CN105743873A - Security system - Google Patents
Security system Download PDFInfo
- Publication number
- CN105743873A CN105743873A CN201510184289.1A CN201510184289A CN105743873A CN 105743873 A CN105743873 A CN 105743873A CN 201510184289 A CN201510184289 A CN 201510184289A CN 105743873 A CN105743873 A CN 105743873A
- Authority
- CN
- China
- Prior art keywords
- key
- aes
- security system
- document
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a security system. The security system comprises a management server and server nodes connected to the management server; the management server is use for generating an AES key, encrypting a file flowing into the security system by the using the AES key, encrypting the AES key by using an RSA key, saving a ciphertext and the RSA key and sending the ciphertext and the RSA key to the TPM security chip modules of the node servers; the node servers read authentication transferable keys in the TPM security chip modules, judge and decrypt the AES key and the RSA key according to respective management levels of the node servers, and open the file; and after the file is closed, the node servers generate and save a file, encrypt the file by using an RSA algorithm and encrypt the keys by using the TPM security chip modules. According to the security system provided by the invention, problems in confidentiality of files in a multi-level security system can be solved by adopting technologies such as TPM security chips and RRN algorithms, and the access of information such as files in the system can be controlled.
Description
Technical field
The present invention relates to the system of a kind of reliable computing technology application, in particular to a kind of security system.
Background technology
" multilevel security " (MultiLevelSecurity) is called for short MLS, is originally derived from the military field confidentiality demand to information.1970, the safety problem that the computer system of the W.H.Ware resource-sharing to accessing by all kinds of means causes has been studied, its main target is Multilevel Security Systems realization in a computer, in conjunction with actual national defense safety grade classification system, analyze the security threat that sensitive information in resource sharing system is likely to be subject to, it is proposed that solve the suggestion approach of computer security issue.
Level of security and on-demand known (need-to-know) authority are the important component in multilevel security problem, and basic multilevel security problem seeks to determine the sensitive information of certain scope having particular security levels and the individuality of known authority should be needed whether to be able to access that in given physical environment.Report that the design to computer safety system proposes two restrictive conditions:
(1) computer safety system must be consistent with the safety status classification structure of reality;
(2) computer safety system must be consistent with the manual security control procedure of reality.
Nineteen eighty-three, U.S. Department of Defense has issued first historically computer security evaluation criteria " Trusted Computer System Evaluation Criteria ", and computer security grade is divided into D, C, B, A tetra-class from low to high, altogether D, C1, C2, B1, B2, B3 and A1 seven grades.Its high-grade safe key character, it is simply that the pressure of multilvel security policy is realized.
The elementary object of multilevel security has two:
(1) control measure are set up, it is prevented that user accesses the information of its uncommitted high safety grade;
(2) prevent unauthorized user from reducing the safe class of information.
In the security management system of traditionally on paper file, all personnel and file all have different level of securitys, most typically confidential, confidential and top secret.Before being licensed and consulting classified document, it is necessary to its level of security is verified.The personnel of " secret " level can only authorize and consult " secret " level file, and " secret " and " top secret " level file does not then allow to consult.This requirement discloses the implication of " multistage ".
Multistage network use cryptographic means multiplex to prevent from wiretaping and implement multilevel security forced symmetric centralization etc..Encryption is most stringent of access control technology, it does not have the people of key can not actively know the content of encryption, and this provides another thinking for multilevel security.In hierarchical system, by control key, multilevel security target just can be realized.Then multilevel security problem just converts for the cipher key management considerations under rational algorithm.As far back as nineteen eighty-two, Akl and Taylor just proposes such thinking, hereafter has increasing expert to do exploration in the direction.But these schemes to realize cost often significantly high and very dumb.Such as, Akl and Taylor based on RSA system, the scheme that the key of child node can be derived by father node.If two nodes (such as certain ancestor node and certain descendent node) span multiple rank in the program, then ancestor node needs to travel through all intermediate nodes.For great institutions, this is clearly troublesome.If it addition, add new node in hierarchical organization, then the key of all superior nodes of this new node must regenerate.
In recent years, the cryptographic solution of multiple Multilevel Security Systems is proposed both at home and abroad.Minister in ancient times professor Si Han et al. proposes the distribution of shared key and session key under hierarchical conference and user adds and the change system of session key when leaving.This system utilizes end-to-end " from proving ", and authentication protocol carries out shared key distribution, and when the distribution of session key adds with user and leaves, the change of session key is dependent on the symmetric encipherment algorithm that amount of calculation is little.In other one section of paper, Liu Kelong et al. proposes the multilevel security key management system in Distributed Application then.This system adopts BLP model as multilevel security access control policy, utilizes Chinese remainder theorem, introduces " the master key factor ", " the secondary key factor ", " the write factor ", the shared information of structure session key.Ji Dongyao et al. proposes a kind of new dynamic access control scheme based on encryption key distribution.Method for distributing key therein is based on Rabin public key system and Chinese remainder theorem.In this scenario, in system, each user is endowed a security permission, the user with higher security permission can utilize oneself privately owned secret information and public information to derive the key of the user with relatively low security permission, and low rights user then can not derive the key of high authority user.The feature of this scheme is to add/delete a user from system and change user right and change user key all without changing whole system.The motility of such scheme has had and has been greatly improved, but the complexity of Project Realization is relatively big, and this multilevel security solution being also based on cryptographic technique seldom has the reason of practical application.
For overcoming the defect of such scheme, it is necessary to propose a kind of new multistage document security management system.
Summary of the invention
For overcoming above-mentioned the deficiencies in the prior art, the present invention provides a kind of security system.
Realizing the solution that above-mentioned purpose adopts is:
A kind of security system, described security system includes management server and the node server of difference connection management server;
Described management server, for producing and using AES key encryption to flow into the file of described security system, and uses RSA key to encrypt described AES key;Preserve and ciphertext and described RSA key be sent to the TPM safety chip module of each described node server;
Described node server, reads the transportable key of certification in described TPM safety chip module, judges to decipher described AES key and RSA key according to respective managerial class, opens described file;Produce and preserve document after closedown, use RSA Algorithm encrypt described document and use TPM safety chip module encryption key.
Preferably, described management server and described node server all include AES module and TPM safety chip module;
Described AES module, uses aes algorithm to produce AES key, encryption or deciphering and flows into the file of described inflow security system;
Described TPM safety chip module, uses RRN algorithm to produce RSA key, and described RSA key is appointed as the transportable key of certification, uses RSA key encryption or deciphers described AES key.
Preferably, described TPM safety chip module uses RRN algorithm to produce RSA key, comprises the following steps:
The described TPM all node servers of safety chip module walks, generate random number N ' for each described node serveri, N 'iIt it is the product of two prime numbers;
Prime number product N is calculated for each described node serveri=N 'iN′jN'k…N′l, wherein, the ancestor node of node j, k ..., l respectively node i;
RSA key is generated, including encryption key k for each described node serveri=(e, Ni) and decruption keyWherein, exponent e and each φ (N 'i) coprime, to each node liE identical, but diBut all differ, e*di≡1modφ(N′i)。
Preferably, described management server is described node server allocation level.
Preferably, described node server encrypts described document when generating and preserve document, including:
Use aes algorithm that document m is encrypted, generate ciphertextWherein, kaesFor the AES key that AES module generates;
TPM safety chip module uses RRN algorithm to generate key ki, use key kiTo key kaesEncryption, generates encryption keyJointly preserve with described ciphertext c.
Preferably, when described node server decodes the document of document or the generation received, including:
TPM chip module uses the private key of its storageDeciphering AES key, it is thus achieved that
Decrypting ciphertext c, it is thus achieved that expressly
Preferably, described node server i reads from its ancestor node server j document obtained, must according to itObtainFurther according to kaesDescribed document is deciphered.
Preferably, described management server is in off-line state all the time, the RSA key of each node server of safe storage.
Preferably, described node server sends document outside described security system, comprises the following steps:
Document to be sent is sent to described management server by described security node server, and described management server is to described document deciphering to be sent, and is sent to described security system by the document after deciphering.
Compared with prior art, the method have the advantages that
1, security system provided by the invention, utilizes the technology such as TPM safety chip, RRN algorithm to solve the privacy concerns of document in Multilevel Security Systems, it is ensured that in system, the message reference such as document is controlled.
2, security system provided by the invention, utilizes RRN algorithm that key is carried out encryption and decryption, it is achieved system documentation multi hierarchy security management.In not direct encryption and decryption storage data, improve the efficiency that system is run, can better be applicable to large-scale Multilevel Security Management System.
3, security system provided by the invention; management server is in off-line state all the time; preserve the RSA key of each node server safely; simultaneously; the built-in TPM safety chip of each node server; utilize the characteristic such as the high security of TPM safety chip, key migration, the generation of system key, storage, use etc., crucial encryption process are realized the protection of hardware level, reaches the requirement of forced symmetric centralization.
Accompanying drawing explanation
Fig. 1 is security system structure chart in the present invention;
Fig. 2 is the present embodiment middle grade structural representation.
Detailed description of the invention
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
The present invention provides a kind of security system, and this system utilizes the technology such as TPM safety chip, RRN algorithm to solve the privacy concerns of document in Multilevel Security Systems, it is ensured that in system, the message reference such as document is controlled, it is achieved the safety management of the document of multilevel hierarchy.
Explanation to multilevel hierarchy:
A, the organizational structure of a mechanism is expressed as paritially ordered set (l;<), l is the set of grade, < is each set waiting inter-stage dominance relation.Mutual relation includes situations below:
If 1. liAnd ljRelation be li<lj, it is called ljDominance strict li, liBy ljDominance strict.
If 2. liAnd ljRelation be li<ljAnd lj<li, it is called liAnd ljEqual, it is designated as li=lj。
If 3. liAnd ljRelation be li<lj, or li=lj, it is called liBy ljDomination, or ljDomination li, it is designated as li≤lj。
If 4. liAnd ljRelation be neither li≤ljNeither lj≤li, it is called liAnd ljNot comparable.
If 5. lx<lyAnd there is no other node lzMake lx<lz<ly, claim lyIt is lxFather node.If lx<ly, claim lxIt is lyDescendant nodes, lyIt is lxAncestor node.
Each l in B, hierarchical organizationiThere is pair of secret keys, be designated asWherein kiIt is liDefault encryption key,It is liDefault decruption key.
Actual demand according to multilevel security, utilizes kiCipher-text message after encryption should have the property that
If 1.It is liDecruption key, then this ciphertext can be byDeciphering.
If 2. lj>li,It is ljDecruption key, then this ciphertext can be byDeciphering.
If 3. lk<liOr lkWith liIt is not comparable,It is lkDecruption key, then this ciphertext can not be byDeciphering.
Security system provided by the invention includes management server PMC and the node server PC of difference connection management server.As it is shown in figure 1, Fig. 1 is security system structure chart in the present invention.
Management server, for the unique interface of this security system with extraneous document exchange.For generating the key of each node server, and by this key migration to each node server.
Management server, the module including completing following steps:
1, use aes algorithm that the file flowing into described security system is encrypted, generate AES key and ciphertext;
2, using RRN algorithm is that each node server generates RSA key, and described RSA key is appointed as the transportable key of certification is sent to the TPM safety chip module of each described node server;
3, AES key is encrypted by the RSA key further according to document destination node server;
4, RSA key and described ciphertext are stored jointly.
Management server and node server all include TPM safety chip module;Described TPM safety chip module is run RRN algorithm and is produced RSA key and deciphering RSA key.
TPM safety chip module is run RRN algorithm and is produced RSA key, comprises the following steps:
I, travel through all node servers, generate random number N ' for each described node serveri, N 'iIt it is the product of two prime numbers;
II, travel through described node server, calculate prime number for each described node server and seize the opportunity Ni=N 'iN'jN'k…N′l, wherein, the ancestor node of node j, k ..., l respectively node i;
III, each described node server generate RSA key, including encryption key ki=(e, Ni) and decruption keyWherein, exponent e and each φ (N 'i) coprime.To each li, e is identical, but diBut all differ.e*di≡1modφ(N′i)。
According to above-mentioned steps, double secret key as shown in table 1 below can be obtained;
All double secret key in table 1 Fig. 1
Node li | Encryption key | Decruption key | E and diRelation |
l1 | (e,N1=N '1) | (d1,N′1) | e*d1≡1modφ(N′1)⊥ |
l2 | (e,N2=N '1N'2) | (d2,N'2) | e*d2≡1modφ(N'2) |
l3 | (e,N3=N '1N′3) | (d3,N′3) | e*d3≡1modφ(N′3) |
l4 | (e,N4=N '1N'2N'4) | (d4,N'4) | e*d4≡1modφ(N'4) |
l5 | (e,N5=N '1N'2N′3N′5) | (d5,N′5) | e*d5≡1modφ(N′5) |
l6 | (e,N6=N '1N'2N'4N'6) | (d6,N'6) | e*d6≡1modφ(N'6) |
Node relationships is such as shown in Fig. 2 hierarchical organization schematic diagram, l1For ancestor node, l2And l3For l1Child node, is also l5Father node;l2For l4Father node, l4For l6Father node.
When on the basis knowing above-mentioned hierarchical organization and key, if liWhen wishing encryption message m, then can calculate ciphertext:
C=memodNi(1)
If ljIt is liAncestor node, work as ljWhen wishing deciphering message m, then can calculate expressly:
TPM chip will generate RSA key, and this RSA key is meet the transportable key of the certification (CMK) of RRN algorithm, and is moved on the TPM safety chip of each node server.The transportable key of certification is a kind of transportable, allows also to the key proved, has higher safety when managing and migrating between server and node server, it is ensured that user cannot maliciously reveal RSA key.
Node server, is mainly used in reading, preserving document and encryption, decrypted document.
Node server, the module including completing following steps:
1, ciphertext and RSA key are received;
2, judge to decipher described AES key and RSA key according to respective managerial class, open described file;
3, produce and preserve document after closing, use RSA Algorithm encrypt described document and use TPM safety chip module encryption key.
The generation of node server, to read document process as follows:
I, node server, when generating and preserving document m, utilize aes algorithm that m is forced encryption, generate ciphertext
TPM safety chip module uses RRN algorithm to produce key ki, key kaesBy key kiEncryption generates encryption keyWith ciphertext Preserve together;
II, node server, when opening the document of storage, utilize the private key of storage in TPM safety chipCalculate and obtain AES keyUse AES key decrypting ciphertext c, it is thus achieved that expressly
If node server i reads from its ancestor node server j document obtained, it is necessary to utilize itObtainFurther according to kaesDescribed document is deciphered.
And when document is closed, by AES key new for stochastic generation, utilize the file encryption that this double secret key has been opened, utilize k simultaneouslyjTo new AES key encryption.
By document from node server i copy its ancestor node to outside other nodes time, owing to the decruption key of node server can not be deciphered by kiThe AES key of encryption, therefore the content of the document will not be learned, and achieves the confidentiality target in hierarchical system thereby through coercive methods.
In this security system, management server is in off-line state all the time, the RSA key of each node server of safe storage.The TPM safety chip run on the management server, generates the transportable key of the certification (CMK) meeting RRN algorithm, it is possible to avoid TPM safety chip to directly generate the shortcoming that RSA key cannot meet RRN algorithm requirement.
The built-in TPM safety chip of each node server PC, obtains the RSA public affairs, the private key that distribute for it from management server
Finally should be noted that: above example is merely to illustrate the technical scheme of the application but not the restriction to its protection domain; although with reference to above-described embodiment to present application has been detailed description; those of ordinary skill in the field are it is understood that the detailed description of the invention of application still can be carried out all changes, amendment or equivalent replacement by those skilled in the art after reading the application; but these change, revise or equivalent replacement, all within the claims that application is awaited the reply.
Claims (9)
1. a security system, it is characterised in that: described security system includes management server and the node server of difference connection management server;
Described management server, for producing and using AES key encryption to flow into the file of described security system, and uses RSA key to encrypt described AES key;Preserve and ciphertext and described RSA key be sent to the TPM safety chip module of each described node server;
Described node server, reads the transportable key of certification in described TPM safety chip module, judges to decipher described AES key and RSA key according to respective managerial class, opens described file;Produce and preserve document after closedown, use RSA Algorithm encrypt described document and use TPM safety chip module encryption key.
2. a kind of security system as claimed in claim 1, it is characterised in that: described management server and described node server all include AES module and TPM safety chip module;
Described AES module, uses aes algorithm to produce AES key, encryption or deciphering and flows into the file of described inflow security system;
Described TPM safety chip module, uses RRN algorithm to produce RSA key, and described RSA key is appointed as the transportable key of certification, uses RSA key encryption or deciphers described AES key.
3. a kind of security system as claimed in claim 2, it is characterised in that: described TPM safety chip module uses RRN algorithm to produce RSA key, comprises the following steps:
The described TPM all node servers of safety chip module walks, generate random number N ' for each described node serveri, N 'iIt it is the product of two prime numbers;
Prime number product N is calculated for each described node serveri=N 'iN'jN'k…N′l, wherein, the ancestor node of node j, k ..., l respectively node i;
RSA key is generated, including encryption key k for each described node serveri=(e, Ni) and decruption keyWherein, exponent e and each φ (N 'i) coprime, to each node liE identical, but diBut all differ, e*di≡1modφ(N′i)。
4. a kind of security system as claimed in claim 1, it is characterised in that: described management server is described node server allocation level.
5. a kind of security system as claimed in claim 1, it is characterised in that: described node server encrypts described document when generating and preserve document, including:
Use aes algorithm that document m is encrypted, generate ciphertextWherein, kaesFor the AES key that AES module generates;
TPM safety chip module uses RRN algorithm to generate key ki, use key kiTo key kaesEncryption, generates encryption keyJointly preserve with described ciphertext c.
6. a kind of security system as claimed in claim 1, it is characterised in that: when described node server decodes the document of document or the generation received, including:
TPM chip module uses the private key of its storageDeciphering AES key, it is thus achieved that
Decrypting ciphertext c, it is thus achieved that expressly
7. a kind of security system as claimed in claim 1, it is characterised in that: described node server i reads from its ancestor node server j document obtained, must according to itObtainFurther according to kaesDescribed document is deciphered.
8. a kind of security system as claimed in claim 1, it is characterised in that: described management server is in off-line state all the time, the RSA key of each node server of safe storage.
9. a kind of security system as claimed in claim 1, it is characterised in that: described node server sends document outside described security system, comprises the following steps:
Document to be sent is sent to described management server by described security node server, and described management server is to described document deciphering to be sent, and is sent to described security system by the document after deciphering.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510184289.1A CN105743873A (en) | 2015-04-17 | 2015-04-17 | Security system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510184289.1A CN105743873A (en) | 2015-04-17 | 2015-04-17 | Security system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105743873A true CN105743873A (en) | 2016-07-06 |
Family
ID=56295928
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510184289.1A Pending CN105743873A (en) | 2015-04-17 | 2015-04-17 | Security system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105743873A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106230584A (en) * | 2016-07-21 | 2016-12-14 | 北京可信华泰信息技术有限公司 | A kind of key migration method of credible platform control module |
CN109921902A (en) * | 2019-03-22 | 2019-06-21 | 阿里巴巴集团控股有限公司 | A kind of key management method, safety chip, service server and information system |
CN112700152A (en) * | 2021-01-06 | 2021-04-23 | 南方电网科学研究院有限责任公司 | Hierarchical safe multi-party computing method and device based on Chinese remainder theorem |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030138105A1 (en) * | 2002-01-18 | 2003-07-24 | International Business Machines Corporation | Storing keys in a cryptology device |
CN1598794A (en) * | 2003-09-19 | 2005-03-23 | 联想(北京)有限公司 | Computer terminal safety system based on safety chip |
CN101136744A (en) * | 2006-08-29 | 2008-03-05 | 联想(北京)有限公司 | Method and system for safe reading download data |
CN103516728A (en) * | 2013-10-14 | 2014-01-15 | 武汉大学 | Mirror image encryption and decryption method for preventing cloud platform virtual machine illegal starting |
-
2015
- 2015-04-17 CN CN201510184289.1A patent/CN105743873A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030138105A1 (en) * | 2002-01-18 | 2003-07-24 | International Business Machines Corporation | Storing keys in a cryptology device |
CN1598794A (en) * | 2003-09-19 | 2005-03-23 | 联想(北京)有限公司 | Computer terminal safety system based on safety chip |
CN101136744A (en) * | 2006-08-29 | 2008-03-05 | 联想(北京)有限公司 | Method and system for safe reading download data |
CN103516728A (en) * | 2013-10-14 | 2014-01-15 | 武汉大学 | Mirror image encryption and decryption method for preventing cloud platform virtual machine illegal starting |
Non-Patent Citations (4)
Title |
---|
XIAO-DONG ZUO等: "A New Approach to Multilevel Security Based on Trusted Computing Platform", 《ICMLC》 * |
周全书: "一种新的面向组的等级系统密钥管理方法", 《浙江理工大学学报》 * |
夏瑞学: "密钥生成与管理系统", 《软件技术》 * |
汤伟等: "基于可信平台的多级安全访问控制模型研究", 《学术研究》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106230584A (en) * | 2016-07-21 | 2016-12-14 | 北京可信华泰信息技术有限公司 | A kind of key migration method of credible platform control module |
CN106230584B (en) * | 2016-07-21 | 2019-09-03 | 北京可信华泰信息技术有限公司 | A kind of key migration method of credible platform control module |
CN109921902A (en) * | 2019-03-22 | 2019-06-21 | 阿里巴巴集团控股有限公司 | A kind of key management method, safety chip, service server and information system |
WO2020192285A1 (en) * | 2019-03-22 | 2020-10-01 | 阿里巴巴集团控股有限公司 | Key management method, security chip, service server and information system |
CN109921902B (en) * | 2019-03-22 | 2020-10-23 | 创新先进技术有限公司 | Key management method, security chip, service server and information system |
TWI724555B (en) * | 2019-03-22 | 2021-04-11 | 開曼群島商創新先進技術有限公司 | Key management method, security chip, business server and information system |
US11240008B2 (en) | 2019-03-22 | 2022-02-01 | Advanced New Technologies Co., Ltd. | Key management method, security chip, service server and information system |
CN112700152A (en) * | 2021-01-06 | 2021-04-23 | 南方电网科学研究院有限责任公司 | Hierarchical safe multi-party computing method and device based on Chinese remainder theorem |
CN112700152B (en) * | 2021-01-06 | 2023-04-28 | 南方电网科学研究院有限责任公司 | Hierarchical security multiparty calculation method and device based on China remainder theorem |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20190294811A1 (en) | System and a method for management of confidential data | |
Chung et al. | A Study of Attribute-based Proxy Re-encryption Scheme in Cloud Environments. | |
CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
Ramu et al. | Fine-grained access control of EHRs in cloud using CP-ABE with user revocation | |
CN101707524B (en) | Method for encrypting public key broadcasts with hierarchical relationship | |
Sumathi et al. | A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography | |
US11870904B2 (en) | Method for encrypting and decrypting data across domains based on privacy computing | |
Varsha et al. | Using attribute-based encryption with advanced encryption standard for secure and scalable sharing of personal health records in cloud | |
Zhang et al. | BCST-APTS: Blockchain and CP-ABE empowered data supervision, sharing, and privacy protection scheme for secure and trusted agricultural product traceability system | |
Takabi | Privacy aware access control for data sharing in cloud computing environments | |
CN106330934A (en) | Distributed database system authority management method and device | |
Liu et al. | A blockchain-based secure cloud files sharing scheme with fine-grained access control | |
CN105743873A (en) | Security system | |
Wang et al. | Enabling privacy and leakage resistance for dynamic blockchain-based access control systems | |
CN113055164A (en) | Cipher text strategy attribute encryption algorithm based on state cipher | |
CN114285636A (en) | Alliance chain-based shared medical data proxy re-encryption system and method | |
Sabitha et al. | Anonymous-cpabe: Privacy preserved content disclosure for data sharing in cloud | |
Nzanywayingoma et al. | Securable personal health records using ciphertext policy attribute based encryption | |
Soltani et al. | Data capsule: A self-contained data model as an access policy enforcement strategy | |
CN104811454B (en) | A kind of access control method theoretical based on threshold cryptography | |
Bianchi et al. | Intelligent conditional collaborative private data sharing | |
Celiktas et al. | A Higher Level Security Protocol for Cloud Computing | |
Jian | Research on Data Access Security Control Mechanism under Cloud Environment | |
Zhang et al. | SV-DEMR: An Electronic Medical Record Data Sharing Scheme Based on Searchable and Verifiable Encryption via Consortium Blockchain | |
Dabhade et al. | Data security in cloud using aggregate key and Diffie-Hellman algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160706 |