Data storage apparatus, data updating system, data processing method, and computer readable medium
US-2018026785-A1 · Jan 25, 2018 · US
Data processing method and apparatus
US10868670B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10868670-B2 |
| Application number | US-201916262674-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 30, 2019 |
| Priority date | Aug 5, 2016 |
| Publication date | Dec 15, 2020 |
| Grant date | Dec 15, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data processing method and apparatus include: generating, by a terminal device, a first public key and a first private key; sending the first public key to a key generation center (KGC), where the first public key is used by the KGC or a server to generate a transform key, and the transform key is used by the server to transform data that is encrypted based on an attribute structure of the terminal device into data that is encrypted based on the first public key; receiving second data sent by the server, where the second data is data that is generated after the server processes first data according to the transform key; and decrypting the second data according to the first private key. In the data processing, main work is completed by the server with no need to use a secure channel to transmit a key.
First claim
Opening claim text (preview).
What is claimed is: 1. A data processing system, comprising: a terminal device, a network entity that includes a key generation center (KGC), and a server, wherein: the terminal device is configured to generate a first public key and a first private key; the terminal device is configured to send the first public key to the KGC; the KGC is configured to: receive the first public key from the terminal device, and generate a second public key according to a system parameter, a master key, internal state information of the KGC, the first public key, and attribute information of the terminal device, wherein the system parameter is public information related to the KGC, and the master key is a private key of the KGC; the KGC is configured to send the second public key to the server; the server is configured to receive the second public key sent by the KGC; the server is configured to obtain first data, wherein the first data is data that is encrypted based on an attribute structure of the terminal device; the server is configured to transform the first data into second data according to the second public key; the server is configured to send the second data to the terminal device; and the terminal device is configured to: receive the second data sent by the server, and decrypt the second data according to the first private key. 2. The system according to claim 1 , wherein: the terminal device is configured to generate the first public key and the first private key according to the system parameter and an identity parameter, wherein the system parameter is the public information related to the KGC, and the identity parameter is identification information of the terminal device. 3. The system according to claim 1 , wherein: the KGC is further configured to generate a transform key according to the second public key and key update information; the KGC is further configured to: in response to the key update information indicating that the terminal device is revoked, generate an error prompt according to the second public key and the key update information, and send the error prompt to the server; or in response to the key update information indicating that the terminal device is not revoked, generate the transform key according to the second public key and the key update information, and send the transform key to the server; and the server is further configured to transform the first data into the second data according to the transform key. 4. The system according to claim 1 , wherein: the server is further configured to receive key update information from the KGC, wherein the key update information is used to indicate whether the terminal device is revoked; and the server is further configured to: in response to the key update information indicating that the terminal device is revoked, generate the error prompt according to the second public key and the key update information; or in response to the key update information indicating that the terminal device is not revoked, generate a transform key according to the second public key and the key update information, and transform the first data into the second data according to the transform key. 5. The system according to claim 1 , wherein the first public key and the first private key are a pair of a public key and a private key that match each other in a public-key cryptographic algorithm. 6. A data processing method, wherein the method comprises: generating, by a terminal device, a first public key and a first private key; sending, by the terminal device, the first public key to a network entity that includes a key generation center (KGC), so that a server or the KGC generates a transform key according to the first public key; receiving, by the terminal device, second data sent by the server, wherein the second data is data that is generated after the server processes first data according to the transform key, and the first data is data that is encrypted based on an attribute structure of the terminal device and that is obtained by the server; and decrypting, by the terminal device, the second data according to the first private key. 7. The method according to claim 6 , wherein the sending, by the terminal device, the first public key comprises: sending, by the terminal device, the first public key and certification information to the KGC, wherein the certification information indicates that the terminal device stores the first private key. 8. The method according to claim 6 , wherein the generating, by the terminal device, the first public key and the first private key comprises: generating, by the terminal device, the first public key and the first private key according to a system parameter, wherein the system parameter is public information related to the KGC. 9. The method according to claim 8 , wherein the decrypting, by the terminal device, the second data according to the first private key comprises: decrypting, by the terminal device, the second data according to the system parameter and the first private key. 10. The method according to claim 6 , wherein the first public key and the first private key are a pair of a public key and a private key that match each other in a public-key cryptographic algorithm. 11. A data processing method, wherein the method comprises: receiving, by a key generation center (KGC) included in a network entity, a first public key from a terminal device; generating, by the KGC, the second public key according to a system parameter, a master key, the first public key, attribute information of the terminal device, and internal state information of the KGC, wherein the system parameter is public information related to the KGC, and the master key is a private key of the KGC; and sending, by the KGC, the second public key or a transform key to a server, wherein the transform key is generated according to the second public key and key update information. 12. The method according to claim 11 , wherein before the generating, by the KGC, the second public key, the method further comprises: receiving, by the KGC, certification information from the terminal device, wherein the certification information is used to indicate that the terminal device stores a first private key. 13. The method according to claim 11 , further comprising: generating, by the KGC, the transform key according to the second public key and key update information, wherein generating, by the KGC, the transform key comprises: generating, by the KGC, the transform key according to the second public key, the key update information, the system parameter, and an identity parameter, wherein the key update information indicates that the terminal device is not revoked. 14. The method according to claim 11 , wherein the first public key and the first private key are a pair of a public key and a private key that match each other in a public-key cryptographic algorithm. 15. A data processing method, wherein the method comprises: receiving, by a server, a second public key from a key generation center (KGC) included in a network entity, wherein the second public key is generated by the KGC according to a first public key, attribute information of a terminal device, a system parameter, a master key, and internal state information of the KGC, wherein the system parameter is public information related to the KGC, the master key is a private key of the KGC, and the first public key is a public key of the terminal device; obtaining, by the server, first data, wherein the first data is data that is encrypted based on the attribute structure of
Assignees
Inventors
Classifications
the keys or algorithms being changed during operation · CPC title
Key distribution {or management, e.g. generation, sharing or updating, of cryptographic keys or passwords (network architectures or network communication protocols for supporting key management in a packet data network H04L63/06)} · CPC title
involving random numbers or seeds · CPC title
involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing · CPC title
- H04L9/083Primary
involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10868670B2 cover?
- A data processing method and apparatus include: generating, by a terminal device, a first public key and a first private key; sending the first public key to a key generation center (KGC), where the first public key is used by the KGC or a server to generate a transform key, and the transform key is used by the server to transform data that is encrypted based on an attribute structure of the te…
- Who is the assignee on this patent?
- Huawei Int Pte Ltd, Singapore Management Univ
- What technology area does this patent fall under?
- Primary CPC classification H04L9/083. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 15 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).