DATA SHARING SYSTEM, DATA DISTRIBUTION SYSTEM, AND DATA PROTECTION METHOD
First Claim
1. A data protection method, comprising:
- establishing, by a data owner, a proxy relationship with a data sharer, and generating a proxy relation fAB according to a private key of the data owner skA and a public key of the data sharer pkB;
sending, by the data owner, proxy relationship information and the proxy relation fAB to a data distribution system, wherein the proxy relationship information comprises information about the proxy relationship established between the data owner and the data sharer;
updating, by the data distribution system, a proxy relationship table of the data owner according to the proxy relationship information, and establishing a mapping relationship between the proxy relation fAB and the data sharer, wherein the proxy relationship table is used to record information about a data sharer establishing a proxy relationship with the data owner;
generating, by the data owner, a secret value m of shared data, and encrypting the shared data by using the secret value m;
encrypting, by the data owner and by using a public key of the data owner pkA, the secret value m to obtain an upper-layer key;
sending, by the data owner, the shared data encrypted by the secret value m and the upper-layer key to the data distribution system;
after receiving the encrypted shared data and the upper-layer key, searching, by the data distribution system, the proxy relationship table and confirming the proxy relationship between the data owner and the data sharer, and when the data distribution system confirms that the proxy relationship is established between the data owner and the data sharer, obtaining, by the data distribution system, the proxy relation fAB corresponding to the data sharer;
updating, by the data distribution system, the upper-layer key according to the proxy relation fAB to obtain an updated upper-layer key;
sending, by the data distribution system, the encrypted shared data and the updated upper-layer key to the data sharer;
decrypting, by the data sharer and according to a private key of the data sharer skB, the updated upper-layer key to obtain the secret value m; and
decrypting, by the data sharer, the encrypted shared data according to the secret value m to obtain the shared data.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a data protection method, used by a data owner to share data with a data sharer securely through a data distribution system. The data owner first establishes a proxy relationship with the data sharer, while the data distribution system is configured to maintain a proxy relationship between the data owner and the data sharer, and after receiving encrypted shared data sent by the data owner, the data distribution system changes the encrypted shared data according to the proxy relationship, so that the data sharer may decrypt the data. By using the data protection method in the embodiments of the present invention, both encryption and decryption of data are a result of coordination of three parties, thereby avoiding a problem of data leakage caused by a problem of a single party.
0 Citations
20 Claims
-
1. A data protection method, comprising:
-
establishing, by a data owner, a proxy relationship with a data sharer, and generating a proxy relation fAB according to a private key of the data owner skA and a public key of the data sharer pkB; sending, by the data owner, proxy relationship information and the proxy relation fAB to a data distribution system, wherein the proxy relationship information comprises information about the proxy relationship established between the data owner and the data sharer; updating, by the data distribution system, a proxy relationship table of the data owner according to the proxy relationship information, and establishing a mapping relationship between the proxy relation fAB and the data sharer, wherein the proxy relationship table is used to record information about a data sharer establishing a proxy relationship with the data owner; generating, by the data owner, a secret value m of shared data, and encrypting the shared data by using the secret value m; encrypting, by the data owner and by using a public key of the data owner pkA, the secret value m to obtain an upper-layer key; sending, by the data owner, the shared data encrypted by the secret value m and the upper-layer key to the data distribution system; after receiving the encrypted shared data and the upper-layer key, searching, by the data distribution system, the proxy relationship table and confirming the proxy relationship between the data owner and the data sharer, and when the data distribution system confirms that the proxy relationship is established between the data owner and the data sharer, obtaining, by the data distribution system, the proxy relation fAB corresponding to the data sharer;
updating, by the data distribution system, the upper-layer key according to the proxy relation fAB to obtain an updated upper-layer key;sending, by the data distribution system, the encrypted shared data and the updated upper-layer key to the data sharer; decrypting, by the data sharer and according to a private key of the data sharer skB, the updated upper-layer key to obtain the secret value m; and decrypting, by the data sharer, the encrypted shared data according to the secret value m to obtain the shared data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A data sharing system, comprising:
-
a data owner, a data distribution system, a data sharer, wherein the data owner distributes shared data to the data sharer through the data distribution system; the data owner comprises a proxy relationship establishing module, a key generating module, and a shared data sending module; the data distribution system comprises a receiving module, a proxy relationship maintaining module, an upper-layer key updating module, and a shared data distributing module; the data sharer comprises an obtaining module and a decrypting module, wherein; the proxy relationship establishing module is configured to establish a proxy relationship with the data sharer, generate a proxy relation fAB according to a private key of the data owner skA and a public key of the data sharer pkB, and send proxy relationship information and the proxy relation fAB to the data distribution system, wherein the proxy relationship information comprises information about the proxy relationship established between the data owner and the data sharer; the key generating module is configured to generate a secret value m of the shared data, encrypt the shared data by using the secret value m, and encrypt the secret value m by using a public key of the data owner pkA to obtain an upper-layer key; the shared data sending module is configured to send encrypted shared data and the upper-layer key to the data distribution system; the receiving module is configured to obtain the proxy relationship information, the proxy relation, the encrypted shared data, and the upper-layer key that are from the data owner; the proxy relationship maintaining module is configured to update a proxy relationship table of the data owner according to the proxy relationship information, and establish a mapping relationship between the proxy relation fAB and the data sharer, and when the receiving module receives the encrypted shared data and the upper-layer key, the proxy relationship maintaining module is further configured to search the proxy relationship table and confirm the proxy relationship between the data owner and the data sharer, and obtain the proxy relation fAB corresponding to the data sharer when confirming that the proxy relationship is established between the data owner and the data sharer, wherein the proxy relationship table is used to record information about a data sharer establishing a proxy relationship with the data owner; the upper-layer key updating module is configured to update the upper-layer key according to the proxy relation to obtain an updated upper-layer key; the distributing module is configured to send the shared data and the updated upper-layer key to the data sharer; the obtaining module is configured to receive the shared data and the updated upper-layer key that are from the data distribution system; and the decrypting module is configured to decrypt the updated upper-layer key according to a private key of the data sharer skB to obtain the secret value m. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification