Search

CN-122027308-A - Data security sharing transmission method and system based on identity-based encryption

CN122027308ACN 122027308 ACN122027308 ACN 122027308ACN-122027308-A

Abstract

The invention discloses a data security sharing transmission method and system based on identity-based encryption, which relate to the technical field of data security sharing and comprise the steps of extracting an identity characteristic sequence based on a sender identity and a receiver identity to generate an identity-based encryption parameter; the method comprises the steps of analyzing sensitive characteristics of data to be transmitted, combining identity-based encryption parameters to generate a data encryption strategy, dynamically adjusting the data encryption strategy according to security environment parameters of a transmission path to generate a dynamic encryption strategy, carrying out encryption processing on the data to be transmitted according to the dynamic encryption strategy, transmitting the data, carrying out double verification based on an identity verification result and decryption behavior consistency when decryption is carried out on a receiver, and allowing access to the data after verification is passed. The method solves the problems that in the prior art, the static digital certificate is relied on for identity verification, so that the balance of safety and efficiency is difficult to realize when data are transmitted, and meanwhile, the method cannot adapt to the dynamic change of the transmission environment.

Inventors

  • Duan Rongwei
  • XU BING
  • LAN CHUNJIA

Assignees

  • 上海零数众合信息科技有限公司

Dates

Publication Date
20260512
Application Date
20260228

Claims (10)

  1. 1. The data security sharing transmission method based on identity-based encryption is characterized by comprising the following steps: Based on the sender identity and the receiver identity, extracting an identity characteristic sequence to generate an identity-based encryption parameter; analyzing sensitive characteristics of data to be transmitted, and generating a data encryption strategy by combining the identity-based encryption parameters; Dynamically adjusting the data encryption strategy according to the safety environment parameters of the transmission path to generate a dynamic encryption strategy; and carrying out encryption processing on the data to be transmitted according to the dynamic encryption strategy and transmitting, and carrying out double verification based on an identity verification result and the consistency of decryption behaviors when the receiving party decrypts the data, and allowing access to the data after the verification is passed.
  2. 2. The method for securely sharing and transmitting data based on identity-based encryption of claim 1, wherein the step of extracting the sequence of identity features based on the sender identity and the receiver identity to generate the identity-based encryption parameters comprises: inquiring a sender identity attribute set corresponding to the sender identity and a receiver identity attribute set corresponding to the receiver identity from an identity management platform, wherein the identity attribute set at least comprises an identity type and a historical behavior record; Based on the sender identity attribute set and the receiver identity attribute set, extracting identity consistency characteristics and historical interaction trust characteristics, and constructing an identity characteristic sequence; according to the identity characteristic sequence, obtaining initial encryption parameters comprises the following steps: determining a key generation algorithm identifier according to comparison results of the type matching degree in the identity consistency characteristic, a first matching degree threshold and a second matching degree threshold; Determining a key length according to the interaction success ratio in the historical interaction trust characteristic, wherein the interaction success ratio is positively correlated with the key length; Combining the key generation algorithm identification with the key length, and selecting a corresponding identity signature mechanism according to an algorithm-signature mechanism association rule; integrating the key generation algorithm identification, the key length and the identity signature mechanism to form an initial encryption parameter; And performing parameter tuning on the initial encryption parameters by using the identity characteristic sequence to generate identity-based encryption parameters.
  3. 3. The method for securely sharing and transmitting data based on identity-based encryption according to claim 2, wherein the step of extracting identity consistency features and historical interaction trust features based on the sender identity attribute set and the receiver identity attribute set to construct an identity feature sequence comprises the steps of: Comparing identity types of the two parties, and calculating type matching degree as identity consistency characteristics; extracting historical data interaction records of both parties from the historical behavior records, and counting the proportion of interaction frequency to interaction success in a preset historical period to be used as a historical interaction trust characteristic; and combining and serializing the identity consistency characteristic and the historical interaction trust characteristic according to a predefined coding format to generate an identity characteristic sequence.
  4. 4. The method for securely sharing and transmitting data based on identity-based encryption according to claim 2, wherein the step of performing parameter tuning on the initial encryption parameter by using the identity feature sequence to generate an identity-based encryption parameter comprises the steps of: confirming or correcting the key generation algorithm identification in the initial encryption parameter based on the type matching degree in the identity consistency characteristic; Fine tuning the key length in the initial encryption parameter based on the interaction success ratio and the interaction frequency, wherein the key length floats upwards on the basis of an initial determined value as the interaction success ratio and the interaction frequency are higher; Combining the trimmed key generation algorithm identification and key length, and updating specific parameters of a corresponding identity signature mechanism according to the algorithm-signature mechanism association rule; And integrating the confirmed or corrected key generation algorithm identification, the trimmed key length and the updated identity signature mechanism to generate a final identity-based encryption parameter.
  5. 5. The method for securely sharing and transmitting data based on identity-based encryption according to claim 1, wherein analyzing sensitive characteristics of data to be transmitted, and generating a data encryption policy in combination with the identity-based encryption parameters, comprises: scanning the content of the data to be transmitted, extracting structured fields and unstructured text, counting the occurrence frequency and distribution dispersion of key semantics, and calculating the content semantic density; determining a trust weighting coefficient based on the key length and the identity signature mechanism type in the identity-based encryption parameter, and carrying out weighting processing on the content semantic density to generate a weighted semantic density value; Comparing the weighted semantic density value with boundary values of a plurality of sensitivity intervals to determine the comprehensive sensitivity level of the data to be transmitted; and determining the encryption operation intensity level and whether an additional confusion mechanism is started or not according to the comprehensive sensitivity level and the key length after fine adjustment, and generating a data encryption strategy containing the encryption operation intensity level and the additional confusion mechanism starting identification.
  6. 6. The method for securely sharing and transmitting data based on identity-based encryption of claim 5, wherein the dividing of the plurality of sensitivity intervals comprises: Calculating a trust adjustment coefficient based on the interaction success ratio and the interaction frequency, wherein the trust adjustment coefficient is larger as the interaction success ratio and the interaction frequency are higher; multiplying the initial sensitivity boundary value by the trust adjustment coefficient based on the initial sensitivity boundary value to obtain a dynamically adjusted boundary value; And dividing the value range of the weighted semantic density value into a plurality of sensitivity intervals based on the dynamically adjusted boundary value.
  7. 7. The method for securely sharing and transmitting data based on identity-based encryption according to claim 1, wherein dynamically adjusting the data encryption policy according to the security environment parameter of the transmission path, generating a dynamic encryption policy, comprises: extracting a safety environment parameter of a transmission path based on the transmission path monitoring data, wherein the safety environment parameter at least comprises a historical attack frequency and a real-time threat index; calculating the weighted sum of the historical attack frequency and the real-time threat index to generate a transmission path risk coefficient; performing enhancement correction on the encryption operation intensity level in the data encryption strategy by using the transmission path risk coefficient, wherein the higher the transmission path risk coefficient is, the higher the encryption operation intensity level after enhancement correction is; When the risk coefficient of the transmission path is higher than a preset risk threshold, forcibly setting an additional confusion mechanism starting identifier in the data encryption strategy into a starting state; And integrating the enhanced and corrected encryption operation intensity level with the compulsory set additional confusion mechanism enabling identification to generate a dynamic encryption strategy.
  8. 8. The method for securely sharing and transmitting data based on identity-based encryption of claim 7, wherein the step of calculating the real-time threat indicator comprises: acquiring the number of connection abnormal events and the retransmission rate of data packets recorded in transmission path monitoring data in a preset history period; calculating the weighted sum of the quantity of the connection abnormal events and the retransmission rate of the data packet to obtain an original threat value; Acquiring a historical baseline value of the historical attack frequency in the same statistical period; Calculating the ratio of the original threat value to the historical baseline value to obtain a normalized threat coefficient; Multiplying the normalized threat coefficient by a unit threat dimension to generate the real-time threat index.
  9. 9. The method for securely sharing and transmitting data based on identity-based encryption according to claim 1, wherein the dual verification based on the identity verification result and the decryption behavior consistency result comprises: when the receiver initiates a decryption request, verifying the identity of the receiver according to an identity signature mechanism, and generating an identity verification result; When the identity verification result is passed, collecting a real-time operation sequence of a receiver in a decryption process, calculating Euclidean distance between the real-time operation sequence and a behavior base line, and generating an original behavior deviation degree; Calculating a behavior verification adjustment coefficient based on the real-time threat index and the historical attack frequency, wherein the higher the real-time threat index and the historical attack frequency, the larger the behavior verification adjustment coefficient is; multiplying the original behavior deviation degree by the behavior verification adjustment coefficient to obtain a weighted behavior deviation degree; Comparing the weighted behavior deviation degree with a preset deviation threshold, and generating a decryption behavior passing mark as a decryption behavior characteristic output when the weighted behavior deviation degree is smaller than or equal to the preset deviation threshold; and when the authentication result is passing and the decryption behavior passing mark is true, judging that the double authentication passes, and allowing the decryption operation to be completed.
  10. 10. A data secure shared transmission system based on identity-based encryption, characterized in that it is used for implementing the data secure shared transmission method based on identity-based encryption according to any one of claims 1 to 9, said system comprising: The encryption parameter generation module is used for extracting an identity characteristic sequence based on the identity identification of the sender and the identity identification of the receiver to generate an identity-based encryption parameter; The sensitive characteristic analysis module is used for analyzing sensitive characteristics of data to be transmitted and generating a data encryption strategy by combining the identity-based encryption parameters; The encryption strategy adjustment module is used for dynamically adjusting the data encryption strategy according to the safety environment parameters of the transmission path to generate a dynamic encryption strategy; And the encryption verification module is used for carrying out encryption processing on the data to be transmitted according to the dynamic encryption strategy and transmitting the data, and carrying out double verification based on an identity verification result and the consistency of decryption behaviors when the receiving party decrypts the data, and allowing access to the data after the verification is passed.

Description

Data security sharing transmission method and system based on identity-based encryption Technical Field The invention relates to the technical field of data security sharing, in particular to a data security sharing transmission method and system based on identity-based encryption. Background With the deep advancement of digital transformation, secure mail and sensitive file outgoing have become security requirements for enterprise operations and collaborators with different trust levels to send sensitive data. Conventional methods typically employ pre-shared keys or fixed certificates to encrypt data, relying on static digital certificates for authentication. When dealing with external cooperators with different trust levels, dynamically changing network transmission environments and transmission data with different sensitivities, the balance of security and efficiency is difficult to realize, and the dynamic change of the transmission environments cannot be adapted. Disclosure of Invention The application provides a data security sharing transmission method and system based on identity-based encryption, aiming at solving the problems that in the prior art, the balance of security and efficiency is difficult to realize when data is transmitted due to the fact that static digital certificates are relied on for identity verification, and meanwhile, the dynamic change of a transmission environment cannot be adapted. In view of the above problems, the present application provides a method and a system for secure sharing transmission of data based on identity-based encryption. In a first aspect, the present application provides a method for securely sharing and transmitting data based on identity-based encryption, the method comprising: Based on the sender identity and the receiver identity, extracting an identity characteristic sequence to generate an identity-based encryption parameter; analyzing sensitive characteristics of data to be transmitted, and generating a data encryption strategy by combining the identity-based encryption parameters; Dynamically adjusting the data encryption strategy according to the safety environment parameters of the transmission path to generate a dynamic encryption strategy; and carrying out encryption processing on the data to be transmitted according to the dynamic encryption strategy and transmitting, and carrying out double verification based on an identity verification result and the consistency of decryption behaviors when the receiving party decrypts the data, and allowing access to the data after the verification is passed. In a second aspect, the present invention provides a data secure shared transmission system based on identity-based encryption, comprising: The encryption parameter generation module is used for extracting an identity characteristic sequence based on the identity identification of the sender and the identity identification of the receiver to generate an identity-based encryption parameter; The sensitive characteristic analysis module is used for analyzing sensitive characteristics of data to be transmitted and generating a data encryption strategy by combining the identity-based encryption parameters; The encryption strategy adjustment module is used for dynamically adjusting the data encryption strategy according to the safety environment parameters of the transmission path to generate a dynamic encryption strategy; And the encryption verification module is used for carrying out encryption processing on the data to be transmitted according to the dynamic encryption strategy and transmitting the data, and carrying out double verification based on an identity verification result and the consistency of decryption behaviors when the receiving party decrypts the data, and allowing access to the data after the verification is passed. One or more technical schemes provided by the application have at least the following technical effects or advantages: The application firstly extracts the identity characteristic sequence and generates the identity-based encryption parameter, and converts the identity attribute into the quantifiable identity characteristic sequence, thereby realizing personalized adaptation of the encryption intensity. And the content is scanned by scanning the data to be transmitted, the structured field and the unstructured text are extracted, so that the system has the capability of acquiring the data confidentiality requirement, the content semantic density is quantized in two dimensions from the occurrence frequency and the distribution dispersion of key semantics, the trust weighting coefficient is determined based on the key length in the identity-based encryption parameter and the mapping of the signature mechanism type, and the semantic density is subjected to weighting correction, so that the dynamic matching of the protection intensity and the cooperative trust is realized. And thirdly, acquiring historical attack frequency and re