CN105978696A - Revocable quick data outsourcing packaging method and device - Google Patents

Revocable quick data outsourcing packaging method and device Download PDF

Info

Publication number
CN105978696A
CN105978696A CN201610302830.9A CN201610302830A CN105978696A CN 105978696 A CN105978696 A CN 105978696A CN 201610302830 A CN201610302830 A CN 201610302830A CN 105978696 A CN105978696 A CN 105978696A
Authority
CN
China
Prior art keywords
data
trusted authority
random
node
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610302830.9A
Other languages
Chinese (zh)
Other versions
CN105978696B (en
Inventor
刘建伟
刘巍然
陶芮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201610302830.9A priority Critical patent/CN105978696B/en
Publication of CN105978696A publication Critical patent/CN105978696A/en
Application granted granted Critical
Publication of CN105978696B publication Critical patent/CN105978696B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a revocable quick data outsourcing packaging method and device. The method includes initiation of trust authority is performed; a data owner performs data packaging; an auditor performs package detection, calculates and checks whether three equations hold or not by adopting a chameleon hash function and outputs a result; a trust authority execution access authority is generated and an access certificate is output; the trust authority execution access authority is updated, the access authority is updated and the updated access certificate is released; the data owner executes data de-packaging and detects whether the access certificate is cancelled and calculates a de-packaging key and de-packages; a trust authority execution access authority cancel module cancels the access authority. The method realizes effective access control and protects the safety of electronic health cases stored in third party servers that are not completely trustful in the maximal degree, and saves the decryption cost of a mobile device.

Description

Revocable rapid data outsourcing encapsulation method and device
Technical field
The present invention relates to technical field of data processing, particularly relate to a kind of revocable rapid data outsourcing method for packing and dress Put.
Background technology
Electronic health care case history (EHR) system is a promising healthy record management system.Healthy with traditional papery Case history (PBHR) system is compared, and EHR system brings extra advantage, such as: more flexible EHR storage, simpler EHR number According to management, preferably store and reply efficiency and wider availability.Cloud storage can be in the mode of on-demand as user Virtually limitless resource is provided and spends cheap, particularly in public cloud.In this way, EHR can be outsourced to public affairs Altogether on cloud, medical personnel from setting up the EHR storage system of specialty and can manage the large-scale EHR data that they are had Work in free.User then can be accessed by public cloud and be shared their EHR data easily.
In EHR high in the clouds stores important security consideration be dishonest Cloud Server supplier may without with Authorizing of family is just read and the digital information of abuse user.Cryptographic access control way is suggested this problem of solution. In these schemes, an EHR data owner needs the data of outsourcing with an access strategy encapsulation.The use of EHR data Person, everyone is allocated an access certificate being associated with their attribute, the only attribute at them and meets specific visit The when of asking strategy, they just can decapsulate data.Compared with traditional access control system, cryptographic access controls plan EHR user is slightly allowed to implement access control policy in the case of database server is incredible.Control is being accessed with cryptographic System still has challenge during protecting EHR high in the clouds storage safety.One challenge is exactly the data encapsulation of existing agreement Need the expensive symmetric encryption operation that substantial amounts of and specific access control policy complexity is linear.Experimental data table The encapsulation of bright data spends a large amount of time, and causes Consumer's Experience to decline.It addition, for the application needing real time data to update, than Such as economy treatment and the application of healthy detection, encapsulation consumes and is difficult to accept so for a long time.
Another one drawback is that the security model that existing cryptography access-control protocol uses is not enough to store beyond the clouds In capture reality attack.First, the agreements that great majority exist only considered assailant only with being encapsulated by access Data attempt obtaining the passive aggression of the information of digital content.In reality, truthless user may change their visit Ask certificate and conspire access EHR data in the case of not having authority with Cloud Server supplier.Additionally, assailant may Know the data that target validated user imprudence is revealed.The actual environment being so fraught with risks in existing security model not Have completely in view of all of situation.And existing agreement is not provided that any mechanism is to screen invalid encapsulation.Because envelope The data of dress look like random, and the assailant of malice can bury user high in the clouds EHR account with junk data easily, than The junk data randomly generated such as lasting transmission.
Summary of the invention
The purpose of the present invention is intended to solve one of above-mentioned technical problem the most to a certain extent.
To this end, the first of the present invention purpose is to propose a kind of revocable rapid data outsourcing method for packing.The method Achieve and effectively access control, and farthest protect electronic health care case and be stored in the 3rd can not trusted completely Safety on side's server, has saved the deciphering expense of mobile device.
Second object of the present invention is to propose a kind of revocable rapid data outer encapsulating assembling device.
For reaching above-mentioned purpose, the revocable rapid data outsourcing method for packing of first aspect present invention embodiment, including: S1, feasible authority performs system initialization, including: S11, trusted authority input security parameterMaximum with community set NumberRunObtain two prime number p rank groupsOne bilinear mapS12, described trusted authority selects symmetric encryption scheme εsym, described symmetric encryption scheme εsymUse AES SymEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is for using The HER data at family;S13, described trusted authority selects a kind of impact resistant hash function H (), described impact resistant hash function H () meets all characteristics of impact resistant hash function, inputs 0 into random length, 1 character string, is output as being mapped toIn Qun A certain element,S14, described trusted authority selects one auxiliary parameter territoryPeace Full chameleon hash function CH:{0,1}*→Zp;S15, described trusted authority is run Generating Random Number, is obtainedAnd integerS16, sets revocation lists RL=0, and selects one more than or equal to N number of leaf The binary tree BT of node;S17, described trusted authority has master key msk (α), externally announces common parameter and isS2, data owner performs data encapsulation, including: S21, data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs;S22, it is assumed that any Having a maximum line number in the strategy of one LSSS coding, described data owner selects random for each i ∈ [p] IntegerAnd calculateS23, described data owner selects one Individual random integerAnd arrangeS24, described data owner runs (chk, td) ←CHGen(1λ), select a random auxiliary parameterThe character string random with oneCalculate V=Hash (chk||CHash(chk,m',r'm)), outputS25, described data owner selects a random integerAnd calculateFinally in the middle of output, packet header isBy institute State and use when data owner is stored for encapsulating in real time;S26, described data owner has obtained data data, packaging time T, and the access control policy (M, ρ) of correspondence, whereinρ: [1] → μ 1≤p, described data owner selects the most whole NumberOutputS27, described data owner calculates and shares vectorFor i ∈ [I], described data owner calculates Ci,4i-λ′i, Ci,5=-ti·(ρ (i)-xi) for time T, described data owner calculates CR,2=s (T-T');S28, the data of encapsulation are en=SymEnc (key, data), described data owner runs rm=Coll (td, m', r'm, m), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3|| C1,4||C1,5||CR,1||CR,2The form in T packet header is expressed as | | (M, ρ) | |:S29, described data owner export data to be stored (hdr, En), upload and store;S3, auditor performs package detection, including: S31, auditor calculates V=CHash (chk, m, rm), its Middle m=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;S32, for all of i ∈ [l] detectsWhether become the attribute that Rob Roy checking is relevant, detectionWhether become Rob Roy to verify packaging time, detectIt is No establishment, if there being one of them equation to be false, then algorithm output v=0, otherwise exports v=1;S4, trusted authority performs Access rights produce, including: S41, data consumer's community set isWhereinDescribed credible The unassignable leaf node η of selection one that authority is random from described binary tree BT, and community set S is stored in node η In;S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then described trusted authority is just Described element g is retrieved from described node θθ, one element gθIt is not stored in the middle of node θ, the choosing that described trusted authority is random Select an elementAnd willIt is stored in the middle of node θ;S43, described trusted authority selects random whole NumberCalculateAnd for S44, described trusted authority is gathered for all of θ ∈ Path (θ)And export described The access certificate of community set S is as follows:S5, trusted authority is more New access rights, for each node θ ∈ CUNode (BT, RL, T), described trusted authority is taken out from node θVisiting Predefine during asking certificates constructing, one integer of random selectionAnd calculateDescribed trusted authority finally announces the certificate of renewal:S6, data consumer performs data decapsulation, including: S61, it is assumed that its visit Ask that certificate is:The more new authentication that described trusted authority is announced is:Described data consumer checks set I ∩ J, ifThe then access of this community set Certificate is revoked, and program simply exports ⊥, and otherwise, data consumer selects θ ∈ I ∩ J and calculates S62, data consumer is arrangedAnd computational constantMakeIts InIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantAll may be used Effectively to be found, data may finally obtain by running data=SymDec (key, en), and the decapsulation of use is close Key key is calculated as below:
Wherein j isThe volume of middle attribute ρ (i) Number;S7, trusted authority performs access rights and cancels, including: η is denoted as the leaf node of described binary tree BT, with described property set CloseContact, described trusted authority, by RL ← RL ∪ { (η, T) } and disclosure, recalls access rights.
The revocable rapid data outsourcing method for packing of the embodiment of the present invention, provide firstly virtual private storage and Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The method achieve effective access Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely Property, save the deciphering expense of mobile device.
In some instances, describedSpecifically include: described trusted authority input system security parameter λ, according to λ's Size, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then by the point on described elliptic curve Constitute the group on two prime number p rank
In some instances, described impact resistant hash function H () is from Pairing-Based Cryptosystems function Bag calls built-in function run.
In some instances, Generating Random Number, according to described Y2=X3+ aX+b, randomly chooses one of independent variable X Value x1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, then it is successfully generated random element.If point (x1, y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
For reaching above-mentioned purpose, the revocable rapid data outer encapsulating assembling device of second aspect present invention embodiment, including: can Row authority performs system initialization module, performs system initialization for feasible authority, farther includes: S11, and trusted authority is defeated Enter security parameterMaximum number with community setRunObtain two prime number p Rank groupOne bilinear mapS12, described trusted authority selects symmetric encryption scheme εsym, described right Claim encipherment scheme εsymUse AES symEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key Decapsulating key for data, data is the HER data of user;S13, described trusted authority selects a kind of impact resistant hash function H (), described impact resistant hash function H () meets all characteristics of impact resistant hash function, input 0 into random length, 1 Character string, is output as being mapped toA certain element in Qun,S14, described trusted authority Select one and have auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp;S15, described trusted authority run with Machine number generating algorithm, obtainsAnd integerS16, sets revocation lists RL=0, and selects One binary tree BT more than or equal to N number of leaf node;S17, described trusted authority has master key msk (α), externally announces public ginseng Number isData owner performs data package module, uses Performing data encapsulation in data owner, farther include: S21, described data owner chooses a random integer And calculate key=e (g, g)αs,c0=gs;S22, it is assumed that have a maximum line number in the strategy that any one LSSS encodes, Described data owner selects random integer for each i ∈ [p]And calculateS23, described data owner selects a random integerAnd ArrangeS24, described data owner runs (chk, td) ← CHGen (1λ), select one at random Auxiliary parameterThe character string random with oneCalculating V=Hash (chk | | CHash (chk, m', r 'm)), outputS25, described data owner selects a random integerAnd calculateFinally in the middle of output, packet header isDeposited by described data owner Use when storing up for encapsulation in real time;S26, described data owner has obtained the access of data data, packaging time T, and correspondence Control strategy (M, ρ), whereinρ: [1] → μ 1≤p, described data owner selects random integers OutputS27, described data owner calculates and shares vectorFor i ∈ [I], described data owner calculates Ci,4i-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, described data own Person calculates CR,2=s (T-T');S28, the data of encapsulation are en=SymEnc (key, data), and described data owner runs rm=Coll (td, m', r'm, m), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||C1,4|| C1,5||CR,1||CR,2The form in T packet header is expressed as | | (M, ρ) | |: S29, described data owner exports data (hdr, en) to be stored, uploads and store;Auditor performs package detection module, Performing package detection for auditor, farther include: S31, described auditor calculates V=CHash (chk, m, rm), wherein m =enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;S32, for all of i ∈ [l] detectsWhether become the attribute that Rob Roy checking is relevant, detectionWhether become Rob Roy to verify packaging time, detect Whether setting up, if there being one of them equation to be false, then algorithm output v=0, otherwise exporting v=1;Trusted authority performs Access rights generation module, trusted authority described in user performs access rights and produces, farther includes: S41, and data consumer belongs to Property collection is combined intoWhereinThe selection one that described trusted authority is random from described binary tree BT Individual unassignable leaf node η, and community set S is stored in node η;S42, for each node θ ∈ Path (η), One element gθIt is stored in the middle of node θ, then described trusted authority just retrieves described element g from described node θθ, described one Individual element gθIt is not stored in the middle of node θ, one element of selection that described trusted authority is randomAnd willIt is stored in the middle of node θ;S43, described trusted authority selects random integerMeter CalculateAnd for S44, described can Letter authority gather for all of θ ∈ Path (θ)And export described community set S Access certificate as follows:Trusted authority performs access rights More new module, for for each node θ ∈ CUNode (BT, RL, T), described trusted authority is taken out from node θPredefine during access certificate generates, one integer of random selectionAnd calculateDescribed trusted authority finally announces the certificate of renewal:Data consumer performs data decapsulation module, performs for data consumer Data decapsulation module, farther includes: S61, it is assumed that its access certificate is:The more new authentication that described trusted authority is announced is:Described data consumer checks set I ∩ J, ifThe then visit of this community set Asking that certificate is revoked, program simply exports ⊥, and otherwise, data consumer selects θ ∈ I ∩ J and calculates S62, described data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by running data=SymDec (key, en) And obtain, the decapsulation key key of use is calculated as below: Wherein j isThe numbering of middle attribute ρ (i);Trusted authority performs access rights and cancels module, performs visit for described trusted authority Ask that authority is cancelled, farther include: η is denoted as the leaf node of described binary tree BT, with described community setContact, described Trusted authority, by RL ← RL ∪ { (η, T) } and disclosure, recalls access rights.
The revocable rapid data outer encapsulating assembling device of the embodiment of the present invention, provide firstly virtual private storage and Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The arrangement achieves effective access Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely Property, save the deciphering expense of mobile device.
In some instances, describedSpecifically include: described trusted authority input system security parameter λ, according to λ's Size, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then by the point on described elliptic curve Constitute the group on two prime number p rank
In some instances, described impact resistant hash function H () is from Pairing-Based Cryptosystems function Bag calls built-in function run.
In some instances, Generating Random Number, according to described Y2=X3+ aX+b, randomly chooses one of independent variable X Value x1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, then it is successfully generated random element.If point (x1, y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
Aspect and advantage that the present invention adds will part be given in the following description, and part will become from the following description Obtain substantially, or recognized by the practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or the additional aspect of the present invention and advantage are from combining the accompanying drawings below description to embodiment and will become Substantially with easy to understand, wherein:
Fig. 1 is the flow chart of the most revocable rapid data outsourcing method for packing;
Fig. 2 is the schematic diagram of system structure in accordance with another embodiment of the present invention;
Fig. 3 is the schematic diagram of file memory format in accordance with another embodiment of the present invention;
Fig. 4 is the schematic diagram of the most revocable rapid data outer encapsulating assembling device.
Detailed description of the invention
Embodiments of the invention are described below in detail, and the example of described embodiment is shown in the drawings, the most from start to finish Same or similar label represents same or similar element or has the element of same or like function.Below with reference to attached The embodiment that figure describes is exemplary, it is intended to is used for explaining the present invention, and is not considered as limiting the invention.
The public cloud storage of outsourcing Electronic Health Record has notable superiority relative to traditional local storage, is a kind of Promising storage example.The Mechanism of Data Encapsulation of safety is suggested in order to perform to access control to the EHR data of outsourcing.But Existing method for packing need high cost the most relevant to the size that the access control policy used represents Asymmetric Cryptography method.It addition, currently existing scheme cannot detect and filter illegal encapsulation, so assailant cannot be stoped to use Fraudulent data make the account of user paralyse.Additionally, currently existing scheme does not use effective revocation mechanisms stop The user being revoked continues to unseal EHR data.The present invention with effect is a little:
First, next safe his the EHR data of encapsulation of real-time operation that a user has only to very lightweight.We adopt This target is reached by a kind of new pre-packaged scheme.Pre-treatment step need not understand packed data or phase The access strategy answered.When data and corresponding access strategy all can use, data owner has only to a small amount of mould and adds/multiplication Complete encapsulation.Pre-packaged by carry out at idle interval or charging interval, our scheme allows outside real time data Even if wrapping and the user of computation-bound being also provided that splendid Consumer's Experience.
Second, our RFODE have employed the access of Semantic Security and control to resist adaptive active collusion attack.I.e. Just an assailant and Cloud Server supplier with except other all users of targeted customer conspire, adaptive know remove In encapsulation of data outside target data so the most disagreeableness environment, assailant can not obtain any relevant number of targets According to effective information.The strongest safe result illustrate RFODE can unsafe public in provide the user virtual Privately owned memory space is the same just as the local data base leaving themselves in of the data safety of outsourcing.
3rd, our RFODE algorithm provides a public Filtering system.EHR data user, or user The loyal auditor employed, can run a public program and check and screen invalid encapsulation.One assailant sends Random junk data can be detected and isolate in systems.And the cost encapsulating verification can be than product The encapsulation of a raw well-formed is the most a lot.Therefore assailant with the nonsignificant data of well-formed encapsulation blocked user cloud Account cost is the highest, so can greatly reduce this type of and threaten.
Finally, our scheme have employed an effective revocation mechanisms.EHR data user once access rights are removed Pin, cannot access EHR.Our revocation mechanism is calculating with to exchange aspect the most highly effective, is such as infrequently accessing Authority supports that real time access authority is cancelled in the case of updating.
Firstly, it is necessary to introduce in some algorithms the implication representated by some characters: as shown in table 1:
Table 1, character implication table
Wherein, forA <b, we definition [a, b]=a, a+1 ..., b}.In the case of there is no ambiguity, I [1, a] is abbreviated as [a],It is abbreviated as [n1,n2,…,nk].SetGesture It is denoted asWe sayIf s1,s2,…,snBe fromIn randomly choose.
We defineServe as reasonsThe matrix of central elementary composition m × n.Two special subsets of matrix are Row vectorAnd column vectorFor two vectorsWithI-th be vi, two vectorial inner products are expressed as
Fig. 1 is the flow chart of the most revocable rapid data outsourcing method for packing.
First, in conjunction with Fig. 2, under needing to introduce: 1) data holder (Data Owner): seal with required access strategy Dress data, and store it on cloud server and meet the EHR data consumer of access rights to share data;2) Data consumer (Data Consumer): to the access rights that trusted authority request is relevant to oneself attribute, obtain trusted authority The revocation information issued, it is possible to recover the packaging information that high in the clouds storage server mates with access strategy;3) high in the clouds storage clothes Business device (Cloud Storage Serve): preserve packaged EHR data and the access request of EHR data consumer is entered Row response;4) trusted authority mechanism (Trusted Authority): by each entity trusts, be responsible for the initialization of system and lead to Cross issue, management data access authority to distinguish EHR data consumer;5) auditor (Auditor): store high in the clouds in data Check before storage server that data are whether according to the encapsulation that specific access strategy is correct.Because in FRODE, data are audited Shi Gongkai is carried out, such as, have only to ask common parameter and the data of encapsulation, and anyone can serve as auditor and checks The correctness of encapsulation of data.On the one hand the data consumer that computing capability is strong can be the auditor of themselves account, another The user of aspect mobile terminal (computing capability is limited) can also employ a trusted third party (such as cloud computing server) conduct Auditor.
As it is shown in figure 1, this revocable rapid data outsourcing method for packing may include that
S1, feasible authority performs system initialization.
Specifically, in some instances, feasible authority's execution system initialization includes:
S11, trusted authority input security parameterMaximum number with community setRunObtain two prime number p rank groupsOne bilinear map
Wherein,Specifically include: trusted authority input system security parameter λ, according to the size of λ, Systematic selection phase The elliptic curve answered: Y2=X3+ aX+b, wherein, a and b is coefficient, then is constituted two prime number p rank by the point on described elliptic curve Group
More specifically, Bilinear map, a kind of Function Mapping e of definition (. .), by groupIn element be mapped to groupIn Go, i.e.Wherein groupWithBe two exponent numbers be the multiplication loop group of prime number p.The spy that Bilinear map meets Property has: 1. bilinear characteristics: forThere is e (ga,hb)=e (g, h)abSet up;2. non-degeneracy: An element g is at least there is so that (g g) is the e after calculating in QunCertain of group generates unit;3. computability: exist effectively Algorithm so that all ofCan effectively calculate e (u, value v);Wherein, ZpExpression set 0,1,2 ..., p- 1}。
It should be noted that in attribute base encipherment scheme, in order to realize that fine-grained access of data consumer is controlled, Need to formulate access control policy before encryption data, express by accessing control structure.{P1,P2,……,PnIt it is one The set of entity, if forB ∈ A andSo C ∈ A, a setIt is exactly linear 's.One access control structure (dull access control structure) be a set (dull gather) A, A be { P1,P2,……,Pn} Nonvoid subset, namelySet in A is called the set of mandate, and the set in A is not called non- Sets of authorizations.
S12, trusted authority selects symmetric encryption scheme εsym, symmetric encryption scheme εsymUse AES symEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is the HER of user Data.
S13, trusted authority selects a kind of impact resistant hash function H (), and impact resistant hash function H () meets impact resistant All characteristics of hash function, input 0 into random length, 1 character string, are output as being mapped toA certain element in Qun,
Wherein, impact resistant hash function H () calls storehouse letter from Pairing-Based Cryptosystems function bag Number runs.
It should be noted that the hash function used in the present invention possesses two fundamental characteristics: unipolarity and anti-collision; Unipolarity refers to derive output from the input of hash function, and can not calculate input from the output of hash function;Anti- Collision property refers to that the result that two different hash functions can not be found to input after making its Hash is identical.Hash in the present invention is calculated Method input is any string of binary characters.
S14, trusted authority selects one auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp
S15, trusted authority is run Generating Random Number, is obtainedAnd integer
Wherein, Generating Random Number, according to Y2=X3+ aX+b, randomly chooses value x of independent variable X1, calculate correspondence Value y of dependent variable Y1;If point (x1,y1) in Maps Group, then it is successfully generated random element.If point (x1,y1) not at Maps Group In, then continue to select the value of X, until finding the point occurring in group.
Wherein,Expression set 1,2 ..., and p-1}, randomly chooseThe random number generation function of middle element can be from Pairing-Based Cryptosystems function bag calls built-in function run.
S16, sets revocation lists RL=0, and selects a binary tree BT more than or equal to N number of leaf node.
S17, trusted authority has master key msk (α), externally announces common parameter and is
S2, data owner performs data encapsulation.Specifically, including:
S21, data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs
S22, it is assumed that having a maximum line number in the strategy that any one LSSS encodes, data owner is for each Individual i ∈ [p] selects random integerAnd calculate
It should be noted that linear Secret Sharing Scheme (Linear Secret-Sharing Schemes is called for short LSSS) P is a prime number, It it is Attribute domain.One secret territory ZpIf Secret Sharing Scheme ∏ meet following condition, be achieved that On linear access control structure: secret s ∈ ZpShare a Z formed for each attributepOn vector.For On each access control structure A, there is a matrixIt is called and shares generator matrix;Also have a function ρ, useIn attribute carry out the row of labelling M (namely), meet following condition: during sharing generation, it is considered to row VectorWherein r2,…rnIt is ZpIn the element that randomly chooses.So according to ∏, secret s shares l vector It is equivalent toShare forWherein j ∈ [l] belongs to attribute ρ (j).By (M, ρ) as the plan accessing control structure A Slightly.
S23, data owner selects a random integerAnd arrange
S24, data owner runs (chk, td) ← CHGen (1λ), select a random auxiliary parameterWith one Individual random character stringCalculating V=Hash (chk | | CHash (chk, m', r'm)), output
S25, data owner selects a random integerAnd calculateFinally in output Between packet header beUse when being stored for encapsulating in real time by data owner.
S26, data owner has obtained the access control policy (M, ρ) of data data, packaging time T, and correspondence, whereinρ: [1] → μ 1≤p, data owner selects random integersOutput
S27, data owner calculates and shares vectorFor i ∈ [I], data owner Calculate Ci,4i-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, data owner calculates CR,2=s (T-T').
S28, the data of encapsulation are en=SymEnc (key, data), and data owner runs rm=Coll (td, m', r'm, M), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3|| C1,4||C1,5||CR,1||CR,2| | (M, ρ) | | T, the form in packet header is expressed as:
S29, data owner exports data (hdr, en) to be stored, uploads and store.
Wherein, storage is as shown in Figure 3.
S3, auditor performs package detection.Specifically, including:
S31, auditor calculates V=CHash (chk, m, rm), wherein
M=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T。
S32, detects for all of i ∈ [l]Whether become Rob Roy checking relevant Attribute, detectionWhether become Rob Roy to verify packaging time, detectWhether set up, if there being one of them equation to be false, then algorithm output v=0, otherwise Output v=1.
S4, trusted authority performs access rights and produces.Specifically, including:
S41, data consumer's community set isWhereinTrusted authority is from binary tree BT In the random unassignable leaf node η of selection one, and community set S is stored in node η.
S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then trusted authority is just Described element g is retrieved from node θθ, an element gθIt is not stored in the middle of node θ, one element of selection that trusted authority is randomAnd willIt is stored in the middle of node θ.
S43, trusted authority selects random integerCalculateAnd For
S44, trusted authority is gathered for all of θ ∈ Path (θ)And export The access certificate of community set S is as follows:
S5, trusted authority updates access rights, and for each node θ ∈ CUNode (BT, RL, T), trusted authority is from joint Point θ takes outPredefine during access certificate generates, one integer of random selectionAnd calculateTrusted authority finally announces the certificate of renewal: cu T = { ( &theta; , K ~ &theta; , 0 , K ~ &theta; , 1 ) } &theta; &Element; C U N o d e ( B T , R L , T ) .
S6, data consumer performs data decapsulation.Specifically, including:
S61, it is assumed that its access certificate is:Trusted authority The more new authentication announced is:Data consumer checks set I ∩ J, ifThen The access certificate of this community set is revoked, and program simply exports ⊥, otherwise, data consumer select θ ∈ I ∩ J and Calculate
S62, data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by operation data=SymDec (key, en) Obtaining, the decapsulation key key of use is calculated as below:
Wherein j isThe volume of middle attribute ρ (i) Number.
S7, trusted authority performs access rights and cancels.Specifically, including:
η is denoted as the leaf node of described binary tree BT, with community setContact, trusted authority passes through RL ← RL ∪ { (η, T) } and disclosure, recall access rights.
Wherein, binary tree being denoted as BT, its root node is denoted as root.For a leaf node in a binary tree BT η, the set (including η and root) of some Path (η) being denoted as from leaf node η to root node root path.For a BT On nonleaf node, its left and right node is denoted as η respectivelylAnd ηr
Revocation mechanism comprises four ingredients: binary tree BT, revocation list RL, time T, and algorithm CUNode.Often One community set is all associated with a leaf node on binary tree BT.These work generates and community set when trusted authority Just can complete the when of corresponding access certificate.Revocation list is RL, be empty time initial, be used for storing all with cancel Node that access certificate is associated and they cancel the time (ηi,Ti).When an access certificate to be revoked in the T moment, System is added to revocation list RL, runs algorithm CUNode and more new authentication.Algorithm CUNode takes binary tree BT, cancels List RL and time T is input, is output as announcing the set of the minimum node required for more new authentication, and so only correspondence belongs to Property set could not continue street encapsulation of data in the access certificate of revocation list RL.Algorithm CUNode runs as shown in algorithm 1.
Algorithm 1 CUNode (BT, RL, T):
1:
2:for(ηi,Ti)∈RL do
3:ifTi≤T then
4: add Path(η)to X
5: end if
6:end for
7:forx∈X do
8: ifthen
9: add xl to Y
10: end if
11: if then
12: add xr to Y
13: end if
14:end for
15:ifthen
16: add root to Y
17:end if
18:return Y
The revocable rapid data outsourcing method for packing of the embodiment of the present invention, provide firstly virtual private storage and Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The method achieve effective access Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely Property, save the deciphering expense of mobile device.
Corresponding with the revocable rapid data outsourcing method for packing that above-described embodiment provides, a kind of embodiment of the present invention Also provide for a kind of revocable rapid data outer encapsulating assembling device, the revocable rapid data outsourcing provided due to the embodiment of the present invention The revocable rapid data outsourcing method for packing that packaging system provides with above-described embodiment has same or analogous technical characteristic, Therefore the embodiment at aforementioned revocable rapid data outsourcing method for packing be also applied for the present embodiment provide revocable soon Speed data outer encapsulating assembling device, is not described in detail in the present embodiment.As shown in Figure 4, this revocable rapid data outer encapsulating Assembling device comprises the steps that feasible authority performs system initialization module 10, data owner performs data package module 20, auditor Perform package detection module 30, trusted authority performs access rights generation module 40, trusted authority performs access rights and updates mould Block 50, data consumer perform data decapsulation module 60 and trusted authority performs access rights and cancels module 70.
Wherein, feasible authority performs system initialization module 10 and performs system initialization for feasible authority.
Data owner performs data package module 20 and performs data encapsulation for data owner.
Auditor performs package detection module 30 and performs package detection for auditor.
Trusted authority performs access rights generation module 40 user's trusted authority and performs access rights generation.
Trusted authority performs access rights more new module 50 and updates for access rights.
Data consumer performs data decapsulation module 60 and performs data decapsulation for data consumer.
Trusted authority execution access rights are cancelled module 70 and are cancelled for trusted authority execution access rights.
The revocable rapid data outer encapsulating assembling device of the embodiment of the present invention, provide firstly virtual private storage and Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The arrangement achieves effective access Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely Property, save the deciphering expense of mobile device.
In describing the invention, it is to be understood that term " first ", " second " are only used for describing purpose, and can not It is interpreted as instruction or hint relative importance or the implicit quantity indicating indicated technical characteristic.Thus, define " the One ", the feature of " second " can express or implicitly include at least one this feature.In describing the invention, " multiple " It is meant that at least two, such as two, three etc., unless otherwise expressly limited specifically.
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show Example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, structure, material or spy Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not Identical embodiment or example must be directed to.And, the specific features of description, structure, material or feature can be in office One or more embodiments or example combine in an appropriate manner.Additionally, in the case of the most conflicting, the skill of this area The feature of the different embodiments described in this specification or example and different embodiment or example can be tied by art personnel Close and combination.
In flow chart or at this, any process described otherwise above or method description are construed as, and expression includes One or more is for realizing the module of code, fragment or the portion of the executable instruction of the step of specific logical function or process Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not by shown or discuss suitable Sequence, including according to involved function by basic mode simultaneously or in the opposite order, performs function, and this should be by the present invention Embodiment person of ordinary skill in the field understood.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is example Property, it is impossible to being interpreted as limitation of the present invention, those of ordinary skill in the art within the scope of the invention can be to above-mentioned Embodiment is changed, revises, replaces and modification.

Claims (8)

1. a revocable rapid data outsourcing method for packing, it is characterised in that comprise the following steps:
S1, feasible authority performs system initialization, including:
S11, trusted authority input security parameterMaximum number with community setRunObtain two prime number p rank groupsOne bilinear map
S12, described trusted authority selects symmetric encryption scheme εsym, described symmetric encryption scheme εsymUse AES symEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is the HER of user Data;
S13, described trusted authority selects a kind of impact resistant hash function H (), and described impact resistant hash function H () meets anti- All characteristics of collision hash function, input 0 into random length, 1 character string, are output as being mapped toCertain unitary in Qun Element,
S14, described trusted authority selects one auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp
S15, described trusted authority is run Generating Random Number, is obtained g, h, u, v, w, hr,And integer
S16, sets revocation lists RL=0, and selects a binary tree BT more than or equal to N number of leaf node;
S17, described trusted authority has master key msk (α), externally announces common parameter and is
S2, data owner performs data encapsulation, including:
S21, data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs
S22, it is assumed that having a maximum line number in the strategy that any one LSSS encodes, described data owner is for each Individual i ∈ [p] selects random integer λ 'ii,And calculate
S23, described data owner selects a random integerAnd arrange
S24, described data owner runs (chk, td) ← CHGen (1λ), select a random auxiliary parameterWith one Individual random character stringCalculating V=Hash (chk | | CHash (chk, m', r'm)), output
S25, described data owner selects a random integerAnd calculateFinally in output Between packet header beUse when being stored for encapsulating in real time by described data owner;
S26, described data owner has obtained the access control policy (M, ρ) of data data, packaging time T, and correspondence, whereinρ: [1] → μ 1≤p, described data owner selects random integersOutput
S27, described data owner calculates and shares vectorFor i ∈ [I], described data institute The person of having calculates Ci,4i-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, described data owner calculates CR,2=s (T- T');
S28, the data of encapsulation are en=SymEnc (key, data), and described data owner runs rm=Coll (td, m', r'm, M), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||C1,4|| C1,5||CR,1||CR,2The form in T packet header is expressed as | | (M, ρ) | |:
S29, described data owner exports data (hdr, en) to be stored, uploads and store;
S3, auditor performs package detection, including:
S31, auditor calculates V=CHash (chk, m, rm), wherein
M=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;
S32, detects for all of i ∈ [l]Whether become the attribute that Rob Roy checking is relevant, DetectionWhether become Rob Roy to verify packaging time, detect Whether set up, if one of them equation is false, then algorithm output v=0, otherwise export v=1;
S4, trusted authority performs access rights and produces, including:
S41, data consumer's community set isWhereinDescribed trusted authority is from described y-bend The unassignable leaf node η of selection one random in tree BT, and community set S is stored in node η;
S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then described trusted authority is just Described element g is retrieved from described node θθ, one element gθIt is not stored in the middle of node θ, the choosing that described trusted authority is random Select an elementAnd willIt is stored in the middle of node θ;
S43, described trusted authority selects random integerCalculateAnd For
S44, described trusted authority is gathered for all of θ ∈ Path (θ)And export The access certificate of described community set S is as follows:
S5, trusted authority updates access rights, for each node θ ∈ CUNode (BT, RL, T), described credible Authority takes out from node θPredefine during access certificate generates, one integer of random selectionAnd calculate Described trusted authority finally announces the certificate of renewal:
S6, data consumer performs data decapsulation, including:
S61, it is assumed that its access certificate is:Described trusted authority The more new authentication announced is:Described data consumer checks set I ∩ J, ifThen the access certificate of this community set is revoked, and program simply exports ⊥, and otherwise, data consumer selects θ ∈ I ∩ J and calculating
S62, data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by running data=SymDec (key, en) And obtain, the decapsulation key key of use is calculated as below:
Wherein j isThe numbering of middle attribute ρ (i);
S7, trusted authority performs access rights and cancels, including:
η is denoted as the leaf node of described binary tree BT, with described community setContact, described trusted authority passes through RL ← RL ∪ { (η, T) } and disclosure, recall access rights.
2. the method for claim 1, it is characterised in that describedSpecifically include: described trusted authority input system System security parameter λ, according to the size of λ, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then The group on two prime number p rank it is made up of the point on described elliptic curve
3. the method for claim 1, it is characterised in that described impact resistant hash function H () is from Pairing-Based Cryptosystems function bag calls built-in function run.
4. method as claimed in claim 2, it is characterised in that Generating Random Number, according to described Y2=X3+ aX+b, at random Select a value x of independent variable X1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, be then successfully generated Random element.If point (x1,y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
5. a revocable rapid data outer encapsulating assembling device, it is characterised in that including:
Feasible authority performs system initialization module, performs system initialization for feasible authority, farther includes:
S11, trusted authority input security parameterMaximum number with community setRunObtain two prime number p rank groupsOne bilinear map
S12, described trusted authority selects symmetric encryption scheme εsym, described symmetric encryption scheme εsymUse AES symEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is the HER of user Data;
S13, described trusted authority selects a kind of impact resistant hash function H (), and described impact resistant hash function H () meets anti- All characteristics of collision hash function, input 0 into random length, 1 character string, are output as being mapped toCertain unitary in Qun Element,
S14, described trusted authority selects one auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp
S15, described trusted authority is run Generating Random Number, is obtained g, h, u, v, w, hr,And integer
S16, sets revocation lists RL=0, and selects a binary tree BT more than or equal to N number of leaf node;
S17, described trusted authority has master key msk (α), externally announces common parameter and is
Data owner performs data package module, performs data encapsulation for data owner, farther includes:
S21, described data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs
S22, it is assumed that having a maximum line number in the strategy that any one LSSS encodes, described data owner is for each Individual i ∈ [p] selects random integer λ 'ii,And calculate
S23, described data owner selects a random integerAnd arrange
S24, described data owner runs (chk, td) ← CHGen (1λ), select a random auxiliary parameterWith one Individual random character stringCalculating V=Hash (chk | | CHash (chk, m', r'm)), output
S25, described data owner selects a random integerAnd calculateFinally in output Between packet header beUse when being stored for encapsulating in real time by described data owner;
S26, described data owner has obtained the access control policy (M, ρ) of data data, packaging time T, and correspondence, whereinρ: [1] → μ 1≤p, described data owner selects random integersOutput
S27, described data owner calculates and shares vectorFor i ∈ [I], described data institute The person of having calculates Ci,4i-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, described data owner calculates CR,2=s (T- T');
S28, the data of encapsulation are en=SymEnc (key, data), and described data owner runs rm=Coll (td, m', r'm, M), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||C1,4|| C1,5||CR,1||CR,2||(M,ρ)||T
The form in packet header is expressed as:
S29, described data owner exports data (hdr, en) to be stored, uploads and store;
Auditor performs package detection module, performs package detection for auditor, farther includes:
S31, described auditor calculates V=CHash (chk, m, rm), wherein
M=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;
S32, detects for all of i ∈ [l]Whether become the genus that Rob Roy checking is relevant Property, detectionWhether become Rob Roy to verify packaging time, detectWhether set up, if one of them equation is false, then algorithm output v=0, the most defeated Go out v=1;
Trusted authority performs access rights generation module, and trusted authority described in user performs access rights and produces, and farther includes:
S41, data consumer's community set isWhereinDescribed trusted authority is from described y-bend The unassignable leaf node η of selection one random in tree BT, and community set S is stored in node η;
S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then described trusted authority is just Described element g is retrieved from described node θθ, one element gθIt is not stored in the middle of node θ, the choosing that described trusted authority is random Select an elementAnd willIt is stored in the middle of node θ;
S43, described trusted authority selects random integerCalculateAnd For
S44, described trusted authority is gathered for all of θ ∈ Path (θ)And export The access certificate of described community set S is as follows:
Trusted authority performs access rights more new module, for for each node θ ∈ CUNode (BT, RL, T), described can Letter authority take out from node θPredefine during access certificate generates, one integer of random selectionAnd calculate Described trusted authority finally announces the certificate of renewal:
Data consumer performs data decapsulation module, performs data decapsulation for data consumer, farther includes:
S61, it is assumed that its access certificate is:Described trusted authority The more new authentication announced is:Described data consumer checks set I ∩ J, ifThen the access certificate of this community set is revoked, and program simply exports ⊥, and otherwise, data consumer selects θ ∈ I ∩ J and calculating
S62, described data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by operation data=SymDec (key, en) Obtaining, the decapsulation key key of use is calculated as below:
Wherein j isThe numbering of middle attribute ρ (i);
Trusted authority performs access rights and cancels module, performs access rights for described trusted authority and cancels, farther includes:
η is denoted as the leaf node of described binary tree BT, with described community setContact, described trusted authority passes through RL ← RL ∪ { (η, T) } and disclosure, recall access rights.
6. device as claimed in claim 5, it is characterised in that describedSpecifically include: described trusted authority input system System security parameter λ, according to the size of λ, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then The group on two prime number p rank it is made up of the point on described elliptic curve
7. device as claimed in claim 5, it is characterised in that described impact resistant hash function H () is from Pairing-Based Cryptosystems function bag calls built-in function run.
8. device as claimed in claim 6, it is characterised in that Generating Random Number, according to described Y2=X3+ aX+b, at random Select a value x of independent variable X1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, be then successfully generated Random element.If point (x1,y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
CN201610302830.9A 2016-05-09 2016-05-09 Revocable rapid data outsourcing encapsulates method and device Active CN105978696B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610302830.9A CN105978696B (en) 2016-05-09 2016-05-09 Revocable rapid data outsourcing encapsulates method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610302830.9A CN105978696B (en) 2016-05-09 2016-05-09 Revocable rapid data outsourcing encapsulates method and device

Publications (2)

Publication Number Publication Date
CN105978696A true CN105978696A (en) 2016-09-28
CN105978696B CN105978696B (en) 2019-10-11

Family

ID=56992190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610302830.9A Active CN105978696B (en) 2016-05-09 2016-05-09 Revocable rapid data outsourcing encapsulates method and device

Country Status (1)

Country Link
CN (1) CN105978696B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108365959A (en) * 2018-02-14 2018-08-03 东北大学 The outsourcing multinomial verification method of Full Proxy under a kind of cloud environment
CN108830602A (en) * 2018-06-27 2018-11-16 电子科技大学 A kind of license chain construction and management-control method based on chameleon hash function

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006209682A (en) * 2005-01-31 2006-08-10 Fuji Xerox Co Ltd Data management system
CN103795549A (en) * 2014-02-28 2014-05-14 成都卫士通信息产业股份有限公司 Communication content encryption and decryption method and encryption management method based on CS mode

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006209682A (en) * 2005-01-31 2006-08-10 Fuji Xerox Co Ltd Data management system
CN103795549A (en) * 2014-02-28 2014-05-14 成都卫士通信息产业股份有限公司 Communication content encryption and decryption method and encryption management method based on CS mode

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108365959A (en) * 2018-02-14 2018-08-03 东北大学 The outsourcing multinomial verification method of Full Proxy under a kind of cloud environment
CN108830602A (en) * 2018-06-27 2018-11-16 电子科技大学 A kind of license chain construction and management-control method based on chameleon hash function
CN108830602B (en) * 2018-06-27 2022-03-29 电子科技大学 Permission chain construction and management and control method based on chameleon hash function

Also Published As

Publication number Publication date
CN105978696B (en) 2019-10-11

Similar Documents

Publication Publication Date Title
CN107864139B (en) Cryptographic attribute base access control method and system based on dynamic rules
Xiong et al. A key protection scheme based on secret sharing for blockchain-based construction supply chain system
US10833841B2 (en) Leakage-free order-preserving encryption
CN101340282B (en) Generation method of composite public key
EP3241146B1 (en) System and method for obfuscating an identifier to protect the identifier from impermissible appropriation
CN100586065C (en) CPK credibility authorization system
CN107483198A (en) A kind of block catenary system supervised and method
CN104135473B (en) A kind of method that identity base broadcast enciphering is realized by the attribute base encryption of Ciphertext policy
CN107483585A (en) The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment
CN105959111A (en) Information security big-data resource access control system based on cloud computing and credible computing
CN106686010A (en) Multi-mechanism attribute-based encryption method supporting strategy dynamic updating
CN108540280A (en) A kind of the secure data sharing method and system of resource high-efficiency
Guan et al. Achieving adaptively secure data access control with privacy protection for lightweight IoT devices
CN109818752A (en) Credit scoring generation method, device, computer equipment and storage medium
CN107204846A (en) Digital signature generation method, system, node module and common random number consult determination method
CN104901812B (en) A kind of RFID system safety certifying method of ECC combinations lightweight Hash functions
CN105978696B (en) Revocable rapid data outsourcing encapsulates method and device
CN108777626A (en) A kind of attribute base net network endorsement method for supporting dynamic attribute space
CN116779084A (en) Electronic case privacy protection method based on blockchain
CN114430321B (en) DFA self-adaptive security-based black box traceable key attribute encryption method and device
CN116668149A (en) Electronic medical data sharing method based on policy hiding and attribute updating
CN105068756B (en) The storage access method of electronic health care case history
CN104539602B (en) A kind of safety key managing method being applied in cloud storage
Liu et al. Auditing revocable privacy-preserving access control for EHRs in clouds
Yin et al. A Revocable Outsourced Data Accessing Control Scheme with Black-Box Traceability

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant