49results about How to "Avoid Collusion Attacks" patented technology

The invention belongs to the technical field characterized by a protocol, and discloses a cancellation-supported outsourcing verifiable multi-authorization center access control method, and a cloud server. The method comprises the following steps: system initialization, including the initialization of a global authentication center and other authorization centers; allocating an attribute set for auser by the authorization centers, and generating a secret key needed by decryption for the user; encrypting a file by a data owner, wherein the encryption process comprises outsourcing encryption, the verification of an outsourcing result and the final encryption of the data owner; issuing a file access request to a cloud service provider by the user, wherein the process includes cloud service provider outsourcing decryption, the verification of the outsourcing result, and the final decryption of the user; and cancelling some users or some attributes in a system. The cancellation-supported outsourcing verifiable multi-authorization center access control method provided by the invention has the advantages of being high in system access efficiency, low in computation overhead, capable of supporting dynamic user authority management and the like, and can be used for guaranteeing the privacy data safety of the user in cloud storage, reducing the computation overhead of the user and dynamically managing the authority of the user in the system.

The invention belongs to the technical field of wireless communication networks, and discloses an agent-based revocable multi-authorization center access control method and a cloud storage system. Themethod comprises the steps that system initialization is conducted, wherein initialization of a global authentication center CA and other authorization centers AA and initialization of a cloud serverare included; the authorization centers AA allocate attribute sets to users and generate keys needed for decryption for the users; a data owner encrypts a file; the users send file access requests toa cloud service provider, wherein the process comprises outsourcing decryption of the cloud service provider and final decryption of the users; and some users or some attributes in the system are revoked. The method has the advantages of being high in system efficiency, supporting dynamic user permission management and the like and can be used for ensuring the privacy data security of the users in the data information system, reducing the computing overhead of the users and dynamically managing the permissions of the users in the system.

The invention belongs to the technical field of information security, and discloses a multi-authorization center access control method and system and a cloud storage system, and the method comprises the steps: system initialization: initializing a global authentication center CA and an attribute authorization center AA; data encryption: outsourcing encryption and user encryption performed by a cloud service provider; key generation: an attribute authorization center AA allocates an attribute private key related to the attribute and a user decryption key to the user; the user sends a file access request to the cloud service provider, and the process comprises outsourcing decryption of the cloud service provider and final decryption of the user; some users in the system are revoked; certainattributes in the system are revoked. The method has the advantages of high system efficiency, reduction of user computing burden, support of multiple authorization centers, dynamic change of user permission and the like, and can be used in a cloud storage system to guarantee the data privacy security of users, reduce the computing overhead of the users and improve the system efficiency.

The invention provides a verifiable matrix multiplication security outsourcing calculation method. The calculation method comprises the following steps: firstly, outsourcing of a user: namely rendering outsourcing of an own consumed time matrix multiplication calculation operation to a cloud server by the user; secondly, calculation of the cloud server: namely, carrying out matrix multiplication calculation by utilizing an own powerful computing resource by the cloud server after receiving a matrix and an operation, and returning a calculation result to the user after the calculation is completed; and thirdly, user restoring and verification: namely receiving the calculation result returned by virtue of cloud by the user, and verifying correctness of the result. In the method provided by the invention, calculation data uploaded to the cloud by the user are subjected to preprocessing calculation, so that privacy of user data is protected; when the cloud returns the result to the user, the user can efficiently verify the correctness of the result, and an error result is prevented from being returned to the user by virtue of the cloud and undetected.

The invention discloses an identity-based traceable ring signature authentication protocol, comprising the steps of I, initializing a system, to be specific, generating a secret key and selecting parameters; II, generating and verifying a signature, to be specific, allowing a user to generate a ring signature, and allowing a receiver to verify validity of the signature; III, generating and verifying tracing evidence, to be specific, allowing the user to generate tracing evidence, and allowing a verifier to verify legality of the evidence. The identity-based traceable ring signature authentication protocol has the advantages that a signer can be effectively traced at the premise of implementing authentication security, and collusion attack can be resisted; since a signature of fixed lengthis generated based on a collision-resistant accumulator and signature of knowledge and the length is not proportional to the number of ring members, communication cost is effectively reduced.

The invention provides a book resource access control method based on ciphertext attribute authentication and a threshold function. The book resource access control method comprises the following steps that an authentication center and terminal members generate respective public/private key pairs; the terminal members interact with the authentication center to perform attribute authentication to obtain permission level values, and each terminal member sends the public key and the permission level value to the authentication center, and sends the public key and the permission level value to thecloud service platform after verification; the terminal member calculates an encryption key and a decryption key, encrypts the shared resource information into a ciphertext and uploads the ciphertextto the cloud service platform; and the terminal member determines a ciphertext resource to be checked according to the ciphertext, the cloud service platform verifies the identity of the ciphertext resource and opens an access link of the ciphertext resource, and the terminal member downloads the ciphertext for decryption. Personal privacy is protected by adopting a ciphertext attribute authentication technology, access permission is controlled by setting a threshold function to guarantee the safety of resource sharing, and collusion attack is prevented by adopting identity and permission dual authentication, so that information resource sharing in the Internet of Things is more flexible, efficient and practical.

The invention discloses a data sharing method, device and system, a client and a storage medium. The system comprises at least two CAs, the client, at least two AAs and a cloud server, wherein the client is used for sending a registration request to any target CA in the at least two CAs, wherein the registration request comprises an attribute set of a user of the client; the target CA is used forgenerating a user public key of the user according to the attribute set and a preset random algorithm; the client is also used for sending the user public key and the attribute set to the at least twoAAs; the at least two AAs are used for generating an attribute private key of the user according to the private key corresponding to each attribute contained in the attribute set, the user public keyand a preset key generation algorithm; and the client is also used for decrypting a shared file which is encrypted by adopting an attribute access structure satisfied by the attribute set of the userand stored in the cloud server according to the attribute private key. The system is used for improving the safety and practicability of data sharing.

The invention provides an Internet of Things data security sharing method based on privacy protection. The method comprises the following steps: initializing protocol parameters in an information sharing network domain; registering a terminal member; enabling the terminal member to acquire own attribute authority parameters, calculating encryption keys according to the Chinese remainder theorem, encrypting shared information resources and storing the encrypted information resources in an off-chain database; calculating intermediate parameters required for storing the information resources, generating index information of the shared ciphertext and packaging the index information in a block, and so on, enabling each terminal member to store related information of the ciphertext in the blockto generate a block chain; and accessing and sharing the ciphertext. Identity and attribute parameter matching dual authentication is adopted to prevent collusion attacks and protect personal privacy,an attribute matching access control strategy is combined with a block chain technology to guarantee the safety of shared resource information, the storage burden is reduced, information resource sharing in the industrial Internet of Things is more flexible, efficient and practical, and the method has important field research significance and commercial application value.

The invention discloses a mobile quantum voting method based on Chinese remainder theorem, which is characterized in that a supervisor, a teller and a plurality of voters exist. A quantum state is prepared by the supervisor, moreover, the quantum state is divided into two, one part of quantum bits are sent to the voters to serve as quantum votes, and the other part of the quantum bits are sent tothe teller to serve as vote-checking certificates; each voter performs voting operation on the same quantum vote, the quantum votes are sent to the teller for counting and verification after all voting operations are complete, and ultimately, voting results of all the voters are obtained. The objective of the invention is to solve the problem that conventional mobile voting cannot resist secondaryvoting attacks of dishonest voters and the problem that excessive quantum resource is consumed by conventional distributive voting, and the security of voting operation is enhanced.

The invention relates to the technical field of quantum communication security, in particular to a high-security quantum multi-party privacy summation method, which comprises the following steps that: a third party TP constructs a transmission sequence S' according to a coefficient matrix and a single quantum state, and sends the S' to a participant Bob1 through a quantum channel; the Bob1 executes unitary transformation and particle reordering operation on the received transmission sequence S' to obtain a new transmission sequence S1', sending the S1' to the next participant Bob2; after the Bob2 receives the transmission sequence S1', executing the same operation as the Bob1 and transmitting the operation to the next participant, and sequentially transmitting the transmission sequence in the participants until the last participant Bobn executes unitary transformation and particle reordering on the received transmission sequence to obtain a new transmission sequence S'n and transmitting the new transmission sequence S'n back to the TP; and the TP executing eavesdropping detection on the S'n, if the quantum channel has an eavesdropper, restarting the method, otherwise, requesting the participant to calculate the sum of all random numbers, and the TP calculating the summation value of the privacy of the participant. The method has higher security while effectively reducing resource consumption and communication consumption.

The invention belongs to the technical field of anti-fake identifying, and provides a fast and effective anti-fake identifying method. The anti-fake identifying method includes the following steps that unique identity is obtained through combined public keys and is printed on negotiable securities in a two-dimension code mode; an intelligent terminal scans two-dimension codes to obtain identity information and then sends the identity information to a background through a communication network; public keys of the identity are obtained through public key calculation, and private keys are combined for decryption calculation; if decryption succeeds, plain code information can be obtained; the plain code information is matched with inquiring database information of the background; if the information is matched, it is shown that verification succeeds, the background records and feeds the records back to the intelligent terminal, and if the negotiable securities are disposable, security information is cancelled; if the information is not matched, or decryption fails, it is shown that verification fails, the background performs recording and notifies an administrative department of tracing. The negotiable securities can be read through an intelligent mobile phone, the identity information is matched and encrypted, and the anti-fake identifying advantage is achieved effectively and fast.

The invention provides a spatial point set data privacy protection matching method based on similarity binning. The method comprises the following steps: grouping point set data range union sets at equal intervals, agreeing data grouping parameters, carrying out space division on original point set data, and obtaining grouping numbers of the point set data based on matching of the point set data and a division space; performing equal-interval binning on the similarity between the point set data and the reference value, calculating the similarity between the attribute value and the reference value, and performing binning on all similarity values by adopting an equal-interval division technology to further obtain binning combinations of all the point set data; and based on matching calculation of the point set data grouping combination number and the sub-box combination number, obtaining an identification number of the point set data according to the grouping number and the sub-box combination number of the point set data, further obtaining a matching point pair of the point set data according to the identification number, and finally exchanging the corresponding point set data according to the matched point pair. The method has the advantages of high privacy protection and precision adjustability.

The invention belongs to the field of network information security, and the invention discloses a method of multiple combined keys based on the CPK authentication system: by grouping user IDs, a key matrix for each group of IDs is generated at the same time, and rules are formulated to make each group of IDs The value range is smaller than the rank of the combined key mapping matrix, so as to avoid the risk of collusion to crack, and at the same time, the group keys of multiple groups of IDs are compounded again to obtain the user's key, so that the available key space reaches a sufficient number; according to the key The principle of segmentation is to combine and store the private key matrix of the group ID, so as to resist external and internal attacks on the private key matrix; to add the version number of the ID, so that the ID certificate and key can be updated without changing the user ID.

The invention discloses a pair-based combined hierarchical non-interactive key negotiation method. The method comprises an overall scheme design and a negotiation algorithm design. The method specifically comprises the following steps: S1, registering: the PKG generates system parameters, and generates and distributes corresponding private keys for the first layer of nodes in the domain; S2, intermediate node key distribution: each intermediate node obtains its exclusive CPK private key table from the PKG distribution; S3, extracting of node keys: each intermediate node generates a CPK key component by using the own CPK private key table, and the CPK key component is combined with the hierarchical identity key to form an own node key; S4, establishing of initialization of a session channel, initiating of a communication party and completing of calculation of a session key; S5, formal communication between two parties: a receiving party calculates the session key and decrypts the communication content. The two parties can directly establish an encryption channel without additional communication for key agreement. Public key sharing is achieved through the CPK tables, and the leaf nodes only need to store the two CPK public key tables and do not need to interact with the other communication party in advance to obtain public key information of the nodes.