CN103227789A - Lightweight fine-grained access control method in cloud environment - Google Patents

Lightweight fine-grained access control method in cloud environment Download PDF

Info

Publication number
CN103227789A
CN103227789A CN2013101384343A CN201310138434A CN103227789A CN 103227789 A CN103227789 A CN 103227789A CN 2013101384343 A CN2013101384343 A CN 2013101384343A CN 201310138434 A CN201310138434 A CN 201310138434A CN 103227789 A CN103227789 A CN 103227789A
Authority
CN
China
Prior art keywords
data
private key
user
mirror image
control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013101384343A
Other languages
Chinese (zh)
Other versions
CN103227789B (en
Inventor
彭智勇
程芳权
王书林
宋伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201310138434.3A priority Critical patent/CN103227789B/en
Publication of CN103227789A publication Critical patent/CN103227789A/en
Application granted granted Critical
Publication of CN103227789B publication Critical patent/CN103227789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a lightweight fine-grained access control method in a cloud storage environment, and belongs to the field of safe cloud storage. The method comprises the following steps of 1, data uploading, 2, data authorization, 3, data access, 4, authorization cancellation, and 5, data updating. According to the lightweight fine-grained access control method, a data mirror image and an authority control layer are constructed, so that duplicate-free data sharing and fine-grained data access control can be achieved effectively, and the safety of a data encryption key is guaranteed.

Description

The fine-grained access control method of lightweight under a kind of cloud environment
Technical field
The invention belongs to the secure cloud field of storage, particularly relate to private data lightweight, fine granularity, data access control method flexibly.
Background technology
Cloud computing once proposition, has just obtained academia as a kind of new network computing model, the very big concern of industrial quarters.The cloud stores service with its distinctive good autgmentability, easily dispose and cheap cost developed rapidly, academia or industrial quarters have all obtained significant achievement.
Although the cloud stores service obtains so many remarkable achievement within the so short time, but its problem faced in evolution is still restricting further developing of cloud storage, and the bottleneck of at present generally acknowledged restriction cloud stores service development is problem of data safety, although there are at present a lot of safe practices to guarantee data security, but most technology more attention is from outside threat, and is not effectively paid close attention to for the inside threat of cloud storage provider.
Current mainly resists internaling attack from the cloud storage provider by the local encryption and decryption technology to data.Although current local encryption and decryption technology has effectively been resisted from the attack in cloud service provider inside and network, affected greatly data sharing between different user.Although key agreement mechanism can solve sharing of encrypt data, but this mechanism can cause the height of each data grant to assess the cost, and can't effectively authorize and cancel or upgrade, and can only authorize and cancel or upgrade by the mode to the data re-encrypted.
Analyze discovery for current encrypt data access control method, there is following subject matter in current encrypt data access control method:
1. in the prerequisite guaranteed data security, the effective mechanism of neither one solves without the encrypt data of copy to be shared.
2. current data grant major part all is based on static role or attribute division, can't carry out flexibly for data fine-grained data grant.
3. once after ciphertext being carried out to data grant, especially after repeatedly authorizing for same data, can not effectively for data, authorize and cancel, the most of employing carried out re-encryption mechanism to data at present, greatly increased the weight of calculation cost and can cause other addressable users' key to be changed.
Summary of the invention
For addressing the above problem, the invention provides the fine-grained access control method of lightweight under a kind of cloud environment, comprise the following steps:
Step 1: uploading data and initialization, its implementation is:
On the one hand, the clear data that the data owner will upload by the PKI local cipher of oneself, obtain encrypt data; Then described encrypt data is uploaded to high in the clouds;
On the other hand, according to data owner's access control demand, construct corresponding control of authority node layer;
Step 2: the mandate of data, its implementation comprises the steps:
Step 2.1: determine authorization data, the data that will authorize for each, generate the data image of a correspondence, if described data need to repeatedly be authorized, a plurality of mirror images of corresponding generation, described data owner is that described each mirror image generates a public private key pair;
Step 2.2: calculate the re-encrypted private key of acting on behalf of between described data and its mirror image, be stored in high in the clouds;
Step 2.3: session key, be authorized to the user for each, described data owner goes out a session key by the private key of oneself and PKI and the open parametric configuration of described authorized user, and described user refers to an alone family or a groups of users;
Step 2.4: the private key by described session key to described mirror image is encrypted, and the ciphertext after encrypting is stored in to described control of authority node, upgrades the authorization user information described in described control of authority node simultaneously;
Step 3: the reading of data:
Described certain data are read in described user's request, at first system judges according to described control of authority node whether described active user has this data access authority, if have, by the data of described user request through the re-encryption of mirror image with and the control of authority node in the mirror image private key encrypted send to described user, described user deciphers and obtains described mirror image private key by the first round in client, then utilizes this private key to carry out second and takes turns deciphering the described clear data of final acquisition; Otherwise, refuse described user's request;
Step 4: authorize and cancel:
Describedly be authorized to the requested revocation of user, system judges between the described user of being authorized to and described data whether have access path, if there is no, refuses described request; If exist, system judges whether described control of authority node exists this user profile, if having:
If the only corresponding mirror image of described data, directly delete this data image, and empty its control of authority nodal information from high in the clouds;
If the only corresponding mirror image of described data, but only carry out to authorize for certain customers, cancel, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
If described data are corresponding to a plurality of mirror images, and need to carry out to authorize to all mirror images and cancel, delete corresponding mirror image, and upgrade the user profile that is authorized in the control of authority node;
If described data are corresponding to a plurality of mirror images, but the mandate of carrying out certain customers in many mirror images is cancelled, for each relevant mirror image, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
Otherwise, refuse described request;
Step 5: Data Update, after some the described data to high in the clouds are upgraded,
If its access authorization is remained unchanged, do not carry out any operation;
If need to cancel some described mandate, according to the mandate in described step 4, cancel execution;
If need newly-increased access authorization, carry out according to the data grant in described step 2.
As preferably, the corresponding control of authority node layer of the structure described in step 1, described each node is endowed the relevant information that is authorized to the user.
As preferably, along with the operation of system, and the change of authority, can be dynamically updated described control of authority node.
The present invention compares and has the following advantages with existing authorization access control:
1. realize repeatedly authorizing without the data of copy the lightweight data sharing by data image;
2. according to the mandate of demand flexible data.The user not only can divide according to group, can also again be divided according to different role in group, and can carry out the transience mandate for the casual user;
3. authorize and cancel easily.According to demand, by adjusting data image and control of authority nodal value, carry out the recovery of access rights.
The accompanying drawing explanation
Fig. 1: support lightweight of the present invention, fine-grained data access control hierarchy structure chart.
Fig. 2: data upload of the present invention and initialization flowchart.
Fig. 3: the fine granularity control of authority node data structure chart of the specific embodiment of the invention.
Fig. 4: data grant flow chart of the present invention.
Fig. 5: data of the present invention read flow chart.
Fig. 6: flow chart is cancelled in mandate of the present invention.
Embodiment
Below in conjunction with concrete example and accompanying drawing, the present invention will be further described.
The invention provides the fine-grained access control method of lightweight under a kind of cloud environment, comprise the following steps:
Step 1: uploading data and initialization, its implementation is:
On the one hand, the clear data that the data owner will upload by the PKI local cipher of oneself, obtain encrypt data; Then encrypt data is uploaded to high in the clouds;
On the other hand, according to data owner's access control demand, construct corresponding control of authority node layer, each node is endowed the relevant information that is authorized to the user, along with the operation of system, and the change of authority, can be dynamically updated the control of authority node;
Step 2: the mandate of data, its implementation comprises the steps:
Step 2.1: determine authorization data, the data that will authorize for each, generate the data image of a correspondence, if data need to repeatedly be authorized, a plurality of mirror images of corresponding generation, the data owner is that each mirror image generates a public private key pair;
Step 2.2: act on behalf of re-encrypted private key between calculated data and its mirror image, be stored in high in the clouds;
Step 2.3: session key, be authorized to the user for each, the data owner goes out a session key by the private key of oneself and PKI and the open parametric configuration of authorized user, and the user refers to an alone family or a groups of users;
Step 2.4: the private key by session key to mirror image is encrypted, and the ciphertext after encrypting is stored in to the control of authority node, upgrades authorization user information in the control of authority node simultaneously;
Step 3: the reading of data:
Certain data is read in user's request, at first system judges according to the control of authority node whether the active user has this data access authority, if have, by the data of user request through the re-encryption of mirror image with and the control of authority node in the mirror image private key encrypted send to the user, the user deciphers and obtains the mirror image private key by the first round in client, then utilizes this private key to carry out second and takes turns deciphering the final clear data that obtains; Otherwise, refuse user's request;
Step 4: authorize and cancel:
Be authorized to the requested revocation of user, the system judgement is authorized between user and data whether exist access path, if there is no, and the refusal request; If exist, system judges whether the control of authority node exists this user profile, if having:
If the only corresponding mirror image of data, directly delete this data image, and empty its control of authority nodal information from high in the clouds;
If the only corresponding mirror image of data, but only carry out to authorize for certain customers, cancel, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
If data are corresponding to a plurality of mirror images, and need to carry out to authorize to all mirror images and cancel, delete corresponding mirror image, and upgrade the user profile that is authorized in the control of authority node;
If data are corresponding to a plurality of mirror images, but the mandate of carrying out certain customers in many mirror images is cancelled, for each relevant mirror image, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
Otherwise, the refusal request;
Step 5: Data Update, after some data to high in the clouds are upgraded,
If its access authorization is remained unchanged, do not carry out any operation;
Authorize if need to cancel some, according to the mandate in step 4, cancel execution;
If need newly-increased access authorization, carry out according to the data grant in step 2.
Ask for an interview Fig. 1, for support lightweight of the present invention, fine-grained data access control hierarchy structure chart, comprise physical layer, data image layer, control of authority layer, client layer.
Ask for an interview Fig. 2, submit to and the initialization procedure flow chart for data, at first in this locality, the PKI by oneself is encrypted data f1~f6 data owner (data owner), particularly, adopts asymmetrical RSA cryptographic algorithms to be encrypted data here.At first determine system parameters SP:={p according to the security parameters λ of system, q, n}, n=pq, and p here, q is two large prime numbers that meet the security of system parameter lambda.When the user registers, system is a pair of public and private key of each user assignment (ek, dk)=(<e, n>,<d, n>), and e is here
Figure DEST_PATH_GDA00003264001200051
in select at random, wherein
Figure DEST_PATH_GDA00003264001200052
then according to e, calculate corresponding wherein<e, n>be PKI,<d, n>be private key.Suppose to be expressly m, the ciphertext after encrypting is c=m emodn.
Then the data upload after encrypting is to high in the clouds.According to system requirements, access rights are divided, i.e. control of authority node in control of authority layer in structural map 1.Ask for an interview Fig. 3, for the concrete data structure diagram of control of authority node, record associated user's authorization message.Along with the operation of system, and the demands such as change of authority, can be dynamically updated the control of authority node, realize whereby fine-grained data access control.
Asking for an interview Fig. 4, is the data grant process flow diagram, and here so that data f1 is licensed to U1, U3 is example.At first the data owner determines that the data that will authorize are f1, system is that f1 generates corresponding mirror image, the data owner generates a public private key pair (ek1 for each mirror image, dk1), to be generated complete, in Fig. 1 in the data image layer mirror image of corresponding f1 generate completely, then calculate the act on behalf of re-encrypted private key of f1 to its corresponding mirror image, specifically be calculated as follows: establish user key here to being (eu i, du i)=(<eu i, n>,<du i, n>), corresponding mirror image key is to being (eu j, du j)=(<eu j, n>,<du j, n>), so corresponding re-encrypted private key is
Figure DEST_PATH_GDA00003264001200054
and by corresponding re-encrypted private key rk i-jbeing uploaded to high in the clouds is stored in mirror nodes.Then respectively according to authorized user U1, the PKI eu of U3 1, eu 2, as session key, utilize session key mirror image private key du j, specifically be calculated as follows: c eu 1 = ( du j ) eu 1 mod n , c eu 3 = ( du j ) eu 3 mod n . And the private key after encrypting be stored in corresponding control of authority node.
Asking for an interview Fig. 5, is the data read process flow chart, and at first user U1 sends visit data f1 request, system judges between U1 and f1 whether have access path, if exist, remove to search the control of authority node on current path, judge whether U1 has the granted access of f1.If have, high in the clouds utilizes in mirror image re-encrypted private key to carry out re-encryption to data f1 and obtains F1, the private key after encrypting together with U1 in the control of authority node is corresponding send to user U1.User U1 utilizes the private key of oneself at first to decipher the ciphertext of f1 mirror image corresponding private key
Figure DEST_PATH_GDA00003264001200065
, then utilize the mirror image private key du decrypted jdata decryption F1 obtains expressly f1 of data.Otherwise, denied access.
Ask for an interview Fig. 6, for the detailed process flow chart is cancelled in mandate, if we cancel the mandate of f1 to U1 with reference to Fig. 1, at first we empty the associated authorization information of U1 in the control of authority node on f1DaoU1 path, path, then generate new public private key pair for the mirror image of f1, and calculate the new re-encrypted private key of acting on behalf of with it, the session key of finally the new private key of mirror image being calculated by data owner and authorized user, other users' information in renewal control of authority node.So far, for the mandate of U1, cancel complete, and on other users without any impact.If cancel the mandate of f7 for U8, we by f7 corresponding mirror image delete, and empty on this path the corresponding authorization message of U8 in the control of authority node.
Above content is the further description of the present invention being done in conjunction with optimum implementation, can not assert that specific embodiment of the invention is only limited to these explanations.It should be appreciated by those skilled in the art, in the situation that do not break away from by appended claims and limit, can carry out in detail various modifications, all should be considered as belonging to protection scope of the present invention.

Claims (3)

1. the fine-grained access control method of lightweight under a cloud environment, is characterized in that, comprises the following steps:
Step 1: uploading data and initialization, its implementation is:
On the one hand, the clear data that the data owner will upload by the PKI local cipher of oneself, obtain encrypt data; Then described encrypt data is uploaded to high in the clouds;
On the other hand, according to data owner's access control demand, construct corresponding control of authority node layer;
Step 2: the mandate of data, its implementation comprises the steps:
Step 2.1: determine authorization data, the data that will authorize for each, generate the data image of a correspondence, if described data need to repeatedly be authorized, a plurality of mirror images of corresponding generation, described data owner is that described each mirror image generates a public private key pair;
Step 2.2: calculate the re-encrypted private key of acting on behalf of between described data and its mirror image, be stored in high in the clouds;
Step 2.3: session key, be authorized to the user for each, described data owner goes out a session key by the private key of oneself and PKI and the open parametric configuration of described authorized user, and described user refers to an alone family or a groups of users;
Step 2.4: the private key by described session key to described mirror image is encrypted, and the ciphertext after encrypting is stored in to described control of authority node, upgrades the authorization user information described in described control of authority node simultaneously;
Step 3: the reading of data:
Described certain data are read in described user's request, at first system judges according to described control of authority node whether described active user has this data access authority, if have, by the data of described user request through the re-encryption of mirror image with and the control of authority node in the mirror image private key encrypted send to described user, described user deciphers and obtains described mirror image private key by the first round in client, then utilizes this private key to carry out second and takes turns deciphering the described clear data of final acquisition; Otherwise, refuse described user's request;
Step 4: authorize and cancel:
Describedly be authorized to the requested revocation of user, system judges between the described user of being authorized to and described data whether have access path, if there is no, refuses described request; If exist, system judges whether described control of authority node exists this user profile, if having:
If the only corresponding mirror image of described data, directly delete this data image, and empty its control of authority nodal information from high in the clouds;
If the only corresponding mirror image of described data, but only carry out to authorize for certain customers, cancel, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
If described data are corresponding to a plurality of mirror images, and need to carry out to authorize to all mirror images and cancel, delete corresponding mirror image, and upgrade the user profile that is authorized in the control of authority node;
If described data are corresponding to a plurality of mirror images, but the mandate of carrying out certain customers in many mirror images is cancelled, for each relevant mirror image, at first empty the corresponding user information in the control of authority node, secondly current mirror image is regenerated to public private key pair, and generate and take the re-encrypted private key that this public private key pair is target, and its private key of encryption, the authorized user message in final updating control of authority node is the mirror image private key after encrypting;
Otherwise, refuse described request;
Step 5: Data Update, after some the described data to high in the clouds are upgraded,
If its access authorization is remained unchanged, do not carry out any operation;
If need to cancel some described mandate, according to the mandate in described step 4, cancel execution;
If need newly-increased access authorization, carry out according to the data grant in described step 2.
2. the fine-grained access control method of lightweight under cloud environment according to claim 1, it is characterized in that: the corresponding control of authority node layer of the structure described in step 1, described each node is endowed the relevant information that is authorized to the user.
3. the fine-grained access control method of lightweight under cloud environment according to claim 1 is characterized in that: along with the operation of system, and the change of authority, can be dynamically updated described control of authority node.
CN201310138434.3A 2013-04-19 2013-04-19 The fine-grained access control method of lightweight under a kind of cloud environment Active CN103227789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310138434.3A CN103227789B (en) 2013-04-19 2013-04-19 The fine-grained access control method of lightweight under a kind of cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310138434.3A CN103227789B (en) 2013-04-19 2013-04-19 The fine-grained access control method of lightweight under a kind of cloud environment

Publications (2)

Publication Number Publication Date
CN103227789A true CN103227789A (en) 2013-07-31
CN103227789B CN103227789B (en) 2015-09-16

Family

ID=48838050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310138434.3A Active CN103227789B (en) 2013-04-19 2013-04-19 The fine-grained access control method of lightweight under a kind of cloud environment

Country Status (1)

Country Link
CN (1) CN103227789B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104009987A (en) * 2014-05-21 2014-08-27 南京邮电大学 Fine-grained cloud platform security access control method based on user identity capacity
CN104980477A (en) * 2014-04-14 2015-10-14 航天信息股份有限公司 Data access control method and system in cloud storage environment
CN105072180A (en) * 2015-08-06 2015-11-18 武汉科技大学 Cloud storage data security sharing method with permission time control
CN106610839A (en) * 2015-10-21 2017-05-03 阿里巴巴集团控股有限公司 Method for releasing upgrading package and lightweight upgrading method, device and system
CN106788988A (en) * 2016-11-28 2017-05-31 暨南大学 Voidable key polymerization encryption method under cloud environment
CN107370595A (en) * 2017-06-06 2017-11-21 福建中经汇通有限责任公司 One kind is based on fine-grained ciphertext access control method
CN107659567A (en) * 2017-09-19 2018-02-02 北京许继电气有限公司 The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst
CN109614779A (en) * 2018-12-28 2019-04-12 北京航天数据股份有限公司 A kind of secure data operation method, device, equipment and medium
CN111083140A (en) * 2019-12-13 2020-04-28 北京网聘咨询有限公司 Data sharing method under hybrid cloud environment
CN111190738A (en) * 2019-12-31 2020-05-22 北京仁科互动网络技术有限公司 User mirroring method, device and system under multi-tenant system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739689A (en) * 2012-07-16 2012-10-17 四川师范大学 File data transmission device and method used for cloud storage system
US20130042106A1 (en) * 2011-08-11 2013-02-14 Cisco Technology, Inc. Security Management In A Group Based Environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130042106A1 (en) * 2011-08-11 2013-02-14 Cisco Technology, Inc. Security Management In A Group Based Environment
CN102739689A (en) * 2012-07-16 2012-10-17 四川师范大学 File data transmission device and method used for cloud storage system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
韩德志等: "《一种在云计算下的细粒度数据访问控制算法》", 《华中科技大学学报》, vol. 40, 15 December 2012 (2012-12-15), pages 1 - 4 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980477A (en) * 2014-04-14 2015-10-14 航天信息股份有限公司 Data access control method and system in cloud storage environment
CN104980477B (en) * 2014-04-14 2019-07-09 航天信息股份有限公司 Data access control method and system under cloud storage environment
CN104009987B (en) * 2014-05-21 2017-02-22 南京邮电大学 Fine-grained cloud platform security access control method based on user identity capacity
CN104009987A (en) * 2014-05-21 2014-08-27 南京邮电大学 Fine-grained cloud platform security access control method based on user identity capacity
CN105072180B (en) * 2015-08-06 2018-02-09 武汉科技大学 A kind of cloud storage data safety sharing method for having permission time control
CN105072180A (en) * 2015-08-06 2015-11-18 武汉科技大学 Cloud storage data security sharing method with permission time control
CN106610839A (en) * 2015-10-21 2017-05-03 阿里巴巴集团控股有限公司 Method for releasing upgrading package and lightweight upgrading method, device and system
CN106788988A (en) * 2016-11-28 2017-05-31 暨南大学 Voidable key polymerization encryption method under cloud environment
CN107370595A (en) * 2017-06-06 2017-11-21 福建中经汇通有限责任公司 One kind is based on fine-grained ciphertext access control method
CN107659567A (en) * 2017-09-19 2018-02-02 北京许继电气有限公司 The ciphertext access control method and system of fine granularity lightweight based on public key cryptosyst
CN109614779A (en) * 2018-12-28 2019-04-12 北京航天数据股份有限公司 A kind of secure data operation method, device, equipment and medium
CN111083140A (en) * 2019-12-13 2020-04-28 北京网聘咨询有限公司 Data sharing method under hybrid cloud environment
CN111190738A (en) * 2019-12-31 2020-05-22 北京仁科互动网络技术有限公司 User mirroring method, device and system under multi-tenant system
CN111190738B (en) * 2019-12-31 2023-09-08 北京仁科互动网络技术有限公司 User mirroring method, device and system under multi-tenant system

Also Published As

Publication number Publication date
CN103227789B (en) 2015-09-16

Similar Documents

Publication Publication Date Title
CN103227789B (en) The fine-grained access control method of lightweight under a kind of cloud environment
Shi et al. A blockchain-empowered AAA scheme in the large-scale HetNet
WO2018045568A1 (en) Access control method oriented to cloud storage service platform and system thereof
CN108390876A (en) Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
CN104009987B (en) Fine-grained cloud platform security access control method based on user identity capacity
CN109120639A (en) A kind of data cloud storage encryption method and system based on block chain
CN108600171B (en) Cloud data deterministic deletion method supporting fine-grained access
CN114039790B (en) Fine-grained cloud storage security access control method based on blockchain
CN103179114A (en) Fine-grained access control method for data in cloud storage
EP2830282A1 (en) Storage method, system and device
CN103220291A (en) Access control method base on attribute encryption algorithm
CN112543105B (en) Complete access control method based on roles under intelligent contract
CN101366034A (en) Content cryptographic firewall system
CN106027503A (en) Cloud storage data encryption method based on TPM
CN108111540A (en) The hierarchical access control system and method for data sharing are supported in a kind of cloud storage
CN106612169A (en) Safe data sharing method in cloud environment
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN109327448B (en) Cloud file sharing method, device, equipment and storage medium
CN109617855B (en) File sharing method, device, equipment and medium based on CP-ABE layered access control
CN102945356A (en) Access control method and system for search engine under cloud environment
CN107302524A (en) A kind of ciphertext data-sharing systems under cloud computing environment
CN104901968A (en) Method for managing and distributing secret keys in secure cloud storage system
CN110933052A (en) Encryption and policy updating method based on time domain in edge environment
Gowda et al. Blockchain-based access control model with privacy preservation in a fog computing environment
Suthar et al. EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant