CN108549796B - The method of protecting the user's right to be forgotten through digital watermarking technology - Google Patents
The method of protecting the user's right to be forgotten through digital watermarking technologyDownload PDFInfo
- Publication number
- CN108549796B CN108549796BCN201810379280.XACN201810379280ACN108549796BCN 108549796 BCN108549796 BCN 108549796BCN 201810379280 ACN201810379280 ACN 201810379280ACN 108549796 BCN108549796 BCN 108549796B
- Authority
- CN
- China
- Prior art keywords
- data
- watermark
- cloud
- identity
- owner
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Editing Of Facsimile Originals (AREA)
- Storage Device Security (AREA)
- Image Processing (AREA)
Abstract
Translated fromChinese
Description
Translated fromChinese技术领域technical field
本发明涉及数字水印和密码学技术领域,尤其涉及一种通过数字水印技术保护用户被遗忘权的方法。The invention relates to the technical field of digital watermarking and cryptography, in particular to a method for protecting a user's right to be forgotten through digital watermarking technology.
背景技术Background technique
随着数据量的迅速增长,人们对存储空间的需求量也随之急剧增长。云存储技术在这情况下应运而生,提出存储即服务的概念。云存储为用户提供了即廉价又充足的存储空间。人们将本地数据存储在云端,相应地就失去了对其的数据的控制权。某天一位用户不需要存储在云端的重要数据,便要求云服务器彻底删除他的这些数据。云回应用户它已经删除了数据,但是用户无法确信云真的彻底删除他的数据。而且现在流行的云存储结构对数据进行了备份,以防止灾难意外的发生。最终,被备份的数据被分布到不同线上或线下的存储服务器中。所以即使云删除了当前存储空间的数据,也可能没有删除相应数据的所有的备份。With the rapid growth of data volume, people's demand for storage space has also increased rapidly. Cloud storage technology came into being in this situation, and proposed the concept of storage as a service. Cloud storage provides users with cheap and sufficient storage space. People store local data in the cloud, and correspondingly lose control over their data. One day, a user does not need important data stored in the cloud, and asks the cloud server to completely delete his data. The cloud responds to the user that it has deleted the data, but the user cannot be sure that the cloud really deletes his data completely. And now the popular cloud storage structure backs up data to prevent accidental disasters. Ultimately, the backed up data is distributed to different online or offline storage servers. So even if the cloud deletes the data in the current storage space, it may not delete all the backups of the corresponding data.
为了保证用户在请求云删除数据后,云端真的彻底删除了该数据,一些学者提出上传密文数据,用户自己保存加密的密钥,当用户想要删除自己的数据时,用户便删除了加密的密钥,使存储在云端的数据成为杂乱的密文,他人即使获得了该密文也无法读懂文中的内容。但是目前更多的服务商需要收集大众的数据,进行数据分析和挖掘,对密文数据不进行接收。In order to ensure that after the user requests the cloud to delete the data, the cloud really deletes the data completely. Some scholars propose to upload the ciphertext data, and the user saves the encrypted key. When the user wants to delete his own data, the user deletes the encryption. The data stored in the cloud becomes a messy ciphertext, and others cannot read the content even if they obtain the ciphertext. However, at present, more service providers need to collect public data, conduct data analysis and mining, and do not receive ciphertext data.
外包明文数据,使得用户可以快捷的使用云计算服务,例如以图搜图,图像编辑等服务。然而当用户上传明文数据时,该用户需要云将会按照自己的请求彻底删除了自己不需要的数据,从而维护了自己的被遗忘权。但目前还没有针对外包明文形式的数据,保护用户被遗忘权的方案。Outsourcing plaintext data enables users to quickly use cloud computing services, such as image search, image editing and other services. However, when a user uploads plaintext data, the user needs the cloud to completely delete the data he does not need according to his own request, thus maintaining his right to be forgotten. However, there is currently no plan to protect the user's right to be forgotten for outsourcing data in plaintext.
发明内容SUMMARY OF THE INVENTION
本发明的目的是提供一种通过数字水印技术保护用户被遗忘权的方法。The purpose of the present invention is to provide a method for protecting the user's right to be forgotten through digital watermarking technology.
本发明的目的是通过以下技术方案实现的:The purpose of this invention is to realize through the following technical solutions:
一种通过数字水印技术保护用户被遗忘权的方法,包括:A method of protecting users' right to be forgotten through digital watermarking technology, including:
数据上传阶段:通过数据所有者的所有权水印OW以及水印认证中心产生的唯一的用来标记云端身份的水印WC对数据X进行处理后,发送给云端进行存储;Data upload stage: After processing the data X through the ownership watermark OW of the data owner and the unique watermark WC generated by the watermark certification center to mark the identity of the cloud, it is sent to the cloud for storage;
数据取回阶段:通过水印认证中心产生的唯一的用来标记数据所有者身份的水印WO对存储在云端中待取回的数据进行处理后,发送给数据所有者;Data retrieval stage: The data stored in the cloud to be retrieved is processed and sent to the data owner through the unique watermarkWO generated by the watermark certification center to mark the identity of the data owner;
数据删除阶段:在数据上传时、数据上传完成后、数据取回时或者数据取回完成后,由水印认证中心根据数据所有者的发送的数据删除命令,向云端发送相应的数据删除命令,使云端删除相应的数据;Data deletion stage: when data is uploaded, after data upload is completed, when data is retrieved, or after data retrieval is completed, the watermark certification center sends the corresponding data deletion command to the cloud according to the data deletion command sent by the data owner, so that the The cloud deletes the corresponding data;
仲裁阶段:数据所有者完成数据上传后,如果发现数据X的一个疑似副本Y,则根据从疑似副本Y中提取的所有权水印O'W与数据所有者的所有权水印OW之间匹配度,来判定疑似副本Y是否属于数据X;若是,则由水印认证中心提取疑似副本Y中用来标记云端身份的水印W'C以及用来标记数据所有者身份的水印W'O,并结合数据上传阶段和/或数据取回阶段产生的水印WC和/或WO来判定疑似副本Y是否由云端泄漏,从而保护用户的被遗忘权。Arbitration stage: After the data owner completes the data upload, if a suspected copy Y of the data X is found, according to the matching degree between the ownership watermarkO'W extracted from the suspected copy Y and the ownership watermark OW of the data owner, Determine whether the suspected copy Y belongs to the data X; if so, the watermark certification center will extract the watermark W'C used to mark the identity of the cloud and the watermarkW'O used to mark the identity of the data owner in the suspected copyY , and combine the data upload stage. And/or the watermarksWC and/orWO generated in the data retrieval stage to determine whether the suspected copy Y is leaked by the cloud, so as to protect the user's right to be forgotten.
由上述本发明提供的技术方案可以看出,支持用户外包明文数据,同时保证云端在收到用户的请求时,删除用户数据,否则云端的不诚实行为将被追溯到,进而维护了用户的被遗忘权。It can be seen from the above technical solution provided by the present invention that it supports the user to outsource plaintext data, and at the same time ensures that the cloud deletes the user data when receiving the user's request, otherwise the dishonest behavior of the cloud will be traced back, thereby maintaining the user's protection. Right to forget.
附图说明Description of drawings
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为本发明实施例提供的一种通过数字水印技术保护用户被遗忘权的方法的流程图;1 is a flowchart of a method for protecting a user's right to be forgotten through digital watermarking technology provided by an embodiment of the present invention;
图2为本发明实施例提供的数据上传阶段的流程图;2 is a flowchart of a data upload stage provided by an embodiment of the present invention;
图3为本发明实施例提供的数据取回阶段的流程图;3 is a flowchart of a data retrieval stage provided by an embodiment of the present invention;
图4为本发明实施例提供的不同m下的系统容量示意图;4 is a schematic diagram of system capacity under different m provided by an embodiment of the present invention;
图5为本发明实施例提供的不同W下的系统容量示意图。FIG. 5 is a schematic diagram of system capacity under different conditions provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present invention.
本发明实施例提供一种通过数字水印技术保护用户被遗忘权的方法,如图1所示,其主要包括:An embodiment of the present invention provides a method for protecting a user's right to be forgotten through digital watermarking technology, as shown in FIG. 1 , which mainly includes:
数据上传阶段:通过数据所有者的所有权水印OW以及水印认证中心产生的唯一的用来标记云端身份的水印WC对数据X进行处理后,发送给云端进行存储;Data upload stage: After processing the data X through the ownership watermark OW of the data owner and the unique watermark WC generated by the watermark certification center to mark the identity of the cloud, it is sent to the cloud for storage;
数据取回阶段:通过水印认证中心产生的唯一的用来标记数据所有者身份的水印WO对存储在云端中待取回的数据进行处理后,发送给数据所有者;Data retrieval stage: The data stored in the cloud to be retrieved is processed and sent to the data owner through the unique watermarkWO generated by the watermark certification center to mark the identity of the data owner;
数据删除阶段:在数据上传时、数据上传完成后、数据取回时或者数据取回完成后,由水印认证中心根据数据所有者的发送的数据删除命令,向云端发送相应的数据删除命令,使云端删除相应的数据;Data deletion stage: when data is uploaded, after data upload is completed, when data is retrieved, or after data retrieval is completed, the watermark certification center sends the corresponding data deletion command to the cloud according to the data deletion command sent by the data owner, so that the The cloud deletes the corresponding data;
仲裁阶段:如果数据所有者发现数据X的一个疑似副本Y,则根据从疑似副本Y中提取的所有权水印O'W与数据所有者的所有权水印OW之间匹配度,来判定疑似副本Y是否属于数据X;若是,则由水印认证中心提取疑似副本Y中用来标记云端身份的水印W'C以及用来标记数据所有者身份的水印W'O,并结合数据上传阶段和/或数据取回阶段产生的水印WC和/或WO来判定疑似副本Y是否由云端泄漏,从而保护用户的被遗忘权。Arbitration stage: If the data owner finds a suspected copy Y of data X, it is determined whether the suspected copy Y is based on the matching degree between the ownership watermarkO'W extracted from the suspected copy Y and the ownership watermark OW of the data owner. It belongs to data X; if it is, the watermark certification center extracts the watermark W'C used to mark the identity of the cloud and the watermarkW'O used to mark the identity of the data owner in the suspected copyY , and combined with the data upload stage and/or data acquisition stage. The watermarksWC and/orWO generated in the return stage are used to determine whether the suspected copy Y is leaked by the cloud, so as to protect the user's right to be forgotten.
本发明实施例中,基于公共密钥基础设施,提出的云端与用户之间的水印协议,其中包含三个不同的角色:数据所有者、云端和诚实的水印认证中心,分别简记为O、C和WCA。本发明实施例所涉及的数据可以有多种形式,比如,图像、音频和文档等。In the embodiment of the present invention, based on the public key infrastructure, the proposed watermark protocol between the cloud and the user includes three different roles: the data owner, the cloud and the honest watermark certification center, which are abbreviated as O, C and WCA. The data involved in the embodiments of the present invention may have various forms, such as images, audios, and documents.
数据所有者在本地存储了大量的数据,这些数据占据了本地大量的存储空间。由于数据所有者是云存储服务的用户,可以享受云存储服务,因此数据所有者可以将本地的数据上传到云端服务器存储,以减少本地的存储量。数据所有者拥有已被认证的公私钥对,记为(pkO,skO),数据所有者的身份号记为IDO。The data owner stores a large amount of data locally, which occupies a large amount of local storage space. Since the data owner is a user of the cloud storage service and can enjoy the cloud storage service, the data owner can upload the local data to the cloud server for storage to reduce the amount of local storage. The data owner has an authenticated public-private key pair, denoted as (pkO , skO ), and the identity number of the data owner is denoted as IDO .
云服务商提供并管理许多云存储服务器,为用户提供大量的存储空间。云端拥有的公私钥对,记为(pkC,skC),云端C的身份号记为IDC。Cloud service providers provide and manage many cloud storage servers, providing users with a large amount of storage space. The public-private key pair owned by the cloud is denoted as (pkC , skC ), and the identity number of cloud C is denoted as IDC .
水印认证中心是一个诚实的第三方,负责产生水印、嵌入水印并通过检测提取水印验证是否有水印的存在,水印认证中心被分配的公私钥对,记为(pkWCA,skWCA)。The watermark certification center is an honest third party responsible for generating thewatermark , embedding the watermark and verifying whether there is a watermark by detecting and extracting thewatermark .
下面针对各个阶段做详细的介绍。Each stage is described in detail below.
一、数据上传阶段。1. Data upload stage.
如图2所示,为数据上传阶段的流程图,主要过程如下:As shown in Figure 2, it is a flowchart of the data upload stage, the main process is as follows:
1、数据所有者O在上传数据X之前,发送自身的身份号IDO和一个奇数编号n给云端C,表示数据所有者O要向云端C上传数据X。1. Before uploading data X, data owner O sends its own identity number IDO and an odd number n to cloud C, indicating that data owner O wants to upload data X to cloud C.
本发明实施例中,奇数编号n代表用户要上传数据,当然也可以直接发送上传命令。In the embodiment of the present invention, the odd number n represents that the user wants to upload data, of course, an upload command can also be sent directly.
2、云端C在接收到数据所有者O的身份号IDO和奇数编号n后,发送云端C的身份号IDC与奇数编号n给数据所有者O,表示云端已经准备好接收数据X。2. After receiving the identity number IDO and the odd number n of the data owner O, the cloud C sends the identity number IDC and the odd number n of the cloud C to the data owner O, indicating that the cloud is ready to receive the data X.
3、数据所有者O接收到云端C返回的数据后,在数据X中嵌入一个所有权水印OW,获得数据
4、水印认证中心WCA接收到上述数据后,对签名
本领域技术人员可以理解,在加密域E中同态可以实现
同时,水印认证中心WCA在自身的表格中记录数据上传阶段所涉及的信息,如表1所示,主要包括:数据所有者O的身份号IDO、奇数编号n、云端C的身份号IDC、唯一的用来标记云端身份的水印WC、以及水印认证中心WCA与云端C之间的签名
表1数据上传阶段所涉及的信息Table 1 Information involved in the data upload stage
5、云端接收到水印认证中心WCA发送的信息后,验证签名
本领域技术人员可以理解,云端所存储的水印数据
二、数据取回阶段。Second, the data retrieval stage.
如图3所示,为数据上传阶段的流程图,主要过程如下:As shown in Figure 3, it is a flow chart of the data upload stage. The main process is as follows:
1、数据所有者O在取回数据X之前,发送自身的身份号IDO和一个偶数编号n’=n+1给云端C,表示数据所有者O向云端C取回数据X。1. Before retrieving data X, data owner O sends its own identity number IDO and an even number n'=n+1 to cloud C, indicating that data owner O retrieves data X from cloud C.
本发明实施例中,偶数编号n’代表用户要取回数据,当然也可以直接发送取回命令。In this embodiment of the present invention, the even number n' represents that the user wants to retrieve data, of course, a retrieval command can also be directly sent.
2、云端C在接收到数据所有者O的身份号IDO和偶数编号n’后,发送云端C的身份号IDC与偶数编号n’给数据所有者O,表示云端已经准备好下传数据X。2. After receiving the identity number IDO and the even number n' of the data owner O, the cloud C sends the identity number IDC and the even number n' of the cloud C to the data owner O, indicating that the cloud is ready to download the data X.
3、云端C利用数据所有者O的公钥pkO对相应的水印数据
4、水印认证中心WCA接收到上述数据后,对签名
同时,水印认证中心WCA在自身的表格中记录数据取回阶段所涉及的信息,如表2所示,主要包括:数据所有者O的身份号IDO、偶数编号n’、云端C的身份号IDC、唯一的用来标记云端身份的水印WC、唯一的用来标记数据所有者身份的水印WO、水印认证中心WCA与云端C之间的签名
表2数据取回阶段所涉及的信息Table 2 Information involved in the data retrieval stage
5、数据所有者接收到水印认证中心WCA发送的信息后,验证签名
本领域技术人员可以理解,数据所有者最终获得的数据
三、数据删除阶段。3. Data deletion stage.
数据所有者可以在任何时刻删除其存储在云端的数据,例如,数据上传时、数据上传完成后、数据取回时或者数据取回完成后等。Data owners can delete their data stored in the cloud at any time, such as when data is uploaded, after data upload is complete, when data is retrieved, or after data retrieval is complete.
数据删除阶段的过程如下:The process of the data deletion phase is as follows:
1、如果数据所有者需要删除云端存储的数据X,则发送奇数编号n、数据所有者O的身份号IDO、云端C的身份号IDC、以及删除命令给水印认证中心WCA;1. If the data owner needs to delete the data X stored in the cloud, send an odd number n, the identity number IDO of the data owner O, the identity number ID C of the cloudC , and a delete command to the watermark certification center WCA;
2、水印认证中心WCA发送奇数编号n、数据所有者O的身份号IDO和删除命令给云端C;2. The watermark certification center WCA sends the odd number n, the identity number IDO of the data owner O and the delete command to the cloud C;
3、云端删除存储的数据X的所有副本,并返回已全部删除答复给水印认证中心WCA。3. The cloud deletes all copies of the stored data X, and returns the deleted reply to the watermark certification center WCA.
同时,水印认证中心WCA在自身的表格中记录数据删除阶段所涉及的信息,如表3所示,主要包括:数据所有者O的身份号IDO、奇数编号n、云端C的身份号IDC、唯一的用来标记云端身份的水印WC、唯一的用来标记数据所有者身份的水印WO、水印认证中心WCA与云端C之间的签名
表3数据删除阶段所涉及的信息Table 3 Information involved in the data deletion phase
四、仲裁阶段。4. Arbitration stage.
当数据所有者完成数据上传后,都有可能进行仲裁阶段。When the data owner completes the data upload, there is a possibility of an arbitration phase.
如果发现数据X的一个疑似副本Y,数据所有者O和水印认证中心WCA通过一下方式鉴别不可信的云端。If a suspected copy Y of data X is found, the data owner O and the watermark certification center WCA identify the untrusted cloud in the following way.
1、数据所有者O从疑似副本Y中提取的所有权水印O'W,若所有权水印O'W与数据所有者的所有权水印OW之间匹配度超过一定阈值,超过一定阈值,则判定疑似副本Y属于数据X,并进一步由水印认证中心WCA进行判定;否则,终止流程。1. The ownership watermarkO'W extracted by the data owner O from the suspected copy Y, if the matching degree between the ownership watermark O'W and the ownership watermark O Wofthe data owner exceeds a certain threshold, the suspected copy is determined Y belongs to data X, and is further determined by the watermark certification center WCA; otherwise, the process is terminated.
2、由水印认证中心WCA提取疑似副本Y中用来标记云端身份的水印W'C以及用来标记数据所有者身份的水印W'O,并结合数据上传阶段与数据取回阶段产生的水印WC与WO以及自身表格中记录的信息来判定疑似副本Y是否由云端泄漏,从而保护用户的被遗忘权。当水印W'C与表格中的相应条目中所记录唯一的用来标记云端身份的水印WC匹配程度超过阈值时,如下三种情况:2. The watermark certification center WCA extracts the watermark W'C used to mark the identity of the cloud and the watermarkW'O used to mark the identity of the data owner in the suspected copyY , and combines the watermark W generated in the data upload stage and the data retrieval stage.C andWO and the information recorded in its own form to determine whether the suspected copy Y is leaked by the cloud, so as to protect the user's right to be forgotten. When the matching degree between the watermark W'C and the unique watermark WC used to mark the cloud identity recorded in the corresponding entry in the table exceeds the threshold, there are three situations as follows:
1)如果表格中的相应条目中没有记录唯一的用来标记数据所有者身份的水印WO,且记录了删除命令,则认为数据所有者没有发出取回命令,仅发出了删除命令,但是云端没有按照要求删除相应的数据并泄漏了相应数据;1) If the corresponding entry in the table does not record the unique watermarkWO used to mark the identity of the data owner, and the deletion command is recorded, it is considered that the data owner did not issue a retrieval command, but only issued a deletion command, but the cloud The corresponding data was not deleted as required and the corresponding data was leaked;
2)如果表格中的相应条目中没有记录唯一的用来标记数据所有者身份的水印WO,且没有记录删除命令,则认为数据所有者没有发出取回命令与删除命令,但云端泄漏了相应数据;2) If the corresponding entry in the table does not record the unique watermarkWO used to mark the identity of the data owner, and does not record the deletion command, it is considered that the data owner did not issue a retrieval command and deletion command, but the cloud leaked the corresponding data. data;
3)如果水印W'O与如果表格中的相应条目中所记录唯一的用来标记数据所有者身份的水印WO匹配程度超过阈值,则认为疑似副本Y来自于数据所有者;此时,无论数据是否已经删除,或者数据是否泄漏都与云端无关。3) If the matching degree between the watermarkW'O and the unique watermarkW0 used to mark the identity of the data owner recorded in the corresponding entry in the table exceeds the threshold, it is considered that the suspected copy Y comes from the data owner; at this time, regardless of Whether the data has been deleted or whether the data has been leaked has nothing to do with the cloud.
下面结合一具体的示例进行介绍。The following is an introduction with a specific example.
本示例中,具体的加密方案和水印方案只要能满足要求,即可使用。In this example, the specific encryption scheme and watermark scheme can be used as long as they meet the requirements.
本示例中的数据以图像为例,选用1000幅不同灰度图像,图像的大小都为512×512,作为本示例的图像库,使用峰值信噪比PSNR测试嵌入水印后图像的质量,使用正确率BCR测试提取水印的质量。The data in this example takes an image as an example. 1000 different grayscale images are selected, and the size of the images is 512×512. As the image library of this example, the peak signal-to-noise ratio (PSNR) is used to test the quality of the image after embedding the watermark. Rate BCR tests the quality of the extracted watermark.
同态加密方法采用Paillier加密,密钥长度超过1024比特。考虑同态加密中没有小数,量化小数为整数的量化因子S=216。The homomorphic encryption method adopts Paillier encryption, and the key length exceeds 1024 bits. Considering that there are no decimals in homomorphic encryption, the quantization factor S=216 , which quantizes the decimals to integers.
数据所有者O的所有权水印OW,采用与第二代水印嵌入相似的方法,α为水印嵌入强度,现将所有权水印OW嵌入到3次小波变换后的低频区,在进行一次逆小波变换在进行一次傅里叶变换提取低频区的正负号作为图像的特征,记为Key。将提取的图形特征Key与嵌入的原水印OW异或,得到复合特征V。数据所有者O在上传图像时将OW与V同时传送给WCA。仲裁阶段,数据所有者O提取图像特征Key’,若Key’与V异或后的水印O'W与原水印OW的匹配度超过一定的阈值,这证明数据所有者O确实是图像的所有者。The ownership watermark OW of the data owner O adopts a method similar to that of the second generation watermark embedding, where α is the watermark embedding strength. Now, the ownership watermark OW is embedded in the low-frequency region after three wavelet transforms. After performing an inverse wavelet transform After performing a Fourier transform, the sign of the low-frequency region is extracted as the feature of the image, which is recorded as Key. XOR the extracted graphic feature Key with the embedded original watermarkOW to obtain the composite feature V. The data owner O transmits OW and V to WCA at the same time when uploading the image. In the arbitration stage, the data owner O extracts the image feature Key'. If the matching degree between the watermark O'W after the exclusive OR of Key' and V and the original watermark OW exceeds a certain threshold, it proves that the data owner O is indeed the owner of the image. By.
身份水印W,即WC和WO,采用带抖动的量化步长的嵌入方法。质量因子q控制嵌入水印后图像的质量,在被选中的用来嵌入身份水印的8×8块,嵌入水印的个数,记为NEB。The identity watermarks W, namely WC and WO , are embedded with dithered quantization steps. The quality factor q controls the quality of the image after embedding the watermark. In the selected 8×8 block for embedding the identity watermark, the number of embedded watermarks is recorded as NEB.
每个测试的图像被分割为不重叠的8×8的块,随机选择一半用来嵌入图像所有权水印OW,一半用来嵌入云和数据所有者的身份水印,即WC和WO,统称为身份水印W。此处,所有权水印OW的正确提取率记为BCRO,身份水印的正确提取率记为BCRI。最终水印的正确提取率记为Prosuc=BCRO×BCRI。当α=0.05,q=55,NEB=2时,该协议在无攻击和有攻击下的实验效果如下表4所示:Each test image is divided into non-overlapping 8 × 8 blocks, half of which are randomly selected to embed the image ownership watermark OW , and half are used to embed the cloud and data owner identity watermarks, namely WC and WO , collectively referred to as Watermark W for identity. Here, the correct extraction rate of the ownership watermark OW is denoted as BCRO , and the correct extraction rate of the identity watermark is denoted as BCRI . The correct extraction rate of the final watermark is recorded as Prosuc =BCRO ×BCRI . When α=0.05, q=55, and NEB=2, the experimental effects of the protocol under no attack and with attack are shown in Table 4 below:
表4不同测试下的PSNR和BCRTable 4 PSNR and BCR under different tests
测试本发明能支持的用户数量与云服务商的数量,被别记为NU和NC。由于嵌入的水印为二值水印,则用户身份水印也是数据所有者身份水印WO的长度为log2(NU),云端身份水印WC的长度为log2(NU)。每个测试的图像的大小为W×H,被分割为不重叠的8×8的块,结合所有权水印嵌入的方案与身份水印嵌入方案,该协议能容纳的NU和NC满足如下关系式:The number of users and the number of cloud service providers that can be tested by the present invention are separately recorded as NU and NC. Since the embedded watermark is a binary watermark, the length of the user identity watermark is also the data owner's identity watermarkWO is log2 (NU), and the length of the cloud identity watermark WC is log2 (NU). The size of each test image is W×H, which is divided into non-overlapping 8×8 blocks. Combining the ownership watermark embedding scheme and the identity watermark embedding scheme, the NU and NC that the protocol can accommodate satisfy the following relationship:
在实际应用中,NU远远多于NC,本示例中,假设
当NEB=2,W=H,时,最大用户量NUmax在不同W下关于m变化的对数曲线,如图4所示。当W=H,m=1000时,NEB在1到4的该范围内,在最大用户量NUmax关于W变化的对数曲线如图5所示。When NEB=2 and W=H, the logarithmic curve of the variation of the maximum user quantity NUmax with respect to m under different W is shown in FIG. 4 . When W=H, m=1000, NEB is in the range of 1 to 4, and the logarithmic curve of the variation of W at the maximum user quantity NUmax is shown in FIG. 5 .
结合图4与图5可知,m对最大用户数量NUmax的影响较小,而图像的大小对NUmax有指数级的影响。当W=210,m=1000,NEB=2时,最大用户数量NUmax可达28442。Combining Fig. 4 and Fig. 5, it can be seen that m has little influence on the maximum number of users NUmax , while the size of the image has an exponential influence on NUmax . When W=210 , m=1000, and NEB=2, the maximum number of users NUmax can reach 28442 .
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例可以通过软件实现,也可以借助软件加必要的通用硬件平台的方式来实现。基于这样的理解,上述实施例的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the above embodiments can be implemented by software or by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the above embodiments may be embodied in the form of software products, and the software products may be stored in a non-volatile storage medium (which may be CD-ROM, U disk, mobile hard disk, etc.), including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in various embodiments of the present invention.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明披露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above description is only a preferred embodiment of the present invention, but the protection scope of the present invention is not limited to this. Substitutions should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (6)
Translated fromChinese
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810379280.XACN108549796B (en) | 2018-04-25 | 2018-04-25 | The method of protecting the user's right to be forgotten through digital watermarking technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810379280.XACN108549796B (en) | 2018-04-25 | 2018-04-25 | The method of protecting the user's right to be forgotten through digital watermarking technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108549796A CN108549796A (en) | 2018-09-18 |
| CN108549796Btrue CN108549796B (en) | 2020-08-25 |
Family
ID=63512498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810379280.XAActiveCN108549796B (en) | 2018-04-25 | 2018-04-25 | The method of protecting the user's right to be forgotten through digital watermarking technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108549796B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20240330490A1 (en)* | 2021-07-09 | 2024-10-03 | Sasha Aps | Providing a Share Statement Linked to a Digital Identifier of an Image |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994068A (en)* | 2015-05-22 | 2015-10-21 | 武汉大学 | Multimedia content protection and safe distribution method in cloud environment |
| CN105303069A (en)* | 2014-07-10 | 2016-02-03 | 厦门简帛信息科技有限公司 | Digital rights management system and method |
| CN105323209A (en)* | 2014-06-05 | 2016-02-10 | 江苏博智软件科技有限公司 | Cloud data security protection method adopting fully homomorphic encryption technology and multiple digital watermarking technology |
| CN106156655A (en)* | 2015-03-26 | 2016-11-23 | 中国科学院声学研究所 | The compressing file of a kind of facing cloud storage and authentication method |
| CN107197037A (en)* | 2017-02-24 | 2017-09-22 | 重庆第二师范学院 | A kind of data access method and system with audit function based on Cloud Server |
- 2018
- 2018-04-25CNCN201810379280.XApatent/CN108549796B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323209A (en)* | 2014-06-05 | 2016-02-10 | 江苏博智软件科技有限公司 | Cloud data security protection method adopting fully homomorphic encryption technology and multiple digital watermarking technology |
| CN105303069A (en)* | 2014-07-10 | 2016-02-03 | 厦门简帛信息科技有限公司 | Digital rights management system and method |
| CN106156655A (en)* | 2015-03-26 | 2016-11-23 | 中国科学院声学研究所 | The compressing file of a kind of facing cloud storage and authentication method |
| CN104994068A (en)* | 2015-05-22 | 2015-10-21 | 武汉大学 | Multimedia content protection and safe distribution method in cloud environment |
| CN107197037A (en)* | 2017-02-24 | 2017-09-22 | 重庆第二师范学院 | A kind of data access method and system with audit function based on Cloud Server |
Non-Patent Citations (3)
| Title |
|---|
| 《A Cloud-User Protocol Based on Ciphertext Watermarking Technology》;Keyang Liu, Weiming Zhang等;《Security and Communication Networks》;20171211;第2017卷;第1-14页* |
| 《基于被遗忘权的第三方个人数据监管平台》;金燕;《情报理论与实践》;20170831;第40卷(第8期);第37-42页* |
| 《针对特定测试样本的隐写分析方法》;张逸为,张卫明等;《软件学报》;20171201;第29卷(第4期);第987-1001页* |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108549796A (en) | 2018-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10387986B2 (en) | System for embedding searchable information, encryption, signing operation, transmission, storage and retrieval | |
| EP2109248B1 (en) | Method and device for testing consistency of numeric contents | |
| WO2017071512A1 (en) | Cloud storage and cloud download methods for multimedia data and related devices | |
| KR20130133243A (en) | Device and method for online storage, transmission device and method, and receiving device and method | |
| CN106104545A (en) | Use the security feature about digital image file | |
| TW201539233A (en) | Method and apparatus for verifying the availability of biometric images | |
| Cao et al. | A Privacy‐Preserving Outsourcing Data Storage Scheme with Fragile Digital Watermarking‐Based Data Auditing | |
| JP2003309554A5 (en) | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, PROGRAM, AND RECORDING MEDIUM | |
| CN111444479A (en) | A method and system for verifying ownership of digital fingerprints | |
| CN108337208B (en) | Cloud storage-based data protection method, replacement device, and cloud storage system | |
| CN108549796B (en) | The method of protecting the user's right to be forgotten through digital watermarking technology | |
| CN108737095B (en) | Method for carrying out credible operation by using digital current survey record credible model system | |
| CN108563396B (en) | Safe cloud object storage method | |
| JP2018073064A (en) | File division and combination system and method thereof | |
| US11120075B2 (en) | Methods and devices for storing and managing audio data on blockchain | |
| JP7723607B2 (en) | Proving Media Origin via Fragile Watermarking | |
| CN115296821B (en) | Data processing system for digital collection management | |
| CN116015630A (en) | Lightweight and deduplicatable ciphertext integrity auditing method and system | |
| CN114928469A (en) | IDaaS system for access control based on mutual authentication mechanism | |
| CN112991136B (en) | Safe plaintext image cloud storage and processing method based on watermark | |
| US20240184904A1 (en) | Method and System for Managing at Least One Unique Data Record | |
| CN117058423B (en) | A fuzzy deduplication method and device based on a single server | |
| US20250181683A1 (en) | Method and system for processing digital content, method and system for confirming copyright of digital content, and method and system for tracing digital content | |
| CN106612321A (en) | Access right management method in cloud storage | |
| JP2002342292A (en) | Contents delivery server and detection device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | Effective date of registration:20250509 Address after:230026 Jinzhai Road, Baohe District, Hefei, Anhui Province, No. 96 Patentee after:University of Science and Technology of China Country or region after:China Patentee after:Zhou Wenbai Patentee after:Yu Nenghai Patentee after:Zhang Weiming Address before:230026 Jinzhai Road, Baohe District, Hefei, Anhui Province, No. 96 Patentee before:University of Science and Technology of China Country or region before:China | |
| TR01 | Transfer of patent right |