Patent data access control and protection using blockchain technology

Security analysis scheme

Data privacy security

As shown in Fig. 5, different access control structures have a greater impact on data encryption speed. Among them, the speed of encryption and decryption of data files is related to the structure of access control. The more complex the access control structure, the slower the encryption and decryption speed. Conversely, the simpler the structure, the faster the encryption and decryption rates. As the number of attributes involved in the access control strategy increases, the time used for data encryption operations gradually increases. However, the increase is almost stable, suggesting that the increase in overhead is acceptable. This result shows that distributed storage of patent data is secure and may meet the requirements of off-site storage.

Figure 5
Figure 5

The relationship between the number of attributes and the overhead of encryption.

Data operator security

As shown in Fig. 6, different data operators correspond to the number of authority attributes from 1 to 4. The difference in the number of attribute credentials has a significant effect on the delay time of the encryption parameter calculation. The more authority attributes, the more overhead time is required for encryption; the more attribute credentials, the more appropriate attribute management sets and the more parameters you need to manage. This result also shows that the data operator cannot obtain patent data, steal data resources or cause data leakage.

Figure 6
Figure 6

The relationship between the number of attribute credentials and encryption overhead.

Security data manager

As shown in Fig. 7, the number of permissions is due to data encryption delay. The more permissions a data owner needs to manage, that is, the more access control strategies there are, the higher the overhead of encryption. Thus, even if there are more data heads, specific patent data information cannot be effectively obtained. Therefore, more managers need to give appropriate permissions to access data content.

Figure 7
Figure 7

The relationship between the number of permissions and the encryption overhead.

Data owner security

Figure 8A shows the time required to decrypt the file, and Figure 8B shows the time required to update the encrypted text. The more attributes involved in decryption time delay and encrypted text, the greater the decryption overhead. Due to the distributed attribute management architecture and the process of calculating the encrypted text update, only part of the encrypted text needs to be updated when updating the attribute, which effectively reduces the time it takes to update the encrypted text after updating the attribute. Delay time of ciphertext update and classic CP-ABE encryption mechanism21 have been greatly improved. Data owners create a security representative who effectively prevents data leakage from storage vendors, data management vendors, and system vendors. Blockchain tracking and counterfeiting characteristics are used. Through blockchain transaction management to access management strategies and attributes, this feature implements strategy management and tracking of the entire process of publishing, updating and revoking policies. The strategy is stored in the blockchain in an open and transparent manner. Any user can request it. The request function is separated from the traditional third-party access control mode. This function solves the problem of transparency of the court decision on jurisdiction.

Figure 8
Figure 8

Overhead for encrypted text time after decrypting and updating an attribute (A Overhead for decryption; B Overhead for updating ciphertext time).

Model performance analysis

Computational analysis of overhead costs

Figure 9A-D shows key overhead, encryption overhead, decryption overhead, and computational overhead in different data sets. The proposed model is compared with the algorithm KP-ABE (Ciphertext Policy Attribute Based Encryption).22. The overhead costs for the encryption algorithm of the proposed model and the KP-ABE algorithm increase linearly with increasing number of attributes. In the proposed model, the overhead of the key generation algorithm increases linearly as the number of attributes increases. In the KP-ABE algorithm, the overhead of the key generation algorithm increases exponentially as the number of attributes increases. In the proposed model, the overhead of the decryption algorithm is lower than the overhead of the encryption algorithm. This is because the decryption algorithm takes less exponential operations. The time required to encrypt a 10 MB file with 64-bit and 128-bit data is 35 ms and 105 ms, respectively. The results of all experiments show that the use of local resources in branches for decryption can reduce the overhead of cloud computing of the patent office.

Figure 9
Figure 9

Computational performance analysis (A Overhead key; B Overhead for encryption; S Overhead for decryption; D overhead of the calculation).

Analysis of storage overheads

Figure 10A shows the overhead of the encryption algorithm, and Figure 10B shows the overhead of the decryption algorithm. Schemes based on DS-EA and BE are the least expensive. Compared to the ABE (Attribute-Based Encryption) and BE (Based Encryption) schemes, DS-EA can significantly reduce the overhead of key storage. In this scheme, users only need to store their private keys and system settings. For comparison, users must store their access structure and corresponding private keys in an ABE-based schema. Therefore, DS-EA needs only a small overhead for key storage to implement secure cloud data sharing services.

Figure 10
Figure 10

Storage Overhead Performance Analysis (A Encryption algorithm; B Deciphering algorithm).

Network overhead analysis

Figure 11A shows the network overhead of the encryption algorithm, and Figure 11B shows the network overhead of the re-encryption algorithm. The proposed scheme takes only 1 s to decrypt 64 KB data; in contrast, the algorithm proposed in the previous study takes 1.5 s. Although the decryption algorithm of the proposed scheme must perform a pairing operation for each piece of data, the operation only needs to be performed once, and the calculation can be completed at the very beginning. As the number of receivers increases, the encryption time is almost stable. Therefore, the DS-EA circuit is easily extended in cloud computing. Experimental results show that DS-EA is lightweight and can be effectively applied in practice. This algorithm can reduce the storage space of the patent office encryption and effectively store the repository.

Figure 11
Figure 11

Time costs for SECO encryption algorithms, ABE-based schemes and BE-based schemes (A Encryption algorithm; B Re-encryption algorithm).

Encryption performance analysis

Figure 12A illustrates the results of encryption performance at different values ​​of k, and Figure 12B shows the results of encryption performance at different data sets. Only 1% of data requires asymmetric encryption, which significantly reduces the cost of encryption, while increasing the speed of encryption and ensuring data security. Compared to modern algorithms, the proposed algorithm has significant advantages when the value of K is large.

Figure 12
Figure 12

Percentage of users with privacy leaks at different k values ​​and data set sizes (A At different values ​​of k; B Under different data sets).

Analysis of test performance

Figure 13A-D shows the results of the MAE model (Mean Absolute Error). a = 0.5 Count query, a= 1.0 quantity request, a= 0.5 Request Amount, and a= 1.0 Request Amount. Figure 14A-D shows the results of the MRE model (mean relative error). a= 0.5 Count query, a= 1.0 quantity request, a= 0.5 Request Amount, and a= 1.0 Request Amount. In any case, regardless of whether it is MAE or MRE, the results of the proposed algorithm are less than the results of the Dwork algorithm23. If the query size is 3 and a= 0.5, the MAE result of the Count query of the proposed algorithm is less than 20; in contrast, the result of the Dwork algorithm is close to 70. If the query size is 4 and a= 0.5, the MRE query result Sum of the proposed algorithm is less than 0.1; however, the result of the Dwork algorithm is greater than 0.2. As the query size increases, not only the MAE but also the MRE decreases. Also how aincreases, both MAE and MRE decrease.

Figure 13
Figure 13

MAE different request sizes with different privacy (A a = 0.5 Request Count; B a = 1.0 Count request; S a = 0.5 request for the amount; D a = 1.0 request for the amount).

Figure 14
Figure 14

MREs of different request sizes with different privacy (A a = 0.5 Request Count; B a = 1.0 Count request; S a = 0.5 request for the amount; D a = 1.0 request for the amount).

Figure 15A shows the result of the relative error of the model for the Count query, and Figure 15B shows the result of the relative error of the model for the Sum query. As the size of the data set increases, the relative error decreases. As the data set grows to 1,500,000 and a= 0.5, the relative error rate of the Sum query result is 0.7; if the data set size is 4,500,000, the relative error rate is less than 0.6. Thus, the algorithm can provide higher data availability for large-scale multidimensional datasets.

Figure 15
Figure 15

Relative error rate for different privacy budgets and data set sizes (A Counting request; B Request amount).

Leave a Comment