

1. A data encryption system for secure access to data resources, comprising: an initialization module, an encryption module, a re-encryption module and a storage module, wherein,

the initialization module is used for acquiring user attribute sets of a requesting party and a service party and public parameters, user attribute private keys and symmetric keys generated by a password management server, wherein the user attribute sets at least comprise each piece of user identity information and user attribute information;

the encryption module is used for generating a data ciphertext by encrypting the private data generated by the requester and the server through an SM4 algorithm by using the symmetric key;

the re-encryption module is used for performing attribute encryption on the symmetric key by using an attribute encryption technology CP-ABE based on a ciphertext strategy according to an access control strategy defined by a data owner and by combining the access control strategy and the public parameter to generate a symmetric key ciphertext;

and the storage module is used for storing the data ciphertext and the symmetric key ciphertext through the cloud end so that the requesting party and/or the service party can decrypt the symmetric key through the respective user attribute private key and further decrypt the ciphertext to realize fine-grained access control on the ciphertext.

2. The data encryption system for the secure access to the data resource according to claim 1, wherein the initialization module comprises a parameter setting unit, an encryption initialization unit and a re-encryption initialization unit, wherein the parameter setting unit is used for the password management server to generate a public parameter and a master key according to the security parameter; the encryption initialization unit is used for generating an initial key seed by the password management server according to the user identity information and the temporarily generated random number by using a Hash algorithm, and selecting a preset bit in the initial key seed as a symmetric key; and the re-encryption initialization unit is used for generating a user attribute private key by the password management server according to the master key and the user attribute set.

3. The data encryption system for the secure access to the data resource according to claim 1 or 2, wherein the encryption module comprises a data encryption unit and a key expansion unit, wherein the key expansion unit is configured to perform a nonlinear iteration on the symmetric key by using a key expansion algorithm to obtain a round key; and the data encryption unit is used for carrying out encryption operation on the private data by utilizing an SM4 algorithm and combining the round key to generate a ciphertext.

4. The data encryption system for the secure access to the data resource according to claim 3, wherein the data encryption unit comprises a round function F transformation subunit and an inverse R transformation subunit, wherein the round function F transformation subunit is configured to perform a round function F transformation iterative operation on the plaintext data in combination with a round key; and the reverse order R transformation subunit is used for performing reverse order R transformation operation on the iterative operation output of the round function F transformation subunit to obtain an encrypted ciphertext.

5. The data encryption system for the secure access to the data resource according to claim 1 or 2, wherein the re-encryption module comprises an access policy generation unit and a data encryption unit, wherein the access policy generation unit is configured to generate an access policy tree structure, and each leaf node in the tree structure represents a user attribute; and the data encryption unit is used for performing attribute encryption on the symmetric key used by the encryption module to generate the ciphertext by using the access policy tree structure to obtain the encrypted symmetric key ciphertext.

6. The data encryption system for the secure access to the data resources according to claim 1, wherein the storage module is a cloud storage system adopting a distributed parallel programming framework, and in the cloud storage system, the relationship between the requester and the server and the corresponding resource data ciphertext and the encrypted symmetric key are stored in a directory form.

7. A data encryption method for secure access to data resources, comprising:

acquiring user attribute sets of a requesting party and a service party, and generating public parameters, a user attribute private key and a symmetric key, wherein the user attribute sets at least comprise identity information and user attribute information of each user;

generating a ciphertext by encrypting the private data generated by the requester and the server through an SM4 algorithm by using a symmetric key;

encrypting the symmetric key by using the access control strategy through a CP-ABE attribute encryption algorithm according to the access control strategy defined by the data owner to generate a symmetric key ciphertext;

and the data ciphertext and the symmetric key ciphertext are stored through the cloud end, so that the requester and/or the server decrypt the symmetric key through respective user attribute private keys to realize fine-grained access control on the data ciphertext.

8. The data encryption method for the secure access to the data resources as claimed in claim 7, wherein when decrypting the symmetric key, if the user attribute private key set of the requester and/or the server satisfies the encrypted access control policy, the symmetric key is obtained by decrypting the symmetric key ciphertext, and the data ciphertext is decrypted by the decryption algorithm using the symmetric key.

9. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the data encryption method according to claim 7 or 8 when executing the computer program.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the data encryption method according to claim 7 or 8.

Technical Field

The invention belongs to the technical field of data security access, and particularly relates to a data encryption system and method for data resource security access.

Background

With the rapid development of social informatization and networking, information technologies such as the internet of things and the internet are continuously infiltrated and cross-fused in different fields such as human politics, economy, culture and life, the generated data surpass the sum of data generated in any past year, and the data security problem is gradually paid extensive attention and high attention by government organs, industries and academic circles.

Big data and cloud storage provide convenience for the public in data processing and storage, and accelerate the speed of data interaction. Cloud storage is an internet technology which is raised after cloud computing technology, a user stores resources in a virtual cloud, equipment cost required by physical storage is saved, data storage and maintenance are managed by a service provider, the user can conveniently enjoy massive and high-speed data storage service at any time, resource utilization rate is improved, and cost is reduced. Meanwhile, storing and managing the data to the cloud or the big data center means that the data of the user is placed outside the control domain of the user, and the storage security and the access control requirement of the uploaded resources cannot be ensured. In order to ensure that the private data of the user is not leaked by an untrusted data service provider, the private data needs to be encrypted and then stored in a cloud or a big data center; in addition, the encrypted data stored in the cloud or the big data center needs to be accessed by users with different authorities in different departments in reality, so that the application mode also puts forward the privacy protection requirement that the encrypted data needs to be accessed by different authorized users while being stored in the encrypted mode. The traditional symmetric encryption and public key encryption system can not realize fine-grained access control, mainly realizes one-to-one access, and can not realize the one-to-many access requirement. The traditional access control mode only supports access control on plaintext data and is not suitable for the requirement of ciphertext access control. Therefore, the privacy protection requirements of data encryption secure storage and fine-grained ciphertext access control of a cloud or a big data center need to be effectively solved.

The attribute encryption is used as a novel public key encryption system, fine-grained access control of ciphertext data can be realized, and the data security storage requirements of a cloud end and a big data center are supported; in addition, the attribute encryption technology carries out access control on data by users according to attributes, and only users meeting specific access control strategies can normally access the data, so that the privacy protection requirement of the data is met. Although the attribute encryption can realize access control on the ciphertext, the attribute encryption is low in encryption and decryption efficiency as a public key cryptographic algorithm; the symmetric cryptographic algorithm has high encryption and decryption efficiency, but the key management is difficult. Therefore, it is difficult for a single symmetric cryptographic algorithm and a single public key cryptographic algorithm to have both the data encryption and decryption speed and fine-grained access control, and therefore, how to provide a data encryption scheme with high efficiency and safety and high practicability is particularly necessary.

Disclosure of Invention

Therefore, the invention provides a data encryption system and a data encryption method for data resource secure access, which solve the problem that a symmetric cryptographic algorithm and a public key cryptographic algorithm in the prior art cannot simultaneously have data encryption and decryption speed, fine-grained access control and the like.

According to the design scheme provided by the invention, a data encryption system for the secure access of data resources is provided, which comprises: an initialization module, an encryption module, a re-encryption module and a storage module, wherein,

the initialization module is used for acquiring user attribute sets of a requesting party and a service party and public parameters, user attribute private keys and symmetric keys generated by a password management server, wherein the user attribute sets at least comprise each piece of user identity information and user attribute information;

the encryption module is used for generating a data ciphertext by encrypting the private data generated by the requester and the server through an SM4 algorithm by using the symmetric key;

the re-encryption module is used for performing attribute encryption on the symmetric key through a CP-ABE attribute encryption algorithm by utilizing the access control strategy according to the access control strategy defined by the data owner to generate a symmetric key ciphertext;

and the storage module is used for storing the data ciphertext and the symmetric key ciphertext through the cloud end so that the requester and/or the server can decrypt the encrypted key through the respective user attribute private key set, and further decrypt the ciphertext to realize fine-grained access control on the ciphertext.

As the data encryption system for the secure access of the data resources, further, the initialization module comprises a parameter setting unit, an encryption initialization unit and a re-encryption initialization unit, wherein the parameter setting unit is used for the password management server to generate a public parameter and a master key according to the security parameter; the encryption initialization unit is used for generating an initial key seed by the password management server according to the user identity information and the temporarily generated random number by using a Hash algorithm, and selecting a preset bit in the initial key seed as a symmetric key; and the re-encryption initialization unit is used for generating a user attribute private key by the password management server according to the master key and the user attribute set.

As a data encryption system for the secure access of data resources, further, the encryption module comprises a data encryption unit and a key expansion unit, wherein the key expansion unit is configured to perform nonlinear iteration on a symmetric key by using a key expansion algorithm to obtain a round key; and the data encryption unit is used for carrying out encryption operation on the private data by utilizing an SM4 algorithm and combining the round key to generate a ciphertext.

As a data encryption system for data resource security access, further, the data encryption unit comprises a round function F transformation subunit and a reverse order R transformation subunit, wherein the round function F transformation subunit is used for performing round function F transformation iterative operation on plaintext data by combining a round key; and the reverse order R transformation subunit is used for performing reverse order R transformation operation on the iterative operation output of the round function F transformation subunit to obtain an encrypted ciphertext.

As a data encryption system for data resource security access of the present invention, further, the re-encryption module comprises an access policy generation unit and a data encryption unit, wherein the access policy generation unit is configured to generate an access policy tree structure corresponding to attribute information, and each leaf node in the tree structure represents a corresponding attribute; and the data encryption unit is used for performing attribute encryption on the symmetric key used by the encryption module to generate the ciphertext by using the access policy tree structure to obtain the encrypted symmetric key ciphertext.

As a data encryption system for secure access to data resources, the storage module employs a cloud storage system with a distributed parallel programming framework, and the relationship between the requester and the server and the corresponding ciphertext and the encrypted symmetric key are stored in a directory form in the cloud storage system.

Further, the invention also provides a data encryption method for the secure access of data resources, which comprises the following steps:

acquiring a user attribute set between a requesting party and a service party, and generating a public parameter, a user attribute private key and a symmetric key through a password management server, wherein the user attribute set at least comprises each user identity information and user attribute information;

generating a ciphertext by encrypting the private data generated by the requester and the server through an SM4 algorithm by using a symmetric key;

performing attribute encryption on the symmetric key by using a CP-ABE attribute encryption algorithm according to an access control strategy defined by a data owner and in combination with the access control strategy and the public parameter to generate a symmetric key ciphertext;

and storing the data ciphertext and the symmetric key ciphertext through the cloud end so that the requester and/or the server can decrypt the encrypted key through the respective user attribute private key set, and further decrypt the ciphertext to realize fine-grained access control on the data ciphertext.

As a data encryption method for secure access to data resources, further, in ciphertext decryption, if a user attribute private key set of a requester and/or a server meets an access control policy implied by a symmetric key ciphertext, the symmetric key ciphertext is decrypted to obtain a symmetric key, and the symmetric key is used to decrypt the data ciphertext through a symmetric decryption algorithm.

The invention has the beneficial effects that:

according to the method, private data are encrypted by using an SM4 algorithm, after the private data are encrypted, a symmetric key of the encrypted private data is subjected to attribute encryption by using a CP-ABE algorithm and based on an access control strategy defined by a data owner, and a symmetric key ciphertext containing the access control strategy is obtained; in access control, a user attribute private key is generated based on a user attribute set, when the user attribute private key set meets an access control strategy of encrypting a symmetric key, a symmetric key of encrypted privacy data is obtained by allowing decryption of a symmetric key ciphertext, and then the ciphertext data is decrypted to obtain original privacy data, otherwise, access is denied. By combining the advantage of high encryption and decryption speed of the symmetric cryptographic algorithm SM4 and the attribute encryption algorithm CP-ABE, access control on ciphertext data can be realized, fine-grained access control on ciphertext of private data is realized, and the method has a good development prospect.

Description of the drawings:

FIG. 1 is a schematic diagram of a data encryption system in an embodiment;

FIG. 2 is a flow chart of a data encryption method in an embodiment;

fig. 3 is an illustration of an SM4 encryption flow in an embodiment;

FIG. 4 is a flow diagram illustrating a cloud case privacy resource data encryption process in an embodiment;

fig. 5 is a schematic flow of decrypting the cloud case privacy resource data ciphertext in the embodiment.

The specific implementation mode is as follows:

in order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described in detail below with reference to the accompanying drawings and technical solutions.

An embodiment of the present invention, as shown in fig. 1, provides a data encryption system for secure access to data resources, including: an initialization module, an encryption module, a re-encryption module and a storage module, wherein,

the initialization module is used for acquiring user attribute sets of a requesting party and a service party and public parameters, user attribute private keys and symmetric keys generated by a password management server, wherein the user attribute sets at least comprise each piece of user identity information and user attribute information;

the encryption module is used for generating a data ciphertext by encrypting the private data generated by the requester and the server through an SM4 algorithm by using the symmetric key;

the re-encryption module is used for performing attribute encryption on the symmetric key through a CP-ABE attribute encryption algorithm by utilizing the access control strategy according to the access control strategy defined by the data owner to generate a symmetric key ciphertext;

and the storage module is used for storing the data ciphertext and the symmetric key ciphertext through the cloud end so that the requester and/or the server can decrypt the encrypted symmetric key through the respective user attribute private key set, and further decrypt the ciphertext to realize fine-grained access control on the ciphertext.

Encrypting the private data by using an SM4 algorithm, and after the private data is encrypted, performing attribute encryption on a symmetric key of an encrypted plaintext by using a CP-ABE algorithm and based on an access control strategy defined by a data owner to obtain a key ciphertext containing the access control strategy; and generating a user attribute private key based on the user attribute set, when the user attribute private key set meets an access control strategy contained in a symmetric key ciphertext, decrypting the ciphertext of the symmetric key to obtain the symmetric key for encrypting the private data, further decrypting the ciphertext data to obtain original private data, and otherwise, refusing access to realize access control on the private data, so that the requirement of practical application environments such as medical records on privacy safety can be met. And the access control on the ciphertext data is realized by combining the advantage of high encryption and decryption speed of the symmetric algorithm SM4 and the attribute encryption algorithm CP-ABE, and the fine-grained access control on the data ciphertext is realized.

As a data encryption system for secure access to data resources in the embodiment of the present invention, further, the initialization module includes a parameter setting unit, an encryption initialization unit, and a re-encryption initialization unit, where the parameter setting unit is configured to generate a public parameter and a master key by the password management server according to the security parameter; the encryption initialization unit is used for generating an initial key seed by the password management server according to the user identity information and the temporarily generated random number by using a Hash algorithm, and selecting a preset bit in the initial key seed as a symmetric key; and the re-encryption initialization unit is used for generating a user attribute private key by the password management server according to the master key and the user attribute set.

Further, in the embodiment of the present disclosure, the encryption module includes a data encryption unit and a key expansion unit, where the key expansion unit is configured to perform nonlinear iteration on a symmetric key by using a key expansion algorithm to obtain a round key; and the data encryption unit is used for carrying out encryption transformation on the private data by utilizing an SM4 algorithm and combining the round key to generate a ciphertext.

The SM4 algorithm has a packet length of 128 bits and a key length of 128 bits. The encryption algorithm and the key expansion algorithm both adopt 32 rounds of unbalanced Feistel iteration structures. The structure is similar in the encryption and decryption processes, but the round key use sequence is opposite. The SM4 algorithm includes an encryption algorithm and a key expansion algorithm.

Further, in this embodiment, the data encryption unit includes a round function F transformation subunit and an inverse order R transformation subunit, where the round function F transformation subunit is configured to perform round function F transformation iterative operation on the private data in combination with a round key; and the reverse order R transformation subunit is used for performing reverse order R transformation operation on the iterative operation output of the round function F transformation subunit to obtain an encrypted ciphertext.

Further, in this embodiment, the re-encryption module includes an access policy generation unit and a data encryption unit, where the access policy generation unit is configured to generate an access policy tree structure corresponding to the user attribute information, and each leaf node in the tree structure represents an attribute; and the data encryption unit is used for performing attribute encryption on the symmetric key used by the encryption module to generate the ciphertext according to the access control strategy defined by the data owner to obtain the encrypted symmetric key.

As a data encryption system for secure access to data resources in the embodiment of the present invention, further, the storage module employs a cloud storage system with a distributed parallel programming framework, and in the cloud storage system, a relationship between a requester and a server, and a corresponding ciphertext and an encrypted symmetric key are stored in a directory format.

Further, based on the above system, an embodiment of the present invention further provides a data encryption method for secure access to data resources, as shown in fig. 2, including the following steps:

s101, acquiring user attribute sets of a requesting party and a service party, and generating public parameters, a user attribute private key and a symmetric key through a password management server, wherein the user attribute sets at least comprise each user identity information and each user attribute information;

s102, generating a ciphertext by encrypting the private data generated by the requester and the server through an SM4 algorithm by using the symmetric key;

s103, performing attribute encryption on the symmetric key through a CP-ABE attribute encryption algorithm by using the access control strategy according to the access control strategy defined by the data owner to generate a symmetric key ciphertext;

and S104, storing the data ciphertext and the symmetric key ciphertext through the cloud end so that the requester and/or the server can decrypt the encrypted symmetric key through the respective user attribute private key set, and further decrypt the ciphertext to realize fine-grained access control on the data ciphertext.

Private data are encrypted and stored by using a domestic cryptographic algorithm SM4, so that privacy leakage risks in data storage and transmission are reduced; aiming at the safe access of the traditional access control based on plaintext information, the attribute encryption technology is introduced into data encryption, an attribute encryption algorithm CP-ABE is adopted, and the mixed encryption idea is utilized to realize the fine-grained access control and privacy protection of ciphertext and meet the privacy protection requirement of safe storage and access of private data.

Encrypting the private data based on SM4 algorithm to obtain ciphertext data, wherein the encryption method specifically comprises the following steps:

generation of encryption keys in the SM4 algorithm:

firstly, aiming at the SM4 encryption algorithm, in order to realize the randomness of the encryption key, on the basis of the realization of the basic SM4 algorithm, random numbers are introduced in the encryption key generation part of the SM4 algorithm by utilizing the uniqueness of the user identity, and the random numbers are used as seeds to generate an initial key by adopting the SHA-256 hash algorithm. The method specifically comprises the following steps: based on the user identity information, personal information (such as a medical record number) of the user in practical application and the generated random number, generating 256-bit initial key seeds by adopting an SHA-256 HASH algorithm, for example, taking the value of HASH (user identity ID + medical record number + random number) as the initial key seeds; an SM 4-based encryption algorithm requires an initial key of 128 bits, processes the initial key seed, and selects a specific 32 (16-bit) bits as an initial key K. The relevance of the secret key and the user identity information is ensured by introducing the user identity information, and the randomness strength of the secret key is further improved by introducing the random number and carrying out hash processing on the random number by using an SHA-256 hash algorithm.

Secondly, grouping the initial keys to obtain a plurality of groups of sub-initial keys, and acquiring a system parameter FK ═ FK (FK)₀,FK₁, FK₂,FK₃) Respectively expanding each group of the sub-initial keys based on a system parameter FK to obtain 32 groups of round keys;

in this embodiment, the initial key MK is divided into 4 sets of sub-initial keys (MK)₀,MK₁,MK₂,MK₃)，Order toThe specific generation method of the round key comprises the following steps:

performing modulo-2 addition operation on each group of sub-initial keys and system parameters to obtain an initial round key corresponding to each group of initial keys, as shown in the following formula:

the value of the system parameter FK is expressed by hexadecimal number as follows:

FK₀＝(A3B1BAC6),FK₁＝(56AA3350),FK₂＝(677D9197),FK₃＝(B27022DC)

obtaining a fixed parameter CK, and performing synthesis transformation T' on the initial round key based on the fixed parameter CK to obtain a round key rk_iAs shown in the following formula:

the fixed parameter CK is obtained by the following method: order ck_ijIs CK_iI.e. the j-th byte (i: 0,1,2, …, 31; j: 0,1,2,3) of (a)ck_ij＝(4i+j)*7(mod256)。

In the formula, rk_i，The T ' transformation adopts linear transformation L ', and B is input of the L ' transformation.

Process of SM4 algorithm encryption:

the encryption module is mainly divided into two parts of private data encryption and symmetric key encryption, and is respectively realized by using an SM4 algorithm and a CP-ABE algorithm. Because the amount of private data to be encrypted is generally large, and the problem of low encryption and decryption efficiency is easily caused by directly using the CP-ABE algorithm for encryption, the ECB mode in the SM4 encryption mode is selected to be used, and the advantage of high encryption and decryption efficiency of the symmetric cryptographic algorithm is fully utilized to improve the data processing efficiency.

The private data encryption method comprises the following steps:

grouping the private data to be encrypted, wherein the group number of the private data is the same as that of the sub-initial keys, and encrypting each group of private data respectively based on the round keys to obtain ciphertext data;

wherein, each group of private data is encrypted based on the round key as shown in the following formula:

wherein i is 0,1,2 … 31; t denotes a synthesis transform, both the input and output of T are 32 bits, i.e.,the synthesis transformation T is a reversible transformation composed of a combination of a nonlinear transformation tau and a linear transformation L, i.e.Where the non-linear transformation τ consists of 4 parallel S-boxes, the input is assumed to beThen outputThe linear transformation L transforms into: the output B of the non-linear transformation tau is taken as the input of the linear transformation L, and the processed result is denoted C, where B,the expression of C is shown as follows:

where < < < means that the character string is circularly shifted to the left.

Referring to FIG. 3, assume that the packet privacy data isThe ciphertext is output as Round keyAfter 32-cycle iteration is carried out on input plaintext data, the plaintext data is obtainedAnd then the ciphertext output is obtained through reverse order transformation R.

The symmetric key encryption method comprises the following steps:

the symmetric key encryption adopts an attribute encryption mode, realizes fine-grained access control of the symmetric key by embedding an access structure in an encrypted symmetric key, and performs attribute encryption on an initial key generated in private data encryption based on a CP-ABE algorithm to obtain encrypted key data, wherein the specific encryption method comprises the following steps:

first, a security parameter may be set to (G)₁G, h, a, beta), a, beta are random numbers, e: G₁×G₁→G₂Is a bilinear map, G₁、G₂Two multiplication cyclic groups with prime numbers rho of order and G of order₁And generating the element. Based on the security parameters, a public parameter PK, a master key MK is generated.

PK＝{G₁,g,h＝g^β,e(g,g)^a}，

MK＝(β,g^a)，

Generating a user attribute private key SK based on a public parameter PK, a master key MK and a user attribute set I; firstly, randomly selecting gamma epsilon Z_ρIn order to generate the attribute private key, γ is randomly chosen for each attribute j ∈ I_j∈Z_ρAnd through twice random number selection, collusion behaviors of users are prevented. The solution of the user attribute private key SK is shown in the following formula

Where γ is a random number, H (j) is a hash function, j represents an attribute, where H (j) hashes attribute j to G₁Of (1).

Performing attribute encryption on data M (a symmetric key in an encryption module, namely an initial key generated in an SM4 algorithm) to be encrypted based on the public parameter PK and the access structure T to obtain a ciphertext C containing an access strategy_T；

Wherein, the hash function H: {0,1}^*→G₀，q_xIs a randomly generated polynomial, and q_x(0)＝q_parent(x)(index(x))。

The access structure T exists in the form of an access policy tree, complex access control of a user is realized by adopting an AND, OR logic and threshold scheme, each non-leaf node of the tree represents a threshold, and each leaf node of the tree represents an attribute; num for a given access policy tree_xNumber of child nodes, k, representing node x_xIs a threshold value of x, and k is 0. ltoreq. num_x. If toA few have k_xIf the child node is assigned a true value, then the node will be assigned a true value. In particular, when k_xWhen the node is equal to 1, the node becomes an OR gate; when k is_x＝num_xThe node then becomes an AND gate.

In the process of generating the access strategy tree, a specific attribute value is connected by using a logic language to formulate and form an access structure; by adding nodes to the access policy tree, the complexity of access policy generation is improved to a certain extent, so that the algorithm can support finer-grained access control.

Wherein, traversal is started from the root node of the access strategy tree in the encryption process to generate a ciphertext C containing the access strategy_T。

As a data encryption method for secure access to data resources in the embodiment of the present invention, further, the decryption module is mainly divided into two parts, namely decryption of a symmetric key and decryption of private data, and according to a corresponding encryption algorithm, attribute decryption of the symmetric key is performed by using a CP-ABE algorithm, and decryption of the private data is performed by using an SM4 algorithm, respectively. When the CP-ABE algorithm is used for attribute decryption, if the user attribute private key set of the requester and/or the server accords with the access strategy implied by the ciphertext, a symmetric key is obtained through decryption; and decrypting the privacy data ciphertext by using an SM4 algorithm based on the obtained symmetric key to obtain the original privacy data.

Based on the user attribute private key SK, attribute set I owned by the user to key ciphertext C containing access strategy_TAnd performing attribute decryption. The decryption process is a recursive algorithm, and if the node y is a leaf node, let i att (y), the calculation is performedWhen the attribute private key set of the decryption party meets the access structure embedded in the ciphertext, the decryption party can decrypt the ciphertext C of the symmetric key_TThe plaintext message M is obtained (the symmetric key in the encryption module, i.e. the initial key generated in the SM4 algorithm).

Different from the traditional method, the attribute set and the access strategy are embedded into the user attribute private key and the ciphertext, so that the decryption process is actually the process of matching the attribute set with the access strategy, when the user attribute private key set meets the access strategy of the ciphertext, the access is allowed and the decryption is carried out to obtain a symmetric key, otherwise, the access is refused, and the decryption fails.

After the symmetric key is obtained, a recursive method is adopted for decryption in the process of decrypting the ciphertext of the private data. The decryption transformation adopts the same structure as the encryption transformation, and the key use sequence in the decryption process is

The implementation process of encrypting and decrypting the resource data for protecting the cloud case privacy by taking the patient side as a requester and the doctor side as a server is further explained in combination with the encryption and decryption algorithm as follows:

in the cloud medical record privacy data encryption application, a patient and a doctor establish a patient relationship, perform medical inquiry and diagnosis, generate corresponding medical record privacy data, and simultaneously, a management center generates public parameters and a master key according to safety parameters and distributes the public parameters to users; the management center generates a user attribute private key of the doctor and the patient by using an attribute key generation algorithm according to the attribute set, the public parameters and the master key of the doctor and the patient, and distributes the user attribute private key to the user; a doctor defines an access strategy for the medical record privacy data, and after the medical record privacy data are symmetrically encrypted, the symmetric key is subjected to attribute encryption according to the access strategy; the doctor uploads the encrypted medical record privacy data and the encrypted symmetric key to a data storage center for archiving, so that the medical record privacy data and the encrypted symmetric key can be used for later-stage user inquiry of medical records, case research and other conditions, and the local related key is destroyed at the same time.

In the process of encrypting the medical record private data, the SM4 algorithm is used for symmetrically encrypting the medical record data, the CP-ABE algorithm is used for carrying out attribute encryption on the symmetric key, and in order to ensure the randomness of the symmetric key, a Hash algorithm is introduced for carrying out Hash generation on the patient identity card number, the medical record number, the random number and the like.

Referring to fig. 4, when encrypting a file, a seed of an SM4 algorithm initial key is first generated by SHA-256 hash algorithm according to personal information such as patient identification number, medical record number, and the like and a random number generated in real time. Since the hash algorithm results in 256 bits, while the SM4 encryption algorithm requires 128 bits for the initial key, the key seed is processed to select a particular 32 (16) bits as the initial key, ensuring that the key is patient-specific. And encrypting the medical record privacy data by using the generated symmetric key, defining an access structure of the medical record data by a doctor through a strategy generation module, and performing attribute encryption on the symmetric key according to the access structure. And fine-grained access control of the symmetric key is realized by encrypting the attribute of the symmetric key, and finally, ciphertext fine-grained access control of medical record privacy resources is indirectly realized.

The encryption and uploading work of the medical record private data can only be operated by a doctor at the doctor end, and the specific implementation conditions are as follows:

after the medical records are generated, doctors need to encrypt the medical records and then upload the encrypted medical record files to the cloud for storage. When encryption is carried out, symmetric encryption of medical record files and attribute encryption of symmetric keys are realized by acquiring 5 parameters of the patient identity card number, the medical record number, the random number, the access strategy and the medical record files to be encrypted. The identity card number and the medical record number of the patient are directly obtained according to the registered attribute set of the patient, the access strategy of the encrypted symmetric key is defined by a doctor, the random number is generated in real time, and the medical record path is selected by the doctor. Symmetric encryption of the medical record and attribute encryption of the symmetric key are accomplished through the 5 parameters. The patient identification number, the medical record number and the random number are used for generating a symmetric key by a Hash algorithm.

In the cloud medical record private data decryption application, when a patient wants to check medical record file data of the patient and a doctor needs to look up the medical record data for researching a case and other work requirements, the patient needs to decrypt and access ciphertext data of a cloud storage center. A user (doctor/patient) sends a data query request, calls a user attribute set and related parameters, and checks whether the user attribute private key set meets an encrypted access structure or not according to a user attribute private key distributed by a management center; if the access structure is met, successfully decrypting to obtain a symmetric key for encrypting the medical record data; if not, the decryption key of the ciphertext data cannot be obtained; and decrypting the ciphertext medical record data through the obtained symmetric key. In the data inquiry and decryption process, only a patient can check the medical record files which can be checked by the patient according to the access control strategy in the encryption process, and only a doctor meeting the access authority can check and process the specific data files so as to meet the access control of the medical record private data.

The medical record decryption module is mainly divided into a symmetric key decryption part and a medical record data decryption part. And decrypting the symmetric key by using the CP-ABE algorithm and decrypting the medical record data by using the SM4 algorithm respectively according to corresponding encryption algorithms.

Referring to fig. 5, when a user wants to decrypt medical record private data, the user needs to have a user attribute private key issued by a management center, where the user attribute private key is generated according to a user attribute set, public parameters, and a master key; and then selecting related privacy resources such as a symmetric key ciphertext and a medical record to be decrypted, if the user attribute private key set conforms to the access structure of the encrypted symmetric key, decrypting by using a CP-ABE algorithm to obtain the symmetric key, and decrypting the medical record privacy data by using an SM4 algorithm.

In encrypting the symmetric key, an access policy may be defined by the doctor to determine the access object range and passed to the password management server. And after encryption is finished, deleting the local symmetric key and storing the symmetric key ciphertext into the storage center. In addition, in the process of checking the medical record, a user attribute private key is generated by calling a user attribute set and combining the public parameter and the master key and is transmitted to the user. And if the user attribute private key set conforms to the access strategy of the encrypted symmetric key, decrypting to obtain the symmetric key. The doctor and the cloud end are interacted mainly in that the duration of uploading and downloading diseases is encrypted and decrypted by using a symmetric key, and the cloud end is required to provide related services. The doctor end is the main implementer for encrypting system data and implementing access control, and the medical data is mainly generated at the doctor end. The doctor end can cooperate with the password management server to realize the encrypted storage of the data and the access control of the ciphertext data through the symmetric password and the attribute encryption algorithm, so that only a group meeting the access strategy of the ciphertext data can decrypt the key of the encrypted ciphertext data, and the storage safety and the access control of the ciphertext data are realized.

Unless specifically stated otherwise, the relative steps, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present invention.

Based on the foregoing system, an embodiment of the present invention further provides a server, including: one or more processors; a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method described above.

Based on the system, the embodiment of the invention further provides a computer readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method.

The device provided by the embodiment of the present invention has the same implementation principle and technical effect as the system embodiment, and for the sake of brief description, reference may be made to the corresponding content in the system embodiment for the part where the device embodiment is not mentioned.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing system embodiments, and are not described herein again.

In all examples shown and described herein, any particular value should be construed as merely exemplary, and not as a limitation, and thus other examples of example embodiments may have different values.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.