CN105871551A - User access cancelling control method based on agent re-encryption - Google Patents

Abstract

The invention provides a user access cancelling control method based on agent re-encryption. The user access cancelling control method comprises the following steps: when a user needs to be canceled from a system, generating relevant parameters of key updating by an attribute management mechanism related with user attributes; updating an accessing private key of a non-cancelled user in the system, so as to receive a data access request of the non-cancelled user by the system; sending a secret key for updating an information ciphertext to a cloud service region by the attribute management mechanism and carrying out ciphertext updating on a ciphertext without attributes by a cloud server; and deleting the user and the relevant data from an accessible user list in the system so as to cancel an access authority of the user to the system. According to the user access cancelling control method, only the ciphertext related to the attributes to the cancelled user is updated, without the need of updating all the ciphertexts, so that the communication expenditure of the whole system is reduced, the operation efficiency of the whole system is improved and the safety of the system is also guaranteed.

Description

Access control method is cancelled based on the user acting on behalf of re-encryption

Technical field

The present invention relates to technical field of traffic control, cancel access control particularly to a kind of based on the user acting on behalf of re-encryption Method processed.

Background technology

Access control technology is the security mechanism of a kind of very effective protection data safety, and user is carried out authentication Afterwards, need to carry out authorizing according to user identity to access or denied access.In access control scheme, the change of user is special It is the access problem that produces when cancelling of validated user it is critical that problem.High performance access control scheme shows incessantly Access privilege control to current Lawful user, more shows user to occur during change and remains to realize good access rights control System.As when validated user is cancelled, data content can not be conducted interviews by this user again, and other validated users remain to access certainly Data content in own access rights.

Currently used technology is that the ciphertext of self is encrypted after user cancels by data owner again, it Remaining user rear updates the access private key of oneself, and then obtains the ciphertext after updating, and obtains oneself addressable plaintext originally Data message.But data owner is responsible for all of ciphertext renewal work, the burden of data owner will be increased the weight of, and then reduce number According to the efficiency uploaded.

Summary of the invention

The purpose of the present invention is intended at least solve one of described technological deficiency.

To this end, it is an object of the invention to propose a kind of cancel access control method based on the user acting on behalf of re-encryption, only Update the ciphertext relevant to cancelling user property rather than need not all ciphertexts are all updated, thus reducing whole The communication overhead of individual system, improves the operational efficiency of whole system, has also ensured the safety of system.

To achieve these goals, embodiments of the invention provide a kind of and cancel access control based on the user acting on behalf of re-encryption Method processed, comprises the steps:

Step S1, as user U_iWhen cancelling from system, with described user U_iAttributeThe Attribute Authority being associated Producing the relevant parameter of key updating, wherein, the relevant parameter of described key updating includes: access private key for updating user KeyWith the key updated for information ciphertext

Step S2, does not cancels the access private key of user in renewal system, so that not cancelling the number of user described in system reception According to access request；

Step S3, described Attribute Authority sends the described key updated for information ciphertext to cloud service districtDescribed Cloud Server according toTo cancelling attributeCiphertext CT carry out ciphertext renewal；

Step S4, deletes described user U in addressable user list in systems_iAnd related data, to cancel State user U_iRight to access to system.

Further, in described step S1, comprise the steps:

Step S11, described Attribute Authority is according to self-authentication private key SK_n, current version keyWith user U_i's Overall situation PKIGenerate new version keyCalculated version private key is

Step S12, described Attribute Authority utilizesCalculating accesses the key of private key for updating userWith the key updated for information ciphertext

Step S13, described Attribute Authority updates has cancelled attributeAttribute PKI And cancelled attribute to all of data owner broadcastThe update notification of attribute PKI, all of data owner will be from The broadcast of Attribute Authority obtains the attribute PKI after updating

Step S14, described Attribute Authority exportsWith

Further, in described step S2, comprise the steps:

Step S21, described Attribute Authority is to not cancelling user's transmission

Step S22, do not cancel user according toWith current accessed private key SK_j,n, calculate the access private key after updating

Further,

Wherein, t_j,kIt is Z_pIn a random number.

Further, in described step S3,

Step S31, described Attribute Authority sends to Cloud Server

Step S32, described Cloud Server according toCurrently comprise and cancelled attributeCiphertext CT, calculate more Ciphertext CT ' after Xin.

Further,

$\∀i\∈\[1,l\],\mathrm{\ρ}\left(i\right)={\tilde{x}}_n:C_i=g^{{\mathrm{a\λ}}_i}\·{\left({\left(g^{v_{\mathrm{\ρ}\left(i\right)}}H\left(\mathrm{\ρ}\left(i\right)\right)\right)}^{{\mathrm{\γ}}_k}\right)}^{-{\mathrm{\γ}}_i},D_{1,i}=g^{\frac{r_i}{{\mathrm{\β}}_k}},D_{2,i}=g^{-\frac{{\mathrm{\γ}}_k}{{\mathrm{\β}}_k}{r}_i},$

$\∀i\∈\[1,l\],\mathrm{\ρ}\left(i\right)\≠{\tilde{x}}_n,C_i=g^{{\mathrm{a\λ}}_i}\·{\left({\left(g^{v_p\left(i\right)}H\left(\mathrm{\ρ}\left(i\right)\right)\right)}^{{\mathrm{\γ}}_k}\right)}^{-{\mathrm{\γ}}_i}\·D_{2,i}^{{\mathrm{CTUP}}_{{\tilde{x}}_n}},D_{1,i}^{\′}=g^{\frac{r_i}{{\mathrm{\β}}_k}},D_{2,i}^{\′}=g^{-\frac{{\mathrm{\γ}}_k}{{\mathrm{\β}}_k}{r}_i}).$

According to embodiments of the present invention cancel access control method based on the user acting on behalf of re-encryption, re-encryption skill will be acted on behalf of Art applies to during user cancels, and makes the ciphertext produced when user cancels update operation and gives Cloud Server and run, reduces biography The computing cost of data owner in system scheme.Meanwhile, the present invention only updates the ciphertext relevant to cancelling user property, and not It is to need not all ciphertexts are all updated, thus reduces the communication overhead of whole system, improve the fortune of whole system Line efficiency, has also ensured the safety of system.The present invention is directed to the access control problem produced when user cancels, remove in guarantee Pin user can not access data content, and other unrevoked validated users remain to normally access the number in self access authority range While it is believed that breath, reduce and cancelled the system update expense caused by user.

Aspect and advantage that the present invention adds will part be given in the following description, and part will become from the following description Obtain substantially, or recognized by the practice of the present invention.

Accompanying drawing explanation

Above-mentioned and/or the additional aspect of the present invention and advantage are from combining the accompanying drawings below description to embodiment and will become Substantially with easy to understand, wherein:

Fig. 1 is the flow chart cancelling access control method based on the user acting on behalf of re-encryption according to embodiment.

Detailed description of the invention

Embodiments of the invention are described below in detail, and the example of described embodiment is shown in the drawings, the most from start to finish Same or similar label represents same or similar element or has the element of same or like function.Below with reference to attached The embodiment that figure describes is exemplary, it is intended to is used for explaining the present invention, and is not considered as limiting the invention.

The present invention proposes a kind of to cancel access control method based on the user acting on behalf of re-encryption, and the method uses agency heavily to add Secret skill art realizes cancelling user and not cancelling the access control of user.

Illustrate acting on behalf of Re-encryption Technology first below.

Acting on behalf of Re-encryption Technology is that a kind of key is changed the mechanism, and it is as follows that its technology implements process: first produces conversion Key ω；Secondly the cryptographic operation that information performs is utilized ω to be converted into the PKI using A to utilize B PKI to enter by proxy server OK, such B is by using the private key of self, so that it may information ciphertext is performed decryption oprerations, can obtain required raw information.

Act on behalf of Re-encryption Technology to have the advantage that

(1) during whole, raw information and user A, the private key of B is not exposed to server, and then greatly reduces The possibility of information leakage.

(2) when PKI changes, raw information does not change, and therefore A Yu B enjoys prime information money the most jointly Source.

(3) when the PKI of A or B changes, ω changes, so that A, B still can utilize own private key Obtain original plaintext message.

Act on behalf of Re-encryption Technology according to different classification foundations, different technology subclasses can be produced.Such as: by information ciphertext Encryption number of times, as classification foundation, can be divided into single-hop and multi-hop two kinds by acting on behalf of Re-encryption Technology.Single-hop refers to that ciphertext is whole Only carry out during individual once encrypting；And multi-hop refers to that ciphertext has in use carried out repeatedly encrypting.Utilize ciphertext Encryption direction is different, again by act on behalf of Re-encryption Technology be divided into unidirectional with two-way two kinds.When the conversion direction of ciphertext can only be from one It is referred to as unidirectional proxy re-encryption when side is to the opposing party, and bi-directional proxy re-encryption refers to that ciphertext can be turned round between both sides Change.

The embodiment of the present invention cancel access control method based on the user acting on behalf of re-encryption, when cancelling for user produce Access control problem, cancelled user and can not access data content ensureing, other unrevoked validated users remain to normally While accessing the data message in self access authority range, reduce and cancelled the system update expense caused by user.

As it is shown in figure 1, the embodiment of the present invention cancel access control method based on the user acting on behalf of re-encryption, including as follows Step:

Step S1, as user U_iWhen cancelling from system, with user U_iAttributeThe Attribute Authority being associated produces The relevant parameter of key updating.

That is, as user U_iWhen cancelling from system, its attribute comprisedIt is by Attribute Authority AA_nControl.

In one embodiment of the invention, the relevant parameter of key updating includes: access private key for updating user KeyWith the key updated for information ciphertext

Step S11, Attribute Authority is according to self-authentication private key SK_n, current version keyWith user U_iThe overall situation PKIGenerate new version keyCalculated version private key is

First, Setup (λ) algorithm: Setup (λ) → (SMK, SPK, { uid, GPK is utilized_uid,GSK_uid})。

Specifically, the security parameter λ that input is file of Setup (λ) algorithm, structure rank are prime number p, and generating unit is g's Bilinear Groups G₀, bilinear map is e:G₀×G₀→G_T.Now, G_TThere is bilinearity, nonsingular characteristic.Setup (λ) algorithm Publicly-owned parameter SPK of the system that is output as and system master key SMK.It is the user of uid for identification code, it will produce for this user Overall situation private key GSK_uidAnd overall situation PKI GPK_uid。

Following algorithm is used to calculate certification private key SK_n, current version keyDeng, specific as follows:

Attribute Authority AA initialization algorithm is by machine Structure itself performs.With the unique identifier aaid of this AA for input, export AA_aaidCertification private key SK_aaidWith certification PKI PK_aaid, for AA_aaidEach attribute of management produces attribute version keyWith attribute PKI

Input is Attribute Authority AA_nCertification private key SK_n, current version keyAnd U_iOverall PKI Then a new version key is producedCalculated version private key is

Step S12, Attribute Authority utilizesCalculating accesses the key of private key for updating userWith the key updated for information ciphertext

Run UKeyGen, utilizeCalculate remaining users U_j(j∈S_U, j ≠ i) and the key of (that is, not cancelling user) More new keyWith ciphertext more new key

UKeyGen algorithm is as follows:

Key updating algorithm is by attribute management Mechanism runs, and produces private key undated parameter and the parameter of ciphertext renewal not cancelling user.For the attribute cancelled.Input Private key SK for Attribute Authority_aaid, cancelled attributeVersion keyAnd the overall PKI of other usersIt is output as user key more new keyWith ciphertext more new key

Step S13, Attribute Authority AA_nUpdate and cancelled attributeAttribute PKIAnd Attribute has been cancelled to all of data owner broadcastThe update notification of attribute PKI, to notify all of data owner PKI updates.All of data owner is by dependence administrative organization AA_nBroadcast in obtain the attribute after updating public Key

Step S14, Attribute Authority exportsWith

Step S2, does not cancels the access private key of user in renewal system, so that system receives the data visit not cancelling user Ask request.

When the attribute of user is cancelled, it is ensured that the user cancelled can not access data, and unrevoked conjunction again Method user remains to access normally data content.User U is not cancelled for remaining_j(j∈S_U, j ≠ i), its data access will be made to ask Ask unaffected, then need its private key is updated.

Step S21, Attribute Authority accesses the key of private key to not cancelling user's transmission for updating this user

Step S22, do not cancel user according toWith current accessed private key SK_j,n, calculate the access private key after updating

In one embodiment of the invention, receivingCall SKUpdate algorithm, input as current accessed private Key SK_j,nWith corresponding user key more new keyIt is output as the access private key after updating

Other are not cancelled user and run private key update algorithm. Input is current secret key SK_uid,aaidWith user key more new keyBy accessing private after being calculated as its generation renewal Key SK_u′_id,aaid。

Access private key after concrete renewalAs follows:

$\begin{array}{c}{\mathrm{SK}}_{j,k}=(K_{j,k}=g^{\frac{{\mathrm{\α}}_k}{z_j}}\·g^{{\mathrm{au}}_j}\·g^{\frac{{\mathrm{at}}_{j,k}}{{\mathrm{\β}}_k}},L_{j,k}=g^{\frac{{\mathrm{\β}}_k{t}_{j,k}}{z_j}},R_{j,k}=g^{{\mathrm{at}}_{j,k}},M_{j,k}=g^{{\mathrm{at}}_{j,k}},\\ \∀x_k\∈S_{j,k}:K_{j,x_k}=g^{\frac{{\mathrm{\β}}_k{\mathrm{\γ}}_k{t}_{j.k}}{z_j}}\·{(g^{v_{x_k}}\·H(x_k\left)\right)}^{{\mathrm{\γ}}_k{\mathrm{\β}}_{k}uid}\·{\mathrm{KUK}}_{j,{\tilde{x}}_n},\∀x_k\∈S_U,x_k\≠{\tilde{x}}_n:K_{j,x_k}^{\′}=K_{j,x_k}\end{array}$

?Expression formula in t_j,kIt is Z_pIn a random number.It can be seen that other users only relate to attribute Part update the most accordingly, due to user key more new keyWith the uid of user is correlated with, so cancelled User does not has correspondenceThe renewal of private key of then can not conducting interviews the most just cannot obtain corresponding data content.

Step S3, Attribute Authority sends the key updated for information ciphertext to cloud service districtCloud service Device according toTo cancelling attributeCiphertext CT carry out ciphertext renewal.

Step S31, Attribute Authority AA_nCiphertext more new key is sent to Cloud Server

Step S32, Cloud Server according toCurrently comprise and cancelled attributeCiphertext CT, calculate update after Ciphertext CT '.

ReceivingAfter, Cloud Server runs ciphertext update algorithm CTUpdate, inputs and cancels for currently comprising AttributeCiphertext CT and for information ciphertext update keyBy calculating the ciphertext CT ' after renewal, calculate Method is as follows:

Run by cloud service provider.The input of algorithm is current ciphertext CT and close Literary composition more new keyDraw the ciphertext after renewal.

First Z is selected_qIn a random number s as encryption exponent, an and stochastic variable y₂,...,y_nShare identical encryption exponent s.For any i ∈ (1, l), calculate λ_i=v R_i, R_iIt it is i-th row of matrix R.With Machine selects r₁,r₂,...,r_i∈Z_q, as accessing when private key updates, it is only necessary to update to comprise and cancel attributeComponent i.e. Can, the ciphertext CT ' after renewal is as follows:

$\begin{array}{c}{\mathrm{CT}}^{\′}=(C=\mathrm{\κ}\·{\left(\underset{k\∈I_A}{\mathrm{\Π}}e{\left(g,g\right)}^{{\mathrm{\α}}_k}\right)}^s,C^{\′}=g^s,C^{\′\′}=g^{\frac{s}{{\mathrm{\β}}_k}},\\ \∀i\∈\[1,l\],\mathrm{\ρ}\left(i\right)={\tilde{x}}_n:C_i=g^{{\mathrm{a\λ}}_i}\·{\left({\left(g^{v_{\mathrm{\ρ}\left(i\right)}}H\left(\mathrm{\ρ}\left(i\right)\right)\right)}^{{\mathrm{\γ}}_k}\right)}^{-{\mathrm{\γ}}_i},D_{1,i}=g^{\frac{r_i}{{\mathrm{\β}}_k}},D_{2,i}=g^{-\frac{{\mathrm{\γ}}_k}{{\mathrm{\β}}_k}{r}_i},\\ \∀i\∈\[1,l\],\mathrm{\ρ}\left(i\right)\≠{\tilde{x}}_n,C_i=g^{{\mathrm{a\λ}}_i}\·{\left({\left(g^{v_p\left(i\right)}H\left(\mathrm{\ρ}\left(i\right)\right)\right)}^{{\mathrm{\γ}}_k}\right)}^{-{\mathrm{\γ}}_i}\·D_{2,i}^{{\mathrm{CTUP}}_{{\tilde{x}}_n}},D_{1,i}^{\′}=g^{\frac{r_i}{{\mathrm{\β}}_k}},D_{2,i}^{\′}=g^{-\frac{{\mathrm{\γ}}_k}{{\mathrm{\β}}_k}{r}_i}).\end{array}$

Step S4, deletes user U in addressable user list in systems_iAnd related data, to cancel user U_iRight The right to access of system.

No longer there is the authority accessing data due to the user that cancelled, thus by addressable user list with this user Relevant data deletion, thus directly keep off cancelling user outside validated user list during primary screening user so that it is no longer There is the right accessing data, prevent user from forging self attributes and carry out the illegal acquisition of information.

The cancelling access control method based on the user acting on behalf of re-encryption and can ensure that the use cancelled of the embodiment of the present invention Family can not access data, can not hinder simultaneously and not cancel user accesses data.

According to embodiments of the present invention cancel access control method based on the user acting on behalf of re-encryption, re-encryption skill will be acted on behalf of Art applies to during user cancels, and makes the ciphertext produced when user cancels update operation and gives Cloud Server and run, reduces biography The computing cost of data owner in system scheme.Meanwhile, the present invention only updates the ciphertext relevant to cancelling user property, and not It is to need not all ciphertexts are all updated, thus reduces the communication overhead of whole system, improve the fortune of whole system Line efficiency, has also ensured the safety of system.The present invention is directed to the access control problem produced when user cancels, remove in guarantee Pin user can not access data content, and other unrevoked validated users remain to normally access the number in self access authority range While it is believed that breath, reduce and cancelled the system update expense caused by user.

In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show Example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, structure, material or spy Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any One or more embodiments or example in combine in an appropriate manner.

Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is example Property, it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is without departing from the principle of the present invention and objective In the case of above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention Extremely it is equal to by claims and limits.

Claims (6)

1. cancel access control method based on the user acting on behalf of re-encryption for one kind, it is characterised in that comprise the steps:

Step S1, as user U_iWhen cancelling from system, with described user U_iAttributeThe Attribute Authority being associated produces The relevant parameter of key updating, wherein, the relevant parameter of described key updating includes: access the key of private key for updating userWith the key updated for information ciphertext

Step S2, does not cancels the access private key of user in renewal system, so that the data not cancelling user described in system reception are visited Ask request；

Step S3, described Attribute Authority sends the described key updated for information ciphertext to cloud service districtInstitute State Cloud Server according toTo cancelling attributeCiphertext CT carry out ciphertext renewal；

Step S4, deletes described user U in addressable user list in systems_iAnd related data, to cancel described user U_iRight to access to system.

2. cancel access control method based on the user acting on behalf of re-encryption as claimed in claim 1, it is characterised in that described In step S1, comprise the steps:

Step S11, described Attribute Authority is according to self-authentication private key SK_n, current version keyWith user U_iThe overall situation public KeyGenerate new version keyCalculated version private key is

Step S12, described Attribute Authority utilizesCalculating accesses the key of private key for updating userWith the key updated for information ciphertext

Step S13, described Attribute Authority updates has cancelled attributeAttribute PKIAnd to Attribute has been cancelled in all of data owner broadcastThe update notification of attribute PKI, all of data owner is by dependence The broadcast of administrative organization obtains the attribute PKI after updating

Step S14, described Attribute Authority exportsWith

3. cancel access control method based on the user acting on behalf of re-encryption as claimed in claim 1, it is characterised in that described In step S2, comprise the steps:

Step S21, described Attribute Authority is to not cancelling user's transmission

Step S22, do not cancel user according toWith current accessed private key SK_j,n, calculate the access private key after updating

4. cancel access control method based on the user acting on behalf of re-encryption as claimed in claim 3, it is characterised in that

${\mathrm{SK}}_{j,k}=(K_{j,k}=g^{\frac{{\mathrm{\α}}_k}{z_j}}\·g^{{\mathrm{au}}_j}\·g^{\frac{{\mathrm{at}}_{j,k}}{{\mathrm{\β}}_k}},L_{j,k}=g^{\frac{{\mathrm{\β}}_k{t}_{j,k}}{z_j}},R_{j,k}=g^{{\mathrm{at}}_{j,k}},M_{j,k}=g^{{\mathrm{at}}_{j,k}},$

$\∀x_k\∈S_{j,k}:K_{j,x_k}=g^{\frac{{\mathrm{\β}}_k{\mathrm{\γ}}_k{t}_{j.k}}{z_j}}\·{(g^{v_{x_k}}\·H(x_k\left)\right)}^{{\mathrm{\γ}}_k{\mathrm{\β}}_{k}uid}\·{\mathrm{KUK}}_{j,{\tilde{x}}_n},\∀x_k\∈S_U,x_k\≠{\tilde{x}}_n:K_{j,x_k}^{\′}=K_{j,x_k})$

Wherein, t_j,kIt is Z_pIn a random number.

5. cancel access control method based on the user acting on behalf of re-encryption as claimed in claim 1, it is characterised in that described In step S3,

Step S31, described Attribute Authority sends to Cloud Server

Step S32, described Cloud Server according toCurrently comprise and cancelled attributeCiphertext CT, calculate update after Ciphertext CT '.

6. cancel access control method based on the user acting on behalf of re-encryption as claimed in claim 5, it is characterised in that

${\mathrm{CT}}^{\′}=(C=\mathrm{\κ}\·{\left(\underset{k\∈I_A}{\Π}e{\left(g,g\right)}^{{\mathrm{\α}}_k}\right)}^s,C^{\′}=g^s,C^{\′\′}=g^{\frac{s}{{\mathrm{\β}}_k}},$

$\∀i\∈\[1,l\],\mathrm{\ρ}\left(i\right)={\tilde{x}}_n:C_i=g^{{\mathrm{a\λ}}_i}\·{\left({\left(g^{v_{\mathrm{\ρ}\left(i\right)}}H\left(\mathrm{\ρ}\left(i\right)\right)\right)}^{{\mathrm{\γ}}_k}\right)}^{-{\mathrm{\γ}}_i},D_{1,i}=g^{\frac{r_i}{{\mathrm{\β}}_k}},D_{2,i}=g^{-\frac{{\mathrm{\γ}}_k}{{\mathrm{\β}}_k}{r}_i},$

$\∀i\∈\[1,l\],\mathrm{\ρ}\left(i\right)\≠{\tilde{x}}_n,C_i=g^{{\mathrm{a\λ}}_i}\·{\left({\left(g^{v_p\left(i\right)}H\left(\mathrm{\ρ}\left(i\right)\right)\right)}^{{\mathrm{\γ}}_k}\right)}^{-{\mathrm{\γ}}_i}\·D_{2,i}^{{\mathrm{CTUP}}_{{\tilde{x}}_n}},D_{1,i}^{\′}=g^{\frac{r_i}{{\mathrm{\β}}_k}},D_{2,i}^{\′}=g^{-\frac{{\mathrm{\γ}}_k}{{\mathrm{\β}}_k}{r}_i}).$