CN105978696A - Revocable quick data outsourcing packaging method and device - Google Patents
Revocable quick data outsourcing packaging method and device Download PDFInfo
- Publication number
- CN105978696A CN105978696A CN201610302830.9A CN201610302830A CN105978696A CN 105978696 A CN105978696 A CN 105978696A CN 201610302830 A CN201610302830 A CN 201610302830A CN 105978696 A CN105978696 A CN 105978696A
- Authority
- CN
- China
- Prior art keywords
- data
- trusted authority
- random
- node
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a revocable quick data outsourcing packaging method and device. The method includes initiation of trust authority is performed; a data owner performs data packaging; an auditor performs package detection, calculates and checks whether three equations hold or not by adopting a chameleon hash function and outputs a result; a trust authority execution access authority is generated and an access certificate is output; the trust authority execution access authority is updated, the access authority is updated and the updated access certificate is released; the data owner executes data de-packaging and detects whether the access certificate is cancelled and calculates a de-packaging key and de-packages; a trust authority execution access authority cancel module cancels the access authority. The method realizes effective access control and protects the safety of electronic health cases stored in third party servers that are not completely trustful in the maximal degree, and saves the decryption cost of a mobile device.
Description
Technical field
The present invention relates to technical field of data processing, particularly relate to a kind of revocable rapid data outsourcing method for packing and dress
Put.
Background technology
Electronic health care case history (EHR) system is a promising healthy record management system.Healthy with traditional papery
Case history (PBHR) system is compared, and EHR system brings extra advantage, such as: more flexible EHR storage, simpler EHR number
According to management, preferably store and reply efficiency and wider availability.Cloud storage can be in the mode of on-demand as user
Virtually limitless resource is provided and spends cheap, particularly in public cloud.In this way, EHR can be outsourced to public affairs
Altogether on cloud, medical personnel from setting up the EHR storage system of specialty and can manage the large-scale EHR data that they are had
Work in free.User then can be accessed by public cloud and be shared their EHR data easily.
In EHR high in the clouds stores important security consideration be dishonest Cloud Server supplier may without with
Authorizing of family is just read and the digital information of abuse user.Cryptographic access control way is suggested this problem of solution.
In these schemes, an EHR data owner needs the data of outsourcing with an access strategy encapsulation.The use of EHR data
Person, everyone is allocated an access certificate being associated with their attribute, the only attribute at them and meets specific visit
The when of asking strategy, they just can decapsulate data.Compared with traditional access control system, cryptographic access controls plan
EHR user is slightly allowed to implement access control policy in the case of database server is incredible.Control is being accessed with cryptographic
System still has challenge during protecting EHR high in the clouds storage safety.One challenge is exactly the data encapsulation of existing agreement
Need the expensive symmetric encryption operation that substantial amounts of and specific access control policy complexity is linear.Experimental data table
The encapsulation of bright data spends a large amount of time, and causes Consumer's Experience to decline.It addition, for the application needing real time data to update, than
Such as economy treatment and the application of healthy detection, encapsulation consumes and is difficult to accept so for a long time.
Another one drawback is that the security model that existing cryptography access-control protocol uses is not enough to store beyond the clouds
In capture reality attack.First, the agreements that great majority exist only considered assailant only with being encapsulated by access
Data attempt obtaining the passive aggression of the information of digital content.In reality, truthless user may change their visit
Ask certificate and conspire access EHR data in the case of not having authority with Cloud Server supplier.Additionally, assailant may
Know the data that target validated user imprudence is revealed.The actual environment being so fraught with risks in existing security model not
Have completely in view of all of situation.And existing agreement is not provided that any mechanism is to screen invalid encapsulation.Because envelope
The data of dress look like random, and the assailant of malice can bury user high in the clouds EHR account with junk data easily, than
The junk data randomly generated such as lasting transmission.
Summary of the invention
The purpose of the present invention is intended to solve one of above-mentioned technical problem the most to a certain extent.
To this end, the first of the present invention purpose is to propose a kind of revocable rapid data outsourcing method for packing.The method
Achieve and effectively access control, and farthest protect electronic health care case and be stored in the 3rd can not trusted completely
Safety on side's server, has saved the deciphering expense of mobile device.
Second object of the present invention is to propose a kind of revocable rapid data outer encapsulating assembling device.
For reaching above-mentioned purpose, the revocable rapid data outsourcing method for packing of first aspect present invention embodiment, including:
S1, feasible authority performs system initialization, including: S11, trusted authority input security parameterMaximum with community set
NumberRunObtain two prime number p rank groupsOne bilinear mapS12, described trusted authority selects symmetric encryption scheme εsym, described symmetric encryption scheme εsymUse AES
SymEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is for using
The HER data at family;S13, described trusted authority selects a kind of impact resistant hash function H (), described impact resistant hash function H
() meets all characteristics of impact resistant hash function, inputs 0 into random length, 1 character string, is output as being mapped toIn Qun
A certain element,S14, described trusted authority selects one auxiliary parameter territoryPeace
Full chameleon hash function CH:{0,1}*→Zp;S15, described trusted authority is run Generating Random Number, is obtainedAnd integerS16, sets revocation lists RL=0, and selects one more than or equal to N number of leaf
The binary tree BT of node;S17, described trusted authority has master key msk (α), externally announces common parameter and isS2, data owner performs data encapsulation, including:
S21, data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs;S22, it is assumed that any
Having a maximum line number in the strategy of one LSSS coding, described data owner selects random for each i ∈ [p]
IntegerAnd calculateS23, described data owner selects one
Individual random integerAnd arrangeS24, described data owner runs (chk, td)
←CHGen(1λ), select a random auxiliary parameterThe character string random with oneCalculate V=Hash
(chk||CHash(chk,m',r'm)), outputS25, described data owner selects a random integerAnd calculateFinally in the middle of output, packet header isBy institute
State and use when data owner is stored for encapsulating in real time;S26, described data owner has obtained data data, packaging time
T, and the access control policy (M, ρ) of correspondence, whereinρ: [1] → μ 1≤p, described data owner selects the most whole
NumberOutputS27, described data owner calculates and shares vectorFor i ∈ [I], described data owner calculates Ci,4=λi-λ′i, Ci,5=-ti·(ρ
(i)-xi) for time T, described data owner calculates CR,2=s (T-T');S28, the data of encapsulation are en=SymEnc
(key, data), described data owner runs rm=Coll (td, m', r'm, m), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||
C1,4||C1,5||CR,1||CR,2The form in T packet header is expressed as | | (M, ρ) | |:S29, described data owner export data to be stored (hdr,
En), upload and store;S3, auditor performs package detection, including: S31, auditor calculates V=CHash (chk, m, rm), its
Middle m=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;S32, for all of i
∈ [l] detectsWhether become the attribute that Rob Roy checking is relevant, detectionWhether become Rob Roy to verify packaging time, detectIt is
No establishment, if there being one of them equation to be false, then algorithm output v=0, otherwise exports v=1;S4, trusted authority performs
Access rights produce, including: S41, data consumer's community set isWhereinDescribed credible
The unassignable leaf node η of selection one that authority is random from described binary tree BT, and community set S is stored in node η
In;S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then described trusted authority is just
Described element g is retrieved from described node θθ, one element gθIt is not stored in the middle of node θ, the choosing that described trusted authority is random
Select an elementAnd willIt is stored in the middle of node θ;S43, described trusted authority selects random whole
NumberCalculateAnd for
S44, described trusted authority is gathered for all of θ ∈ Path (θ)And export described
The access certificate of community set S is as follows:S5, trusted authority is more
New access rights, for each node θ ∈ CUNode (BT, RL, T), described trusted authority is taken out from node θVisiting
Predefine during asking certificates constructing, one integer of random selectionAnd calculateDescribed trusted authority finally announces the certificate of renewal:S6, data consumer performs data decapsulation, including: S61, it is assumed that its visit
Ask that certificate is:The more new authentication that described trusted authority is announced is:Described data consumer checks set I ∩ J, ifThe then access of this community set
Certificate is revoked, and program simply exports ⊥, and otherwise, data consumer selects θ ∈ I ∩ J and calculates
S62, data consumer is arrangedAnd computational constantMakeIts
InIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantAll may be used
Effectively to be found, data may finally obtain by running data=SymDec (key, en), and the decapsulation of use is close
Key key is calculated as below:
Wherein j isThe volume of middle attribute ρ (i)
Number;S7, trusted authority performs access rights and cancels, including: η is denoted as the leaf node of described binary tree BT, with described property set
CloseContact, described trusted authority, by RL ← RL ∪ { (η, T) } and disclosure, recalls access rights.
The revocable rapid data outsourcing method for packing of the embodiment of the present invention, provide firstly virtual private storage and
Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them
Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one
Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user
Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The method achieve effective access
Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely
Property, save the deciphering expense of mobile device.
In some instances, describedSpecifically include: described trusted authority input system security parameter λ, according to λ's
Size, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then by the point on described elliptic curve
Constitute the group on two prime number p rank
In some instances, described impact resistant hash function H () is from Pairing-Based Cryptosystems function
Bag calls built-in function run.
In some instances, Generating Random Number, according to described Y2=X3+ aX+b, randomly chooses one of independent variable X
Value x1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, then it is successfully generated random element.If point (x1,
y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
For reaching above-mentioned purpose, the revocable rapid data outer encapsulating assembling device of second aspect present invention embodiment, including: can
Row authority performs system initialization module, performs system initialization for feasible authority, farther includes: S11, and trusted authority is defeated
Enter security parameterMaximum number with community setRunObtain two prime number p
Rank groupOne bilinear mapS12, described trusted authority selects symmetric encryption scheme εsym, described right
Claim encipherment scheme εsymUse AES symEnc (key, data) and decipherment algorithm symDec (key, data), wherein, key
Decapsulating key for data, data is the HER data of user;S13, described trusted authority selects a kind of impact resistant hash function H
(), described impact resistant hash function H () meets all characteristics of impact resistant hash function, input 0 into random length, 1
Character string, is output as being mapped toA certain element in Qun,S14, described trusted authority
Select one and have auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp;S15, described trusted authority run with
Machine number generating algorithm, obtainsAnd integerS16, sets revocation lists RL=0, and selects
One binary tree BT more than or equal to N number of leaf node;S17, described trusted authority has master key msk (α), externally announces public ginseng
Number isData owner performs data package module, uses
Performing data encapsulation in data owner, farther include: S21, described data owner chooses a random integer
And calculate key=e (g, g)αs,c0=gs;S22, it is assumed that have a maximum line number in the strategy that any one LSSS encodes,
Described data owner selects random integer for each i ∈ [p]And calculateS23, described data owner selects a random integerAnd
ArrangeS24, described data owner runs (chk, td) ← CHGen (1λ), select one at random
Auxiliary parameterThe character string random with oneCalculating V=Hash (chk | | CHash (chk, m', r
'm)), outputS25, described data owner selects a random integerAnd calculateFinally in the middle of output, packet header isDeposited by described data owner
Use when storing up for encapsulation in real time;S26, described data owner has obtained the access of data data, packaging time T, and correspondence
Control strategy (M, ρ), whereinρ: [1] → μ 1≤p, described data owner selects random integers
OutputS27, described data owner calculates and shares vectorFor i
∈ [I], described data owner calculates Ci,4=λi-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, described data own
Person calculates CR,2=s (T-T');S28, the data of encapsulation are en=SymEnc (key, data), and described data owner runs
rm=Coll (td, m', r'm, m), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||C1,4||
C1,5||CR,1||CR,2The form in T packet header is expressed as | | (M, ρ) | |:
S29, described data owner exports data (hdr, en) to be stored, uploads and store;Auditor performs package detection module,
Performing package detection for auditor, farther include: S31, described auditor calculates V=CHash (chk, m, rm), wherein m
=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;S32, for all of i ∈
[l] detectsWhether become the attribute that Rob Roy checking is relevant, detectionWhether become Rob Roy to verify packaging time, detect
Whether setting up, if there being one of them equation to be false, then algorithm output v=0, otherwise exporting v=1;Trusted authority performs
Access rights generation module, trusted authority described in user performs access rights and produces, farther includes: S41, and data consumer belongs to
Property collection is combined intoWhereinThe selection one that described trusted authority is random from described binary tree BT
Individual unassignable leaf node η, and community set S is stored in node η;S42, for each node θ ∈ Path (η),
One element gθIt is stored in the middle of node θ, then described trusted authority just retrieves described element g from described node θθ, described one
Individual element gθIt is not stored in the middle of node θ, one element of selection that described trusted authority is randomAnd willIt is stored in the middle of node θ;S43, described trusted authority selects random integerMeter
CalculateAnd for S44, described can
Letter authority gather for all of θ ∈ Path (θ)And export described community set S
Access certificate as follows:Trusted authority performs access rights
More new module, for for each node θ ∈ CUNode (BT, RL, T), described trusted authority is taken out from node θPredefine during access certificate generates, one integer of random selectionAnd calculateDescribed trusted authority finally announces the certificate of renewal:Data consumer performs data decapsulation module, performs for data consumer
Data decapsulation module, farther includes: S61, it is assumed that its access certificate is:The more new authentication that described trusted authority is announced is:Described data consumer checks set I ∩ J, ifThe then visit of this community set
Asking that certificate is revoked, program simply exports ⊥, and otherwise, data consumer selects θ ∈ I ∩ J and calculates
S62, described data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by running data=SymDec (key, en)
And obtain, the decapsulation key key of use is calculated as below:
Wherein j isThe numbering of middle attribute ρ (i);Trusted authority performs access rights and cancels module, performs visit for described trusted authority
Ask that authority is cancelled, farther include: η is denoted as the leaf node of described binary tree BT, with described community setContact, described
Trusted authority, by RL ← RL ∪ { (η, T) } and disclosure, recalls access rights.
The revocable rapid data outer encapsulating assembling device of the embodiment of the present invention, provide firstly virtual private storage and
Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them
Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one
Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user
Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The arrangement achieves effective access
Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely
Property, save the deciphering expense of mobile device.
In some instances, describedSpecifically include: described trusted authority input system security parameter λ, according to λ's
Size, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then by the point on described elliptic curve
Constitute the group on two prime number p rank
In some instances, described impact resistant hash function H () is from Pairing-Based Cryptosystems function
Bag calls built-in function run.
In some instances, Generating Random Number, according to described Y2=X3+ aX+b, randomly chooses one of independent variable X
Value x1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, then it is successfully generated random element.If point (x1,
y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
Aspect and advantage that the present invention adds will part be given in the following description, and part will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Accompanying drawing explanation
Above-mentioned and/or the additional aspect of the present invention and advantage are from combining the accompanying drawings below description to embodiment and will become
Substantially with easy to understand, wherein:
Fig. 1 is the flow chart of the most revocable rapid data outsourcing method for packing;
Fig. 2 is the schematic diagram of system structure in accordance with another embodiment of the present invention;
Fig. 3 is the schematic diagram of file memory format in accordance with another embodiment of the present invention;
Fig. 4 is the schematic diagram of the most revocable rapid data outer encapsulating assembling device.
Detailed description of the invention
Embodiments of the invention are described below in detail, and the example of described embodiment is shown in the drawings, the most from start to finish
Same or similar label represents same or similar element or has the element of same or like function.Below with reference to attached
The embodiment that figure describes is exemplary, it is intended to is used for explaining the present invention, and is not considered as limiting the invention.
The public cloud storage of outsourcing Electronic Health Record has notable superiority relative to traditional local storage, is a kind of
Promising storage example.The Mechanism of Data Encapsulation of safety is suggested in order to perform to access control to the EHR data of outsourcing.But
Existing method for packing need high cost the most relevant to the size that the access control policy used represents
Asymmetric Cryptography method.It addition, currently existing scheme cannot detect and filter illegal encapsulation, so assailant cannot be stoped to use
Fraudulent data make the account of user paralyse.Additionally, currently existing scheme does not use effective revocation mechanisms stop
The user being revoked continues to unseal EHR data.The present invention with effect is a little:
First, next safe his the EHR data of encapsulation of real-time operation that a user has only to very lightweight.We adopt
This target is reached by a kind of new pre-packaged scheme.Pre-treatment step need not understand packed data or phase
The access strategy answered.When data and corresponding access strategy all can use, data owner has only to a small amount of mould and adds/multiplication
Complete encapsulation.Pre-packaged by carry out at idle interval or charging interval, our scheme allows outside real time data
Even if wrapping and the user of computation-bound being also provided that splendid Consumer's Experience.
Second, our RFODE have employed the access of Semantic Security and control to resist adaptive active collusion attack.I.e.
Just an assailant and Cloud Server supplier with except other all users of targeted customer conspire, adaptive know remove
In encapsulation of data outside target data so the most disagreeableness environment, assailant can not obtain any relevant number of targets
According to effective information.The strongest safe result illustrate RFODE can unsafe public in provide the user virtual
Privately owned memory space is the same just as the local data base leaving themselves in of the data safety of outsourcing.
3rd, our RFODE algorithm provides a public Filtering system.EHR data user, or user
The loyal auditor employed, can run a public program and check and screen invalid encapsulation.One assailant sends
Random junk data can be detected and isolate in systems.And the cost encapsulating verification can be than product
The encapsulation of a raw well-formed is the most a lot.Therefore assailant with the nonsignificant data of well-formed encapsulation blocked user cloud
Account cost is the highest, so can greatly reduce this type of and threaten.
Finally, our scheme have employed an effective revocation mechanisms.EHR data user once access rights are removed
Pin, cannot access EHR.Our revocation mechanism is calculating with to exchange aspect the most highly effective, is such as infrequently accessing
Authority supports that real time access authority is cancelled in the case of updating.
Firstly, it is necessary to introduce in some algorithms the implication representated by some characters: as shown in table 1:
Table 1, character implication table
Wherein, forA <b, we definition [a, b]=a, a+1 ..., b}.In the case of there is no ambiguity, I
[1, a] is abbreviated as [a],It is abbreviated as [n1,n2,…,nk].SetGesture
It is denoted asWe sayIf s1,s2,…,snBe fromIn randomly choose.
We defineServe as reasonsThe matrix of central elementary composition m × n.Two special subsets of matrix are
Row vectorAnd column vectorFor two vectorsWithI-th be vi, two vectorial inner products are expressed as
Fig. 1 is the flow chart of the most revocable rapid data outsourcing method for packing.
First, in conjunction with Fig. 2, under needing to introduce: 1) data holder (Data Owner): seal with required access strategy
Dress data, and store it on cloud server and meet the EHR data consumer of access rights to share data;2)
Data consumer (Data Consumer): to the access rights that trusted authority request is relevant to oneself attribute, obtain trusted authority
The revocation information issued, it is possible to recover the packaging information that high in the clouds storage server mates with access strategy;3) high in the clouds storage clothes
Business device (Cloud Storage Serve): preserve packaged EHR data and the access request of EHR data consumer is entered
Row response;4) trusted authority mechanism (Trusted Authority): by each entity trusts, be responsible for the initialization of system and lead to
Cross issue, management data access authority to distinguish EHR data consumer;5) auditor (Auditor): store high in the clouds in data
Check before storage server that data are whether according to the encapsulation that specific access strategy is correct.Because in FRODE, data are audited
Shi Gongkai is carried out, such as, have only to ask common parameter and the data of encapsulation, and anyone can serve as auditor and checks
The correctness of encapsulation of data.On the one hand the data consumer that computing capability is strong can be the auditor of themselves account, another
The user of aspect mobile terminal (computing capability is limited) can also employ a trusted third party (such as cloud computing server) conduct
Auditor.
As it is shown in figure 1, this revocable rapid data outsourcing method for packing may include that
S1, feasible authority performs system initialization.
Specifically, in some instances, feasible authority's execution system initialization includes:
S11, trusted authority input security parameterMaximum number with community setRunObtain two prime number p rank groupsOne bilinear map
Wherein,Specifically include: trusted authority input system security parameter λ, according to the size of λ, Systematic selection phase
The elliptic curve answered: Y2=X3+ aX+b, wherein, a and b is coefficient, then is constituted two prime number p rank by the point on described elliptic curve
Group
More specifically, Bilinear map, a kind of Function Mapping e of definition (. .), by groupIn element be mapped to groupIn
Go, i.e.Wherein groupWithBe two exponent numbers be the multiplication loop group of prime number p.The spy that Bilinear map meets
Property has: 1. bilinear characteristics: forThere is e (ga,hb)=e (g, h)abSet up;2. non-degeneracy:
An element g is at least there is so that (g g) is the e after calculating in QunCertain of group generates unit;3. computability: exist effectively
Algorithm so that all ofCan effectively calculate e (u, value v);Wherein, ZpExpression set 0,1,2 ..., p-
1}。
It should be noted that in attribute base encipherment scheme, in order to realize that fine-grained access of data consumer is controlled,
Need to formulate access control policy before encryption data, express by accessing control structure.{P1,P2,……,PnIt it is one
The set of entity, if forB ∈ A andSo C ∈ A, a setIt is exactly linear
's.One access control structure (dull access control structure) be a set (dull gather) A, A be { P1,P2,……,Pn}
Nonvoid subset, namelySet in A is called the set of mandate, and the set in A is not called non-
Sets of authorizations.
S12, trusted authority selects symmetric encryption scheme εsym, symmetric encryption scheme εsymUse AES symEnc
(key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is the HER of user
Data.
S13, trusted authority selects a kind of impact resistant hash function H (), and impact resistant hash function H () meets impact resistant
All characteristics of hash function, input 0 into random length, 1 character string, are output as being mapped toA certain element in Qun,
Wherein, impact resistant hash function H () calls storehouse letter from Pairing-Based Cryptosystems function bag
Number runs.
It should be noted that the hash function used in the present invention possesses two fundamental characteristics: unipolarity and anti-collision;
Unipolarity refers to derive output from the input of hash function, and can not calculate input from the output of hash function;Anti-
Collision property refers to that the result that two different hash functions can not be found to input after making its Hash is identical.Hash in the present invention is calculated
Method input is any string of binary characters.
S14, trusted authority selects one auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp。
S15, trusted authority is run Generating Random Number, is obtainedAnd integer
Wherein, Generating Random Number, according to Y2=X3+ aX+b, randomly chooses value x of independent variable X1, calculate correspondence
Value y of dependent variable Y1;If point (x1,y1) in Maps Group, then it is successfully generated random element.If point (x1,y1) not at Maps Group
In, then continue to select the value of X, until finding the point occurring in group.
Wherein,Expression set 1,2 ..., and p-1}, randomly chooseThe random number generation function of middle element can be from
Pairing-Based Cryptosystems function bag calls built-in function run.
S16, sets revocation lists RL=0, and selects a binary tree BT more than or equal to N number of leaf node.
S17, trusted authority has master key msk (α), externally announces common parameter and is
S2, data owner performs data encapsulation.Specifically, including:
S21, data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs。
S22, it is assumed that having a maximum line number in the strategy that any one LSSS encodes, data owner is for each
Individual i ∈ [p] selects random integerAnd calculate
It should be noted that linear Secret Sharing Scheme (Linear Secret-Sharing Schemes is called for short LSSS)
P is a prime number, It it is Attribute domain.One secret territory ZpIf Secret Sharing Scheme ∏ meet following condition, be achieved that
On linear access control structure: secret s ∈ ZpShare a Z formed for each attributepOn vector.For
On each access control structure A, there is a matrixIt is called and shares generator matrix;Also have a function ρ, useIn attribute carry out the row of labelling M (namely), meet following condition: during sharing generation, it is considered to row
VectorWherein r2,…rnIt is ZpIn the element that randomly chooses.So according to ∏, secret s shares l vector
It is equivalent toShare forWherein j ∈ [l] belongs to attribute ρ (j).By (M, ρ) as the plan accessing control structure A
Slightly.
S23, data owner selects a random integerAnd arrange
S24, data owner runs (chk, td) ← CHGen (1λ), select a random auxiliary parameterWith one
Individual random character stringCalculating V=Hash (chk | | CHash (chk, m', r'm)), output
S25, data owner selects a random integerAnd calculateFinally in output
Between packet header beUse when being stored for encapsulating in real time by data owner.
S26, data owner has obtained the access control policy (M, ρ) of data data, packaging time T, and correspondence, whereinρ: [1] → μ 1≤p, data owner selects random integersOutput
S27, data owner calculates and shares vectorFor i ∈ [I], data owner
Calculate Ci,4=λi-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, data owner calculates CR,2=s (T-T').
S28, the data of encapsulation are en=SymEnc (key, data), and data owner runs rm=Coll (td, m', r'm,
M), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||
C1,4||C1,5||CR,1||CR,2| | (M, ρ) | | T, the form in packet header is expressed as:
S29, data owner exports data (hdr, en) to be stored, uploads and store.
Wherein, storage is as shown in Figure 3.
S3, auditor performs package detection.Specifically, including:
S31, auditor calculates V=CHash (chk, m, rm), wherein
M=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T。
S32, detects for all of i ∈ [l]Whether become Rob Roy checking relevant
Attribute, detectionWhether become Rob Roy to verify packaging time, detectWhether set up, if there being one of them equation to be false, then algorithm output v=0, otherwise
Output v=1.
S4, trusted authority performs access rights and produces.Specifically, including:
S41, data consumer's community set isWhereinTrusted authority is from binary tree BT
In the random unassignable leaf node η of selection one, and community set S is stored in node η.
S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then trusted authority is just
Described element g is retrieved from node θθ, an element gθIt is not stored in the middle of node θ, one element of selection that trusted authority is randomAnd willIt is stored in the middle of node θ.
S43, trusted authority selects random integerCalculateAnd
For
S44, trusted authority is gathered for all of θ ∈ Path (θ)And export
The access certificate of community set S is as follows:
S5, trusted authority updates access rights, and for each node θ ∈ CUNode (BT, RL, T), trusted authority is from joint
Point θ takes outPredefine during access certificate generates, one integer of random selectionAnd calculateTrusted authority finally announces the certificate of renewal:
S6, data consumer performs data decapsulation.Specifically, including:
S61, it is assumed that its access certificate is:Trusted authority
The more new authentication announced is:Data consumer checks set I ∩ J, ifThen
The access certificate of this community set is revoked, and program simply exports ⊥, otherwise, data consumer select θ ∈ I ∩ J and
Calculate
S62, data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by operation data=SymDec (key, en)
Obtaining, the decapsulation key key of use is calculated as below:
Wherein j isThe volume of middle attribute ρ (i)
Number.
S7, trusted authority performs access rights and cancels.Specifically, including:
η is denoted as the leaf node of described binary tree BT, with community setContact, trusted authority passes through RL ← RL ∪
{ (η, T) } and disclosure, recall access rights.
Wherein, binary tree being denoted as BT, its root node is denoted as root.For a leaf node in a binary tree BT
η, the set (including η and root) of some Path (η) being denoted as from leaf node η to root node root path.For a BT
On nonleaf node, its left and right node is denoted as η respectivelylAnd ηr。
Revocation mechanism comprises four ingredients: binary tree BT, revocation list RL, time T, and algorithm CUNode.Often
One community set is all associated with a leaf node on binary tree BT.These work generates and community set when trusted authority
Just can complete the when of corresponding access certificate.Revocation list is RL, be empty time initial, be used for storing all with cancel
Node that access certificate is associated and they cancel the time (ηi,Ti).When an access certificate to be revoked in the T moment,
System is added to revocation list RL, runs algorithm CUNode and more new authentication.Algorithm CUNode takes binary tree BT, cancels
List RL and time T is input, is output as announcing the set of the minimum node required for more new authentication, and so only correspondence belongs to
Property set could not continue street encapsulation of data in the access certificate of revocation list RL.Algorithm CUNode runs as shown in algorithm 1.
Algorithm 1 CUNode (BT, RL, T):
1:
2:for(ηi,Ti)∈RL do
3:ifTi≤T then
4: add Path(η)to X
5: end if
6:end for
7:forx∈X do
8: ifthen
9: add xl to Y
10: end if
11: if then
12: add xr to Y
13: end if
14:end for
15:ifthen
16: add root to Y
17:end if
18:return Y
The revocable rapid data outsourcing method for packing of the embodiment of the present invention, provide firstly virtual private storage and
Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them
Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one
Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user
Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The method achieve effective access
Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely
Property, save the deciphering expense of mobile device.
Corresponding with the revocable rapid data outsourcing method for packing that above-described embodiment provides, a kind of embodiment of the present invention
Also provide for a kind of revocable rapid data outer encapsulating assembling device, the revocable rapid data outsourcing provided due to the embodiment of the present invention
The revocable rapid data outsourcing method for packing that packaging system provides with above-described embodiment has same or analogous technical characteristic,
Therefore the embodiment at aforementioned revocable rapid data outsourcing method for packing be also applied for the present embodiment provide revocable soon
Speed data outer encapsulating assembling device, is not described in detail in the present embodiment.As shown in Figure 4, this revocable rapid data outer encapsulating
Assembling device comprises the steps that feasible authority performs system initialization module 10, data owner performs data package module 20, auditor
Perform package detection module 30, trusted authority performs access rights generation module 40, trusted authority performs access rights and updates mould
Block 50, data consumer perform data decapsulation module 60 and trusted authority performs access rights and cancels module 70.
Wherein, feasible authority performs system initialization module 10 and performs system initialization for feasible authority.
Data owner performs data package module 20 and performs data encapsulation for data owner.
Auditor performs package detection module 30 and performs package detection for auditor.
Trusted authority performs access rights generation module 40 user's trusted authority and performs access rights generation.
Trusted authority performs access rights more new module 50 and updates for access rights.
Data consumer performs data decapsulation module 60 and performs data decapsulation for data consumer.
Trusted authority execution access rights are cancelled module 70 and are cancelled for trusted authority execution access rights.
The revocable rapid data outer encapsulating assembling device of the embodiment of the present invention, provide firstly virtual private storage and
Allow a user that the electronic health care case history of outsourcing is performed fine-grained access to control, be stored in local one just as them
Sample;Secondly, have only to the mould on a small amount of line in encapsulation process and add/multiplication, and the quickest;And disclosed in allowing one
Auditor filters invalid electronic health care case history encapsulation and stops assailant to use the electronics that junk information carrys out blocked user
Healthy case history account;Finally have employed an effective revocation mechanisms for cancelling user.The arrangement achieves effective access
Control, and farthest protect electronic health care case in the safety being stored on the third-party server that can not trust completely
Property, save the deciphering expense of mobile device.
In describing the invention, it is to be understood that term " first ", " second " are only used for describing purpose, and can not
It is interpreted as instruction or hint relative importance or the implicit quantity indicating indicated technical characteristic.Thus, define " the
One ", the feature of " second " can express or implicitly include at least one this feature.In describing the invention, " multiple "
It is meant that at least two, such as two, three etc., unless otherwise expressly limited specifically.
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
Example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, structure, material or spy
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Identical embodiment or example must be directed to.And, the specific features of description, structure, material or feature can be in office
One or more embodiments or example combine in an appropriate manner.Additionally, in the case of the most conflicting, the skill of this area
The feature of the different embodiments described in this specification or example and different embodiment or example can be tied by art personnel
Close and combination.
In flow chart or at this, any process described otherwise above or method description are construed as, and expression includes
One or more is for realizing the module of code, fragment or the portion of the executable instruction of the step of specific logical function or process
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not by shown or discuss suitable
Sequence, including according to involved function by basic mode simultaneously or in the opposite order, performs function, and this should be by the present invention
Embodiment person of ordinary skill in the field understood.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is example
Property, it is impossible to being interpreted as limitation of the present invention, those of ordinary skill in the art within the scope of the invention can be to above-mentioned
Embodiment is changed, revises, replaces and modification.
Claims (8)
1. a revocable rapid data outsourcing method for packing, it is characterised in that comprise the following steps:
S1, feasible authority performs system initialization, including:
S11, trusted authority input security parameterMaximum number with community setRunObtain two prime number p rank groupsOne bilinear map
S12, described trusted authority selects symmetric encryption scheme εsym, described symmetric encryption scheme εsymUse AES symEnc
(key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is the HER of user
Data;
S13, described trusted authority selects a kind of impact resistant hash function H (), and described impact resistant hash function H () meets anti-
All characteristics of collision hash function, input 0 into random length, 1 character string, are output as being mapped toCertain unitary in Qun
Element,
S14, described trusted authority selects one auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp;
S15, described trusted authority is run Generating Random Number, is obtained g, h, u, v, w, hr,And integer
S16, sets revocation lists RL=0, and selects a binary tree BT more than or equal to N number of leaf node;
S17, described trusted authority has master key msk (α), externally announces common parameter and is
S2, data owner performs data encapsulation, including:
S21, data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs;
S22, it is assumed that having a maximum line number in the strategy that any one LSSS encodes, described data owner is for each
Individual i ∈ [p] selects random integer λ 'i,χi,And calculate
S23, described data owner selects a random integerAnd arrange
S24, described data owner runs (chk, td) ← CHGen (1λ), select a random auxiliary parameterWith one
Individual random character stringCalculating V=Hash (chk | | CHash (chk, m', r'm)), output
S25, described data owner selects a random integerAnd calculateFinally in output
Between packet header beUse when being stored for encapsulating in real time by described data owner;
S26, described data owner has obtained the access control policy (M, ρ) of data data, packaging time T, and correspondence, whereinρ: [1] → μ 1≤p, described data owner selects random integersOutput
S27, described data owner calculates and shares vectorFor i ∈ [I], described data institute
The person of having calculates Ci,4=λi-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, described data owner calculates CR,2=s (T-
T');
S28, the data of encapsulation are en=SymEnc (key, data), and described data owner runs rm=Coll (td, m', r'm,
M), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||C1,4||
C1,5||CR,1||CR,2The form in T packet header is expressed as | | (M, ρ) | |:
S29, described data owner exports data (hdr, en) to be stored, uploads and store;
S3, auditor performs package detection, including:
S31, auditor calculates V=CHash (chk, m, rm), wherein
M=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;
S32, detects for all of i ∈ [l]Whether become the attribute that Rob Roy checking is relevant,
DetectionWhether become Rob Roy to verify packaging time, detect
Whether set up, if one of them equation is false, then algorithm output v=0, otherwise export v=1;
S4, trusted authority performs access rights and produces, including:
S41, data consumer's community set isWhereinDescribed trusted authority is from described y-bend
The unassignable leaf node η of selection one random in tree BT, and community set S is stored in node η;
S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then described trusted authority is just
Described element g is retrieved from described node θθ, one element gθIt is not stored in the middle of node θ, the choosing that described trusted authority is random
Select an elementAnd willIt is stored in the middle of node θ;
S43, described trusted authority selects random integerCalculateAnd
For
S44, described trusted authority is gathered for all of θ ∈ Path (θ)And export
The access certificate of described community set S is as follows:
S5, trusted authority updates access rights, for each node θ ∈ CUNode (BT, RL, T), described credible
Authority takes out from node θPredefine during access certificate generates, one integer of random selectionAnd calculate Described trusted authority finally announces the certificate of renewal:
S6, data consumer performs data decapsulation, including:
S61, it is assumed that its access certificate is:Described trusted authority
The more new authentication announced is:Described data consumer checks set I ∩ J, ifThen the access certificate of this community set is revoked, and program simply exports ⊥, and otherwise, data consumer selects θ
∈ I ∩ J and calculating
S62, data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by running data=SymDec (key, en)
And obtain, the decapsulation key key of use is calculated as below:
Wherein j isThe numbering of middle attribute ρ (i);
S7, trusted authority performs access rights and cancels, including:
η is denoted as the leaf node of described binary tree BT, with described community setContact, described trusted authority passes through RL ← RL
∪ { (η, T) } and disclosure, recall access rights.
2. the method for claim 1, it is characterised in that describedSpecifically include: described trusted authority input system
System security parameter λ, according to the size of λ, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then
The group on two prime number p rank it is made up of the point on described elliptic curve
3. the method for claim 1, it is characterised in that described impact resistant hash function H () is from Pairing-Based
Cryptosystems function bag calls built-in function run.
4. method as claimed in claim 2, it is characterised in that Generating Random Number, according to described Y2=X3+ aX+b, at random
Select a value x of independent variable X1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, be then successfully generated
Random element.If point (x1,y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
5. a revocable rapid data outer encapsulating assembling device, it is characterised in that including:
Feasible authority performs system initialization module, performs system initialization for feasible authority, farther includes:
S11, trusted authority input security parameterMaximum number with community setRunObtain two prime number p rank groupsOne bilinear map
S12, described trusted authority selects symmetric encryption scheme εsym, described symmetric encryption scheme εsymUse AES symEnc
(key, data) and decipherment algorithm symDec (key, data), wherein, key is that data decapsulate key, and data is the HER of user
Data;
S13, described trusted authority selects a kind of impact resistant hash function H (), and described impact resistant hash function H () meets anti-
All characteristics of collision hash function, input 0 into random length, 1 character string, are output as being mapped toCertain unitary in Qun
Element,
S14, described trusted authority selects one auxiliary parameter territorySafe chameleon hash function CH:{0,1}*→Zp;
S15, described trusted authority is run Generating Random Number, is obtained g, h, u, v, w, hr,And integer
S16, sets revocation lists RL=0, and selects a binary tree BT more than or equal to N number of leaf node;
S17, described trusted authority has master key msk (α), externally announces common parameter and is
Data owner performs data package module, performs data encapsulation for data owner, farther includes:
S21, described data owner chooses a random integerAnd calculate key=e (g, g)αs,c0=gs;
S22, it is assumed that having a maximum line number in the strategy that any one LSSS encodes, described data owner is for each
Individual i ∈ [p] selects random integer λ 'i,χi,And calculate
S23, described data owner selects a random integerAnd arrange
S24, described data owner runs (chk, td) ← CHGen (1λ), select a random auxiliary parameterWith one
Individual random character stringCalculating V=Hash (chk | | CHash (chk, m', r'm)), output
S25, described data owner selects a random integerAnd calculateFinally in output
Between packet header beUse when being stored for encapsulating in real time by described data owner;
S26, described data owner has obtained the access control policy (M, ρ) of data data, packaging time T, and correspondence, whereinρ: [1] → μ 1≤p, described data owner selects random integersOutput
S27, described data owner calculates and shares vectorFor i ∈ [I], described data institute
The person of having calculates Ci,4=λi-λ′i, Ci,5=-ti·(ρ(i)-xi) for time T, described data owner calculates CR,2=s (T-
T');
S28, the data of encapsulation are en=SymEnc (key, data), and described data owner runs rm=Coll (td, m', r'm,
M), wherein m is set to:
M=en | | C0,1||C0,2||C0,3||C1,1||C1,2||C1,3||C1,4||C1,5||...||C1,1||C1,2||C1,3||C1,4||
C1,5||CR,1||CR,2||(M,ρ)||T
The form in packet header is expressed as:
S29, described data owner exports data (hdr, en) to be stored, uploads and store;
Auditor performs package detection module, performs package detection for auditor, farther includes:
S31, described auditor calculates V=CHash (chk, m, rm), wherein
M=enC0,1C0,2C0,3C1,1C1,2C1,3C1,4C1,5…Cl,1Cl,2Cl,3Cl,4Cl,5CR,1CR,2(M,ρ)T;
S32, detects for all of i ∈ [l]Whether become the genus that Rob Roy checking is relevant
Property, detectionWhether become Rob Roy to verify packaging time, detectWhether set up, if one of them equation is false, then algorithm output v=0, the most defeated
Go out v=1;
Trusted authority performs access rights generation module, and trusted authority described in user performs access rights and produces, and farther includes:
S41, data consumer's community set isWhereinDescribed trusted authority is from described y-bend
The unassignable leaf node η of selection one random in tree BT, and community set S is stored in node η;
S42, for each node θ ∈ Path (η), an element gθIt is stored in the middle of node θ, then described trusted authority is just
Described element g is retrieved from described node θθ, one element gθIt is not stored in the middle of node θ, the choosing that described trusted authority is random
Select an elementAnd willIt is stored in the middle of node θ;
S43, described trusted authority selects random integerCalculateAnd
For
S44, described trusted authority is gathered for all of θ ∈ Path (θ)And export
The access certificate of described community set S is as follows:
Trusted authority performs access rights more new module, for for each node θ ∈ CUNode (BT, RL, T), described can
Letter authority take out from node θPredefine during access certificate generates, one integer of random selectionAnd calculate Described trusted authority finally announces the certificate of renewal:
Data consumer performs data decapsulation module, performs data decapsulation for data consumer, farther includes:
S61, it is assumed that its access certificate is:Described trusted authority
The more new authentication announced is:Described data consumer checks set I ∩ J, ifThen the access certificate of this community set is revoked, and program simply exports ⊥, and otherwise, data consumer selects θ
∈ I ∩ J and calculating
S62, described data consumer is arrangedAnd computational constantMakeWhereinIt is i-th row sharing generator matrix M, meets access control policy for all ofConstantCan effectively be found, data may finally be by operation data=SymDec (key, en)
Obtaining, the decapsulation key key of use is calculated as below:
Wherein j isThe numbering of middle attribute ρ (i);
Trusted authority performs access rights and cancels module, performs access rights for described trusted authority and cancels, farther includes:
η is denoted as the leaf node of described binary tree BT, with described community setContact, described trusted authority passes through RL ← RL
∪ { (η, T) } and disclosure, recall access rights.
6. device as claimed in claim 5, it is characterised in that describedSpecifically include: described trusted authority input system
System security parameter λ, according to the size of λ, the corresponding elliptic curve of Systematic selection: Y2=X3+ aX+b, wherein, a and b is coefficient, then
The group on two prime number p rank it is made up of the point on described elliptic curve
7. device as claimed in claim 5, it is characterised in that described impact resistant hash function H () is from Pairing-Based
Cryptosystems function bag calls built-in function run.
8. device as claimed in claim 6, it is characterised in that Generating Random Number, according to described Y2=X3+ aX+b, at random
Select a value x of independent variable X1, calculate value y of corresponding dependent variable Y1;If point (x1,y1) in Maps Group, be then successfully generated
Random element.If point (x1,y1) not in described Maps Group, then continue to select the value of X, until finding the point occurring in group.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610302830.9A CN105978696B (en) | 2016-05-09 | 2016-05-09 | Revocable rapid data outsourcing encapsulates method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610302830.9A CN105978696B (en) | 2016-05-09 | 2016-05-09 | Revocable rapid data outsourcing encapsulates method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105978696A true CN105978696A (en) | 2016-09-28 |
CN105978696B CN105978696B (en) | 2019-10-11 |
Family
ID=56992190
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610302830.9A Active CN105978696B (en) | 2016-05-09 | 2016-05-09 | Revocable rapid data outsourcing encapsulates method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105978696B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108365959A (en) * | 2018-02-14 | 2018-08-03 | 东北大学 | The outsourcing multinomial verification method of Full Proxy under a kind of cloud environment |
CN108830602A (en) * | 2018-06-27 | 2018-11-16 | 电子科技大学 | A kind of license chain construction and management-control method based on chameleon hash function |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006209682A (en) * | 2005-01-31 | 2006-08-10 | Fuji Xerox Co Ltd | Data management system |
CN103795549A (en) * | 2014-02-28 | 2014-05-14 | 成都卫士通信息产业股份有限公司 | Communication content encryption and decryption method and encryption management method based on CS mode |
-
2016
- 2016-05-09 CN CN201610302830.9A patent/CN105978696B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006209682A (en) * | 2005-01-31 | 2006-08-10 | Fuji Xerox Co Ltd | Data management system |
CN103795549A (en) * | 2014-02-28 | 2014-05-14 | 成都卫士通信息产业股份有限公司 | Communication content encryption and decryption method and encryption management method based on CS mode |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108365959A (en) * | 2018-02-14 | 2018-08-03 | 东北大学 | The outsourcing multinomial verification method of Full Proxy under a kind of cloud environment |
CN108830602A (en) * | 2018-06-27 | 2018-11-16 | 电子科技大学 | A kind of license chain construction and management-control method based on chameleon hash function |
CN108830602B (en) * | 2018-06-27 | 2022-03-29 | 电子科技大学 | Permission chain construction and management and control method based on chameleon hash function |
Also Published As
Publication number | Publication date |
---|---|
CN105978696B (en) | 2019-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107864139B (en) | Cryptographic attribute base access control method and system based on dynamic rules | |
Xiong et al. | A key protection scheme based on secret sharing for blockchain-based construction supply chain system | |
US10833841B2 (en) | Leakage-free order-preserving encryption | |
CN101340282B (en) | Generation method of composite public key | |
EP3241146B1 (en) | System and method for obfuscating an identifier to protect the identifier from impermissible appropriation | |
CN100586065C (en) | CPK credibility authorization system | |
CN107483198A (en) | A kind of block catenary system supervised and method | |
CN104135473B (en) | A kind of method that identity base broadcast enciphering is realized by the attribute base encryption of Ciphertext policy | |
CN107483585A (en) | The efficient data integrality auditing system and method for safe duplicate removal are supported in cloud environment | |
CN105959111A (en) | Information security big-data resource access control system based on cloud computing and credible computing | |
CN106686010A (en) | Multi-mechanism attribute-based encryption method supporting strategy dynamic updating | |
CN108540280A (en) | A kind of the secure data sharing method and system of resource high-efficiency | |
Guan et al. | Achieving adaptively secure data access control with privacy protection for lightweight IoT devices | |
CN109818752A (en) | Credit scoring generation method, device, computer equipment and storage medium | |
CN107204846A (en) | Digital signature generation method, system, node module and common random number consult determination method | |
CN104901812B (en) | A kind of RFID system safety certifying method of ECC combinations lightweight Hash functions | |
CN105978696B (en) | Revocable rapid data outsourcing encapsulates method and device | |
CN108777626A (en) | A kind of attribute base net network endorsement method for supporting dynamic attribute space | |
CN116779084A (en) | Electronic case privacy protection method based on blockchain | |
CN114430321B (en) | DFA self-adaptive security-based black box traceable key attribute encryption method and device | |
CN116668149A (en) | Electronic medical data sharing method based on policy hiding and attribute updating | |
CN105068756B (en) | The storage access method of electronic health care case history | |
CN104539602B (en) | A kind of safety key managing method being applied in cloud storage | |
Liu et al. | Auditing revocable privacy-preserving access control for EHRs in clouds | |
Yin et al. | A Revocable Outsourced Data Accessing Control Scheme with Black-Box Traceability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |