CN-122027135-A - Data processing method, device, equipment, medium and product

Abstract

The invention discloses a data processing method, a device, equipment, a medium and a product. The method comprises the steps that a key generation center generates an attribute key for each user according to a master key, an attribute set and a code word set, wherein the code word set comprises code words generated for each user, and when a private key disclosure event is detected, the key generation center determines a private key disclosure user based on the code words in the disclosure private key. By the technical scheme, the unique collusion-resistant fingerprint code can be embedded in the user key, so that a specific compromised user can be quickly and accurately positioned by a white box tracking method under the condition that the key is directly leaked, and confidentiality and security of sensitive data sharing are improved.

Inventors

• Zheng Kaifa
• HOU RAN
• MA LIFENG
• XU ZHEN
• ZHENG ZHILI
• HE QIANG

Assignees

• 杭州芯光半导体有限公司

Dates

Publication Date

20260512

Application Date

20260213

Claims (10)

1. 1. A method of data processing, comprising: The key generation center generates an attribute key for each user according to the master key, the attribute set and the codeword set, wherein the codeword set comprises codewords generated for each user; when a private key disclosure event is detected, the key generation center determines a private key disclosure user based on a codeword in the disclosure private key.
2. 2. The method of claim 1, wherein the key generation center determining a private key compromised user based on a codeword in a compromised private key, comprising: The key generation center accesses a key file based on the compromised private key; if the key file is successfully accessed, determining the value of each code word based on a preset equation, determining a target code word set based on the value of each code word, and determining a private key leakage user based on the target code word set.
3. 3. The method of claim 2, wherein determining the value of each of the codewords based on a preset equation comprises: if the first equation is true, determining the value of the codeword as a first numerical value; If the first equation is not established and the second equation is established, determining the value of the codeword as a second numerical value.
4. 4. The method of claim 1, wherein the key generation center generates an attribute key for each user based on the master key, the set of attributes, and the set of codewords, comprising: The key generation center acquires the security parameters and generates a master key and public parameters based on the security parameters; The key generation center generates a codeword set according to the public parameter, the number of users and the codeword length; And the key generation center generates an attribute key for each user according to the master key, the attribute set and the codeword set, distributes a unique user identifier for each user and binds the unique user identifier to the codeword corresponding to the user.
5. 5. The method of claim 1, further comprising, after the key generation center generates the attribute key for each user based on the master key, the attribute set, and the codeword set: the key generation center issues the attribute key to a data owner; and the data owner encrypts the plaintext file based on an attribute-based encryption algorithm according to the attribute key and the access strategy to obtain a ciphertext file, and uploads the ciphertext file to a cloud service provider.
6. 6. The method of claim 1, further comprising, after the key generation center determines a private key compromised user based on the codeword in the compromised private key: the key generation center changes the current attribute of the private key leakage user into a target attribute, and updates an attribute key according to the target attribute; The key generation center generates a conversion key according to the conversion root key and updates a ciphertext file stored in the cloud service provider according to the conversion key.
7. 7. A data processing apparatus, comprising: The generation module is used for generating an attribute key for each user according to the master key, the attribute set and the code word set by the key generation center, wherein the code word set comprises code words generated for each user; and the determining module is used for determining the private key divulging user based on the code words in the divulged private key by the key generating center when the private key divulging event is detected.
8. 8. An electronic device, the electronic device comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data processing method of any one of claims 1-6.
9. 9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores computer instructions for causing a processor to implement the data processing method of any one of claims 1-6 when executed.
10. 10. A computer program product comprising a computer program which, when executed by a processor, implements the data processing method according to any of claims 1-6.

Description

Data processing method, device, equipment, medium and product Technical Field The embodiment of the invention relates to the technical field of data encryption and decryption, in particular to a data processing method, a device, equipment, a medium and a product. Background With the rapid development of cloud computing, big data and Internet of things technology, the demands of various social fields on storage, sharing and analysis of sensitive data are continuously increasing. Key information such as personal privacy information, medical health records, business transaction data and the like often need to be transmitted and utilized in cross-organization, cross-department and even cross-region environments. However, data sharing in open environments entails potential security risks, and sensitive data is extremely vulnerable to theft, abuse or tampering if an effective access control and responsibility-following mechanism is lacking, resulting in privacy leakage, economic loss and even social security issues. Therefore, how to balance open sharing and security protection is a common problem in the current academia and industry. In the prior art, ABE (Attribute-Based Encryption) is widely used for sensitive data protection. According to the technology, the user attribute is bound with the access policy, so that fine-grained access control is realized, and a data owner can flexibly define a sharing range, so that the confidentiality of data and the controllability of sharing are effectively ensured. However, the conventional ABE scheme still has a number of disadvantages. Firstly, once a user private key is maliciously revealed or used for constructing illegal decryption equipment, a system often lacks an effective identification means, the identity of a compromised user is difficult to determine, and huge hidden danger is brought to data security. Secondly, the support for the revocation of the user permission is weak, when the role of the user changes or the permission needs to be dynamically adjusted, the existing mechanism generally needs to regenerate the key or re-encrypt the data, the efficiency is low, and the requirement of frequent fluctuation in practical application is difficult to meet. In addition, under the scene of collusion attack of a plurality of users, the traditional scheme often cannot accurately identify specific malicious users, so that a data owner cannot track responsibility, and the safety and the creditability of the system are weakened. Disclosure of Invention The embodiment of the invention provides a data processing method, a device, equipment, a medium and a product, which are used for realizing quick and accurate positioning to a user with a secret-revealing private key and improving confidentiality and security of sensitive data sharing. According to an aspect of the present invention, there is provided a data processing method including: The key generation center generates an attribute key for each user according to the master key, the attribute set and the codeword set, wherein the codeword set comprises codewords generated for each user; when a private key disclosure event is detected, the key generation center determines a private key disclosure user based on a codeword in the disclosure private key. According to another aspect of the present invention, there is provided a data processing apparatus comprising: The generation module is used for generating an attribute key for each user according to the master key, the attribute set and the code word set by the key generation center, wherein the code word set comprises code words generated for each user; and the determining module is used for determining the private key divulging user based on the code words in the divulged private key by the key generating center when the private key divulging event is detected. According to another aspect of the present invention, there is provided an electronic apparatus including: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data processing method according to any one of the embodiments of the present invention. According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute a data processing method according to any one of the embodiments of the present invention. According to another aspect of the invention, embodiments of the invention also provide a computer program product comprising a computer program which, when executed by a processor, implements a data processing method according to any of the embodiments of the invention. The embodiment of the invention generates the attribute key for each user through the key generation center according to the main key, the attribute set and the code wor