Ciphertext storage and ciphertext retrieval open cloud method and system

Abstract

The present invention discloses a ciphertext storage and ciphertext retrieval open cloud method and system. The system comprises a plurality of safety assemblies and a server; the server creates one encryption and decryption secret key binding with the personal identity for each login user; the server encrypts and stores the encryption and decryption secret key by using a main secret key; after the server passes the user authentication, the main secret key of the user is returned back to the safety assemblies; the safety assemblies employ the user's main secret key to perform decryption to obtain the user's encryption and decryption secret key and then employ the encryption and decryption secret key to perform encryption of the user's file to be stored and then store the file at a third-party cloud platform; and the file element data of the file to be stored and the ciphertext index of the file to be stored are generated and sent to the server; and the safety assemblies are configured to send the retrieval request to the server, and the server performs retrieval in the ciphertext index according to the keywords in the retrieval request, inquires the file element information according to the retrieval result and returns the file element information back to the user's client.

Description

technical field [0001] The present invention relates to the field of information security, in particular to a method and system for encrypted storage of user data and retrieval of ciphertext in a cloud storage environment. Background technique [0002] With the development of Internet and computing technology, people's life has entered the "cloud era". Being in the "cloud", all kinds of information that people want are at their fingertips, and people can use almost unlimited software and hardware resources on demand like tap water. Cloud storage provides storage resources as services to users through the Internet, and is an important form of Infrastructure as a Service (IaaS) in cloud computing. With the help of virtualization and distributed computing and storage technologies, cloud storage can integrate many cheap storage media into a storage resource pool, shielding users from details such as storage hardware configuration, distributed processing, disaster recovery and b...

AI Technical Summary

Problems solved by technology

[0004] 1. Data is easily leaked during network transmission: At present, many cloud service providers use unsafe transmission methods when synchronizing user data. When data is synchronized to the cloud, it is easy to be eavesdropped or hijacked by the network, resulting in privacy data leakage

[0005] 2. The risk of abuse of authority by cloud service providers: Since data exists in third-party cloud service providers in clear text, and administrators of some cloud service providers have higher authority, administrators may Leakage of user data; or cloud service providers spying on and analyzing user data for commercial purposes

[0006] 3. Cloud service providers are attacked: storing data in the cloud brings convenience to data access and storage, but also faces the threat of many hacker attacks on the Internet. If user data is stored in the cloud in plain text, once the cloud service The merchant is attacked, which is very likely to cause a large amount of leakage of user data

[0008] 1. There is no unified specification and standard: When users write encryption components, how to encrypt data, encryption process, key management methods, and project integration methods are all taken into consideration by users. At present, there is a lack of unified specification technologies and standards in the market, making Custom encryption and decryption components can only be applied to one project, which is not conducive to promotion and use

[0009] 2. The user needs to maintain a complex key management system: while customizing the encryption and decryption components, the user must create a new key management system to provide services for the encryption and decryption components. The user needs to develop and maintain this set of keys by himself. key management system, which increases the user's development and maintenance costs

[0010] 3. Unable to meet the ciphertext retrieval requirements: using a custom encryption and decryption component, after the data is encrypted and saved to a third-party cloud service provider, the content of the ciphertext file is invisible to the user, and the user cannot encrypt the content of the ciphertext file Text retrieval

This method does not provide an open service interface; it does not provide a docking function to a third-party cloud provider, and the cost is high; the key management function is weak, and the user's key cannot be updated, and it does not provide client key storage, acquisition, update, and backup and other solutions

Images