CN109819323A - A kind of video content access method in mixing cloud system - Google Patents
A kind of video content access method in mixing cloud system Download PDFInfo
- Publication number
- CN109819323A CN109819323A CN201910067370.XA CN201910067370A CN109819323A CN 109819323 A CN109819323 A CN 109819323A CN 201910067370 A CN201910067370 A CN 201910067370A CN 109819323 A CN109819323 A CN 109819323A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- attribute
- video content
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000010276 construction Methods 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 238000013517 stratification Methods 0.000 abstract description 3
- 239000000463 material Substances 0.000 description 10
- 238000004519 manufacturing process Methods 0.000 description 8
- GVVPGTZRZFNKDS-JXMROGBWSA-N geranyl diphosphate Chemical compound CC(C)=CCC\C(C)=C\CO[P@](O)(=O)OP(O)(O)=O GVVPGTZRZFNKDS-JXMROGBWSA-N 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 4
- 238000012550 audit Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000001314 paroxysmal effect Effects 0.000 description 3
- 238000013138 pruning Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 235000019580 granularity Nutrition 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the present invention provides a kind of video content access method mixed in cloud system, comprising: based on access strategy, time, global common parameter and public key, encrypts to video content, obtains encrypted cipher text, and upload to publicly-owned cloud;In the starting point of each period, attribute authority (aa) server runs whole attributes in Attribute domain, it is handled by State Tree, update list, global common parameter and the main private key to time, attribute, obtains and update code key, the update code key is sent to the publicly-owned cloud;The user for accessing video content downloads the update code key from the publicly-owned cloud, by the update code key in conjunction with the private key of the attribute of the user collaboration unit, obtains decryption code key relevant to the time and attribute;The encrypted cipher text is decrypted, to access video content.The process employs based on when variable factor stratification dynamic access structure, prevent the access of illegal user.
Description
Technical field
The present invention relates to the video content access sides in access to content technical field more particularly to a kind of mixing cloud system
Method.
Background technique
Motion picture film stock material is after the completion of shooting, it is also necessary to which numerous cooperation unit's collaboration progress editings, special efficacy, three-dimensional are built
Mould, dub, the post-production such as subtitle could be formed and be shown in flakes.Each cooperation unit only possesses the original element of access of specific time
The permission of material cannot be again after editing if editing company only possesses the access authority in the editing stage to material data
Access data.It is made for the ease of being distributed in the collaboration that post-production unit mostly is carried out to film both at home and abroad, it is contemplated that electricity
Shadow content safety and existing infrastructure situation, using the film making industry cloud mode that private clound and public cloud combine come
Realize that the cross-region of film cooperates with production.Since the private clound scale of construction is small, coverage is limited, part film raw data and correlation
Private data is made by the post-production company of various regions beyond the clouds again after needing to be uploaded to public cloud, and movie contents are right safely
Film is most important, it is therefore necessary to take measures to be effectively ensured the safety of raw data and data in public cloud.
A Fang Shangchuan, multi-party visit are had a characteristic that based on the public cloud cinematic data in film making industry cloud mode
It asks, and accessing, there are two attributes of time and visitor's identity to limit, therefore it is one-to-many that data model, which can simplify,.And it is traditional
Public key cryptography scheme such as RSA, cannot effectively meet the control of fine-grained permission, and do not have decryption time and constrain, therefore mention
It is current industry project urgently to be resolved for a kind of access method of secure access film source material based on more granularities.
Therefore according to the handling characteristics of privately owned cloud platform and public cloud end data in film making industry cloud, this method is based on
ABE encryption attribute increases time slot point attribute using user identity as attribute, and voidable layering is used on cipher mode
Encipherment scheme.
Summary of the invention
On the one hand, the embodiment of the present invention provides a kind of video content access method mixed in cloud system, by user identity
The secure access of video content is realized using the cipher mode based on attribute as attribute with access time.
On the other hand, the embodiment of the present invention provides a kind of revocable encryption method for mixing video content in cloud system, when
When accessing the user log off of video content, meet the content-encrypt in the case of nullifying.
The embodiment of the invention provides the video content access method in a kind of mixing cloud system, the mixing cloud system packets
Include public cloud and private clound, comprising:
Mixed cloud system initialization described in S1 obtains global common parameter;
S2 initializes the attribute authority (aa) server in private clound, inputs the global common parameter and attribute always collects
It closes, obtains public key corresponding with the attribute authority (aa) server and main private key, wherein the attribute is the identity information of user;
S3 is based on access strategy, time, global common parameter and public key, encrypts to video content, it is close to obtain encryption
Text, and upload to publicly-owned cloud;
S4 is public to attribute authority (aa) server input user collaboration unit-ID, attribute, the State Tree of attribute, the whole world
Parameter and main private key generate the private key of the attribute about user collaboration unit;
Starting point of the S5 in each period, the attribute authority (aa) server runs whole attributes in Attribute domain, by right
Time, the State Tree of attribute, update list, global common parameter and main private key are handled, and are obtained and are updated code key, by described in more
New code key is sent to the publicly-owned cloud;
The user that S6 accesses video content downloads the update code key from the publicly-owned cloud, by the update code key and institute
The private key for stating the attribute of user collaboration unit combines, and obtains decryption code key relevant to the time and attribute;
The user that video content is accessed described in S7 inputs global common parameter, public key and the decryption in the publicly-owned cloud
The encrypted cipher text is decrypted in code key, to access video content.
On the other hand, the embodiment of the invention provides it is a kind of mixing cloud system in video content revocable encryption method,
The mixing cloud system includes public cloud and private clound, comprising:
S8 inputs security parameter to mixing cloud system, and the mixing cloud system is initialized, and exports open parameter, described
Open parameter includes the public key and main private key of system;
S9 public cloud storage center discloses all property sets, the private clound generating portion key, and video content possesses
Person randomly chooses number and is used as private key, calculates the public key of private clound, private clound authentication center input all property sets, random number and
The open parameter in part, obtains the main private key and public key of private clound authentication center, wherein the attribute is the use for accessing video content
The identity information at family;
The user of S10 access video content registers in the private clound, obtains the part of key and the property set of user,
The property set of the part of key and user is sent to the private clound authentication center, the private clound authentication center generates institute
State the unique identification and private key for user of user;
Shared data and access strategy are inputted the mixing cloud system by the owner of video content described in S11, generate view
The encrypted cipher text of frequency content;
The user of access video content is based on the property set of the user, private key for user to the encrypted cipher text described in S12
It is decrypted, if the property set of the user meets access strategy, encrypted cipher text is decrypted, if being unsatisfactory for the access
It is tactful then decrypt and fail;
S13 updates the encrypted cipher text when accessing the user log off of video content, and user is private by the user
Key updates.
Video content access method in mixing cloud system provided in an embodiment of the present invention, public cloud and private clound pass respectively
Defeated part of key, user, which integrates two-part key, can just be decrypted correctly file, and potential attacker intercepts and captures any portion key
It all fail to decrypt correctly information.In addition, the process employs based on when variable factor stratification dynamic access structure, each period
When beginning, variable factor when private clound and public cloud are updated to legitimate user, variable factor is obtained with attribute key when legitimate user combines
The access authority in the period is obtained, the access of illegal user in order to prevent sets the announcement time of variable factor when in the period,
This method adds random parameter in code key simultaneously, prevents the new user in next period from accessing the content in the period.In this method
On the basis of, present invention employs voidable layered encryption scheme, interim revocation function is realized, it is paroxysmal non-to cope with
Method access.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, embodiment will be described below
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is some realities of the invention
Example is applied, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the video content access method flow chart in present invention mixing cloud system;
Fig. 2 is the encrypting and decrypting illustraton of model in present invention mixing cloud system;
Fig. 3 is the revocable encryption method flow chart of video content in present invention mixing cloud system;
Fig. 4 is the mixed cloud system diagram in the revocable encryption method of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fuzzy Identity based encryption (Fuzzy identity-based is also known as based on encryption attribute (ABE)
Encryption), using attribute as public key, ciphertext and private key are associated with user, can flexible access control policy.It sets in advance
Threshold value is set, can be decrypted when the attribute of the attribute of user and ciphertext is identical is greater than pre-set threshold value.Such as certain file
Cryptographic attributes collection be combined into { lecturer, University of Post and Telecommunication, Information and Communication Engineering institute }, if the attribute set of user A be student,
University of Post and Telecommunication, Institute Of Electrical Engineering }, the attribute set of user B is { lecturer, University of Post and Telecommunication, Wang An institute }.User A and file
Attribute intersection is 1, and the attribute intersection of user B and file is 2.So if threshold value is set as 2, only user B can be decrypted;Such as
Fruit threshold value is set as 3, and both sides can not decrypt.
The identity information of attribute described herein, as user and participant.Such as in cooperation unit, it is divided at video
Reason, audio processing, and in video processing, it is divided into special effect making, image is reinforced, and video clipping etc., these can also be carried out
More careful division, final inseparable part is as essential attribute.
ABE encryption and decryption processes generally include following four step:
SetUp: claiming system initialisation phase, and input system security parameter generates corresponding public key (PK) and system
Master key (MK).
KeyGen: claiming key generation phase, and decrypted user submits the attribute of oneself to system, obtains the associated use of attribute
Family key (SK), attribute authority (aa) mechanism AA issue the Attribute certificate that user possesses
Enc: claiming encrypting stage, and data owner encrypts data to obtain ciphertext (CT), and be sent to user or
It is sent in public cloud, and in access control structure.
Dec: claiming decryption phase, and decrypted user obtains ciphertext, is decrypted with the key SK of oneself, obtains the interior of access
Hold.
Cloud is accessed in order to meet specific user in specific time, and can be with ciphertext data, handle in the embodiment of the present invention
Time is added to above-mentioned KeyGen, Enc stage.The time is divided into each small fragment in systems, between each time slice
There is no intersection and combine not lose the integrality of time.
Symbol used in the embodiment of the present invention is expressed as follows:
M: cleartext information
X: single attribute
Ud: attribute total collection
A: access strategy
AA: property rights server
Te: time slice
CT (A, te): encrypted cipher text related with access strategy and time
More new key of UKx, t: the attribute x in current slot
The private key of the attribute x of SKgid, x: user gid
PKd: the public key of property rights server initiation
MSKd: main private key
STx: State Tree, a binary tree, for recording the user that those once possessed x attribute, as new user
When having x attribute, STx updates
ULx, t: list is updated, if the attribute of any user is revoked or is authorized again, UL be will be updated
Gid: a certain cooperation unit
GPP: global common parameter
Fig. 1 shows the flow chart of the video content access method in mixing cloud system provided in an embodiment of the present invention.
As shown in Figure 1, the video content access method in mixing cloud system provided in an embodiment of the present invention includes:
S1 mixed cloud system initialization obtains global common parameter GPP;
S2 initializes the attribute authority (aa) server A A in private clound, inputs the whole world common parameter GPP and category
Property total collection Ud, obtain public key PKd and main private key MSKd corresponding with the attribute authority (aa) server A A;
S3 is based on access strategy A, time Te, whole world common parameter GPP and public key PKd, encrypts, obtains to video content
Encrypted cipher text CT is obtained, and uploads to publicly-owned cloud;
S4 inputs user gid, attribute x, the State Tree STx of attribute x, global common parameter to attribute authority (aa) server A A
GPP and main private key MSKd generates the private key SKgid, x of the attribute x about user gid;
Starting point of the S5 in each period, the attribute authority (aa) server A A run whole attributes in Attribute domain, pass through
State Tree STx, update list ULx to time Te, attribute, t, whole world common parameter GPP and main private key MSKd are handled, are obtained
Code key UKx, t must be updated, by the update code key UKx, t is sent to publicly-owned cloud;
The user that S6 accesses video content downloads from publicly-owned cloud updates code key UKx, t, will update code key UKx, t and user
Private key SKgid, the x combination of the attribute of cooperation unit, obtains decryption code key DKgid, x, t relevant to the time and attribute;
The user that S7 accesses video content inputs whole world common parameter GPP, public key PKd in publicly-owned cloud and the decryption is secret
The encrypted cipher text CT is decrypted in key DKgid, x, t, to access video content M.
Video content access method in mixing cloud system provided in an embodiment of the present invention, public cloud and private clound pass respectively
Defeated part of key, user, which integrates two-part key, can just be decrypted correctly file, and potential attacker intercepts and captures any portion key
It all fail to decrypt correctly information.In addition, the process employs based on when variable factor stratification dynamic access structure, each period
When beginning, variable factor when private clound and public cloud are updated to legitimate user, variable factor is obtained with attribute key when legitimate user combines
The access authority in the period is obtained, the access of illegal user in order to prevent sets the announcement time of variable factor when in the period,
This method adds random parameter in code key simultaneously, prevents the new user in next period from accessing the content in the period.
Fig. 2 shows the encrypting and decrypting illustratons of model of the mixing cloud system in the embodiment of the present invention.From figure 2 it can be seen that
Information is mutually transmitted by Cloud Server in the uploader of film source material and the cooperation unit of film shooting.In access film source material
In the process, the various parameters such as key are constantly transmitted.The film source material that uploader uploads is led in embodiments of the present invention
Following formula is crossed to be encrypted:
Also, it is decrypted in decrypting process using following formula:
Ki=Dec (CT(A,te){SKgid,x},{UKx,t}),Dec(C,ki)。
In the following, verifying the time algorithm based on ABE attribute by film distribution process.In the production of film video,
Be broadly divided into: video clipping, audio clips, interlude are dubbed in background music, and video/audio is simplified, the audit of production side, perfect according to suggestion for revision,
Distribution in flakes.Compare the process of film distributor, the processing attribute of available whole movie.
Attribute: videocut, soundcut, mp3goingon, videocut finely, check, perfect,
publish,download,display,write}
All properties can upload during attribute authority (aa) server A A is initialized.
Time point: { 1,2,3,4,5,6,7 ... ... } is set
All users for participating in film makings are as follows: { editing employee 1, musician 1, editing employee 2, and editing is dubbed in background music management 1, system
Piece side, publisher }
Each user has certain property rights, such as:
Editing employee 1, editing employee 2:videocut, soundcut, videocut finely, download,
display}
{ musician 1:mp3goingon, download, display }
{ editing, which is dubbed in background music, manages 1:download, display, write }
{ film-maker: download, display }
{ film-maker: download, display, publish }
Film making process corresponds to corresponding time point:
Video clipping -> 1,
Audio clips -> 2,
Interlude dubs in background music -> 3
Video/audio fine pruning -> 4
Production side's audit -> 5
Video clipping -> 6,
Audio clips -> 7,
Interlude dubs in background music -> 8
Video/audio fine pruning -> 9
Distribution -> 10 in flakes
Attribute authority (aa) server A A:
Shooting side AA1: video clipping, audio clips, interlude dub in background music, video/audio fine pruning
Film-making and publisher AA2: the audit of production side, in flakes distribution
……………
Attribute authority (aa) server A Ad.
By taking the corresponding video clipping of time point 1 as an example:
Step 1: system initialization, obtains relevant parameter.
Step 2: attribute authority (aa) server (the AA server in private clound) initializes all attributes, each Attribute Weight
The corresponding attribute of prestige server initiation, and obtain public key PKd.
Step 3: being based on access strategy A, the combination of time slot 1 and public key PKd are encrypted to obtain to cinematic data
Encrypted cipher text CT uploads to public cloud by data owner's (private clound).
Step 4: video clipping employee uploads the identity about oneself to each attribute authority (aa) server in time slot 1
The private key SKgid, x issued with the association attributes of oneself, available attribute authority (aa) server.
Step 5: all attribute authority (aa) server A A run all attributes simultaneously in time slot 1, a system is run
Column parameter obtains the update code key UKxt with relating to parameters such as time slot 1 and attributes, and update code key is uploaded to public cloud
End.
Step 6: the employee of video clipping editing at this time wants to obtain the cinematic data in public cloud, publicly-owned cloud is downloaded more
Authoritative institution is issued the private key SKgid, x of oneself and more new key combines by existing program by new key UKxt,
Available decruption key DKgid, x, t.This decruption key and time, video clipping user, the attribute that video clipping has is all
It is related.
Step 7: video clipping user downloads ciphertext CT, the visit in attribute and CT that video clipping has from publicly-owned cloud
Ask that strategy meets.Relevant time slot 1 time slot relevant with obtained decryption code key meets in CT, is to meet time and category
The Dual Matching of property, has and double requirements that only video clipping employee can satisfy time and attribute.Therefore it can decrypt close
Text not will cause the leakage of data, and then data processing.
Step 8: future time slot point 2 is audio clips after video clipping employee has been handled, similarly, when and only
Audio processing employee can be decrypted correctly CT.
Fig. 3 shows the process of the revocable encryption method of video content in mixing cloud system provided in an embodiment of the present invention
Figure.
On the basis of video content access method provided in an embodiment of the present invention, voidable layered encryption side is used
Case, to cope with paroxysmal unauthorized access.As shown in figure 3, the revocable encryption method for mixing video content in cloud system
Include:
S8 inputs 1 λ of security parameter to mixing cloud system, and the mixing cloud system is initialized, and exports open parameter
Parames, including public key pk and main private key msk.
S9 public cloud storage center Pub-CSP discloses all property set Ω, the private clound generating portion key k, video
The owner D random selection number γ of content calculates the public key of private clound pri-CSP, private clound authentication center AC is defeated as private key
Enter all property set Ω, random number α and the open parameter params in part, obtain private clound authentication center AC main private key msk and
Public key pk, wherein the attribute is the identity information for accessing the user of video content.
The user U of S10 access video content is registered at the private clound pri-CSP, obtains the part of key k and use
The property set w={ l1, l2 ..., lm } of family U transmits the property set w={ l1, l2 ..., lm } of the part of key k and user
The unique identification u and private key for user of the user is generated to the private clound authentication center AC, the private clound authentication center AC
sku。
Shared data m and access strategy T is inputted the mixing cloud system by the owner D of video content described in S11, is generated
The encrypted cipher text CT of video content, is denoted as: CT ← Encrypt (m, T).
The user U of access video content is based on the property set w of the user, private key for user sku to the encryption described in S12
Ciphertext CT is decrypted, if the property set w of the user meets access strategy T, encrypted cipher text CT is decrypted, otherwise loses
It loses, is denoted as: m/ ⊥ ← Decryt (CT, sku,T,w)。
S13 updates the encrypted cipher text CT, and user is by the use when the user U for accessing video content is nullified
Family private key skuIt updates.
The revocable encryption method of video content, realizes interim revocation in mixing cloud system provided in an embodiment of the present invention
Function, to cope with paroxysmal unauthorized access.
Fig. 4 shows mixed cloud system diagram involved in revocable encryption method.Figure 4, it is seen that private clound
The owner of authentication center and film source material, the user for accessing film source material carry out the transmission of key.The owner of film source material
With the voidable part of key k of privately owned cloud server share, and encrypted cipher text CT is transmitted in privately owned cloud and publicly-owned cloud, is visited
Ask user from publicly-owned cloud download access content.
In embodiments of the present invention, voidable encryption method can be further constructed in the following way.
System initialization algorithm: corresponding rank is greater than 1 λ, and AC is that D selects random number α, beta, gamma ∈ Zp.Output pk is calculated,
Msk and part of key k, discloses pk to system.The collection of attribute wi value is combined into Fi={ vi1,vi2,…,vini, vin is to belong to
Property value element, ni be Fi rank.
According to disclosed attribute set Ω={ L1,L2,...,Ln, access strategy T is set, allows to meet access strategy
User U can be read and stored in the ciphertext of Pub-CSP.
Pk={ G0, g, h=gβ, h '=gγ, h "=g1/γ, e (g, g)α}
Msk=(gα, beta, gamma }
In formula, G0For elliptic curve group, g is its generation member, and e (g, g) is GT groups of generation members, and h is one of public key
Point.
Key schedule: U submits identity ID and w to pri-CSP, the random generating portion key k ∈ Zp (Zp of pri-CSP
Indicate the Galois Field of mould prime number p), and shared between user and private clound, pri-CSP part of key k passes through safe lane
It is sent to user U.
User U is registered in pri-CSP: user according to Pub-CSP disclosed in property set Ω generate oneself property setAnd r ∈ Zp (r is random number, some corresponding user) is randomly choosed for user,
For each attribute j ∈ w, r is selectedj∈ Zp finally generates the private key sku of user u, calculates the random value of each attribute value,It calculatesB indicates random number, some category of corresponding user
Property.
User U generates private key in the AC application of private clound authentication center: user is oneself property set(g1/γ)k=gk/γIssue AC, applications management key.Randomly choose u ∈ Zp
For user's unique identification, parameter lambda is randomly selectedj∈Zp(1≤j≤n)。
Encryption Algorithm: using the attribute of access strategy as leaf node, thresholding constructs data owner D as intermediate node
T, then D randomly chooses s ∈ ZpAssignment root node (s is to be reduced key, is used for encryption layered key), label root is to have marked
Note, other child nodes are unmarked.
D encrypts shared data, using symmetric encipherment algorithm, is randomly generated key m={ m1, m2 ..., mk }, will
They are encrypted.Construction class tree first, corresponding selection random number w1, w2..., wk∈Zp, calculate
In formula, C indicates that hierarchical encryption m passes through s and private key encryption;
To some node (x, y), D calculates corresponding C (x, y) and C ' (x, y):
In formula, q representative polynomial, for distributing key and going back original cipher key, H is public key a part, and C (x, y) indicates root section
Point value;
The child node threshold set TN-CT (x, y) of transmission node set X and X, D are calculated:
D encrypts layering ciphertext according to attribute node,
Finally, D exports result ciphertext CT:
CT is transferred to pri-CSP by overt channel by D.
Decipherment algorithm: user U decrypts CT, chooses minimal attribute set w*, calculates by the following method:
S=e (C1, D1)
In formula, E, F, O are multinomials by Lagrange's interpolation also original cipher key, and S is an intermediate result, and X indicates layering
Each height in centre generated is encrypted as a result, OES is O*E*S operation expression.
Decrypting process unfolding calculation:
This makes it possible to decrypt layering ciphertext:Then further divided again
Layer decryption.
This algorithm needs to decrypt ciphertext in conjunction with public key pku and private key skuRecursive operation DecrytNode (CT, sk are defined firstu, (x, y)):
If a) (x, y) is leaf node, setting i=att (x, y) (i.e. the result that att (x, y) is generated is assigned to i) is fixed
Adopted DecrytNode (CT, sku, (x, y)) are as follows:
If i ∈ w, function DecrytNode (CT, sku, (x, y)) and=null
IfFunction is calculated in the following way:
In formula, i is corresponding x, the attribute value of y.
If b) (x, y) is non-leaf nodes, function is defined as, and to all child node z of the node, is returned
DecrytNode(CT,sku, (x, y), z), it stores the output Fz of the value: setting the child node that w (x, y) is any k (x, y) size
Set, recursive function calculate are as follows:
If set w (x, y) is not present: output null
If set w (x, y) exists: wherein w '(x,y)={ index (z): z ∈ w(x,y), i=index (z) calculates function
Process are as follows:
For all properties set w that access strategy T, U possess, can be obtained by recursive calculation:
And corresponding layering ciphertext can be calculated by Ai:
The numerical value of authorization mechanism node can be calculated using ciphertext transmission node value followed by hierarchy node, thus
Following F(i+1),j,...,Fk,jIt can be calculated.Corresponding calculating process are as follows:
The layered contents of these last hierarchy nodes can be calculated by following:
User cancels algorithm: when user log off, by being directly updated to ciphertext, so that it may relevant Content Revocation
Again it changes.Pri-CSP will more new key k ', be transferred to non-logging off users,
User can voluntarily update private key,
Voidable cipher key scheme is to be issued by AA mechanism and attribute base encipherment scheme keeps certain independence.When
When needing to cancel, AA mechanism issues a more new key again, without changing entire ciphertext.And the encryption of attribute base is two
Layer structure, it is first video information symmetric key encryption, then the symmetric key is encrypted using attribute base encipherment scheme, it is real
Existing public cloud and private clound combine the scheme of management multimedia video.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (8)
1. the video content access method in a kind of mixing cloud system, the mixing cloud system includes public cloud and private clound,
It is characterized in that, comprising:
Mixed cloud system initialization described in S1 obtains global common parameter;
S2 initializes the attribute authority (aa) server in private clound, inputs the global common parameter and attribute total collection,
Public key corresponding with the attribute authority (aa) server and main private key are obtained, wherein the attribute is the identity information of user;
S3 is based on access strategy, time, global common parameter and public key, encrypts to video content, obtains encrypted cipher text, and
Upload to publicly-owned cloud;
S4 inputs user collaboration unit-ID, attribute, the State Tree of attribute, global common parameter to the attribute authority (aa) server
With main private key, the private key of the attribute about user collaboration unit is generated;
Starting point of the S5 in each period, whole attributes in attribute authority (aa) server operation Attribute domain, by the time,
State Tree, update list, global common parameter and the main private key of attribute are handled, and are obtained and are updated code key, and the update is secret
Key is sent to the publicly-owned cloud;
The user that S6 accesses video content downloads the update code key from the publicly-owned cloud, by the update code key and the use
The private key of the attribute of family cooperation unit combines, and obtains decryption code key relevant to the time and attribute;
The user that video content is accessed described in S7 is secret in publicly-owned cloud input whole world common parameter, public key and the decryption
The encrypted cipher text is decrypted in key, to access video content.
2. the method according to claim 1, wherein using following formula in the video in the step S3
Appearance is encrypted:
Wherein, CT (A, te) expression and access strategy and time related encrypted cipher text, A indicate access strategy, teWhen expression
Between segment, kiExpression decryption ciphertext, M indicate that cleartext information, pkd indicate that the public key of property rights server initiation, C indicate to add
Ciphertext.
3. the method according to claim 1, wherein close to the encryption using following formula in the step S7
Text decryption:
Ki=Dec (CT(A,te){SKgid,x},{UKx,t}),Dec(C,ki)
Wherein, M indicates that cleartext information, CT (A, te) indicate encrypted cipher text related with access strategy and time;SKgid, x are indicated
The private key of the attribute of user collaboration unit;UKx, t indicate attribute in the more new key of current slot, and C indicates encrypted cipher text.
4. the method according to claim 1, wherein when the user access time after, next
In access time, accessed by other users to content.
5. the revocable encryption method of video content in a kind of mixing cloud system, the mixing cloud system includes public cloud and privately owned
Cloud characterized by comprising
S8 inputs security parameter to mixing cloud system, and the mixing cloud system is initialized, and exports open parameter, the disclosure
Parameter includes the public key and main private key of system;
S9 public cloud storage center discloses all property sets, the private clound generating portion key, the owner of video content with
Machine selects number as private key, calculates the public key of private clound, and private clound authentication center inputs all property sets, random number and part
Open parameter, obtains the main private key and public key of private clound authentication center, wherein the attribute is the user for accessing video content
Identity information;
The user of S10 access video content registers in the private clound, the part of key and the property set of user is obtained, by institute
The property set for stating part of key and user is sent to the private clound authentication center, and the private clound authentication center generates the use
The unique identification and private key for user at family;
Shared data and access strategy are inputted the mixing cloud system by the owner of video content described in S11, are generated in video
The encrypted cipher text of appearance;
The user that video content is accessed described in S12 carries out the encrypted cipher text based on the property set of the user, private key for user
Decryption, if the property set of the user meets access strategy, encrypted cipher text is decrypted, if being unsatisfactory for the access strategy
It then decrypts and fails;
S13 when access video content user log off when, the encrypted cipher text is updated, and user by the private key for user more
Newly.
6. according to the method described in claim 5, it is characterized in that, private clound generating portion key described in the step S9 into
One step includes:
The user for accessing video content provides identity information and property set, the privately owned random generating portion in cloud to privately owned cloud
Key, and the part of key is shared between user and private clound.
7. according to the method described in claim 5, it is characterized in that, the encrypted cipher text in the step S11 is layering ciphertext.
8. the method according to the description of claim 7 is characterized in that the step S12 to the encrypted cipher text be decrypted into
One step includes: based on recursive function DecrytNode (CT, sku, (x, y)), layering decryption is carried out to the layering ciphertext, wherein
CT indicates ciphertext, skuIndicate that private key for user, (x, y) indicate the node of the hierarchical tree of construction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910067370.XA CN109819323B (en) | 2019-01-24 | 2019-01-24 | Video content access method in mixed cloud system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910067370.XA CN109819323B (en) | 2019-01-24 | 2019-01-24 | Video content access method in mixed cloud system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109819323A true CN109819323A (en) | 2019-05-28 |
| CN109819323B CN109819323B (en) | 2020-12-29 |
Family
ID=66603679
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910067370.XA Active CN109819323B (en) | 2019-01-24 | 2019-01-24 | Video content access method in mixed cloud system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109819323B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110392288A (en) * | 2019-07-05 | 2019-10-29 | 深圳市九洲电器有限公司 | A kind of method for broadcasting multimedia file, terminal installation and terminal device |
| CN110446108A (en) * | 2019-06-28 | 2019-11-12 | 中国传媒大学 | A kind of media cloud system and video-encryption, decryption method |
| CN111181719A (en) * | 2019-12-30 | 2020-05-19 | 山东师范大学 | Hierarchical access control method and system based on attribute encryption in cloud environment |
| CN111277574A (en) * | 2020-01-14 | 2020-06-12 | 杭州涂鸦信息技术有限公司 | Method and system for generating timeliness offline secret key for secure communication of shared equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011045723A1 (en) * | 2009-10-15 | 2011-04-21 | Koninklijke Philips Electronics N.V. | Ciphertext-policy attribute-based encryption and re-encryption |
| CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
| CN105897812A (en) * | 2015-04-10 | 2016-08-24 | 杭州远眺科技有限公司 | Safe data sharing method suitable for hybrid cloud environment |
-
2019
- 2019-01-24 CN CN201910067370.XA patent/CN109819323B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011045723A1 (en) * | 2009-10-15 | 2011-04-21 | Koninklijke Philips Electronics N.V. | Ciphertext-policy attribute-based encryption and re-encryption |
| CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
| CN105897812A (en) * | 2015-04-10 | 2016-08-24 | 杭州远眺科技有限公司 | Safe data sharing method suitable for hybrid cloud environment |
Non-Patent Citations (1)
| Title |
|---|
| 杜劝劝等: "基于混合云的视频直播系统构建与应用", 《中国有线电视》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110446108A (en) * | 2019-06-28 | 2019-11-12 | 中国传媒大学 | A kind of media cloud system and video-encryption, decryption method |
| CN110446108B (en) * | 2019-06-28 | 2022-04-22 | 中国传媒大学 | Media cloud system and video encryption and decryption method |
| CN110392288A (en) * | 2019-07-05 | 2019-10-29 | 深圳市九洲电器有限公司 | A kind of method for broadcasting multimedia file, terminal installation and terminal device |
| CN110392288B (en) * | 2019-07-05 | 2022-01-04 | 深圳市九洲电器有限公司 | Multimedia file playing method, terminal device and terminal equipment |
| CN111181719A (en) * | 2019-12-30 | 2020-05-19 | 山东师范大学 | Hierarchical access control method and system based on attribute encryption in cloud environment |
| CN111277574A (en) * | 2020-01-14 | 2020-06-12 | 杭州涂鸦信息技术有限公司 | Method and system for generating timeliness offline secret key for secure communication of shared equipment |
| CN111277574B (en) * | 2020-01-14 | 2022-05-17 | 杭州涂鸦信息技术有限公司 | Method and system for generating timeliness offline secret key for secure communication of shared equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109819323B (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xu et al. | Secure fine-grained access control and data sharing for dynamic groups in the cloud | |
| Jung et al. | Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption | |
| CN114065265B (en) | Fine-grained cloud storage access control method, system and equipment based on blockchain technology | |
| CN109819323A (en) | A kind of video content access method in mixing cloud system | |
| CN106059763B (en) | The properties base multi-mechanism hierarchical Ciphertext policy weight encryption method of cloud environment | |
| Naruse et al. | Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating | |
| Zhou et al. | Privacy-preserved access control for cloud computing | |
| CN104040939A (en) | Secure distribution of content | |
| Zu et al. | New ciphertext-policy attribute-based encryption with efficient revocation | |
| CN105681355A (en) | Attribute-based encryption access control system of cloud storage digit library, and access control method thereof | |
| Bramm et al. | Blockchain-based distributed attribute based encryption | |
| CN107040374B (en) | Attribute-based data encryption method supporting user dynamic revocation in cloud storage environment | |
| CN104883254A (en) | Cloud computing platform oriented cryptograph access control system and access control method thereof | |
| JP2016158189A (en) | Change direction with key control system and change direction with key control method | |
| Wang et al. | Fuzzy matching and direct revocation: a new CP-ABE scheme from multilinear maps | |
| CN106612169A (en) | Safe data sharing method in cloud environment | |
| Ming et al. | Efficient revocable multi-authority attribute-based encryption for cloud storage | |
| CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
| Hur et al. | Removing escrow from ciphertext policy attribute-based encryption | |
| CN107426162A (en) | A kind of method based on attribute base encryption Implement Core mutual role help | |
| Ning et al. | Traceable CP-ABE with short ciphertexts: How to catch people selling decryption devices on ebay efficiently | |
| Jiang et al. | Ciphertext-policy attribute-based encryption with key-delegation abuse resistance | |
| CN110446108B (en) | Media cloud system and video encryption and decryption method | |
| Biesmans et al. | Private mobile pay-tv from priced oblivious transfer | |
| Li et al. | Efficient CCA2 secure revocable multi-authority large-universe attribute-based encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100086 Institute of film research, No. 44 South Road, Haidian District Academy of Sciences, Beijing Patentee after: China Film Science and Technology Research Institute (Film Technology Quality Inspection Institute of the Central Propaganda Department) Address before: 100086 Institute of film research, No. 44 South Road, Haidian District Academy of Sciences, Beijing Patentee before: CHINA FILM SCIENCE AND TECHNOLOGY INST. |