CN105743873A - Security system - Google Patents

Security system Download PDF

Info

Publication number
CN105743873A
CN105743873A CN201510184289.1A CN201510184289A CN105743873A CN 105743873 A CN105743873 A CN 105743873A CN 201510184289 A CN201510184289 A CN 201510184289A CN 105743873 A CN105743873 A CN 105743873A
Authority
CN
China
Prior art keywords
key
aes
security system
document
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510184289.1A
Other languages
Chinese (zh)
Inventor
左晓栋
崔占华
杨晨
王石
周亚超
李勇
陈曼琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Information Security Research Institute Co Ltd
Original Assignee
China Information Security Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Information Security Research Institute Co Ltd filed Critical China Information Security Research Institute Co Ltd
Priority to CN201510184289.1A priority Critical patent/CN105743873A/en
Publication of CN105743873A publication Critical patent/CN105743873A/en
Pending legal-status Critical Current

Links

Abstract

The invention provides a security system. The security system comprises a management server and server nodes connected to the management server; the management server is use for generating an AES key, encrypting a file flowing into the security system by the using the AES key, encrypting the AES key by using an RSA key, saving a ciphertext and the RSA key and sending the ciphertext and the RSA key to the TPM security chip modules of the node servers; the node servers read authentication transferable keys in the TPM security chip modules, judge and decrypt the AES key and the RSA key according to respective management levels of the node servers, and open the file; and after the file is closed, the node servers generate and save a file, encrypt the file by using an RSA algorithm and encrypt the keys by using the TPM security chip modules. According to the security system provided by the invention, problems in confidentiality of files in a multi-level security system can be solved by adopting technologies such as TPM security chips and RRN algorithms, and the access of information such as files in the system can be controlled.

Description

A kind of security system
Technical field
The present invention relates to the system of a kind of reliable computing technology application, in particular to a kind of security system.
Background technology
" multilevel security " (MultiLevelSecurity) is called for short MLS, is originally derived from the military field confidentiality demand to information.1970, the safety problem that the computer system of the W.H.Ware resource-sharing to accessing by all kinds of means causes has been studied, its main target is Multilevel Security Systems realization in a computer, in conjunction with actual national defense safety grade classification system, analyze the security threat that sensitive information in resource sharing system is likely to be subject to, it is proposed that solve the suggestion approach of computer security issue.
Level of security and on-demand known (need-to-know) authority are the important component in multilevel security problem, and basic multilevel security problem seeks to determine the sensitive information of certain scope having particular security levels and the individuality of known authority should be needed whether to be able to access that in given physical environment.Report that the design to computer safety system proposes two restrictive conditions:
(1) computer safety system must be consistent with the safety status classification structure of reality;
(2) computer safety system must be consistent with the manual security control procedure of reality.
Nineteen eighty-three, U.S. Department of Defense has issued first historically computer security evaluation criteria " Trusted Computer System Evaluation Criteria ", and computer security grade is divided into D, C, B, A tetra-class from low to high, altogether D, C1, C2, B1, B2, B3 and A1 seven grades.Its high-grade safe key character, it is simply that the pressure of multilvel security policy is realized.
The elementary object of multilevel security has two:
(1) control measure are set up, it is prevented that user accesses the information of its uncommitted high safety grade;
(2) prevent unauthorized user from reducing the safe class of information.
In the security management system of traditionally on paper file, all personnel and file all have different level of securitys, most typically confidential, confidential and top secret.Before being licensed and consulting classified document, it is necessary to its level of security is verified.The personnel of " secret " level can only authorize and consult " secret " level file, and " secret " and " top secret " level file does not then allow to consult.This requirement discloses the implication of " multistage ".
Multistage network use cryptographic means multiplex to prevent from wiretaping and implement multilevel security forced symmetric centralization etc..Encryption is most stringent of access control technology, it does not have the people of key can not actively know the content of encryption, and this provides another thinking for multilevel security.In hierarchical system, by control key, multilevel security target just can be realized.Then multilevel security problem just converts for the cipher key management considerations under rational algorithm.As far back as nineteen eighty-two, Akl and Taylor just proposes such thinking, hereafter has increasing expert to do exploration in the direction.But these schemes to realize cost often significantly high and very dumb.Such as, Akl and Taylor based on RSA system, the scheme that the key of child node can be derived by father node.If two nodes (such as certain ancestor node and certain descendent node) span multiple rank in the program, then ancestor node needs to travel through all intermediate nodes.For great institutions, this is clearly troublesome.If it addition, add new node in hierarchical organization, then the key of all superior nodes of this new node must regenerate.
In recent years, the cryptographic solution of multiple Multilevel Security Systems is proposed both at home and abroad.Minister in ancient times professor Si Han et al. proposes the distribution of shared key and session key under hierarchical conference and user adds and the change system of session key when leaving.This system utilizes end-to-end " from proving ", and authentication protocol carries out shared key distribution, and when the distribution of session key adds with user and leaves, the change of session key is dependent on the symmetric encipherment algorithm that amount of calculation is little.In other one section of paper, Liu Kelong et al. proposes the multilevel security key management system in Distributed Application then.This system adopts BLP model as multilevel security access control policy, utilizes Chinese remainder theorem, introduces " the master key factor ", " the secondary key factor ", " the write factor ", the shared information of structure session key.Ji Dongyao et al. proposes a kind of new dynamic access control scheme based on encryption key distribution.Method for distributing key therein is based on Rabin public key system and Chinese remainder theorem.In this scenario, in system, each user is endowed a security permission, the user with higher security permission can utilize oneself privately owned secret information and public information to derive the key of the user with relatively low security permission, and low rights user then can not derive the key of high authority user.The feature of this scheme is to add/delete a user from system and change user right and change user key all without changing whole system.The motility of such scheme has had and has been greatly improved, but the complexity of Project Realization is relatively big, and this multilevel security solution being also based on cryptographic technique seldom has the reason of practical application.
For overcoming the defect of such scheme, it is necessary to propose a kind of new multistage document security management system.
Summary of the invention
For overcoming above-mentioned the deficiencies in the prior art, the present invention provides a kind of security system.
Realizing the solution that above-mentioned purpose adopts is:
A kind of security system, described security system includes management server and the node server of difference connection management server;
Described management server, for producing and using AES key encryption to flow into the file of described security system, and uses RSA key to encrypt described AES key;Preserve and ciphertext and described RSA key be sent to the TPM safety chip module of each described node server;
Described node server, reads the transportable key of certification in described TPM safety chip module, judges to decipher described AES key and RSA key according to respective managerial class, opens described file;Produce and preserve document after closedown, use RSA Algorithm encrypt described document and use TPM safety chip module encryption key.
Preferably, described management server and described node server all include AES module and TPM safety chip module;
Described AES module, uses aes algorithm to produce AES key, encryption or deciphering and flows into the file of described inflow security system;
Described TPM safety chip module, uses RRN algorithm to produce RSA key, and described RSA key is appointed as the transportable key of certification, uses RSA key encryption or deciphers described AES key.
Preferably, described TPM safety chip module uses RRN algorithm to produce RSA key, comprises the following steps:
The described TPM all node servers of safety chip module walks, generate random number N ' for each described node serveri, N 'iIt it is the product of two prime numbers;
Prime number product N is calculated for each described node serveri=N 'iN′jN'k…N′l, wherein, the ancestor node of node j, k ..., l respectively node i;
RSA key is generated, including encryption key k for each described node serveri=(e, Ni) and decruption keyWherein, exponent e and each φ (N 'i) coprime, to each node liE identical, but diBut all differ, e*di≡1modφ(N′i)。
Preferably, described management server is described node server allocation level.
Preferably, described node server encrypts described document when generating and preserve document, including:
Use aes algorithm that document m is encrypted, generate ciphertextWherein, kaesFor the AES key that AES module generates;
TPM safety chip module uses RRN algorithm to generate key ki, use key kiTo key kaesEncryption, generates encryption keyJointly preserve with described ciphertext c.
Preferably, when described node server decodes the document of document or the generation received, including:
TPM chip module uses the private key of its storageDeciphering AES key, it is thus achieved that
Decrypting ciphertext c, it is thus achieved that expressly
Preferably, described node server i reads from its ancestor node server j document obtained, must according to itObtainFurther according to kaesDescribed document is deciphered.
Preferably, described management server is in off-line state all the time, the RSA key of each node server of safe storage.
Preferably, described node server sends document outside described security system, comprises the following steps:
Document to be sent is sent to described management server by described security node server, and described management server is to described document deciphering to be sent, and is sent to described security system by the document after deciphering.
Compared with prior art, the method have the advantages that
1, security system provided by the invention, utilizes the technology such as TPM safety chip, RRN algorithm to solve the privacy concerns of document in Multilevel Security Systems, it is ensured that in system, the message reference such as document is controlled.
2, security system provided by the invention, utilizes RRN algorithm that key is carried out encryption and decryption, it is achieved system documentation multi hierarchy security management.In not direct encryption and decryption storage data, improve the efficiency that system is run, can better be applicable to large-scale Multilevel Security Management System.
3, security system provided by the invention; management server is in off-line state all the time; preserve the RSA key of each node server safely; simultaneously; the built-in TPM safety chip of each node server; utilize the characteristic such as the high security of TPM safety chip, key migration, the generation of system key, storage, use etc., crucial encryption process are realized the protection of hardware level, reaches the requirement of forced symmetric centralization.
Accompanying drawing explanation
Fig. 1 is security system structure chart in the present invention;
Fig. 2 is the present embodiment middle grade structural representation.
Detailed description of the invention
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
The present invention provides a kind of security system, and this system utilizes the technology such as TPM safety chip, RRN algorithm to solve the privacy concerns of document in Multilevel Security Systems, it is ensured that in system, the message reference such as document is controlled, it is achieved the safety management of the document of multilevel hierarchy.
Explanation to multilevel hierarchy:
A, the organizational structure of a mechanism is expressed as paritially ordered set (l;<), l is the set of grade, < is each set waiting inter-stage dominance relation.Mutual relation includes situations below:
If 1. liAnd ljRelation be li<lj, it is called ljDominance strict li, liBy ljDominance strict.
If 2. liAnd ljRelation be li<ljAnd lj<li, it is called liAnd ljEqual, it is designated as li=lj
If 3. liAnd ljRelation be li<lj, or li=lj, it is called liBy ljDomination, or ljDomination li, it is designated as li≤lj
If 4. liAnd ljRelation be neither li≤ljNeither lj≤li, it is called liAnd ljNot comparable.
If 5. lx<lyAnd there is no other node lzMake lx<lz<ly, claim lyIt is lxFather node.If lx<ly, claim lxIt is lyDescendant nodes, lyIt is lxAncestor node.
Each l in B, hierarchical organizationiThere is pair of secret keys, be designated asWherein kiIt is liDefault encryption key,It is liDefault decruption key.
Actual demand according to multilevel security, utilizes kiCipher-text message after encryption should have the property that
If 1.It is liDecruption key, then this ciphertext can be byDeciphering.
If 2. lj>li,It is ljDecruption key, then this ciphertext can be byDeciphering.
If 3. lk<liOr lkWith liIt is not comparable,It is lkDecruption key, then this ciphertext can not be byDeciphering.
Security system provided by the invention includes management server PMC and the node server PC of difference connection management server.As it is shown in figure 1, Fig. 1 is security system structure chart in the present invention.
Management server, for the unique interface of this security system with extraneous document exchange.For generating the key of each node server, and by this key migration to each node server.
Management server, the module including completing following steps:
1, use aes algorithm that the file flowing into described security system is encrypted, generate AES key and ciphertext;
2, using RRN algorithm is that each node server generates RSA key, and described RSA key is appointed as the transportable key of certification is sent to the TPM safety chip module of each described node server;
3, AES key is encrypted by the RSA key further according to document destination node server;
4, RSA key and described ciphertext are stored jointly.
Management server and node server all include TPM safety chip module;Described TPM safety chip module is run RRN algorithm and is produced RSA key and deciphering RSA key.
TPM safety chip module is run RRN algorithm and is produced RSA key, comprises the following steps:
I, travel through all node servers, generate random number N ' for each described node serveri, N 'iIt it is the product of two prime numbers;
II, travel through described node server, calculate prime number for each described node server and seize the opportunity Ni=N 'iN'jN'k…N′l, wherein, the ancestor node of node j, k ..., l respectively node i;
III, each described node server generate RSA key, including encryption key ki=(e, Ni) and decruption keyWherein, exponent e and each φ (N 'i) coprime.To each li, e is identical, but diBut all differ.e*di≡1modφ(N′i)。
According to above-mentioned steps, double secret key as shown in table 1 below can be obtained;
All double secret key in table 1 Fig. 1
Node li Encryption key Decruption key E and diRelation
l1 (e,N1=N '1) (d1,N′1) e*d1≡1modφ(N′1)
l2 (e,N2=N '1N'2) (d2,N'2) e*d2≡1modφ(N'2)
l3 (e,N3=N '1N′3) (d3,N′3) e*d3≡1modφ(N′3)
l4 (e,N4=N '1N'2N'4) (d4,N'4) e*d4≡1modφ(N'4)
l5 (e,N5=N '1N'2N′3N′5) (d5,N′5) e*d5≡1modφ(N′5)
l6 (e,N6=N '1N'2N'4N'6) (d6,N'6) e*d6≡1modφ(N'6)
Node relationships is such as shown in Fig. 2 hierarchical organization schematic diagram, l1For ancestor node, l2And l3For l1Child node, is also l5Father node;l2For l4Father node, l4For l6Father node.
When on the basis knowing above-mentioned hierarchical organization and key, if liWhen wishing encryption message m, then can calculate ciphertext:
C=memodNi(1)
If ljIt is liAncestor node, work as ljWhen wishing deciphering message m, then can calculate expressly:
m = c d j mod N j &prime; - - - ( 2 )
TPM chip will generate RSA key, and this RSA key is meet the transportable key of the certification (CMK) of RRN algorithm, and is moved on the TPM safety chip of each node server.The transportable key of certification is a kind of transportable, allows also to the key proved, has higher safety when managing and migrating between server and node server, it is ensured that user cannot maliciously reveal RSA key.
Node server, is mainly used in reading, preserving document and encryption, decrypted document.
Node server, the module including completing following steps:
1, ciphertext and RSA key are received;
2, judge to decipher described AES key and RSA key according to respective managerial class, open described file;
3, produce and preserve document after closing, use RSA Algorithm encrypt described document and use TPM safety chip module encryption key.
The generation of node server, to read document process as follows:
I, node server, when generating and preserving document m, utilize aes algorithm that m is forced encryption, generate ciphertext
TPM safety chip module uses RRN algorithm to produce key ki, key kaesBy key kiEncryption generates encryption keyWith ciphertext c = E k aes ( m ) Preserve together;
II, node server, when opening the document of storage, utilize the private key of storage in TPM safety chipCalculate and obtain AES keyUse AES key decrypting ciphertext c, it is thus achieved that expressly
If node server i reads from its ancestor node server j document obtained, it is necessary to utilize itObtainFurther according to kaesDescribed document is deciphered.
And when document is closed, by AES key new for stochastic generation, utilize the file encryption that this double secret key has been opened, utilize k simultaneouslyjTo new AES key encryption.
By document from node server i copy its ancestor node to outside other nodes time, owing to the decruption key of node server can not be deciphered by kiThe AES key of encryption, therefore the content of the document will not be learned, and achieves the confidentiality target in hierarchical system thereby through coercive methods.
In this security system, management server is in off-line state all the time, the RSA key of each node server of safe storage.The TPM safety chip run on the management server, generates the transportable key of the certification (CMK) meeting RRN algorithm, it is possible to avoid TPM safety chip to directly generate the shortcoming that RSA key cannot meet RRN algorithm requirement.
The built-in TPM safety chip of each node server PC, obtains the RSA public affairs, the private key that distribute for it from management server ( k n , k n - 1 ) .
Finally should be noted that: above example is merely to illustrate the technical scheme of the application but not the restriction to its protection domain; although with reference to above-described embodiment to present application has been detailed description; those of ordinary skill in the field are it is understood that the detailed description of the invention of application still can be carried out all changes, amendment or equivalent replacement by those skilled in the art after reading the application; but these change, revise or equivalent replacement, all within the claims that application is awaited the reply.

Claims (9)

1. a security system, it is characterised in that: described security system includes management server and the node server of difference connection management server;
Described management server, for producing and using AES key encryption to flow into the file of described security system, and uses RSA key to encrypt described AES key;Preserve and ciphertext and described RSA key be sent to the TPM safety chip module of each described node server;
Described node server, reads the transportable key of certification in described TPM safety chip module, judges to decipher described AES key and RSA key according to respective managerial class, opens described file;Produce and preserve document after closedown, use RSA Algorithm encrypt described document and use TPM safety chip module encryption key.
2. a kind of security system as claimed in claim 1, it is characterised in that: described management server and described node server all include AES module and TPM safety chip module;
Described AES module, uses aes algorithm to produce AES key, encryption or deciphering and flows into the file of described inflow security system;
Described TPM safety chip module, uses RRN algorithm to produce RSA key, and described RSA key is appointed as the transportable key of certification, uses RSA key encryption or deciphers described AES key.
3. a kind of security system as claimed in claim 2, it is characterised in that: described TPM safety chip module uses RRN algorithm to produce RSA key, comprises the following steps:
The described TPM all node servers of safety chip module walks, generate random number N ' for each described node serveri, N 'iIt it is the product of two prime numbers;
Prime number product N is calculated for each described node serveri=N 'iN'jN'k…N′l, wherein, the ancestor node of node j, k ..., l respectively node i;
RSA key is generated, including encryption key k for each described node serveri=(e, Ni) and decruption keyWherein, exponent e and each φ (N 'i) coprime, to each node liE identical, but diBut all differ, e*di≡1modφ(N′i)。
4. a kind of security system as claimed in claim 1, it is characterised in that: described management server is described node server allocation level.
5. a kind of security system as claimed in claim 1, it is characterised in that: described node server encrypts described document when generating and preserve document, including:
Use aes algorithm that document m is encrypted, generate ciphertextWherein, kaesFor the AES key that AES module generates;
TPM safety chip module uses RRN algorithm to generate key ki, use key kiTo key kaesEncryption, generates encryption keyJointly preserve with described ciphertext c.
6. a kind of security system as claimed in claim 1, it is characterised in that: when described node server decodes the document of document or the generation received, including:
TPM chip module uses the private key of its storageDeciphering AES key, it is thus achieved that
Decrypting ciphertext c, it is thus achieved that expressly
7. a kind of security system as claimed in claim 1, it is characterised in that: described node server i reads from its ancestor node server j document obtained, must according to itObtainFurther according to kaesDescribed document is deciphered.
8. a kind of security system as claimed in claim 1, it is characterised in that: described management server is in off-line state all the time, the RSA key of each node server of safe storage.
9. a kind of security system as claimed in claim 1, it is characterised in that: described node server sends document outside described security system, comprises the following steps:
Document to be sent is sent to described management server by described security node server, and described management server is to described document deciphering to be sent, and is sent to described security system by the document after deciphering.
CN201510184289.1A 2015-04-17 2015-04-17 Security system Pending CN105743873A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510184289.1A CN105743873A (en) 2015-04-17 2015-04-17 Security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510184289.1A CN105743873A (en) 2015-04-17 2015-04-17 Security system

Publications (1)

Publication Number Publication Date
CN105743873A true CN105743873A (en) 2016-07-06

Family

ID=56295928

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510184289.1A Pending CN105743873A (en) 2015-04-17 2015-04-17 Security system

Country Status (1)

Country Link
CN (1) CN105743873A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230584A (en) * 2016-07-21 2016-12-14 北京可信华泰信息技术有限公司 A kind of key migration method of credible platform control module
CN109921902A (en) * 2019-03-22 2019-06-21 阿里巴巴集团控股有限公司 A kind of key management method, safety chip, service server and information system
CN112700152A (en) * 2021-01-06 2021-04-23 南方电网科学研究院有限责任公司 Hierarchical safe multi-party computing method and device based on Chinese remainder theorem

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030138105A1 (en) * 2002-01-18 2003-07-24 International Business Machines Corporation Storing keys in a cryptology device
CN1598794A (en) * 2003-09-19 2005-03-23 联想(北京)有限公司 Computer terminal safety system based on safety chip
CN101136744A (en) * 2006-08-29 2008-03-05 联想(北京)有限公司 Method and system for safe reading download data
CN103516728A (en) * 2013-10-14 2014-01-15 武汉大学 Mirror image encryption and decryption method for preventing cloud platform virtual machine illegal starting

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030138105A1 (en) * 2002-01-18 2003-07-24 International Business Machines Corporation Storing keys in a cryptology device
CN1598794A (en) * 2003-09-19 2005-03-23 联想(北京)有限公司 Computer terminal safety system based on safety chip
CN101136744A (en) * 2006-08-29 2008-03-05 联想(北京)有限公司 Method and system for safe reading download data
CN103516728A (en) * 2013-10-14 2014-01-15 武汉大学 Mirror image encryption and decryption method for preventing cloud platform virtual machine illegal starting

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
XIAO-DONG ZUO等: "A New Approach to Multilevel Security Based on Trusted Computing Platform", 《ICMLC》 *
周全书: "一种新的面向组的等级系统密钥管理方法", 《浙江理工大学学报》 *
夏瑞学: "密钥生成与管理系统", 《软件技术》 *
汤伟等: "基于可信平台的多级安全访问控制模型研究", 《学术研究》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230584A (en) * 2016-07-21 2016-12-14 北京可信华泰信息技术有限公司 A kind of key migration method of credible platform control module
CN106230584B (en) * 2016-07-21 2019-09-03 北京可信华泰信息技术有限公司 A kind of key migration method of credible platform control module
CN109921902A (en) * 2019-03-22 2019-06-21 阿里巴巴集团控股有限公司 A kind of key management method, safety chip, service server and information system
WO2020192285A1 (en) * 2019-03-22 2020-10-01 阿里巴巴集团控股有限公司 Key management method, security chip, service server and information system
CN109921902B (en) * 2019-03-22 2020-10-23 创新先进技术有限公司 Key management method, security chip, service server and information system
TWI724555B (en) * 2019-03-22 2021-04-11 開曼群島商創新先進技術有限公司 Key management method, security chip, business server and information system
US11240008B2 (en) 2019-03-22 2022-02-01 Advanced New Technologies Co., Ltd. Key management method, security chip, service server and information system
CN112700152A (en) * 2021-01-06 2021-04-23 南方电网科学研究院有限责任公司 Hierarchical safe multi-party computing method and device based on Chinese remainder theorem
CN112700152B (en) * 2021-01-06 2023-04-28 南方电网科学研究院有限责任公司 Hierarchical security multiparty calculation method and device based on China remainder theorem

Similar Documents

Publication Publication Date Title
US20190294811A1 (en) System and a method for management of confidential data
Chung et al. A Study of Attribute-based Proxy Re-encryption Scheme in Cloud Environments.
CN105100083B (en) A kind of secret protection and support user&#39;s revocation based on encryption attribute method and system
Ramu et al. Fine-grained access control of EHRs in cloud using CP-ABE with user revocation
CN101707524B (en) Method for encrypting public key broadcasts with hierarchical relationship
Sumathi et al. A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography
US11870904B2 (en) Method for encrypting and decrypting data across domains based on privacy computing
Varsha et al. Using attribute-based encryption with advanced encryption standard for secure and scalable sharing of personal health records in cloud
Zhang et al. BCST-APTS: Blockchain and CP-ABE empowered data supervision, sharing, and privacy protection scheme for secure and trusted agricultural product traceability system
Takabi Privacy aware access control for data sharing in cloud computing environments
CN106330934A (en) Distributed database system authority management method and device
Liu et al. A blockchain-based secure cloud files sharing scheme with fine-grained access control
CN105743873A (en) Security system
Wang et al. Enabling privacy and leakage resistance for dynamic blockchain-based access control systems
CN113055164A (en) Cipher text strategy attribute encryption algorithm based on state cipher
CN114285636A (en) Alliance chain-based shared medical data proxy re-encryption system and method
Sabitha et al. Anonymous-cpabe: Privacy preserved content disclosure for data sharing in cloud
Nzanywayingoma et al. Securable personal health records using ciphertext policy attribute based encryption
Soltani et al. Data capsule: A self-contained data model as an access policy enforcement strategy
CN104811454B (en) A kind of access control method theoretical based on threshold cryptography
Bianchi et al. Intelligent conditional collaborative private data sharing
Celiktas et al. A Higher Level Security Protocol for Cloud Computing
Jian Research on Data Access Security Control Mechanism under Cloud Environment
Zhang et al. SV-DEMR: An Electronic Medical Record Data Sharing Scheme Based on Searchable and Verifiable Encryption via Consortium Blockchain
Dabhade et al. Data security in cloud using aggregate key and Diffie-Hellman algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160706