[go: up one dir, main page]

CN116366247A - A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold - Google Patents

A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold Download PDF

Info

Publication number
CN116366247A
CN116366247A CN202310372881.9A CN202310372881A CN116366247A CN 116366247 A CN116366247 A CN 116366247A CN 202310372881 A CN202310372881 A CN 202310372881A CN 116366247 A CN116366247 A CN 116366247A
Authority
CN
China
Prior art keywords
server
proxy
data
servers
dynamic selection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310372881.9A
Other languages
Chinese (zh)
Inventor
李忠涛
程文轩
马晓雯
赵帅
刘圣勇
张玉璘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Jishi Information Technology Co ltd
University of Jinan
Original Assignee
Shandong Jishi Information Technology Co ltd
University of Jinan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Jishi Information Technology Co ltd, University of Jinan filed Critical Shandong Jishi Information Technology Co ltd
Priority to CN202310372881.9A priority Critical patent/CN116366247A/en
Publication of CN116366247A publication Critical patent/CN116366247A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请公开了一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法动态选择门限代理重加密方法。该基于地理位置可寻址网络的服务器动态选择门限代理重加密方法包括收集代理服务器集群各服务器的地理位置,构建集群分布地理位置网络图;当数据使用者需选择与自己距离最近的多个服务器进行授权申请时,则执行代理服务器动态选择操作;将离数据使用者相对最近的多个代理服务器身份信息发给数据使用者,数据使用者执行授权申请操作;达到动态选择门限代理服务器的目的,保证数据使用者可获得地理位置相距最近的多个服务器的授权,进而解决门限代理重加密过程中数据申请者如何动态选择与自己距离最近的多个服务器进行授权申请的问题。

Figure 202310372881

The application discloses a server dynamic selection threshold proxy re-encryption method based on a geographical location addressable network dynamic selection threshold proxy re-encryption method. The server dynamic selection threshold proxy re-encryption method based on the geographic location addressable network includes collecting the geographic location of each server in the proxy server cluster, and constructing a network map of the cluster distribution geographic location; when the data user needs to select multiple servers closest to himself When applying for authorization, the proxy server dynamic selection operation is performed; the identity information of multiple proxy servers relatively closest to the data user is sent to the data user, and the data user executes the authorization application operation; to achieve the purpose of dynamically selecting the threshold proxy server, It ensures that data users can obtain the authorization of multiple servers that are geographically closest to each other, and then solves the problem of how data applicants can dynamically select multiple servers that are closest to themselves for authorization applications during the threshold proxy re-encryption process.

Figure 202310372881

Description

一种基于地理位置可寻址网络的服务器动态选择门限代理重 加密方法A server dynamically selects threshold proxy weight based on geographically addressable network encryption method

本申请涉及隐私计算领域,具体而言,涉及一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法。The present application relates to the field of privacy computing, and in particular, relates to a server dynamic selection threshold proxy re-encryption method based on a geographic location addressable network.

背景技术Background technique

代理重加密是一种特殊的公钥加密方案,它允许半可的信代理服务器将加密的密文从一个公钥转换成另一个公钥,而不需要知道明文或私钥。数据拥有者首先创建一个“重加密秘钥”授权数据代理方转换密文,使数据使用者可以直接解密数据代理者转换后的密文,从而实现数据的安全传输和共享。通过代理服务器进行转换,可实现数据使用者的数据访问,且无需将数据直接传输给数据使用者。Proxy re-encryption is a special public-key encryption scheme that allows a semi-trusted proxy server to convert encrypted ciphertext from one public key to another without knowing the plaintext or the private key. The data owner first creates a "re-encryption key" to authorize the data agent to convert the ciphertext, so that the data user can directly decrypt the ciphertext converted by the data agent, so as to realize the safe transmission and sharing of data. Transformation through a proxy server enables data access by data users without the need for direct transmission of data to data users.

在传统的代理重加密方案中,代理方完全掌控用户数据的重加密权限,这可能会引发代理方恶意行为或者攻击的风险。门限代理重加密是在代理重加密的基础上,将单个半可信代理服务器完全持有重加密秘钥转换为多个代理服务器组成集群,将一个重加密秘钥转化为多个秘钥份额,每个代理服务器持有其中一份秘钥份额,并使用自己的份额进行代理重加过程,只有数据使用者获得的授权满足门限条件时,集群中的代理服务器才能合作解密密文。与传统的代理重加密方案相比,门限代理重加密提高了方案安全性、可靠性,通过对门限阈值的设置还可以提高系统扩展性。In the traditional proxy re-encryption scheme, the proxy party completely controls the re-encryption authority of user data, which may lead to the risk of malicious behavior or attacks by the proxy party. Threshold proxy re-encryption is based on proxy re-encryption, converting a single semi-trusted proxy server fully holding the re-encryption key into multiple proxy servers to form a cluster, converting one re-encryption key into multiple key shares, Each proxy server holds one of the secret key shares, and uses its own share to carry out the proxy re-add process. Only when the authorization obtained by the data user meets the threshold condition, the proxy servers in the cluster can cooperate to decrypt the ciphertext. Compared with the traditional proxy re-encryption scheme, threshold proxy re-encryption improves the security and reliability of the scheme, and the system scalability can also be improved by setting the threshold value.

在门限代理重加密方案中,数据使用者需从N个代理服务器中选择多个进行授权申请,若得到的授权数量不小于门限阈值t,则视为获得完全授权可解密数据;否则继续申请,直到授权数量大于门限阈值为止。但门限代理重加密方案在实际场景工程部署时,往往采用异地构建集群的形式,集群中各服务器分布广、距离长,为保障运行速度,用户应选择与自己距离最近的n个服务器进行授权申请(一般n=t),减少数据传输过程中的时间损耗。In the threshold proxy re-encryption scheme, the data user needs to select multiple authorization applications from N proxy servers. If the number of authorizations obtained is not less than the threshold threshold t, it is considered to be fully authorized to decrypt the data; otherwise, continue to apply, Until the number of authorizations is greater than the threshold threshold. However, when the threshold proxy re-encryption scheme is deployed in actual scenarios, it often adopts the form of building clusters in different places. The servers in the cluster are widely distributed and the distance is long. To ensure the running speed, users should choose the n servers closest to themselves to apply for authorization (generally n=t), to reduce the time loss during data transmission.

针对门限代理重加密过程中数据使用者如何动态选择与自己距离最近的多个服务器进行授权申请的问题,目前尚未提出有效的解决方案。No effective solution has been proposed so far for the problem of how data users dynamically select multiple servers closest to themselves for authorization application in the threshold proxy re-encryption process.

发明内容Contents of the invention

本申请的主要目的在于提供一种门限代理重加密方法,以解决门限代理重加密过程中数据使用者如何动态选择与自己距离最近的多个服务器进行授权申请的问题。The main purpose of this application is to provide a threshold proxy re-encryption method to solve the problem of how data users dynamically select multiple servers closest to themselves for authorization application during the threshold proxy re-encryption process.

为了实现上述目的,根据本申请的一个方面,提供了一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法。In order to achieve the above object, according to one aspect of the present application, a proxy re-encryption method based on a server dynamically selecting a threshold based on a geographic location addressable network is provided.

根据本申请的门限代理重加密方法包括:收集代理服务器集群各服务器的地理位置,构建集群分布地理位置网络图;当用户需选择与自己距离最近的n个服务器进行授权申请时,则执行代理服务器动态选择操作;将离用户相对最近的n个代理服务器身份信息发给用户,用户执行授权申请操作。According to the threshold proxy re-encryption method of the present application, the method includes: collecting the geographic location of each server in the proxy server cluster, and constructing a cluster distribution geographical location network map; Dynamic selection operation; send the identity information of n proxy servers relatively closest to the user to the user, and the user performs the authorization application operation.

进一步的,构建集群分布地理位置网络图包括:Further, constructing a cluster distribution geographic network map includes:

收集集群中每一个代理服务器的地理位置信息

Figure SMS_1
,其信息包括代理服务器身份信息ID,代理服务器定位经度数据X,代理服务器定位纬度数据Y,代理服务器有效位O,筛选出在线的服务器,构建服务器集群分布地理位置网络图/>
Figure SMS_2
,其信息包括代理服务器总数N。Collect geographic location information for each proxy server in the cluster
Figure SMS_1
, its information includes proxy server identity information ID, proxy server location longitude data X, proxy server location latitude data Y, proxy server effective bit O, filter out online servers, and build a server cluster distribution geographic location network map/>
Figure SMS_2
, whose information includes the total number N of proxy servers.

进一步的,代理服务器动态选择操作包括:Further, the proxy server dynamic selection operation includes:

根据集群分布地理位置网络图中各服务器经纬度信息确定地理分布范围

Figure SMS_3
,其中所有代理服务器定位经度数据X都大于X0,小于X1;所有代理服务器定位经度数据Y都大于y0,小于y1;Determine the geographical distribution range according to the latitude and longitude information of each server in the cluster distribution geographical location network diagram
Figure SMS_3
, wherein all proxy server positioning longitude data X are greater than X 0 and less than X 1 ; all proxy server positioning longitude data Y are greater than y 0 and less than y 1 ;

首先查询初始范围(X,Y)中服务器总数N是否不小于阈值t,若N<t则继续等待新服务器加入集群,否则使用CAN算法对服务器范围进行切分;First query whether the total number of servers N in the initial range (X, Y) is not less than the threshold t, if N<t, continue to wait for new servers to join the cluster, otherwise use the CAN algorithm to segment the server range;

计算

Figure SMS_4
,并将原范围切分成/>
Figure SMS_5
Figure SMS_6
两部分,检测数据拥有者地理位置所属范围,假设属于范围1(X1,Y),则计算范围1内服务器数目N,若N<t,则确认服务器地理范围为初始范围(X,Y),并将初始范围(X,Y)内服务器信息发送给数据使用者。否则,继续执行动态选择过程;calculate
Figure SMS_4
, and split the original range into />
Figure SMS_5
and
Figure SMS_6
Two parts, detecting the scope of the geographical location of the data owner. Assuming it belongs to scope 1 (X 1 , Y), calculate the number of servers N in scope 1. If N<t, confirm that the geographical scope of the server is the initial scope (X, Y) , and send the server information in the initial range (X, Y) to the data user. Otherwise, continue with the dynamic selection process;

计算

Figure SMS_7
,并将范围1/>
Figure SMS_8
切分成
Figure SMS_9
和/>
Figure SMS_10
两部分,检测数据拥有者地理位置所属范围,假设属于范围2(X1,Y2),则计算范围2内服务器数目N,若N<t,则确认服务器地理范围为范围1(X1,Y),并将其范围内服务器信息发送给数据使用者。否则,继续执行动态选择过程;calculate
Figure SMS_7
, and set the range 1/>
Figure SMS_8
cut into
Figure SMS_9
and />
Figure SMS_10
Two parts, detecting the scope of the geographical location of the data owner. Assuming it belongs to scope 2 (X 1 , Y 2 ), calculate the number of servers N in scope 2. If N<t, confirm that the geographic scope of the server is scope 1 (X 1 , Y), and send the server information within its range to the data user. Otherwise, continue with the dynamic selection process;

如此分别以X,Y轴的平行线轮番进行范围切分,直至切分范围满足N<t的条件,则最后一次切分前的范围为最小服务器地理分布范围,该范围内服务器即为所选择的满足条件的服务器。In this way, the range is segmented in turn with the parallel lines of the X and Y axes, until the segmented range satisfies the condition of N<t, then the range before the last segment is the minimum geographical distribution range of servers, and the servers within this range are the selected ones of eligible servers.

进一步的,用户执行授权申请操作包括:Further, the authorization application operation performed by the user includes:

将满足条件的服务器列表发送给数据使用者,数据使用者进行授权申请,收集代理服务器份额碎片cFrag;Send the list of servers that meet the conditions to the data user, the data user applies for authorization, and collects the proxy server share fragment cFrag;

统计cFrag数量n,若n大于等于阈值t,则进行解密操作。否则将未成功授权的服务器身份信息传回,将其有效位设为离线,重构服务器集群分布地理位置网络图,再次执行代理服务器动态选择操作;Count the number n of cFrags, and if n is greater than or equal to the threshold t, the decryption operation will be performed. Otherwise, send back the identity information of the unsuccessfully authorized server, set its valid bit as offline, reconstruct the geographical distribution network map of the server cluster, and perform the dynamic selection operation of the proxy server again;

在本申请实施例中,采用基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,通过收集服务器的地理位置信息构建服务器集群分布地理位置网络图;根据集群地理分布范围,实行基于地理位置可寻址网络算法计算最小范围,选择服务器;将满足条件的服务器列表发送给用户进行授权申请,若授权失败则修改服务器分布网络图,并重执行过程;达到了动态选择门限代理服务器的目的,进而解决了门限代理重加密过程中数据申请者如何动态选择与自己距离最近的多个服务器进行授权申请的问题。In the embodiment of this application, the server dynamic selection threshold proxy re-encryption method based on the geographical location addressable network is adopted, and the geographical location network map of the server cluster distribution is constructed by collecting the geographical location information of the server; The location addressable network algorithm calculates the minimum range and selects the server; sends the list of servers that meet the conditions to the user for authorization application, if the authorization fails, the server distribution network diagram is modified, and the process is repeated; the purpose of dynamically selecting the threshold proxy server is achieved. Then it solves the problem of how the data applicant dynamically selects multiple servers closest to itself for authorization application in the threshold proxy re-encryption process.

附图说明Description of drawings

构成本申请的一部分的附图用来提供对本申请的进一步理解,使得本申请的其它特征、目的和优点变得更明显。本申请的示意性实施例附图及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中。The accompanying drawings, which constitute a part of this application, are included to provide a further understanding of the application and make other features, objects and advantages of the application apparent. The drawings and descriptions of the schematic embodiments of the application are used to explain the application, and do not constitute an improper limitation to the application. In the attached picture.

图1是根据本申请实施例的一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法的流程示意图。Fig. 1 is a schematic flowchart of a proxy re-encryption method based on a server dynamically selecting a threshold based on a geographic location addressable network according to an embodiment of the present application.

图2是根据本申请优选实施例的一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法的工作示意图。Fig. 2 is a working schematic diagram of a proxy re-encryption method based on a server dynamically selecting a threshold based on a geographical location addressable network according to a preferred embodiment of the present application.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiment of the application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiment of the application. Obviously, the described embodiment is only It is an embodiment of a part of the application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the scope of protection of this application.

需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first" and "second" in the description and claims of the present application and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It should be understood that the data so used may be interchanged under appropriate circumstances for the embodiments of the application described herein. Furthermore, the terms "comprising" and "having", as well as any variations thereof, are intended to cover a non-exclusive inclusion, for example, a process, method, system, product or device comprising a sequence of steps or elements is not necessarily limited to the expressly listed instead, may include other steps or elements not explicitly listed or inherent to the process, method, product or apparatus.

需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. The present application will be described in detail below with reference to the accompanying drawings and embodiments.

根据本发明实施例,提供了一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,如图1、2所示,该方法包括如下的步骤S101至步骤S103。According to an embodiment of the present invention, a server dynamic selection threshold proxy re-encryption method based on a geographic addressable network is provided. As shown in FIGS. 1 and 2 , the method includes the following steps S101 to S103.

步骤S101、构建集群分布地理位置网络图。Step S101 , constructing a cluster distribution geographic network map.

收集代理服务器集群各服务器的地理位置,构建集群分布地理位置网络图,为进一步确认服务器最小范围、选择相应服务器提供数据支持。Collect the geographical location of each server in the proxy server cluster, construct a network map of the geographical location of the cluster distribution, and provide data support for further confirming the minimum range of servers and selecting the corresponding server.

根据本发明实施例,优选的,构建集群分布地理位置网络图包括:According to an embodiment of the present invention, preferably, constructing a cluster distribution geographic location network diagram includes:

收集集群中每一个代理服务器的地理位置信息

Figure SMS_11
,其中ID为代理服务器身份信息,X为代理服务器定位经度数据,Y为代理服务器定位纬度数据,O为代理服务器有效位,以表示服务器授权功能执行状态,并通过筛选在线的服务器,构建服务器集群分布地理位置网络图/>
Figure SMS_12
,其信息包括代理服务器总数N;Collect geographic location information for each proxy server in the cluster
Figure SMS_11
, where ID is the identity information of the proxy server, X is the longitude data of the proxy server location, Y is the latitude data of the proxy server location, and O is the effective bit of the proxy server to indicate the execution status of the server authorization function, and build a server cluster by screening online servers Geographical distribution network map/>
Figure SMS_12
, whose information includes the total number of proxy servers N;

采用数学模型表达代理服务器集群的分布范围和所处位置,如此,可以通过将实际问题转化为数学问题,通过对数学问题的解答,可以确定数据使用者所需服务器的最小分布范围;A mathematical model is used to express the distribution range and location of the proxy server cluster. In this way, the minimum distribution range of the servers required by the data user can be determined by converting the actual problem into a mathematical problem and answering the mathematical problem;

通过服务器集群分布地理位置网络图的构建可以实现集群分布位置的数学表示,如此,保证数据使用者所需服务器的最小分布范围选择时,可以作出正确的判断,为后续的代理服务器动态选择提供保障。The mathematical representation of cluster distribution locations can be realized through the construction of server cluster distribution geographic location network diagrams. In this way, correct judgments can be made when selecting the minimum distribution range of servers required by data users, providing guarantee for subsequent dynamic selection of proxy servers .

步骤S102、数据使用者需选择与自己距离最近的多个服务器进行授权申请时,执行代理服务器动态选择操作。Step S102 , when the data user needs to select multiple servers closest to the user to apply for authorization, the dynamic selection operation of the proxy server is performed.

经过以上服务器集群分布地理位置网络图的构建,可以确定服务器集群分布,执行代理服务器动态选择操作。After the construction of the geographical location network diagram of the server cluster distribution above, the distribution of the server cluster can be determined, and the dynamic selection operation of the proxy server can be performed.

根据本发明实施例,优选的,执行代理服务器动态选择操作包括:According to an embodiment of the present invention, preferably, performing a proxy server dynamic selection operation includes:

首先查询初始范围

Figure SMS_13
内中可用的服务器总数N是否不小于阈值t,若N<t则继续等待新服务器加入集群,否则使用CAN算法对服务器范围进行切分,以选取最小范适用范围;First query the initial range
Figure SMS_13
Whether the total number of available servers N is not less than the threshold t, if N<t, continue to wait for new servers to join the cluster, otherwise, use the CAN algorithm to segment the server range to select the minimum applicable range;

计算

Figure SMS_14
,并将原范围切分成/>
Figure SMS_15
Figure SMS_16
两部分,检测数据使用者地理位置所属范围,假设属于范围1(X1,Y),则计算范围1内服务器数目N,若N<t,则确认服务器地理范围为初始范围(X,Y),并将其初始范围(X,Y)内服务器信息发送给数据申请者。否则,继续执行动态选择过程;calculate
Figure SMS_14
, and split the original range into />
Figure SMS_15
and
Figure SMS_16
Two parts, detecting the scope of the geographical location of the data user. Assuming it belongs to scope 1 (X 1 , Y), calculate the number of servers N in scope 1. If N<t, confirm that the geographical scope of the server is the initial scope (X, Y) , and send the server information within its initial range (X, Y) to the data applicant. Otherwise, continue with the dynamic selection process;

计算

Figure SMS_17
,并将范围1/>
Figure SMS_18
切分成
Figure SMS_19
和/>
Figure SMS_20
两部分,检测数据使用者地理位置所属范围,假设属于范围2(X1,Y2),则计算范围2内服务器数目N,若N<t,则确认服务器地理范围为范围1(X1,Y),并将其范围内服务器信息发送给数据申请者。否则,继续执行动态选择过程;calculate
Figure SMS_17
, and put range 1/>
Figure SMS_18
cut into
Figure SMS_19
and />
Figure SMS_20
Two parts, detecting the scope of the geographical location of the data user. Assuming it belongs to scope 2 (X 1 , Y 2 ), calculate the number of servers N in scope 2. If N<t, confirm that the geographic scope of the server is scope 1 (X 1 , Y), and send the server information within its range to the data applicant. Otherwise, continue with the dynamic selection process;

通过反复使用地理可寻址网络算法对范围进行分割,最终筛选出选满足条件的服务器分布范围。The scope is segmented by repeatedly using the geographically addressable network algorithm, and finally the distribution range of servers that meet the conditions is selected.

步骤S103、将离数据使用者相对最近的多个代理服务器身份信息发给数据使用者,数据使用者执行授权申请操作。Step S103 , sending the identity information of multiple proxy servers relatively closest to the data user to the data user, and the data user executes an authorization application operation.

根据本发明实施例,优选的,数据使用者执行授权申请操作包括:According to the embodiment of the present invention, preferably, the data user's execution of the authorization application operation includes:

在筛选出满足条件的服务器分布范围后,将该范围内的服务器信息发送给数据使用者;After filtering out the server distribution range that meets the conditions, send the server information within the range to the data user;

数据使用者向范围内的服务器进行授权申请,收集代理服务器份额碎片cFrag并判断cFrag的数目n是否大于等于阈值t,若n<t,则将未成功授权的服务器身份信息传回,将其有效位设为离线,重构服务器集群分布地理位置网络图,再次执行代理服务器动态选择操作。否则将已有的cFrag组合为cFrags并进行解密操作;The data user applies for authorization to the server within the range, collects the proxy server share fragment cFrag and judges whether the number n of cFrag is greater than or equal to the threshold t, if n<t, then returns the identity information of the unsuccessfully authorized server and makes it valid Set the bit to offline, reconstruct the geographical network map of the server cluster distribution, and perform the dynamic selection operation of the proxy server again. Otherwise, combine the existing cFrags into cFrags and perform decryption;

设置了判断程序,判断数据使用者所得到的授权碎片是否满足门限阈值的规定,若不符合规定则再次进行服务器范围选择过程,并进行二次授权申请,由此有效保证数据申请者可获得最终授权。A judging procedure is set up to judge whether the authorized fragments obtained by the data user meet the requirements of the threshold threshold. If not, the server range selection process will be carried out again, and a second authorization application will be made, thus effectively ensuring that the data applicant can obtain the final authorized.

从以上的描述中,可以看出,本发明实现了如下技术效果:From the above description, it can be seen that the present invention achieves the following technical effects:

在本申请实施例中,采用一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,通过收集代理服务器集群各服务器的地理位置,构建集群分布地理位置网络图;当数据使用者需选择与自己距离最近的多个服务器进行授权申请时,则执行代理服务器动态选择操作;将离数据使用者相对最近的多个代理服务器身份信息发给数据使用者,数据使用者执行授权申请操作;达到了数据拥有者和数据使用者不需要参与代理加密片段的动态刷新调整过程的目的,从而实现了数据使用者可快速,有效的获取数据使用授权的技术效果,进而解决了门限代理重加密过程中数据使用者如何动态选择与自己距离最近的多个服务器进行授权申请的问题。In the embodiment of the present application, a server dynamic selection threshold proxy re-encryption method based on a geographic location addressable network is adopted to construct a cluster distribution geographic location network map by collecting the geographic location of each server in the proxy server cluster; when the data user When it is necessary to select multiple servers closest to itself for authorization application, the proxy server dynamic selection operation is performed; the identity information of multiple proxy servers relatively closest to the data user is sent to the data user, and the data user executes the authorization application operation ;Achieve the purpose that the data owner and the data user do not need to participate in the dynamic refresh adjustment process of the proxy encryption segment, thereby realizing the technical effect that the data user can quickly and effectively obtain the data usage authorization, and then solve the threshold proxy re-encryption In the process, how does the data user dynamically select multiple servers closest to itself to apply for authorization.

需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。It should be noted that the steps shown in the flowcharts of the accompanying drawings may be performed in a computer system, such as a set of computer-executable instructions, and that although a logical order is shown in the flowcharts, in some cases, The steps shown or described may be performed in an order different than here.

以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. For those skilled in the art, there may be various modifications and changes in the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of this application shall be included within the protection scope of this application.

Claims (4)

1.一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,其特征在于,包括:1. A server dynamic selection threshold agent re-encryption method based on geographical location addressable network, it is characterized in that, comprising: 收集代理服务器集群各服务器的地理位置,构建集群分布地理位置网络图;Collect the geographical location of each server in the proxy server cluster, and build a geographical distribution network map of the cluster; 当数据使用者需选择与自己距离最近的多个服务器进行授权申请时,则执行代理服务器动态选择操作;When the data user needs to select multiple servers closest to himself to apply for authorization, the proxy server dynamic selection operation is performed; 将离数据使用者相对最近的多个代理服务器身份信息发给数据使用者,数据使用者执行授权申请操作。Send the identity information of multiple proxy servers relatively closest to the data user to the data user, and the data user executes the authorization application operation. 2.根据权利要求1所述的一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,其特征在于,构建集群分布地理位置网络图包括:2. a kind of server dynamic selection threshold agent re-encryption method based on geographical location addressable network according to claim 1, it is characterized in that, constructing cluster distribution geographical location network diagram comprises: 收集集群中每一个代理服务器的地理位置信息
Figure QLYQS_1
,其信息包括代理服务器身份信息ID,代理服务器定位经度数据X,代理服务器定位纬度数据Y,代理服务器有效位O,筛选出在线的服务器,构建服务器集群分布地理位置网络图/>
Figure QLYQS_2
,其信息包括代理服务器总数N。Collect geographic location information for each proxy server in the cluster
Figure QLYQS_1
, its information includes proxy server identity information ID, proxy server location longitude data X, proxy server location latitude data Y, proxy server effective bit O, filter out online servers, and build a server cluster distribution geographic location network map/>
Figure QLYQS_2
, whose information includes the total number N of proxy servers. 3.根据权利要求1所述的一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,其特征在于,当数据使用者需选择与自己距离最近的多个服务器进行授权申请时,则执行代理服务器动态选择操作包括:3. A kind of server dynamic selection threshold agent re-encryption method based on geographical location addressable network according to claim 1, it is characterized in that, when the data user needs to select a plurality of servers closest to oneself to apply for authorization , the dynamic proxy server selection operation includes: 根据集群分布地理位置网络图中各服务器经纬度信息确定地理分布范围
Figure QLYQS_3
,其中所有代理服务器定位经度数据X都大于X0,小于X1;所有代理服务器定位经度数据Y都大于y0,小于y1Determine the geographical distribution range according to the latitude and longitude information of each server in the cluster distribution geographical location network diagram
Figure QLYQS_3
, wherein all proxy server positioning longitude data X are greater than X 0 and less than X 1 ; all proxy server positioning longitude data Y are greater than y 0 and less than y 1 ; 首先查询初始范围(X,Y)中服务器总数N是否不小于阈值t,若N<t则继续等待新服务器加入集群,否则继续执行动态选择过程;First query whether the total number of servers N in the initial range (X, Y) is not less than the threshold t, if N<t, continue to wait for new servers to join the cluster, otherwise continue to execute the dynamic selection process; 计算
Figure QLYQS_4
,并将原范围切分成/>
Figure QLYQS_5
Figure QLYQS_6
两部分,检测用户地理位置所属范围,假设属于范围1(X1,Y),则计算范围1内服务器数目N,若N<t,则确认服务器地理范围为初始范围(X,Y)
Figure QLYQS_7
,并将其范围内服务器信息发送给数据申请者。否则,继续执行动态选择过程;calculate
Figure QLYQS_4
, and split the original range into />
Figure QLYQS_5
and
Figure QLYQS_6
Two parts, detecting the scope of the user's geographic location. Assuming it belongs to scope 1 (X 1 , Y), calculate the number of servers N in scope 1. If N<t, confirm that the geographic scope of the server is the initial scope (X, Y)
Figure QLYQS_7
, and send the server information within its range to the data applicant. Otherwise, continue with the dynamic selection process; 计算,并将范围1
Figure QLYQS_8
切分成/>
Figure QLYQS_9
Figure QLYQS_10
两部分,检测用户地理位置所属范围,假设属于范围2(X1,Y2),则计算范围2内服务器数目N,若N<t,则确认服务器地理范围为范围1(X1,Y),并将其范围内服务器信息发送给数据申请者。否则,继续执行动态选择过程;computed, and range 1
Figure QLYQS_8
cut into />
Figure QLYQS_9
and
Figure QLYQS_10
Two parts, detecting the scope of the user's geographic location. Assuming it belongs to scope 2 (X 1 , Y 2 ), calculate the number of servers N in scope 2. If N<t, confirm that the geographical scope of the server is scope 1 (X 1 , Y) , and send the server information within its range to the data applicant. Otherwise, continue with the dynamic selection process; 如此使用地理位置可寻址网络算法分别以X,Y轴平行线轮番进行范围切分,直至切分范围满足N<t的条件,则切分前的范围为最小服务器地理分布范围,该范围内服务器即为所选择的满足条件的服务器。In this way, the geographic location addressable network algorithm is used to segment the range with parallel lines of the X and Y axes in turn until the segmented range satisfies the condition of N<t, then the range before segmentation is the minimum geographical distribution range of servers, within this range The server is the selected server that satisfies the conditions. 4.根据权利要求1所述的一种基于地理位置可寻址网络的服务器动态选择门限代理重加密方法,其特征在于,将离数据使用者相对最近的多个代理服务器身份信息发给用户,数据使用者执行授权申请操作包括:4. a kind of server dynamic selection threshold proxy re-encryption method based on geographical location addressable network according to claim 1, it is characterized in that, a plurality of proxy server identity information relatively recent from data user is sent to user, Data users perform authorization application operations including: 将满足条件的服务器列表发送给数据使用者,数据使用者进行授权申请,收集代理服务器份额碎片cFrag;Send the list of servers that meet the conditions to the data user, the data user applies for authorization, and collects the proxy server share fragment cFrag; 统计cFrag数量n,若n大于等于阈值t,则进行解密操作。否则将未成功授权的服务器身份信息传回,将其有效位设为离线,重构服务器集群分布地理位置网络图,再次执行代理服务器动态选择操作。Count the number n of cFrags, and if n is greater than or equal to the threshold t, the decryption operation will be performed. Otherwise, send back the identity information of the unsuccessfully authorized server, set its effective bit as offline, reconstruct the geographical distribution network map of the server cluster, and perform the dynamic selection operation of the proxy server again.
CN202310372881.9A 2023-04-10 2023-04-10 A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold Pending CN116366247A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310372881.9A CN116366247A (en) 2023-04-10 2023-04-10 A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310372881.9A CN116366247A (en) 2023-04-10 2023-04-10 A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold

Publications (1)

Publication Number Publication Date
CN116366247A true CN116366247A (en) 2023-06-30

Family

ID=86907410

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310372881.9A Pending CN116366247A (en) 2023-04-10 2023-04-10 A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold

Country Status (1)

Country Link
CN (1) CN116366247A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118155321A (en) * 2024-04-18 2024-06-07 湖南丰汇银佳科技股份有限公司 Method and system for controlling access rights of cash box

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6513061B1 (en) * 1997-10-07 2003-01-28 Hitachi, Ltd. Proxy server selecting server and proxy server
CN106331144A (en) * 2016-09-08 2017-01-11 四川大学 A Proxy Load Balancing Method Based on Mobile Proxy System
CN115905317A (en) * 2022-11-14 2023-04-04 重庆邮电大学 A privacy-preserving range aggregation query method for spatial data federation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6513061B1 (en) * 1997-10-07 2003-01-28 Hitachi, Ltd. Proxy server selecting server and proxy server
CN106331144A (en) * 2016-09-08 2017-01-11 四川大学 A Proxy Load Balancing Method Based on Mobile Proxy System
CN115905317A (en) * 2022-11-14 2023-04-04 重庆邮电大学 A privacy-preserving range aggregation query method for spatial data federation

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118155321A (en) * 2024-04-18 2024-06-07 湖南丰汇银佳科技股份有限公司 Method and system for controlling access rights of cash box

Similar Documents

Publication Publication Date Title
CN109040045B (en) A cloud storage access control method based on ciphertext policy attribute-based encryption
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
CN103414682B (en) The method for cloud storage of a kind of data and system
US20170214664A1 (en) Secure connections for low power devices
US20130013921A1 (en) Methods and apparatus for secure data sharing
CN108111540B (en) Hierarchical access control system and method supporting data sharing in cloud storage
US10887085B2 (en) System and method for controlling usage of cryptographic keys
CN112910861A (en) Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things
CN112104619A (en) Data access control system and method based on outsourcing ciphertext attribute encryption
JPH1195658A (en) Method and system for safely distributing cryptographic key to multicast network
US11165751B2 (en) System and method for establishing simultaneous encrypted virtual private networks from a single computing device
US20180115535A1 (en) Blind En/decryption for Multiple Clients Using a Single Key Pair
US20180234396A1 (en) System and method for creating private encrypted browser zones based on one or more parameters
Hosen et al. SPTM-EC: A security and privacy-preserving task management in edge computing for IIoT
CN113992702A (en) Storage state encryption reinforcing method and system for ceph distributed file system
JPWO2003094422A1 (en) Cryptographic communication system, key distribution server, terminal device, and key sharing method
CN111953479A (en) Method and device for data processing
CA3128161A1 (en) System and method for secure electronic data transfer
US11165825B2 (en) System and method for creating encrypted virtual private network hotspot
Jamal et al. Reliable access control for mobile cloud computing (MCC) with cache-aware scheduling
CN116366247A (en) A Proxy Re-encryption Method Based on Geographically Addressable Network Based on Server Dynamic Selection Threshold
Al-Zubi et al. Efficient signcryption scheme based on El-Gamal and Schnorr
Kanimozhi et al. Secure sharing of IOT data in cloud environment using attribute-based encryption
CN105338020B (en) A kind of business access method and device
CN114125774A (en) Vehicle key dynamic updating method based on Internet of vehicles

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination