CN102945356A - Access control method and system for search engine under cloud environment - Google Patents

Access control method and system for search engine under cloud environment Download PDF

Info

Publication number
CN102945356A
CN102945356A CN2012105373983A CN201210537398A CN102945356A CN 102945356 A CN102945356 A CN 102945356A CN 2012105373983 A CN2012105373983 A CN 2012105373983A CN 201210537398 A CN201210537398 A CN 201210537398A CN 102945356 A CN102945356 A CN 102945356A
Authority
CN
China
Prior art keywords
file
access control
user
search engine
new file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012105373983A
Other languages
Chinese (zh)
Other versions
CN102945356B (en
Inventor
陈克非
张婧
黄征
郭捷
翁健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiao Tong University
Original Assignee
Shanghai Jiao Tong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiao Tong University filed Critical Shanghai Jiao Tong University
Priority to CN201210537398.3A priority Critical patent/CN102945356B/en
Publication of CN102945356A publication Critical patent/CN102945356A/en
Application granted granted Critical
Publication of CN102945356B publication Critical patent/CN102945356B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种云环境下搜索引擎的访问控制方法及系统,所述云环境下搜索引擎的访问控制方法包括:S1.处理接收的新文件,为新文件生成索引,指定访问结构并为新文件加密,并存储已加密的新文件;S2.发出检索所需文件的请求,获取密钥后开始检索文件,并过滤检索结果;S3.选择下载文件,为文件刻上水印,最后将所述文件传给用户。本发明所述的云环境下搜索引擎的访问控制方法及系统利用属性加密具有访问控制粒度细、数据保护安全性强、运算速度可接受的特点,将其结合到云环境下的高效搜索引擎中可以同时实现加密操作和访问控制,并保持搜索引擎的高效性。

The present invention provides an access control method and system for a search engine in a cloud environment. The access control method for a search engine in a cloud environment includes: S1. processing a received new file, generating an index for the new file, specifying an access structure and creating an index for the new file The file is encrypted, and the encrypted new file is stored; S2. Send a request for retrieving the required file, start retrieving the file after obtaining the key, and filter the retrieval result; S3. Choose to download the file, engrave the watermark on the file, and finally convert the The file is passed to the user. The access control method and system of the search engine in the cloud environment according to the present invention use attribute encryption to have the characteristics of fine granularity of access control, strong data protection security, and acceptable operation speed, and combine it into an efficient search engine in the cloud environment Encryption operation and access control can be realized at the same time, and the efficiency of the search engine can be maintained.

Description

The access control method of search engine and system under the cloud environment
Technical field
The invention belongs to information security field, relate to a kind of access control method and system, particularly relate to access control method and the system of search engine under a kind of cloud environment.
Background technology
Under the current cloud environment, mass data is migrated to cloud data center, and these data are from different stores service users, and is often many and mix, is difficult to management, and therefore efficient search technique is the necessary of cloud service.On the other hand, maximum problem that the cloud service user is concerned about is exactly data security, and current searched for encryption technology proposes for the data protection problem that solves in the search just.Yet the efficiency that can search for encryption is the large hard defects of one.How guaranteeing under the condition that does not affect user data availability and technical application that remote data has been subject to perfect protection and strict access control, is one of difficult problem in the cloud.Thirdly, different cloud service users, needed data protection demand often can not be consistent, and the restriction of the shared object of data is also varied.Generally speaking, under the cloud environment, the user needs a kind of safe, efficient, fine granularity, controlled search access control technology.
Encryption attribute is a kind of method that realizes access control of encrypting of utilizing.Amit Sahai and Brent Waters have proposed for the first time the concept of encryption attribute in 2005, and with it as a kind of new access control method.
Encryption attribute has two types, and the key policy attribute is encrypted and the ciphertext policy attribute is encrypted.The key policy attribute is encrypted among the access control policy embedded key.The ciphertext policy attribute is encrypted then opposite, and access control policy has been dissolved among the ciphertext.
In ciphertext policy attribute encryption method, user key generates according to the attribute that a series of users have.In the ciphering process, specified the attribute structure of authorized user by the encipherer, and then finish cryptographic operation, produce ciphertext.The user who takes ciphertext can attempt using the attribute key of oneself to be decrypted, but the user who only has attribute to meet encipherer's specified requirements can successfully decipher.Because the encryption attribute support is complicated attribute structure arbitrarily, and each ciphertext can specify different authorization attribute structures, and therefore, encryption attribute has been realized fine-grained access rights control.
Through unremitting research for many years, the computing velocity that the ciphertext policy attribute is encrypted has had greatly raising, and in normal cryptographic attributes quantitative range (0-100), its deciphering speed has reached the rank of a few tens of milliseconds.
By above present situation background as can be known, be badly in need of at present a kind ofly the ciphertext policy attribute to be encrypted the method apply to efficient, the safety search engine under the cloud environment.
Summary of the invention
The shortcoming of prior art in view of the above; the object of the present invention is to provide access control method and the system of search engine under a kind of cloud environment; be used for solving search engine under the current cloud environment when realizing effective search, the problem of lacks good access control, data protection, controlling flexibly.
Reach for achieving the above object other relevant purposes, the invention provides the access control method of search engine under a kind of cloud environment, described access control method comprises:
S1, the new file that processing receives is new file generated index, specifying access structure is new file encryption also, and stores the new file of having encrypted;
S2, the request of sending the required file of retrieval begins retrieving files after obtaining key, and filters result for retrieval;
S3 selects download file, for file engraves watermark, at last described file is passed to the user.
Preferably, also comprise in described step S1:
S11 uploads new file;
S12 processes the content of described new file and generating indexes;
S13 specifies access structure, and namely which kind of attribute designated user need to have and just have the authority of opening new file;
S14, for new file carries out encryption attribute, namely using described access structure is new file encryption;
S15, the new file that storage has been encrypted is in order to use its stores service.
Preferably, also comprise in described step S2:
S21, the required file of request retrieval;
S22 obtains user key; Described key is unique voucher of the new file of decoding;
S23 is according to the indexed search file that generates; Namely according to index, find the All Files tabulation with the user key words coupling.
S24 filters result for retrieval, namely to that retrieve and the listed files user key words coupling, uses the user key that obtains that ciphertext is decrypted one by one, and judges whether the file decryption success to retrieving; If represent that then this user has the desired attribute of the described new file of access, continues to carry out next step; If not, represent that then this user does not have the desired attribute of the described new file of access, end process;
S25 returns to the user with the result for retrieval that obtains after filtering.、
Preferably, successful decryption mark result for retrieval is authority, and Decryption failures mark result for retrieval is the unauthorized file.
Preferably, also comprise in described step S3:
S31 browses result for retrieval, and selects to download result for retrieval;
S32 is for authority engraves watermark, in order to make copyright protection and document track;
S33 will process file transfer later to the user.
The invention provides the access control system of search engine under a kind of cloud environment, described access control system comprises:
Administration module is used for key and attribute that management is obtained;
Data retrieval module is used for receiving the file of uploading, and the retrieval service of mass file data is provided, and is described new file generated index, specifies access structure;
Access control module is used to new file encryption, after retrieval finishes, result for retrieval is filtered, and judges whether the file decryption that retrieves successful;
Data storage module is used for the new file that storage is uploaded.
Preferably, described administration module comprises attribute management module and key management module, and described attribute management module is used for the leading subscriber characteristic information, and described key management module is used for generating key, and when guaranteeing that user property changes, the corresponding change of its authority can in time embody among the key.
Preferably, the retrieval of described data retrieval module was divided into for two steps, for the first time retrieval done in the key word that the first step provides according to the user, the tabulation of formation alternative file, whether second step is paid access control module with key and alternative file tabulation that the user provides, have authority to obtain the information of file to judge the user.
As mentioned above, the access control method of search engine under the cloud environment of the present invention has following beneficial effect:
1, the high efficiency that has kept search engine;
2, cryptographic operation and access control have been realized simultaneously
Description of drawings
Fig. 1 is shown as the method flow diagram of the access control method of search engine under the cloud environment of the present invention.
Fig. 2 is shown as the process flow diagram of preparing retrieving files in the access control method of search engine under the cloud environment of the present invention.
Fig. 3 is shown as the process flow diagram of retrieving files in the access control method of search engine under the cloud environment of the present invention.
Fig. 4 is shown as the process flow diagram of downloading the file that retrieves in the access control method of search engine under the cloud environment of the present invention.
Fig. 5 is shown as the concrete operational flow diagram of the access control method of search engine under the cloud environment of the present invention.
Fig. 6 is shown as the schematic diagram of the access control system of search engine under the cloud environment of the present invention.
The element numbers explanation
1 administration module
2 data retrieval module
3 access control modules
4 data memory modules
S1 ~ S3 step
Embodiment
Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this instructions.The present invention can also be implemented or be used by other different embodiment, and the every details in this instructions also can be based on different viewpoints and application, carries out various modifications or change under the spirit of the present invention not deviating from.
See also accompanying drawing.Need to prove, the diagram that provides in the present embodiment only illustrates basic conception of the present invention in a schematic way, satisfy only show in graphic with the present invention in relevant assembly but not component count, shape and size drafting when implementing according to reality, kenel, quantity and the ratio of each assembly can be a kind of random change during its actual enforcement, and its assembly layout kenel also may be more complicated.
The present invention is described in detail below in conjunction with embodiment and accompanying drawing.
The access control method of search engine and system are according to the encryption attribute fine size, can realize the fine-grained access control of search engine under the cloud environment under the cloud environment of the present invention, and control neatly other cipher application of data security level.
Embodiment one
The present embodiment provides the access control method of search engine under a kind of cloud environment, described access control method is applied to comprise on the access control system of search engine of administration module, data retrieval module, access control module and data memory module, as shown in Figure 1, described access control method comprises:
S1 prepares retrieving files, namely receives new file, and the new file that the deal with data retrieval module receives is new file generated index, and specifying access structure is new file encryption also, the new file that storage has been encrypted; When the user upload a new file to Cloud Server to do to preserve or when shared.Prepare the step of retrieving files specifically as shown in Figure 2, comprising:
S11 uploads new file.
S12 processes the content of described new file, and generating indexes, for after search operaqtion prepare.
S13 specifies access structure, and namely which kind of attribute designated user need to have and just have the authority of opening new file.
S14, for new file carries out encryption attribute, namely using described access structure is new file encryption.In ciphering process, the access structure of user's appointment is embedded in the ciphertext, so that only have qualified user successfully to decipher.Like this, encrypting new file, when protecting this newly to ask the valency content, also realized the fine-grained access control that encryption attribute can reach.
S15, the new file that storage has been encrypted is in order to use its stores service.
S2, retrieving files, the request of namely sending the required file of retrieval begins retrieving files behind the generation key, and filters result for retrieval.This step specifically comprises as shown in Figure 3:
S21, the required file of request retrieval;
S22 obtains user key; After the user asks retrieving files, obtain private key for user, as unique voucher of the new file of decoding.Wherein, the user key that obtains can be taked dual mode, and a kind of namely is to generate user key when using, and another kind namely is that the user generates when registering, and is preserved by the user at ordinary times, passes to server by the user during use.
S23 is according to the indexed search file that generates; The process of retrieving files is as good as with general search engine, namely according to index, finds the All Files tabulation with the user key words coupling.
S24 filters result for retrieval, namely to that retrieve and the listed files user key words coupling, uses the private key that obtains that ciphertext is decrypted one by one, and judges whether the file decryption success to retrieving.If successful decryption represents that then this user has the desired attribute of the described new file of access, therefore, this result for retrieval of mark is authority, continues to carry out next step; With upper opposite, if Decryption failures represents that then this user does not have the desired attribute of the described new file of access, this result for retrieval of mark is the unauthorized file so, finishes retrieval.
S25 returns to the user with the result for retrieval that obtains after filtering; Level of security according to setting returns to the user with result for retrieval.Detailed process is: when setting higher level of security for the moment, only return the file name information of the file that retrieves and the summary of file, and the operation of open authority; When setting lower level of security two, return the file name information of All Files and the summary of file, but only open the down operation of authority.
S3 downloads the file that retrieves, and namely selects to download authority, for file engraves watermark, at last described file is passed to the user; This step comprises specifically as shown in Figure 4:
S31, the user browses result for retrieval, and selects to download result for retrieval.
S32 is for authority engraves watermark, in order to make copyright protection and document track.
S33 will process file transfer later to the user.
The present embodiment provides the access control method that uses search engine under the cloud environment that the ciphertext policy attribute encrypts, particular flow sheet as shown in Figure 5, the method can a step realize fine-grained access control, data protection and protect the high efficiency of search performance.
Embodiment two
The present embodiment provides the access control system of search engine under a kind of cloud environment, and as shown in Figure 6, the access control system of search engine comprises under the described cloud environment: administration module 1, data retrieval module 2, access control module 3 and data memory module 4.
Administration module 1 is used for managing keys and attribute, and described private key is unique voucher of declassified document.Administration module is when user registration or key need to upgrade (situations such as key expires, the renewal of user's active request), the attribute all according to the user, for it generates its key of authority at that time of unique representative, and the key management work after being responsible for, the adoptable scheme of key management is more, a kind of method is the unactual user's of the giving keeping of user key, but each when needs use the up-to-date attribute according to the user be its dynamic generation, thereby guaranteed validity and the security of user key.Another kind is that key is transferred to user management, and is each cipher key setting term of validity, and key namely can lose efficacy after expiring.The user can be when at ordinary times attribute change new key or then upgrade in request when the term of validity more initiatively.Described administration module is complementary module, but the access control system of search engine is an indispensable part under whole cloud environment, and it comprises attribute management module and key management module two parts.
Wherein, described attribute management module is used for the leading subscriber characteristic information, and for example, user's age, work, department, email address etc. are to realize complicated access control condition.For example, the access control condition of the file of a certain the university's art festival registration condition of access and detailed rules and regulations,
The access control condition is: teacher or the student that must be this school; Must specify corporations referring to crossing two at least; The necessary age is between 20 to 30 years old.
That is: (certain university student OR university teacher) AND(2,3) of(participated in dancing corporations, skidding corporations, music corporations) the AND(age greater than the 20AND age less than 30)
Adopted (t in this access control condition, n) thresholding, the principle of this thresholding is to distribute secret method in n participant, under this method, each participant has the partial information of untiing secret, arbitrarily t participant can the original secret of reconstruct, and any t-1 participant can not obtain any information about secret.Be applied in the formation of access structure, (t, n) thresholding then with door or class seemingly, its general form can be expressed as (t, n) (P1, P2, Pn), represent and to satisfy at least t in n the Parameter Conditions (Pi) and just can export True for True, otherwise export False.This in above example access structure then expression need at least to participate in two ability in 3 corporations' conditions by this thresholding.
Described key management module is used for generating key, and guarantee when user property changes, the corresponding change of its authority can in time embody among the key, otherwise, if user property has occured to change but its authority is for being changed accordingly, can cause like this disunity of user's actual authority and execution authority.The adoptable scheme of key management is also more, and a kind of method is the unactual user of giving of user key keeping, but each when needs use the up-to-date attribute according to the user be its dynamic generation, thereby guaranteed validity and the security of user key.Another kind is that key is transferred to user management, and is each cipher key setting term of validity, and key namely can lose efficacy after expiring.The user can be when at ordinary times attribute change new key or then upgrade in request when the term of validity more initiatively.
Data retrieval module 2 is used for receiving the file of uploading, and the retrieval service of mass file data is provided, and is described new file generated index, specifies access structure.The index that described data retrieval module generates is plaintext, resource then is the form of ciphertext, the retrieval actions of data retrieval module 2 in two stages, for the first time retrieval done in the key word that at first provides according to the user, the tabulation of formation alternative file, whether second step is paid access control module with key and alternative file tabulation that the user provides, have authority to obtain the information of this document to judge the user.
Access control module 3 is used to new file encryption, after retrieval finishes, result for retrieval is filtered, and judges whether the file decryption that retrieves successful; If successful decryption represents that then this user has the desired attribute of the described new file of access, therefore, this result for retrieval of mark is for authorizing; Otherwise if Decryption failures represents that then this user does not have the desired attribute of the described new file of access, this index structure of mark is unauthorized so.
Data memory module 4 is used for new file that storage uploads to high in the clouds.
The principle of work of the access control system of search engine under the described cloud environment:
Data retrieval module 2 receives the new file of uploading, and be these new file generated index, specifies access structure, and the new file encryption of described access control module 3 for uploading followed the new file of having encrypted that data memory module 4 will upload and be stored to high in the clouds; When the user asks to retrieve required file, administration module 1 obtains user key, 2 pairs of mass files of data retrieval module are namely retrieved according to the key word that the user provides according to the index that generates, and form the alternative file tabulation, then access control module 3 result for retrieval of coming, in described listed files, user's key is decrypted it one by one, and the file that result for retrieval need to select download is browsed by end user, for file engraves watermark, at last with the deciphering file transfer to the user.
Access control method and the system of search engine under a kind of cloud environment of the present invention; utilize encryption attribute to have access control fine size, data protection high safety, the acceptable characteristics of arithmetic speed; it is attached in the effective search engine under the cloud environment can realizes simultaneously cryptographic operation and access control, and keep the high efficiency of search engine.
In sum, the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not is used for restriction the present invention.Any person skilled in the art scholar all can be under spirit of the present invention and category, and above-described embodiment is modified or changed.Therefore, have in the technical field under such as and know that usually the knowledgeable modifies or changes not breaking away from all equivalences of finishing under disclosed spirit and the technological thought, must be contained by claim of the present invention.

Claims (8)

1.一种云环境下搜索引擎的访问控制方法,其特征在于,所述访问控制方法包括:1. the access control method of search engine under a kind of cloud environment, it is characterized in that, described access control method comprises: S1,处理接收的新文件,为新文件生成索引,指定访问结构并为新文件加密,并存储已加密的新文件;S1, process the received new file, generate an index for the new file, specify the access structure and encrypt the new file, and store the encrypted new file; S2,发出检索所需文件的请求,获取密钥后开始检索文件,并过滤检索结果;S2, send out a request for retrieving the required files, start retrieving the files after obtaining the key, and filter the retrieval results; S3,选择下载文件,为文件刻上水印,最后将所述文件传给用户。S3, choose to download a file, engrave a watermark on the file, and finally send the file to the user. 2.根据权利要求1所述的云环境下搜索引擎的访问控制方法,其特征在于:于所述步骤S1还包括:2. the access control method of search engine under the cloud environment according to claim 1, is characterized in that: in described step S1 also comprises: S11,上传新文件;S11, uploading a new file; S12,处理所述新文件的内容,并生成索引;S12, processing the content of the new file, and generating an index; S13,指定访问结构,即指定用户需要具有何种属性才具有打开新文件的权限;S13, specifying the access structure, that is, specifying which attribute the user needs to have to have the permission to open the new file; S14,为新文件进行属性加密,即使用所述的访问结构为新文件加密;S14, perform attribute encryption for the new file, that is, use the access structure to encrypt the new file; S15,存储已加密好的新文件,以便使用其存储服务。S15, storing the encrypted new file so as to use its storage service. 3.根据权利要求1所述的云环境下搜索引擎的访问控制方法,其特征在于:于所述步骤S2还包括:3. the access control method of search engine under the cloud environment according to claim 1, is characterized in that: in described step S2 also comprises: S21,请求检索所需文件;S21, requesting to retrieve the required files; S22,获取用户密钥;所述密钥是解码新文件的唯一凭证;S22, obtaining a user key; the key is the only certificate for decoding the new file; S23,根据生成的索引检索文件;即根据索引,找到与用户关键字匹配的所有文件列表;S23, retrieving files according to the generated index; namely, according to the index, find a list of all files matching the user keyword; S24,过滤检索结果,即对检索到的与用户关键字匹配的文件列表,使用获取的用户密钥对密文一一进行解密,并判断是否对检索到的文件解密成功;若是,则表示该用户具有访问所述新文件所要求的属性,继续执行下一步;若否,则表示该用户不具有访问所述新文件所要求的属性,结束进程;S24, filter the search results, that is, use the obtained user key to decrypt the ciphertext one by one for the retrieved file list matching the user keyword, and judge whether the retrieved file is decrypted successfully; if so, it means that the If the user has the required attribute for accessing the new file, proceed to the next step; if not, it means that the user does not have the required attribute for accessing the new file, and end the process; S25,将过滤后得到的检索结果返回给用户。S25. Return the filtered retrieval result to the user. 4.根据权利要求3所述的云环境下搜索引擎的访问控制方法,其特征在于:解密成功标记检索结果为授权文件,解密失败标记检索结果为未授权文件。4. The access control method for a search engine in a cloud environment according to claim 3, characterized in that: successful decryption marks the search result as an authorized file, and marks a decryption failure as an unauthorized file. 5.根据权利要求1所述的云环境下搜索引擎的访问控制方法,其特征在于:于所述步骤S3还包括:5. the access control method of search engine under the cloud environment according to claim 1, is characterized in that: in described step S3 also comprises: S31,浏览检索结果,并选择下载检索结果;S31, browse the retrieval results, and choose to download the retrieval results; S32,为授权文件刻上水印,以便作版权保护及文件追踪;S32, engraving a watermark on the authorized document for copyright protection and document tracking; S33,将处理过后的文件传输给用户。S33, transmitting the processed file to the user. 6.一种云环境下搜索引擎的访问控制系统,其特征在于,所述访问控制系统包括:6. an access control system of a search engine in a cloud environment, characterized in that the access control system comprises: 管理模块,用于管理获取的密钥和属性;A management module for managing acquired keys and attributes; 数据检索模块,用于接收上传的文件,提供海量文件数据的检索服务,为所述新文件生成索引,指定访问结构;A data retrieval module, configured to receive uploaded files, provide retrieval services for massive file data, generate an index for the new file, and specify an access structure; 访问控制模块,用于为新文件加密,当检索结束后,对检索结果进行过滤,并判断是否对检索到的文件解密成功;The access control module is used for encrypting the new file, after the retrieval is finished, filtering the retrieval result, and judging whether the decryption of the retrieved file is successful; 数据储存模块,用于存储上传的新文件。The data storage module is used for storing uploaded new files. 7.根据权利要求6所述的云环境下搜索引擎的访问控制系统,其特征在于:所述管理模块包括属性管理模块和密钥管理模块,所述属性管理模块用于管理用户特征信息,所述密钥管理模块用于生成密钥,并保证用户属性发生变化时,其权限的相应变动能及时体现到密钥之中。7. the access control system of search engine under cloud environment according to claim 6, it is characterized in that: described management module comprises attribute management module and key management module, and described attribute management module is used for managing user feature information, so The above-mentioned key management module is used to generate keys and ensure that when user attributes change, corresponding changes in their permissions can be reflected in the keys in a timely manner. 8.根据权利要求6所述的云环境下搜索引擎的访问控制系统,其特征在于:所述数据检索模块的检索分为两步,第一步根据用户提供的关键字作第一次检索,形成候选文件列表,第二步将用户所提供的密钥和候选文件列表交付访问控制模块,以判断用户是否有权限获得文件的信息。8. the access control system of search engine under the cloud environment according to claim 6, it is characterized in that: the retrieval of described data retrieval module is divided into two steps, and the first step searches for the first time according to the keyword that the user provides, The candidate file list is formed, and the second step is to deliver the key provided by the user and the candidate file list to the access control module to determine whether the user has the right to obtain file information.
CN201210537398.3A 2012-12-12 2012-12-12 The access control method of search engine under cloud environment and system Expired - Fee Related CN102945356B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210537398.3A CN102945356B (en) 2012-12-12 2012-12-12 The access control method of search engine under cloud environment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210537398.3A CN102945356B (en) 2012-12-12 2012-12-12 The access control method of search engine under cloud environment and system

Publications (2)

Publication Number Publication Date
CN102945356A true CN102945356A (en) 2013-02-27
CN102945356B CN102945356B (en) 2015-11-18

Family

ID=47728296

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210537398.3A Expired - Fee Related CN102945356B (en) 2012-12-12 2012-12-12 The access control method of search engine under cloud environment and system

Country Status (1)

Country Link
CN (1) CN102945356B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366008A (en) * 2013-07-22 2013-10-23 天津汉柏信息技术有限公司 Resource searching method and device
CN106101153A (en) * 2016-08-22 2016-11-09 安徽拓通信科技集团股份有限公司 A kind of method of note cloud encrypting storing
CN106330865A (en) * 2016-08-12 2017-01-11 安徽大学 Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment
CN106559379A (en) * 2015-09-25 2017-04-05 富泰华工业(深圳)有限公司 High in the clouds encryption system and method
CN108173862A (en) * 2017-12-29 2018-06-15 中国地质大学(武汉) A geoscience big data image access control method, device and storage device
CN109074463A (en) * 2016-04-27 2018-12-21 三菱电机株式会社 Attribute cooperation device, conveyer system, attribute collaboration method and attribute program interoperability
CN109829308A (en) * 2018-05-04 2019-05-31 360企业安全技术(珠海)有限公司 The management method and device of control strategy, storage medium, electronic device
CN115688149A (en) * 2023-01-03 2023-02-03 大熊集团有限公司 Encrypted data access method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102024054A (en) * 2010-12-10 2011-04-20 中国科学院软件研究所 Ciphertext cloud-storage oriented document retrieval method and system
CN102075542A (en) * 2011-01-26 2011-05-25 中国科学院软件研究所 Cloud computing data security supporting platform
US20110145594A1 (en) * 2009-12-16 2011-06-16 Electronics And Telecommunications Research Institute Method for performing searchable symmetric encryption
CN102244660A (en) * 2011-07-12 2011-11-16 北京航空航天大学 Encryption method for realizing support of FGAC (Fine Grained Access Control)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145594A1 (en) * 2009-12-16 2011-06-16 Electronics And Telecommunications Research Institute Method for performing searchable symmetric encryption
CN102024054A (en) * 2010-12-10 2011-04-20 中国科学院软件研究所 Ciphertext cloud-storage oriented document retrieval method and system
CN102075542A (en) * 2011-01-26 2011-05-25 中国科学院软件研究所 Cloud computing data security supporting platform
CN102244660A (en) * 2011-07-12 2011-11-16 北京航空航天大学 Encryption method for realizing support of FGAC (Fine Grained Access Control)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘帆等: "一种用于云存储的密文策略属性基加密方案", 《计算机应用研究》, vol. 29, no. 4, 30 April 2012 (2012-04-30), pages 1453 - 1456 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366008A (en) * 2013-07-22 2013-10-23 天津汉柏信息技术有限公司 Resource searching method and device
CN106559379A (en) * 2015-09-25 2017-04-05 富泰华工业(深圳)有限公司 High in the clouds encryption system and method
CN109074463A (en) * 2016-04-27 2018-12-21 三菱电机株式会社 Attribute cooperation device, conveyer system, attribute collaboration method and attribute program interoperability
CN106330865A (en) * 2016-08-12 2017-01-11 安徽大学 Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment
CN106330865B (en) * 2016-08-12 2019-03-29 安徽大学 Attribute-based keyword searching method supporting efficient revocation in cloud environment and cloud computing application system
CN106101153A (en) * 2016-08-22 2016-11-09 安徽拓通信科技集团股份有限公司 A kind of method of note cloud encrypting storing
CN108173862A (en) * 2017-12-29 2018-06-15 中国地质大学(武汉) A geoscience big data image access control method, device and storage device
CN108173862B (en) * 2017-12-29 2021-04-20 中国地质大学(武汉) A method, device and storage device for access control of geoscience big data image
CN109829308A (en) * 2018-05-04 2019-05-31 360企业安全技术(珠海)有限公司 The management method and device of control strategy, storage medium, electronic device
CN109829308B (en) * 2018-05-04 2022-02-15 奇安信安全技术(珠海)有限公司 Control strategy management method and device, storage medium, and electronic device
CN115688149A (en) * 2023-01-03 2023-02-03 大熊集团有限公司 Encrypted data access method and system

Also Published As

Publication number Publication date
CN102945356B (en) 2015-11-18

Similar Documents

Publication Publication Date Title
CN111343001B (en) Social data sharing system based on block chain
CN108259169B (en) A method and system for secure file sharing based on blockchain cloud storage
CN109559124B (en) Cloud data security sharing method based on block chain
CN109144961B (en) Authorization file sharing method and device
US9866375B2 (en) Multi-level key management
CN103561034B (en) A kind of secure file shared system
CN102945356A (en) Access control method and system for search engine under cloud environment
CN106254324B (en) A kind of encryption method and device of storage file
CN104021157B (en) Keyword in cloud storage based on Bilinear map can search for encryption method
CN103581196B (en) Distributed document transparent encryption method and transparent decryption method
CN105024802B (en) Multi-user's multi-key word based on Bilinear map can search for encryption method in cloud storage
CN104063334A (en) Encryption method and system based on data attributions
CN110519049A (en) A kind of cloud data protection system based on credible performing environment
CN103220141B (en) A kind of protecting sensitive data method and system based on group key strategy
CN105378649A (en) Multiple authority data security and access
CN103916480B (en) A kind of file encryption system towards shared file
CN112989375B (en) A Hierarchical Optimization Encryption Lossless Privacy Protection Method
CN104023051A (en) Multi-user multi-keyword searchable encryption method in cloud storage
CN111274599A (en) A blockchain-based data sharing method and related device
CN105049196A (en) Searchable encryption method of multiple keywords at specified location in cloud storage
CN112825520A (en) User privacy data processing method, device, system and storage medium
CN111932263B (en) Data management method, device and equipment
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
Thilakanathan et al. Secure multiparty data sharing in the cloud using hardware-based TPM devices
CN106992978A (en) Network safety managing method and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20151118

Termination date: 20181212

CF01 Termination of patent right due to non-payment of annual fee