CN109831444A - A kind of encryption attribute cloud storage access control method based on agency - Google Patents
A kind of encryption attribute cloud storage access control method based on agency Download PDFInfo
- Publication number
- CN109831444A CN109831444A CN201910151220.7A CN201910151220A CN109831444A CN 109831444 A CN109831444 A CN 109831444A CN 201910151220 A CN201910151220 A CN 201910151220A CN 109831444 A CN109831444 A CN 109831444A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- data
- cloud
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of encryption attribute cloud storage access control method based on agency, wherein this method is related to five entities: trusted authority center, cloud data owner, cloud data access person, Cloud Server, proxy decryption server;Access control method is the following steps are included: common parameter initialization, generation decrypted private key, data encryption, data re-encryption and data deciphering.The invention has the beneficial effects that: in the method, cloud data owner will think that cloud data information to be sharing is uploaded to Cloud Server, solve the problems, such as to realize data sharing between different user;The method introduces the encryption attribute access control scheme based on Ciphertext policy, and carries out re-encryption to data on Cloud Server, and the access control of user is also achieved while ensure that data confidentiality.The present invention increases the expense that proxy decryption server reduces cloud data owner and cloud data access person, realizes the fine-granularity access control and safety certification of user.
Description
Technical field
The invention belongs to the field of information security technology in cloud computing environment, specially a kind of encryption attribute based on agency
Cloud storage access control method.
Background technique
In recent years, information security is receive more and more attention, and network security technology is also increasingly mature, but cloud storage is pacified
Full accident is also occurring, such as the Gmail storage server of Google safety failure occurs and leads to user mail loss of data,
Also there is the unstable situation of access in the SkyDrive cloud storage service of Microsoft, cause user can't see oneself data or
Picture.In addition, cloud service provider can not trust completely, there is also the wind of snooping privacy of user under the driving of interests
Danger.Many personal and enterprises also all dare not easily store the significant data of oneself or private data to cloud storage service device.
Therefore, cloud Data Access Security control becomes one of popular research direction of cloud security.Cloud storage is usually with the shape of service
Formula user oriented will also guarantee the integrality, confidentiality and authenticity of data while providing and supporting shared access control.
Encryption system based on attribute is clearly to compare the secure access for being suitably applied shared data under cloud computing environment
Control program, but there is also certain difficulty in actual application, development is still in the primary stage, and many schemes are being visited
In terms of asking control flexibility, safety and operational efficiency, all there is also certain defects.Application demand and the development of cloud storage so that
People increasingly rely on cloud computing environment, and therefore, under cloud computing environment storing access control mechanisms becomes solution cloud computing environment
The key of lower storing data safety issue.
The research of encryption mechanism based on attribute is concentrated mainly on the following aspects: first is that in terms of access control granularity,
The more fine-grained access control scheme under cloud storage environment how is designed, is the pass for realizing the flexible access control based on attribute
Key;The followed by more flexible access control scheme of researching and designing, flexible change, user property spirit including support policy attribute
Change living etc.;In addition, being how to design highly efficient access control scheme there are also very multivariant research emphasis, subtract as far as possible
Few scheme participates in encryption and decryption computing cost and network overhead of each side etc..
Summary of the invention
The purpose of the present invention is to provide a kind of encryption attribute cloud storage access control method based on agency, on solving
State the problem of proposing in background technique.
A kind of encryption attribute cloud storage access control method based on agency, including five entities: trusted authorization center,
Cloud data owner, cloud data access person, Cloud Server, proxy decryption server are connected by internet between five entities
It connects, specifically:
Trusted authorization center (Trusted Authorization Center, TAC): assuming that TAC is trusty, master
It is used for the generation of system public key, master key, decrypted private key;
Cloud data owner (Cloud Data Owner, CDO): indicating a desire to the user of transmitting shared data, and CDO can be certainly
Oneself defines the access strategy of data, and the user that only attribute meets access strategy could decrypt ciphertext and obtain clear data;
Cloud data access person (Cloud Data Visitors, CDV): cloud data access person sends ciphertext to Cloud Server
Re-encryption ciphertext is sent to proxy decryption server by request, Cloud Server, and proxy decryption server by utilizing decrypted private key 2 is decrypted
Obtain transition ciphertext, the decrypted private key 1 that cloud data access person is distributed using trusted authorization center be decrypted can be obtained it is bright
Literary data;
Cloud Server (Cloud Storage Provider, CSP): Cloud Server is responsible for the storages of data, management and again
Cryptographic operation, it is believed that Cloud Server be it is suspicious but honest, it will honestly execute each task according to the rules;
Proxy decryption server (Proxy Decryption Server, PDS): PDS is responsible for completing what Cloud Server was sent
The decryption of re-encryption ciphertext, is sent to user PDS for obtained transition ciphertext and undertakes most of decryption in system and calculate, and reduces
The computing cost of user's decryption;
The control method includes the following steps:
Step 1, it initializes: executing Setup (1k, A), this operation is completed by TAC, generates public keys PK and master key
MK;
Step 2, key generates: executing KeyGen (PK, MK, S), this operation is completed by TAC, utilizes system key PK, master
The attribute S that key MK and user submit operates to complete the generation of decrypted private key;The decrypted private key of user is by DKCSPAnd DKDUTwo
Part forms, and when CDV submits property set to merge to TAC issues ciphertext request to CSP, key can be distributed to respectively PDS by TAC
And CDV, no matter PDS or CDV only individually can not decrypt ciphertext with an one's own key;
Step 3, it data encryption: executesThis algorithm is executed by CDO, in order to guarantee the machine of data
Close property and integrality, CDO utilize system key PK and customized access strategyIt realizes to clear dataEncryption;
Step 4, it data re-encryption: executesRe-encryption algorithm is completed by CSP, with system
Public key PK, initialization ciphertext C0With user property group setAs input;When CSP receives C0WithAfterwards, two random numbers are selectedCarry out structure attribute group key setIt and is userThe unique mark ID of definitionk∈{0,1}*, user
Label will not change with the change of user property;
Step 5, Decrypt (S, C data deciphering: are executed1,DKCSP,DKDU), CSP receives user ukCiphertext request, together
When TAC when receiving the attribute set of visitor, can be immediately by ciphertext C1With decrypted private key DKCSPIt is sent to PDS, PDS is to C1It carries out
Decryption obtains transition ciphertext C2, then will be by C2It is sent to uk, ukThe decrypted private key DK distributed using TACDUIt is decrypted, thus
It obtains in plain text.
Further, the step 1 further include:
Step 1-1, TAC choose k as security parameter first,WithIt is two multiplicative cyclic groups that order is prime number p,Generation member be g, be defined as follows two hash functionsWith
Step 1-2 generates random numberWithWherein htWith attribute atttCorresponding (t ∈
[1,m]);
Step 1-3, output system public key PK and master key MK, specific configuration are as follows:
PK={ g, gβ,h1,h2,……,hm,e(g,g)α,H,H1, MK={ β, gα}
Further, the step 2 further include:
Step 2-1 generates random numberCalculate initialization key
Step 2-2 calculates K using the τ in the random number α, β and B-a for generating system public key2=gα+βτ;
Step 2-3 chooses random numberIt calculates
Step 2-4 utilizes the random number and initialization key K in previous step1It calculates
Step 2-5 exports decrypted private key DKDUAnd DKPDS, it is specific as follows:
Further, the step 3 further include:
Step 3-1 generates vectorWith linear key secret sharing (M, ρ);
Step 3-2 is each user ui∈ U is calculated
Step 3-3, output initialization ciphertext C0, it is specific as follows:
Step 3-4, by C0It is uploaded to Cloud Server.
Further, the step 4 further include:
Step 4-1 is userDefine a unique user tag IDk∈{0,1}*;
Step 4-2 selects two random numbersAnd SKCSP=gγRespectively user
ukWith the session key of CSP, and be each user ukCalculate corresponding element
Step 4-3 is eachConstruct a multinomial:
Wherein v indicates GtMiddle user's number;
Step 4-4, definitionAnd choose random numberAnd carry out
It is following to calculate:
Step 4-5, tectonic information head are as follows:
Step 4-6 exports ciphertext C1, it is specific as follows:
C1=(Head, C'0)
Further, the step 5 further include:
Step 5-1, PDS by calculating structure attribute group key as follows
Step 5-2, PDS utilize DKCSPTentatively decrypted, specific as follows:
Step 5-3, PDS are by C2It is sent to user uk, ukUtilize private key DKDUDecryption obtains in plain text, specific as follows:
The invention has the beneficial effects that: in the method, cloud data owner will think that cloud data information to be sharing uploads
To Cloud Server, solve the problems, such as to realize data sharing between different user;The method is introduced based on Ciphertext policy
Encryption attribute access control scheme, and re-encryption is carried out to data on Cloud Server, it is gone back while ensure that data confidentiality
Realize the access control of user.The present invention increases proxy decryption server and reduces opening for cloud data owner and cloud data access person
Pin, realizes the fine-granularity access control and safety certification of user.
Detailed description of the invention
Fig. 1 is present system frame diagram.
Fig. 2 is access control flow chart of the invention.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawings of the specification.
A kind of encryption attribute cloud storage access control method based on agency, it is characterised in that: including five entities: credible
Appoint authorization center, cloud data owner, cloud data access person, Cloud Server, proxy decryption server, passes through between five entities mutual
Networking is attached, specifically:
Trusted authorization center (Trusted Authorization Center, TAC): assuming that TAC is trusty, master
It is used for the generation of system public key, master key, decrypted private key;
Cloud data owner (Cloud Data Owner, CDO): indicating a desire to the user of transmitting shared data, and CDO can be certainly
Oneself defines the access strategy of data, and the user that only attribute meets access strategy could decrypt ciphertext and obtain clear data;
Cloud data access person (Cloud Data Visitors, CDV): cloud data access person sends ciphertext to Cloud Server
Re-encryption ciphertext is sent to proxy decryption server by request, Cloud Server, and proxy decryption server by utilizing decrypted private key 2 is decrypted
Obtain transition ciphertext, the decrypted private key 1 that cloud data access person is distributed using trusted authorization center be decrypted can be obtained it is bright
Literary data;
Cloud Server (Cloud Storage Provider, CSP): Cloud Server is responsible for the storages of data, management and again
Cryptographic operation, it is believed that Cloud Server be it is suspicious but honest, it will honestly execute each task according to the rules;
Proxy decryption server (Proxy Decryption Server, PDS): PDS is responsible for completing what Cloud Server was sent
The decryption of re-encryption ciphertext, is sent to user PDS for obtained transition ciphertext and undertakes most of decryption in system and calculate, and reduces
The computing cost of user's decryption;
The control method includes the following steps:
Step 1, it initializes: executing Setup (1k, A), this operation is completed by TAC, generates public keys PK and master key
MK。
The step 1 further include:
Step 1-1, TAC choose k as security parameter first,WithIt is two multiplicative cyclic groups that order is prime number p,Generation member be g, be defined as follows two hash functionsWith
Step 1-2 generates random numberWithWherein htWith attribute atttCorresponding (t ∈
[1,m])。
Step 1-3, output system public key PK and master key MK, specific configuration are as follows:
PK={ g, gβ,h1,h2,……,hm,e(g,g)α,H,H1, MK={ β, gα}
Step 2, key generates: executing KeyGen (PK, MK, S), this operation is completed by TAC, utilizes system key PK, master
The attribute S that key MK and user submit operates to complete the generation of decrypted private key;The decrypted private key of user is by DKCSPAnd DKDUTwo
Part forms, and when CDV submits property set to merge to TAC issues ciphertext request to CSP, key can be distributed to respectively PDS by TAC
And CDV, no matter PDS or CDV only individually can not decrypt ciphertext with an one's own key.
The step 2 further include:
Step 2-1 generates random numberCalculate initialization key
Step 2-2 calculates K using the τ in the random number α, β and B-a for generating system public key2=gα+βτ。
Step 2-3 chooses random numberIt calculates
Step 2-4 utilizes the random number and initialization key K in previous step1It calculates
Step 2-5 exports decrypted private key DKDUAnd DKPDS, it is specific as follows:
Step 3, it data encryption: executesThis algorithm is executed by CDO, in order to guarantee the machine of data
Close property and integrality, CDO utilize system key PK and customized access strategyIt realizes to clear dataEncryption.
The step 3 further include:
Step 3-1 generates vectorWith linear key secret sharing (M, ρ).
Step 3-2 is each user ui∈ U is calculated
Step 3-3, output initialization ciphertext C0, it is specific as follows:
Step 3-4, by C0It is uploaded to Cloud Server.
Step 4, it data re-encryption: executesRe-encryption algorithm is completed by CSP, with system
Public key PK, initialization ciphertext C0With user property group setAs input;When CSP receives C0WithAfterwards, two random numbers are selectedCarry out structure attribute group key setIt and is userThe unique mark ID of definitionk∈{0,1}*, user
Label will not change with the change of user property.
The step 4 further include:
Step 4-1 is userDefine a unique user tag IDk∈{0,1}*。
Step 4-2 selects two random numbersAnd SKCSP=gγRespectively user
ukWith the session key of CSP, and be each user ukCalculate corresponding element
Step 4-3 is eachConstruct a multinomial:
Wherein v indicates GtMiddle user's number.
Step 4-4, definitionAnd choose random numberAnd carry out
It is following to calculate:
Step 4-5, tectonic information head are as follows:
Step 4-6 exports ciphertext C1, it is specific as follows:
C1=(Head, C'0)
Step 5, Decrypt (S, C data deciphering: are executed1,DKCSP,DKDU), CSP receives user ukCiphertext request, together
When TAC when receiving the attribute set of visitor, can be immediately by ciphertext C1With decrypted private key DKCSPIt is sent to PDS, PDS is to C1It carries out
Decryption obtains transition ciphertext C2, then will be by C2It is sent to uk, ukThe decrypted private key DK distributed using TACDUIt is decrypted, thus
It obtains in plain text.
The step 5 further include:
Step 5-1, PDS by calculating structure attribute group key as follows
Step 5-2, PDS utilize DKCSPTentatively decrypted, specific as follows:
Step 5-3, PDS are by C2It is sent to user uk, ukUtilize private key DKDUDecryption obtains in plain text, specific as follows:
The foregoing is merely better embodiment of the invention, protection scope of the present invention is not with above embodiment
Limit, as long as those of ordinary skill in the art's equivalent modification or variation made by disclosure according to the present invention, should all be included in power
In the protection scope recorded in sharp claim.
Claims (6)
1. a kind of encryption attribute cloud storage access control method based on agency, it is characterised in that: including five entities: trusted
Authorization center, cloud data owner, cloud data access person, Cloud Server, proxy decryption server pass through interconnection between five entities
Net is attached, specifically:
Trusted authorization center (Trusted Authorization Center, TAC): assuming that TAC is trusty, main use
In the generation of system public key, master key, decrypted private key;
Cloud data owner (Cloud Data Owner, CDO): indicating a desire to the user of transmitting shared data, and CDO oneself can determine
The user that the access strategy of adopted data, only attribute meet access strategy could decrypt ciphertext and obtain clear data;
Cloud data access person (Cloud Data Visitors, CDV): cloud data access person sends ciphertext request to Cloud Server,
Re-encryption ciphertext is sent to proxy decryption server by Cloud Server, and the decryption of proxy decryption server by utilizing decrypted private key 2 obtains
Transition ciphertext, the decrypted private key 1 that cloud data access person is distributed using trusted authorization center, which is decrypted, can be obtained plaintext number
According to;
Cloud Server (Cloud Storage Provider, CSP): Cloud Server is responsible for the storage, management and re-encryption of data
Operation, it is believed that Cloud Server be it is suspicious but honest, it will honestly execute each task according to the rules;
Proxy decryption server (Proxy Decryption Server, PDS): PDS be responsible for complete Cloud Server send again plus
The decryption of ciphertext, is sent to user PDS for obtained transition ciphertext and undertakes most of decryption in system and calculate, and reduces use
The computing cost of family decryption;
The control method includes the following steps:
Step 1, it initializes: executing Setup (1k, A), this operation is completed by TAC, generates public keys PK and master key MK;
Step 2, key generates: executing KeyGen (PK, MK, S), this operation is completed by TAC, utilizes system key PK, master key
The attribute S that MK and user submit operates to complete the generation of decrypted private key;The decrypted private key of user is by DKCSPAnd DKDUTwo parts
Composition, when CDV to TKA submit property set merge to CSP issue ciphertext request when, TAC key can be distributed to respectively PDS and
CDV, no matter PDS or CDV only individually can not decrypt ciphertext with an one's own key;
Step 3, it data encryption: executesThis algorithm is executed by CDO, in order to guarantee the confidentiality of data
And integrality, CDO utilize system key PK and customized access strategyIt realizes to clear dataEncryption;
Step 4, it data re-encryption: executesRe-encryption algorithm is completed by CSP, with system public key
PK, initialization ciphertext C0With user property group setAs input;When CSP receives C0WithAfterwards, two random number μ are selected,Carry out structure attribute group key setIt and is userThe unique mark ID of definitionk∈{0,1}*, user tag
It will not change with the change of user property;
Step 5, Decrypt (S, C data deciphering: are executed1,DKCSP,DKDU), CSP receives user ukCiphertext request, while TAC
It, can be immediately by ciphertext C when receiving the attribute set of visitor1With decrypted private key DKCSPIt is sent to PDS, PDS is to C1It is decrypted
To transition ciphertext C2, then will be by C2It is sent to uk, ukThe decrypted private key DK distributed using TACDUIt is decrypted, to obtain bright
Text.
2. a kind of encryption attribute cloud storage access control method based on agency according to claim 1, it is characterised in that:
The step 1 further include:
Step 1-1, TAC choose k as security parameter first,WithIt is two multiplicative cyclic groups that order is prime number p,'s
Generating member is g, is defined as follows two hash function H:And H1:
Step 1-2 generates random number α,WithWherein htWith attribute atttCorresponding (t ∈ [1,
m]);
Step 1-3, output system public key PK and master key MK, specific configuration are as follows:
PK={ g, gβ,h1,h2,……,hm,e(g,g)α,H,H1, MK={ β, gα}
3. a kind of encryption attribute cloud storage access control method based on agency according to claim 1, it is characterised in that:
The step 2 further include:
Step 2-1 generates random numberCalculate initialization key
Step 2-2 calculates K using the τ in the random number α, β and B-a for generating system public key2=gα+βτ;
Step 2-3 chooses random number r,It calculates
Step 2-4 utilizes the random number and initialization key K in previous step1It calculates
Step 2-5 exports decrypted private key DKDUAnd DKPDS, it is specific as follows:
4. a kind of encryption attribute cloud storage access control method based on agency according to claim 1, it is characterised in that:
The step 3 further include:
Step 3-1 generates vectorWith linear key secret sharing (M, ρ);
Step 3-2 is each user ui∈ U is calculated
Step 3-3, output initialization ciphertext C0, it is specific as follows:
Step 3-4, by C0It is uploaded to Cloud Server.
5. a kind of encryption attribute cloud storage access control method based on agency according to claim 1, it is characterised in that:
The step 4 further include:
Step 4-1 is userDefine a unique user tag IDk∈{0,1}*;
Step 4-2 selects two random number μ,And SKCSP=gγRespectively user ukWith
The session key of CSP, and be each user ukCalculate corresponding element
Step 4-3 is eachConstruct a multinomial:
Wherein v indicates GtMiddle user's number;
Step 4-4, definitionAnd choose random numberAnd it carries out as follows
It calculates:
Step 4-5, tectonic information head are as follows:
Step 4-6 exports ciphertext C1, it is specific as follows:
C1=(Head, C'0)
6. a kind of encryption attribute cloud storage access control method based on agency according to claim 1, it is characterised in that:
The step 5 further include:
Step 5-1, PDS by calculating structure attribute group key as follows
Step 5-2, PDS utilize DKCSPTentatively decrypted, specific as follows:
Step 5-3, PDS are by C2It is sent to user uk, ukUtilize private key DKDUDecryption obtains in plain text, specific as follows:
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910151220.7A CN109831444A (en) | 2019-02-28 | 2019-02-28 | A kind of encryption attribute cloud storage access control method based on agency |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910151220.7A CN109831444A (en) | 2019-02-28 | 2019-02-28 | A kind of encryption attribute cloud storage access control method based on agency |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109831444A true CN109831444A (en) | 2019-05-31 |
Family
ID=66864894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910151220.7A Pending CN109831444A (en) | 2019-02-28 | 2019-02-28 | A kind of encryption attribute cloud storage access control method based on agency |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109831444A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266687A (en) * | 2019-06-21 | 2019-09-20 | 杭州云象网络技术有限公司 | A kind of Internet of Things TSM Security Agent data sharing modularity using block chain technology |
| CN110572370A (en) * | 2019-08-16 | 2019-12-13 | 湖北工业大学 | Agent re-encryption system and method for resisting quantum attack |
| CN110636500A (en) * | 2019-08-27 | 2019-12-31 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
| CN110753056A (en) * | 2019-10-25 | 2020-02-04 | 高秀芬 | Non-interactive encryption access control method |
| CN110830473A (en) * | 2019-11-08 | 2020-02-21 | 浙江工业大学 | Multi-authorization access control system and method based on attribute encryption |
| CN111695145A (en) * | 2020-04-18 | 2020-09-22 | 西安电子科技大学 | MLDP-oriented multi-party access control method and system based on SGX |
| CN112035853A (en) * | 2020-08-13 | 2020-12-04 | 潘显富 | Storage data access control system based on enterprise cloud disk |
| CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN114598535A (en) * | 2022-03-14 | 2022-06-07 | 太原科技大学 | CP-ABE agent re-encryption method based on cloud computing multiple authorization centers |
| CN114944963A (en) * | 2022-07-12 | 2022-08-26 | 数字江西科技有限公司 | Government affair data opening method and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130080767A1 (en) * | 2011-09-27 | 2013-03-28 | Max Planck Gesellschaft Zur Foerderung Der Wissenschaften | Profiling users in a private online system |
| CN103763319A (en) * | 2014-01-13 | 2014-04-30 | 华中科技大学 | Method for safely sharing mobile cloud storage light-level data |
| CN106612175A (en) * | 2016-08-25 | 2017-05-03 | 四川用联信息技术有限公司 | Proxy re-encryption algorithm for multi-element access control in mobile cloud |
| CN107370595A (en) * | 2017-06-06 | 2017-11-21 | 福建中经汇通有限责任公司 | One kind is based on fine-grained ciphertext access control method |
| CN108200074A (en) * | 2018-01-14 | 2018-06-22 | 南京邮电大学 | A kind of logistics big data access control system and method based on encryption attribute |
| CN108200066A (en) * | 2018-01-04 | 2018-06-22 | 南京邮电大学 | A kind of logistics big data access control system and method based on encryption attribute |
| CN108810004A (en) * | 2018-06-22 | 2018-11-13 | 西安电子科技大学 | More authorization center access control methods, cloud storage system can be revoked based on agency |
| CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
-
2019
- 2019-02-28 CN CN201910151220.7A patent/CN109831444A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130080767A1 (en) * | 2011-09-27 | 2013-03-28 | Max Planck Gesellschaft Zur Foerderung Der Wissenschaften | Profiling users in a private online system |
| CN103763319A (en) * | 2014-01-13 | 2014-04-30 | 华中科技大学 | Method for safely sharing mobile cloud storage light-level data |
| CN106612175A (en) * | 2016-08-25 | 2017-05-03 | 四川用联信息技术有限公司 | Proxy re-encryption algorithm for multi-element access control in mobile cloud |
| CN107370595A (en) * | 2017-06-06 | 2017-11-21 | 福建中经汇通有限责任公司 | One kind is based on fine-grained ciphertext access control method |
| CN108200066A (en) * | 2018-01-04 | 2018-06-22 | 南京邮电大学 | A kind of logistics big data access control system and method based on encryption attribute |
| CN108200074A (en) * | 2018-01-14 | 2018-06-22 | 南京邮电大学 | A kind of logistics big data access control system and method based on encryption attribute |
| CN108810004A (en) * | 2018-06-22 | 2018-11-13 | 西安电子科技大学 | More authorization center access control methods, cloud storage system can be revoked based on agency |
| CN109120639A (en) * | 2018-09-26 | 2019-01-01 | 众安信息技术服务有限公司 | A kind of data cloud storage encryption method and system based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| HAIYONG WANG;YAO PENG: "A CP-ABE Access Control Scheme Based on Proxy Re-encryption in Cloud Storage", 《ICCCS 2018:CLOUD COMPUTING AND SECURITY》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266687A (en) * | 2019-06-21 | 2019-09-20 | 杭州云象网络技术有限公司 | A kind of Internet of Things TSM Security Agent data sharing modularity using block chain technology |
| CN110266687B (en) * | 2019-06-21 | 2021-08-17 | 杭州云象网络技术有限公司 | Method for designing Internet of things security agent data sharing module by adopting block chain technology |
| CN110572370B (en) * | 2019-08-16 | 2021-09-14 | 湖北工业大学 | Agent re-encryption system and method for resisting quantum attack |
| CN110572370A (en) * | 2019-08-16 | 2019-12-13 | 湖北工业大学 | Agent re-encryption system and method for resisting quantum attack |
| CN110636500A (en) * | 2019-08-27 | 2019-12-31 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
| CN110636500B (en) * | 2019-08-27 | 2022-04-05 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
| CN110753056A (en) * | 2019-10-25 | 2020-02-04 | 高秀芬 | Non-interactive encryption access control method |
| CN110753056B (en) * | 2019-10-25 | 2022-05-13 | 高秀芬 | Non-interactive encryption access control method |
| CN110830473A (en) * | 2019-11-08 | 2020-02-21 | 浙江工业大学 | Multi-authorization access control system and method based on attribute encryption |
| CN111695145A (en) * | 2020-04-18 | 2020-09-22 | 西安电子科技大学 | MLDP-oriented multi-party access control method and system based on SGX |
| CN111695145B (en) * | 2020-04-18 | 2023-04-07 | 西安电子科技大学 | MLDP-oriented multi-party access control method and system based on SGX |
| CN112035853A (en) * | 2020-08-13 | 2020-12-04 | 潘显富 | Storage data access control system based on enterprise cloud disk |
| CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN113411323B (en) * | 2021-06-16 | 2022-09-30 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
| CN114598535A (en) * | 2022-03-14 | 2022-06-07 | 太原科技大学 | CP-ABE agent re-encryption method based on cloud computing multiple authorization centers |
| CN114598535B (en) * | 2022-03-14 | 2023-12-15 | 太原科技大学 | CP-ABE agent re-encryption method based on cloud computing multi-authorization center |
| CN114944963A (en) * | 2022-07-12 | 2022-08-26 | 数字江西科技有限公司 | Government affair data opening method and system |
| CN114944963B (en) * | 2022-07-12 | 2022-10-21 | 数字江西科技有限公司 | Government affair data opening method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831444A (en) | A kind of encryption attribute cloud storage access control method based on agency | |
| CN106961336B (en) | A kind of key components trustship method and system based on SM2 algorithm | |
| CN105592100B (en) | A kind of government affairs cloud access control method based on encryption attribute | |
| CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
| Ruj et al. | Privacy preserving access control with authentication for securing data in clouds | |
| Moffat et al. | A survey on ciphertext-policy attribute-based encryption (CP-ABE) approaches to data security on mobile devices and its application to IoT | |
| CN108881314A (en) | Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control | |
| CN106487506B (en) | Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption | |
| CN110933033B (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
| CN102170357A (en) | Combined secret key dynamic security management system | |
| CN109039614A (en) | A kind of proxy re-encryption method based on optimal ate | |
| CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
| Pussewalage et al. | A delegatable attribute based encryption scheme for a collaborative e-health cloud | |
| CN113961959A (en) | Proxy re-encryption method and system for data sharing community | |
| Sujithra et al. | ID based adaptive-key signcryption for data security in cloud environment | |
| Lee et al. | Time‐bound key‐aggregate encryption for cloud storage | |
| Wu et al. | A trusted and efficient cloud computing service with personal health record | |
| CN104135495B (en) | The attribute base encryption method of the ciphertext policy of the without authority with secret protection | |
| Tomar et al. | Image based authentication with secure key exchange mechanism in cloud | |
| Lv et al. | Key management for Smart Grid based on asymmetric key-wrapping | |
| Kroll et al. | Accountable cryptographic access control | |
| Taylor et al. | Security approaches and crypto algorithms in mobile cloud storage environment to ensure data security | |
| Wu et al. | Verified CSAC-based CP-ABE access control of cloud storage in SWIM | |
| CN116132105B (en) | Internet of vehicles large attribute data sharing system and method based on attribute encryption | |
| Sumathi et al. | SCEHSS: secured cloud based electronic health record storage system with re-encryption at cloud service provider |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190531 |
|
| RJ01 | Rejection of invention patent application after publication |