CN103227789A - Lightweight fine-grained access control method in cloud environment - Google Patents
Lightweight fine-grained access control method in cloud environment Download PDFInfo
- Publication number
- CN103227789A CN103227789A CN2013101384343A CN201310138434A CN103227789A CN 103227789 A CN103227789 A CN 103227789A CN 2013101384343 A CN2013101384343 A CN 2013101384343A CN 201310138434 A CN201310138434 A CN 201310138434A CN 103227789 A CN103227789 A CN 103227789A
- Authority
- CN
- China
- Prior art keywords
- data
- private key
- user
- mirror image
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a lightweight fine-grained access control method in a cloud storage environment, and belongs to the field of safe cloud storage. The method comprises the following steps of 1, data uploading, 2, data authorization, 3, data access, 4, authorization cancellation, and 5, data updating. According to the lightweight fine-grained access control method, a data mirror image and an authority control layer are constructed, so that duplicate-free data sharing and fine-grained data access control can be achieved effectively, and the safety of a data encryption key is guaranteed.
Description
Technical field
The invention belongs to the secure cloud field of storage, particularly relate to private data lightweight, fine granularity, data access control method flexibly.
Background technology
Cloud computing once proposition, has just obtained academia as a kind of new network computing model, the very big concern of industrial quarters.The cloud stores service with its distinctive good autgmentability, easily dispose and cheap cost developed rapidly, academia or industrial quarters have all obtained significant achievement.
Although the cloud stores service obtains so many remarkable achievement within the so short time, but its problem faced in evolution is still restricting further developing of cloud storage, and the bottleneck of at present generally acknowledged restriction cloud stores service development is problem of data safety, although there are at present a lot of safe practices to guarantee data security, but most technology more attention is from outside threat, and is not effectively paid close attention to for the inside threat of cloud storage provider.
Current mainly resists internaling attack from the cloud storage provider by the local encryption and decryption technology to data.Although current local encryption and decryption technology has effectively been resisted from the attack in cloud service provider inside and network, affected greatly data sharing between different user.Although key agreement mechanism can solve sharing of encrypt data, but this mechanism can cause the height of each data grant to assess the cost, and can't effectively authorize and cancel or upgrade, and can only authorize and cancel or upgrade by the mode to the data re-encrypted.
Analyze discovery for current encrypt data access control method, there is following subject matter in current encrypt data access control method:
1. in the prerequisite guaranteed data security, the effective mechanism of neither one solves without the encrypt data of copy to be shared.
2. current data grant major part all is based on static role or attribute division, can't carry out flexibly for data fine-grained data grant.
3. once after ciphertext being carried out to data grant, especially after repeatedly authorizing for same data, can not effectively for data, authorize and cancel, the most of employing carried out re-encryption mechanism to data at present, greatly increased the weight of calculation cost and can cause other addressable users' key to be changed.
Summary of the invention
For addressing the above problem, the invention provides the fine-grained access control method of lightweight under a kind of cloud environment, comprise the following steps:
Step 1: uploading data and initialization, its implementation is:
On the one hand, the clear data that the data owner will upload by the PKI local cipher of oneself, obtain encrypt data; Then described encrypt data is uploaded to high in the clouds;
On the other hand, according to data owner's access control demand, construct corresponding control of authority node layer;
Step 2: the mandate of data, its implementation comprises the steps:
Step 2.1: determine authorization data, the data that will authorize for each, generate the data image of a correspondence, if described data need to repeatedly be authorized, a plurality of mirror images of corresponding generation, described data owner is that described each mirror image generates a public private key pair;
Step 2.2: calculate the re-encrypted private key of acting on behalf of between described data and its mirror image, be stored in high in the clouds;
Step 2.3: session key, be authorized to the user for each, described data owner goes out a session key by the private key of oneself and PKI and the open parametric configuration of described authorized user, and described user refers to an alone family or a groups of users;
Step 2.4: the private key by described session key to described mirror image is encrypted, and the ciphertext after encrypting is stored in to described control of authority node, upgrades the authorization user information described in described control of authority node simultaneously;
Step 3: the reading of data:
Described certain data are read in described user's request, at first system judges according to described control of authority node whether described active user has this data access authority, if have, by the data of described user request through the re-encryption of mirror image with and the control of authority node in the mirror image private key encrypted send to described user, described user deciphers and obtains described mirror image private key by the first round in client, then utilizes this private key to carry out second and takes turns deciphering the described clear data of final acquisition; Otherwise, refuse described user's request;
Step 4: authorize and cancel:
Describedly be authorized to the requested revocation of user, system judges between the described user of being authorized to and described data whether have access path, if there is no, refuses described request; If exist, system judges whether described control of authority node exists this user profile, if having:
If the only corresponding mirror image of described data, directly delete this data image, and empty its control of authority nodal information from high in the clouds;
If the only corresponding mirror image of described data, but only carry out to authorize for certain customers, cancel, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
If described data are corresponding to a plurality of mirror images, and need to carry out to authorize to all mirror images and cancel, delete corresponding mirror image, and upgrade the user profile that is authorized in the control of authority node;
If described data are corresponding to a plurality of mirror images, but the mandate of carrying out certain customers in many mirror images is cancelled, for each relevant mirror image, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
Otherwise, refuse described request;
Step 5: Data Update, after some the described data to high in the clouds are upgraded,
If its access authorization is remained unchanged, do not carry out any operation;
If need to cancel some described mandate, according to the mandate in described step 4, cancel execution;
If need newly-increased access authorization, carry out according to the data grant in described step 2.
As preferably, the corresponding control of authority node layer of the structure described in step 1, described each node is endowed the relevant information that is authorized to the user.
As preferably, along with the operation of system, and the change of authority, can be dynamically updated described control of authority node.
The present invention compares and has the following advantages with existing authorization access control:
1. realize repeatedly authorizing without the data of copy the lightweight data sharing by data image;
2. according to the mandate of demand flexible data.The user not only can divide according to group, can also again be divided according to different role in group, and can carry out the transience mandate for the casual user;
3. authorize and cancel easily.According to demand, by adjusting data image and control of authority nodal value, carry out the recovery of access rights.
The accompanying drawing explanation
Fig. 1: support lightweight of the present invention, fine-grained data access control hierarchy structure chart.
Fig. 2: data upload of the present invention and initialization flowchart.
Fig. 3: the fine granularity control of authority node data structure chart of the specific embodiment of the invention.
Fig. 4: data grant flow chart of the present invention.
Fig. 5: data of the present invention read flow chart.
Fig. 6: flow chart is cancelled in mandate of the present invention.
Embodiment
Below in conjunction with concrete example and accompanying drawing, the present invention will be further described.
The invention provides the fine-grained access control method of lightweight under a kind of cloud environment, comprise the following steps:
Step 1: uploading data and initialization, its implementation is:
On the one hand, the clear data that the data owner will upload by the PKI local cipher of oneself, obtain encrypt data; Then encrypt data is uploaded to high in the clouds;
On the other hand, according to data owner's access control demand, construct corresponding control of authority node layer, each node is endowed the relevant information that is authorized to the user, along with the operation of system, and the change of authority, can be dynamically updated the control of authority node;
Step 2: the mandate of data, its implementation comprises the steps:
Step 2.1: determine authorization data, the data that will authorize for each, generate the data image of a correspondence, if data need to repeatedly be authorized, a plurality of mirror images of corresponding generation, the data owner is that each mirror image generates a public private key pair;
Step 2.2: act on behalf of re-encrypted private key between calculated data and its mirror image, be stored in high in the clouds;
Step 2.3: session key, be authorized to the user for each, the data owner goes out a session key by the private key of oneself and PKI and the open parametric configuration of authorized user, and the user refers to an alone family or a groups of users;
Step 2.4: the private key by session key to mirror image is encrypted, and the ciphertext after encrypting is stored in to the control of authority node, upgrades authorization user information in the control of authority node simultaneously;
Step 3: the reading of data:
Certain data is read in user's request, at first system judges according to the control of authority node whether the active user has this data access authority, if have, by the data of user request through the re-encryption of mirror image with and the control of authority node in the mirror image private key encrypted send to the user, the user deciphers and obtains the mirror image private key by the first round in client, then utilizes this private key to carry out second and takes turns deciphering the final clear data that obtains; Otherwise, refuse user's request;
Step 4: authorize and cancel:
Be authorized to the requested revocation of user, the system judgement is authorized between user and data whether exist access path, if there is no, and the refusal request; If exist, system judges whether the control of authority node exists this user profile, if having:
If the only corresponding mirror image of data, directly delete this data image, and empty its control of authority nodal information from high in the clouds;
If the only corresponding mirror image of data, but only carry out to authorize for certain customers, cancel, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
If data are corresponding to a plurality of mirror images, and need to carry out to authorize to all mirror images and cancel, delete corresponding mirror image, and upgrade the user profile that is authorized in the control of authority node;
If data are corresponding to a plurality of mirror images, but the mandate of carrying out certain customers in many mirror images is cancelled, for each relevant mirror image, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
Otherwise, the refusal request;
Step 5: Data Update, after some data to high in the clouds are upgraded,
If its access authorization is remained unchanged, do not carry out any operation;
Authorize if need to cancel some, according to the mandate in step 4, cancel execution;
If need newly-increased access authorization, carry out according to the data grant in step 2.
Ask for an interview Fig. 1, for support lightweight of the present invention, fine-grained data access control hierarchy structure chart, comprise physical layer, data image layer, control of authority layer, client layer.
Ask for an interview Fig. 2, submit to and the initialization procedure flow chart for data, at first in this locality, the PKI by oneself is encrypted data f1~f6 data owner (data owner), particularly, adopts asymmetrical RSA cryptographic algorithms to be encrypted data here.At first determine system parameters SP:={p according to the security parameters λ of system, q, n}, n=pq, and p here, q is two large prime numbers that meet the security of system parameter lambda.When the user registers, system is a pair of public and private key of each user assignment (ek, dk)=(<e, n>,<d, n>), and e is here
in select at random, wherein
then according to e, calculate corresponding
wherein<e, n>be PKI,<d, n>be private key.Suppose to be expressly m, the ciphertext after encrypting is c=m
emodn.
Then the data upload after encrypting is to high in the clouds.According to system requirements, access rights are divided, i.e. control of authority node in control of authority layer in structural map 1.Ask for an interview Fig. 3, for the concrete data structure diagram of control of authority node, record associated user's authorization message.Along with the operation of system, and the demands such as change of authority, can be dynamically updated the control of authority node, realize whereby fine-grained data access control.
Asking for an interview Fig. 4, is the data grant process flow diagram, and here so that data f1 is licensed to U1, U3 is example.At first the data owner determines that the data that will authorize are f1, system is that f1 generates corresponding mirror image, the data owner generates a public private key pair (ek1 for each mirror image, dk1), to be generated complete, in Fig. 1 in the data image layer mirror image of corresponding f1 generate completely, then calculate the act on behalf of re-encrypted private key of f1 to its corresponding mirror image, specifically be calculated as follows: establish user key here to being (eu
i, du
i)=(<eu
i, n>,<du
i, n>), corresponding mirror image key is to being (eu
j, du
j)=(<eu
j, n>,<du
j, n>), so corresponding re-encrypted private key is
and by corresponding re-encrypted private key rk
i-jbeing uploaded to high in the clouds is stored in mirror nodes.Then respectively according to authorized user U1, the PKI eu of U3
1, eu
2, as session key, utilize session key mirror image private key du
j, specifically be calculated as follows:
And the private key after encrypting
be stored in corresponding control of authority node.
Asking for an interview Fig. 5, is the data read process flow chart, and at first user U1 sends visit data f1 request, system judges between U1 and f1 whether have access path, if exist, remove to search the control of authority node on current path, judge whether U1 has the granted access of f1.If have, high in the clouds utilizes in mirror image re-encrypted private key to carry out re-encryption to data f1 and obtains F1, the private key after encrypting together with U1 in the control of authority node is corresponding
send to user U1.User U1 utilizes the private key of oneself at first to decipher the ciphertext of f1 mirror image corresponding private key
, then utilize the mirror image private key du decrypted
jdata decryption F1 obtains expressly f1 of data.Otherwise, denied access.
Ask for an interview Fig. 6, for the detailed process flow chart is cancelled in mandate, if we cancel the mandate of f1 to U1 with reference to Fig. 1, at first we empty the associated authorization information of U1 in the control of authority node on f1DaoU1 path, path, then generate new public private key pair for the mirror image of f1, and calculate the new re-encrypted private key of acting on behalf of with it, the session key of finally the new private key of mirror image being calculated by data owner and authorized user, other users' information in renewal control of authority node.So far, for the mandate of U1, cancel complete, and on other users without any impact.If cancel the mandate of f7 for U8, we by f7 corresponding mirror image delete, and empty on this path the corresponding authorization message of U8 in the control of authority node.
Above content is the further description of the present invention being done in conjunction with optimum implementation, can not assert that specific embodiment of the invention is only limited to these explanations.It should be appreciated by those skilled in the art, in the situation that do not break away from by appended claims and limit, can carry out in detail various modifications, all should be considered as belonging to protection scope of the present invention.
Claims (3)
1. the fine-grained access control method of lightweight under a cloud environment, is characterized in that, comprises the following steps:
Step 1: uploading data and initialization, its implementation is:
On the one hand, the clear data that the data owner will upload by the PKI local cipher of oneself, obtain encrypt data; Then described encrypt data is uploaded to high in the clouds;
On the other hand, according to data owner's access control demand, construct corresponding control of authority node layer;
Step 2: the mandate of data, its implementation comprises the steps:
Step 2.1: determine authorization data, the data that will authorize for each, generate the data image of a correspondence, if described data need to repeatedly be authorized, a plurality of mirror images of corresponding generation, described data owner is that described each mirror image generates a public private key pair;
Step 2.2: calculate the re-encrypted private key of acting on behalf of between described data and its mirror image, be stored in high in the clouds;
Step 2.3: session key, be authorized to the user for each, described data owner goes out a session key by the private key of oneself and PKI and the open parametric configuration of described authorized user, and described user refers to an alone family or a groups of users;
Step 2.4: the private key by described session key to described mirror image is encrypted, and the ciphertext after encrypting is stored in to described control of authority node, upgrades the authorization user information described in described control of authority node simultaneously;
Step 3: the reading of data:
Described certain data are read in described user's request, at first system judges according to described control of authority node whether described active user has this data access authority, if have, by the data of described user request through the re-encryption of mirror image with and the control of authority node in the mirror image private key encrypted send to described user, described user deciphers and obtains described mirror image private key by the first round in client, then utilizes this private key to carry out second and takes turns deciphering the described clear data of final acquisition; Otherwise, refuse described user's request;
Step 4: authorize and cancel:
Describedly be authorized to the requested revocation of user, system judges between the described user of being authorized to and described data whether have access path, if there is no, refuses described request; If exist, system judges whether described control of authority node exists this user profile, if having:
If the only corresponding mirror image of described data, directly delete this data image, and empty its control of authority nodal information from high in the clouds;
If the only corresponding mirror image of described data, but only carry out to authorize for certain customers, cancel, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
If described data are corresponding to a plurality of mirror images, and need to carry out to authorize to all mirror images and cancel, delete corresponding mirror image, and upgrade the user profile that is authorized in the control of authority node;
If described data are corresponding to a plurality of mirror images, but the mandate of carrying out certain customers in many mirror images is cancelled, for each relevant mirror image, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
Otherwise, refuse described request;
Step 5: Data Update, after some the described data to high in the clouds are upgraded,
If its access authorization is remained unchanged, do not carry out any operation;
If need to cancel some described mandate, according to the mandate in described step 4, cancel execution;
If need newly-increased access authorization, carry out according to the data grant in described step 2.
2. the fine-grained access control method of lightweight under cloud environment according to claim 1, it is characterized in that: the corresponding control of authority node layer of the structure described in step 1, described each node is endowed the relevant information that is authorized to the user.
3. the fine-grained access control method of lightweight under cloud environment according to claim 1 is characterized in that: along with the operation of system, and the change of authority, can be dynamically updated described control of authority node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310138434.3A CN103227789B (en) | 2013-04-19 | 2013-04-19 | The fine-grained access control method of lightweight under a kind of cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310138434.3A CN103227789B (en) | 2013-04-19 | 2013-04-19 | The fine-grained access control method of lightweight under a kind of cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103227789A true CN103227789A (en) | 2013-07-31 |
CN103227789B CN103227789B (en) | 2015-09-16 |
Family
ID=48838050
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310138434.3A Active CN103227789B (en) | 2013-04-19 | 2013-04-19 | The fine-grained access control method of lightweight under a kind of cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103227789B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104009987A (en) * | 2014-05-21 | 2014-08-27 | 南京邮电大学 | Fine-grained cloud platform security access control method based on user identity capacity |
CN104980477A (en) * | 2014-04-14 | 2015-10-14 | 航天信息股份有限公司 | Data access control method and system in cloud storage environment |
CN105072180A (en) * | 2015-08-06 | 2015-11-18 | 武汉科技大学 | Cloud storage data security sharing method with permission time control |
CN106610839A (en) * | 2015-10-21 | 2017-05-03 | 阿里巴巴集团控股有限公司 | Method for releasing upgrading package and lightweight upgrading method, device and system |
CN106788988A (en) * | 2016-11-28 | 2017-05-31 | 暨南大学 | Voidable key polymerization encryption method under cloud environment |
CN107370595A (en) * | 2017-06-06 | 2017-11-21 | 福建中经汇通有限责任公司 | One kind is based on fine-grained ciphertext access control method |
CN107659567A (en) * | 2017-09-19 | 2018-02-02 | 北京许继电气有限公司 | The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst |
CN109614779A (en) * | 2018-12-28 | 2019-04-12 | 北京航天数据股份有限公司 | A kind of secure data operation method, device, equipment and medium |
CN111083140A (en) * | 2019-12-13 | 2020-04-28 | 北京网聘咨询有限公司 | Data sharing method under hybrid cloud environment |
CN111190738A (en) * | 2019-12-31 | 2020-05-22 | 北京仁科互动网络技术有限公司 | User mirroring method, device and system under multi-tenant system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739689A (en) * | 2012-07-16 | 2012-10-17 | 四川师范大学 | File data transmission device and method used for cloud storage system |
US20130042106A1 (en) * | 2011-08-11 | 2013-02-14 | Cisco Technology, Inc. | Security Management In A Group Based Environment |
-
2013
- 2013-04-19 CN CN201310138434.3A patent/CN103227789B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130042106A1 (en) * | 2011-08-11 | 2013-02-14 | Cisco Technology, Inc. | Security Management In A Group Based Environment |
CN102739689A (en) * | 2012-07-16 | 2012-10-17 | 四川师范大学 | File data transmission device and method used for cloud storage system |
Non-Patent Citations (1)
Title |
---|
韩德志等: "《一种在云计算下的细粒度数据访问控制算法》", 《华中科技大学学报》, vol. 40, 15 December 2012 (2012-12-15), pages 1 - 4 * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104980477A (en) * | 2014-04-14 | 2015-10-14 | 航天信息股份有限公司 | Data access control method and system in cloud storage environment |
CN104980477B (en) * | 2014-04-14 | 2019-07-09 | 航天信息股份有限公司 | Data access control method and system under cloud storage environment |
CN104009987B (en) * | 2014-05-21 | 2017-02-22 | 南京邮电大学 | Fine-grained cloud platform security access control method based on user identity capacity |
CN104009987A (en) * | 2014-05-21 | 2014-08-27 | 南京邮电大学 | Fine-grained cloud platform security access control method based on user identity capacity |
CN105072180B (en) * | 2015-08-06 | 2018-02-09 | 武汉科技大学 | A kind of cloud storage data safety sharing method for having permission time control |
CN105072180A (en) * | 2015-08-06 | 2015-11-18 | 武汉科技大学 | Cloud storage data security sharing method with permission time control |
CN106610839A (en) * | 2015-10-21 | 2017-05-03 | 阿里巴巴集团控股有限公司 | Method for releasing upgrading package and lightweight upgrading method, device and system |
CN106788988A (en) * | 2016-11-28 | 2017-05-31 | 暨南大学 | Voidable key polymerization encryption method under cloud environment |
CN107370595A (en) * | 2017-06-06 | 2017-11-21 | 福建中经汇通有限责任公司 | One kind is based on fine-grained ciphertext access control method |
CN107659567A (en) * | 2017-09-19 | 2018-02-02 | 北京许继电气有限公司 | The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst |
CN109614779A (en) * | 2018-12-28 | 2019-04-12 | 北京航天数据股份有限公司 | A kind of secure data operation method, device, equipment and medium |
CN111083140A (en) * | 2019-12-13 | 2020-04-28 | 北京网聘咨询有限公司 | Data sharing method under hybrid cloud environment |
CN111190738A (en) * | 2019-12-31 | 2020-05-22 | 北京仁科互动网络技术有限公司 | User mirroring method, device and system under multi-tenant system |
CN111190738B (en) * | 2019-12-31 | 2023-09-08 | 北京仁科互动网络技术有限公司 | User mirroring method, device and system under multi-tenant system |
Also Published As
Publication number | Publication date |
---|---|
CN103227789B (en) | 2015-09-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103227789B (en) | The fine-grained access control method of lightweight under a kind of cloud environment | |
Shi et al. | A blockchain-empowered AAA scheme in the large-scale HetNet | |
WO2018045568A1 (en) | Access control method oriented to cloud storage service platform and system thereof | |
CN108390876A (en) | Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server | |
CN104009987B (en) | Fine-grained cloud platform security access control method based on user identity capacity | |
CN109120639A (en) | A kind of data cloud storage encryption method and system based on block chain | |
CN108600171B (en) | Cloud data deterministic deletion method supporting fine-grained access | |
CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
CN103179114A (en) | Fine-grained access control method for data in cloud storage | |
EP2830282A1 (en) | Storage method, system and device | |
CN103220291A (en) | Access control method base on attribute encryption algorithm | |
CN112543105B (en) | Complete access control method based on roles under intelligent contract | |
CN101366034A (en) | Content cryptographic firewall system | |
CN106027503A (en) | Cloud storage data encryption method based on TPM | |
CN108111540A (en) | The hierarchical access control system and method for data sharing are supported in a kind of cloud storage | |
CN106612169A (en) | Safe data sharing method in cloud environment | |
CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
CN109327448B (en) | Cloud file sharing method, device, equipment and storage medium | |
CN109617855B (en) | File sharing method, device, equipment and medium based on CP-ABE layered access control | |
CN102945356A (en) | Access control method and system for search engine under cloud environment | |
CN107302524A (en) | A kind of ciphertext data-sharing systems under cloud computing environment | |
CN104901968A (en) | Method for managing and distributing secret keys in secure cloud storage system | |
CN110933052A (en) | Encryption and policy updating method based on time domain in edge environment | |
Gowda et al. | Blockchain-based access control model with privacy preservation in a fog computing environment | |
Suthar et al. | EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |