CN106603544A - Data storage and cloud control method capable of lightweight auditing - Google Patents

Data storage and cloud control method capable of lightweight auditing Download PDF

Info

Publication number
CN106603544A
CN106603544A CN201611198524.1A CN201611198524A CN106603544A CN 106603544 A CN106603544 A CN 106603544A CN 201611198524 A CN201611198524 A CN 201611198524A CN 106603544 A CN106603544 A CN 106603544A
Authority
CN
China
Prior art keywords
cloud server
user
data owner
random
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611198524.1A
Other languages
Chinese (zh)
Other versions
CN106603544B (en
Inventor
薛开平
李威
陈炜铿
洪佩琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Original Assignee
University of Science and Technology of China USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC filed Critical University of Science and Technology of China USTC
Priority to CN201611198524.1A priority Critical patent/CN106603544B/en
Publication of CN106603544A publication Critical patent/CN106603544A/en
Application granted granted Critical
Publication of CN106603544B publication Critical patent/CN106603544B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data storage and cloud control method capable of lightweight auditing. The data storage and cloud control method comprises the steps that: firstly, a data owner generates an attribute set { A1, A2, ..., An} and an access strategy A required for conducting attribute encryption according to access right requirements of a file M to be uploaded, and generates a random session key K and N random character strings {S1, S2, ..., SN}; the data owner processes the random character strings {S1, S2,..., SN} by adopting a secure Hash algorithm, and uploads a ciphertext CT to a cloud server; when another user needs to obtain the file M stored in the cloud server, the cloud server and the user complete a challenge-response process; the cloud server sends a data ciphertext EK(M) in the ciphertext CT corresponding to the file M required by the user; the user decrypts the EK(M) by adopting the random session key K to obtain the required file M; and the data owner audits a resource consumption record provided by the cloud server. The data storage and cloud control method effectively judges the access rights of specific users, and further ensures that the user can effectively monitor the resources provided by the cloud server.

Description

A kind of data storage with lightweight audit and cloud control method
Technical field
The present invention relates to cloud technical field of data storage, more particularly to a kind of data storage with lightweight audit and high in the clouds Control method.
Background technology
At present, in cloud storage environment, consider for economy and easily, the data of oneself are outsourced to cloud clothes by user In business device, in order to protect the confidentiality and privacy of user data, access control is indispensable salvo.Yet with User can not completely trust Cloud Server provider, therefore traditional access control means can not be applied well To in cloud storage environment.In order to solve this problem, during the encipherment scheme (ABE) based on attribute is introduced in cloud storage, ABE makes Data owner directly can conduct interviews control to the data of oneself, be a kind of effective user side access control means. Wherein, the strategy encipherment scheme (CP-ABE) based on attribute related to ciphertext is considered as to be best suitable for realizing visiting in cloud storage Ask one of means of control.
Yet with corresponding compatible high in the clouds access control policy is lacked, CP-ABE is still difficult directly to be deployed to In actual publicly-owned cloud environment.In current high in the clouds access control scheme, Cloud Server be always assumed to be it is completely believable, Therefore these schemes are difficult to accomplish compatible with CP-ABE schemes.Due to lacking corresponding high in the clouds access control, based on CP- In the access control scheme of ABE, Cloud Server is constantly exposed in the middle of various security threats, most important of which security threat it One is exactly Denial of Service attack (DoS/DDoS), and the user of malice can be shared with other users on unconfined download Cloud Server File, so as to consume the various resources on Cloud Server so that Cloud Server can not normally work;In addition, by In high in the clouds access control is lacked, the user of malice can carry out the attack about ciphertext analysis, prestige by downloading substantial amounts of file The confidentiality of side of body user data;Rationally paid to consume resource to Cloud Server simultaneously, Cloud Server is needed for user Audit Mechanism in terms of related resource consumption is provided, a few thing is had at present to attempt solving the resource audit of Cloud Server side Problem, but these solutions are all difficult the work cooperateed with current CP-ABE access control schemes.
The content of the invention
It is an object of the invention to provide a kind of data storage with lightweight audit and cloud control method, using the party Method, Cloud Server effectively can be judged the access rights of specific user, it is to avoid malicious user is to cloud storage file Illegal download, has been effectively ensured the safety of Cloud Server itself and institute's data storage, while also ensure that user can be effective Cloud Server is monitored for its resource for providing, rationally Cloud Server outsourcing service is paid.
A kind of data storage with lightweight audit and cloud control method, methods described includes:
Step 1, data owner are according to needed for the access rights demand generation to be gone up transmitting file M carries out encryption attribute Community set { A1,A2,...,AnAnd access strategy A;
Step 2, the data owner generate random session key K and N number of random string { S1,S2,...,SN, And file M and N number of random string are encrypted respectively using symmetric encipherment algorithm, further according to the access strategy A is encrypted using encryption attribute method to random session key K;
Step 3, the data owner choose Secure Hash Algorithm to random string { S1,S2,...,SNProcessed Obtain { H (S1),H(S2),...,H(SN), and the ciphertext after process is designated as:
Step 4, the data owner upload ciphertext CT and are stored to Cloud Server, while in locally stored random words Symbol string { S1,S2,...,SNUse when auditing as resource, and it is used for random string in locally stored random session key K Update operation;
Step 5, when other users need to obtain the file M of the Cloud Server storage, the Cloud Server and this carry The user for going out request completes challenge-response process, and before the user obtains file M access right of the user to file was verified Limit;
User's requested document M is corresponded to data ciphertext E in ciphertext CT for step 6, the Cloud ServerK(M) send out Give the user;
Step 7, the user decrypt E using random session key KK(M) required file M, is obtained;
The resource consumption record that step 8, the data owner are provided the Cloud Server is audited, to verify State the stock number that Cloud Server is consumed by the outsourcing data, services that the data owner provides.
As seen from the above technical solution provided by the invention, can be effectively to specific user's using said method Access rights are judged, it is to avoid illegal download of the malicious user to cloud storage file, be effectively ensured Cloud Server itself and The safety of institute's data storage, while also ensure that user effectively can supervise to Cloud Server for its resource for providing Control, rationally pays to Cloud Server outsourcing service.
Description of the drawings
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be to use needed for embodiment description Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, on the premise of not paying creative work, can be obtaining other according to these accompanying drawings Accompanying drawing.
Fig. 1 is illustrated by the data storage with lightweight audit that the embodiment of the present invention is provided with cloud control method flow process Figure;
Fig. 2 is the schematic diagram of access structure described in the embodiment of the present invention;
The schematic flow sheet that renewal process is performed by data owner that Fig. 3 is provided by the embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground description, it is clear that described embodiment is only a part of embodiment of the invention, rather than the embodiment of whole.Based on this Inventive embodiment, the every other enforcement that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belongs to protection scope of the present invention.
The embodiment of the present invention is described in further detail below in conjunction with accompanying drawing, is illustrated in figure 1 enforcement of the present invention The data storage with lightweight audit and cloud control method schematic flow sheet that example is provided, methods described includes:
Step 1, data owner are according to needed for the access rights demand generation to be gone up transmitting file M carries out encryption attribute Community set { A1,A2,...,AnAnd access strategy A;
In this step, access strategy A is dull access structure, can be expressed as tree structure.
For example, the schematic diagram of access structure described in the embodiment of the present invention is illustrated in figure 2, in fig. 2:Access strategy Corresponding community set is { disease in A:Flu, hospital:A, age:Child, age:Old man }.
Step 2, the data owner generate random session key K and N number of random string { S1,S2,...,SN, And file M and N number of random string are encrypted respectively using symmetric encipherment algorithm, further according to the access strategy A is encrypted using encryption attribute method to random session key K;
In this step, the random string { S for being generated1,S2,...,SNStarted with predefined fixed character string, such as “SAMPLE:”.
The process of above-mentioned encryption is specially:
Data owner described first is chosen symmetric encipherment algorithm and file M is carried out using random session key K adding It is close, obtain corresponding data ciphertext EK(M);
Then the data owner utilizes encryption attribute algorithm according to the access strategy A to the random session key K is encrypted, and obtains corresponding key ciphertext EA(K);
Finally, the data owner produces N number of random string { S1,S2,...,SN, for arbitrary one Random string Si, i ∈ [1, N], the same symmetric encipherment algorithm of data owner's selection, and using the session key K is encrypted to the random string, obtains ciphertext E of correspondence random stringK(Si)。
Step 3, the data owner choose Secure Hash Algorithm to random string { S1,S2,...,SNProcessed Obtain { H (S1),H(S2),...,H(SN), and the ciphertext after process is designated as:
Step 4, the data owner upload ciphertext CT and are stored to Cloud Server, while in locally stored random words Symbol string { S1,S2,...,SNUse when auditing as resource, and it is used for random string in locally stored random session key K Update operation;
Step 5, when other users need to obtain the file M of the Cloud Server storage, the Cloud Server and this carry The user for going out request completes challenge-response process, and before the user obtains file M access right of the user to file was verified Limit;
In this step, the step of Cloud Server and the user for filing a request complete challenge-response process specifically includes:
The Cloud Server randomly chooses one group of untapped { H (S from ciphertext CTi),EK(Si), and by EAAnd E (K)K (Si) it is sent to the user for filing a request as challenge;
The user decrypts E according to the attribute of itselfA(K) K ' is obtained, and E is decrypted using K 'K(Si) obtain S 'i;Here, If the attribute of user disclosure satisfy that access structure A, the such as attribute of user is { disease:Flu, age:Child, hospital:A }, then use Family can decrypt EA(K) session key K ' is obtained;Otherwise, user is then unable to decrypting ciphertext, such as when the attribute of user is { disease: Flu, age:Child, hospital:B } when, user cannot obtain session key K '.Meeting the user of access structure can utilize Session key K ' decryption the E that decryption is obtainedK(Si) obtain S 'i
The user determines whether S 'iWhether with the beginning of predefined fixed character string, if so, then the user passes through Escape way is by S 'iThe Cloud Server is sent to as response;
The Cloud Server calculates the user and returns S 'iCryptographic Hash H (S 'i), and with selected { H (Si),EK (Si) in H (Si) be compared, if equal, the attribute for judging the user meets the access strategy of requested document, will {H(Si),EK(Si) be labeled as using, and store the S that the user returnsiAs the voucher of resource consumption, then carry out follow-up The operation of step 6;Otherwise, judging the attribute of the user can not meet the access strategy of requested document, the Cloud Server Terminate operation.
User's requested document M is corresponded to data ciphertext E in ciphertext CT for step 6, the Cloud ServerK(M) send out Give the user;
Step 7, the user decrypt E using random session key KK(M) required file M, is obtained;
The resource consumption record that step 8, the data owner are provided the Cloud Server is audited, to verify State the stock number that Cloud Server is consumed by the outsourcing data, services that the data owner provides.
In this step, As time goes on, Cloud Server can according to oneself be data owner consume resource to It collects certain expense, when the resource consumption record in the special time period that data owner is provided Cloud Server keeps bosom When doubtful, data owner can require the resource consumption record audited in Cloud Server this period, the process tool of above-mentioned audit Body is:
First, the data owner records to the resource consumption in the Cloud Server application special time period;
The Cloud Server returns the resource consumption voucher in the special time period of its application to the data owner {St1,St2,...,Stj};
The data owner compares the resource consumption voucher { S that the Cloud Server is returnedt1,St2,...,StjWith it is described Random string { S locally stored in step 41,S2,...,SN, to verify money of the Cloud Server in special time period Source consumption.
In implementing, with the consumption of cloud server end random string and its ciphertext, can be possessed by the data Person is updated operation to random string and its ciphertext;
It is described to update operation periodically to perform, or as { H (Si),EK(Si)}When being previously used, The data owner is asked to perform renewal process by the Cloud Server.
The schematic flow sheet that renewal process is performed by data owner that the embodiment of the present invention is provided is illustrated in figure 3, The scheme of the renewal process is specially:
Step 31;The data owner produces new N number of random string { S ' to predefine fixed character beginning1, S′2,...,S′N};
Step 32:The data owner is using locally stored random session key K based on symmetric encipherment algorithm to institute State random string { S '1,S′2,...,S′NBe encrypted, obtain { S 'i,EK(S′i)}(i∈[1,N]);
Step 33:The data owner calculates the random string corresponding cryptographic Hash { H (S ' using hash algorithm1), H(S′2),...,H(S′N), by corresponding ciphertext { H (S 'i),EK(S′i) (i ∈ [1, N]) by escape way upload to cloud clothes Business device, and by random string { S '1,S′2,...,S′NBe stored in locally;
Step 34:The Cloud Server uses the { H (S ' for newly obtainingi),EK(S′i) original { H of (i ∈ [1, N]) replacement (Si),EK(Si) (i ∈ [1, N]), complete renewal process.
In sum, the method that the embodiment of the present invention is provided has the advantage that:
1) enhancing of cloud server end safety:By random string and its encrypted content { H (Si),EK(Si), cloud clothes Business device only needs to less communication overhead just can carry out anticipation to the access rights of user, this reduces malicious user application The expense of Cloud Server side when downloading cloud server end file so that Cloud Server can effectively be resisted and consume the communication resource DoS/DDoS is attacked.
2) enhancing of cloud server end data storage safety:Due to the presence of high in the clouds access control mechanisms, malicious user It is difficult to carry out the download of any file from cloud server end, attack of the malicious user for ciphertext analysis is This prevents.
3) data owner audits to the lightweight of high in the clouds resource consumption:By means of the unipolarity of hash function, cloud service Device only correctly decrypts E in userK(Si) when can just access Si, this guarantees data owner can be accurately to high in the clouds Audited for its resource for providing, the Audit Mechanism of this lightweight enhances the stability of cloud storage system.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any those familiar with the art in the technical scope of present disclosure, the change or replacement that can be readily occurred in, All should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claims Enclose and be defined.

Claims (7)

1. it is a kind of with lightweight audit data storage and cloud control method, it is characterised in that methods described includes:
Step 1, data owner generate the attribute needed for carrying out encryption attribute according to the access rights demand to be gone up transmitting file M Set { A1,A2,...,AnAnd access strategy A;
Step 2, the data owner generate random session key K and N number of random string { S1,S2,...,SN, and adopt File M and N number of random string are encrypted respectively with symmetric encipherment algorithm, are adopted further according to the access strategy A Random session key K is encrypted with encryption attribute method;
Step 3, the data owner choose Secure Hash Algorithm to random string { S1,S2,...,SNCarry out process and obtain {H(S1),H(S2),...,H(SN), and the ciphertext after process is designated as:
C T = { E K ( M ) , E A ( K ) , ∀ i ∈ [ 1 , N ] { H ( S i ) , E K ( S i ) } } ;
Step 4, the data owner upload ciphertext CT and are stored to Cloud Server, while in locally stored random string {S1,S2,...,SNUse when auditing as resource, and it is used for the renewal of random string in locally stored random session key K Operation;
Step 5, when other users need to obtain the file M of the Cloud Server storage, the Cloud Server and the proposition please The user for asking completes challenge-response process, and before the user obtains file M access rights of the user to file were verified;
User's requested document M is corresponded to data ciphertext E in ciphertext CT for step 6, the Cloud ServerK(M) it is sent to institute State user;
Step 7, the user decrypt E using random session key KK(M) required file M, is obtained;
The resource consumption record that step 8, the data owner are provided the Cloud Server is audited, to verify the cloud The stock number that server is consumed by the outsourcing data, services that the data owner provides.
2. the data storage audited with lightweight according to claim 1 and cloud control method, it is characterised in that the cloud The step of server and the user for filing a request complete challenge-response process specifically includes:
The Cloud Server randomly chooses one group of untapped { H (S from ciphertext CTi),EK(Si), and by EAAnd E (K)K(Si) The user for filing a request is sent to as challenge;
The user decrypts E according to the attribute of itselfA(K) K ' is obtained, and E is decrypted using K 'K(Si) obtain S 'i
The user determines whether S 'iWhether with the beginning of predefined fixed character string, if so, then the user passes through safety Passage is by S 'iThe Cloud Server is sent to as response;
The Cloud Server calculates the user and returns S 'iCryptographic Hash H (S 'i), and with selected { H (Si),EK(Si) in H (Si) be compared, if equal, the attribute for judging the user meets the access strategy of requested document, by { H (Si), EK(Si) be labeled as using, and store the S that the user returnsiAs the voucher of resource consumption, then carry out subsequent step 6 Operation;Otherwise, judging the attribute of the user can not meet the access strategy of requested document, and the Cloud Server terminates behaviour Make.
3. the data storage audited with lightweight according to claim 1 and cloud control method, it is characterised in that the step The process of encryption is specially in rapid 2:
Data owner described first is chosen symmetric encipherment algorithm file M is encrypted using random session key K, is obtained To corresponding data ciphertext EK(M);
Then the data owner is entered according to the access strategy A using encryption attribute algorithm to random session key K Row encryption, obtains corresponding key ciphertext EA(K);
The last data owner produces N number of random string { S1,S2,...,SN, for any one random string Si, I ∈ [1, N], the data owner chooses same symmetric encipherment algorithm, and random to this using random session key K Character string Si, i ∈ [1, N] are encrypted, and obtain ciphertext E of correspondence random stringK(Si)。
4. the data storage audited with lightweight according to claim 1 and cloud control method, it is characterised in that described In step 2:
Random string { the S for being generated1,S2,...,SNWith the beginning of predefined fixed character string.
5. the data storage audited with lightweight according to claim 1 and cloud control method, it is characterised in that the side Method also includes:
Operation is updated to random string and its ciphertext by the data owner;
It is described to update operation periodically to perform, or as { H (Si),EK(Si)}When being previously used, by described Cloud Server asks the data owner to perform renewal process.
6. the data storage audited with lightweight according to claim 5 and cloud control method, it is characterised in that the number The scheme for performing renewal process according to owner is specially:
The data owner produces new N number of random string { S ' to predefine fixed character beginning1,S′2,...,S ′N};
The data owner is using locally stored random session key K based on symmetric encipherment algorithm to the random string {S′1,S′2,...,S′NBe encrypted, obtain { S 'i,EK(S′i)}(i∈[1,N]);
The data owner calculates the random string corresponding cryptographic Hash { H (S ' using hash algorithm1),H(S′2),...,H (S′N), and by corresponding ciphertext { H (S 'i),EK(S′i) (i ∈ [1, N]) uploads to Cloud Server by escape way, and incite somebody to action Random string { S '1,S′2,...,S′NBe stored in locally;
The Cloud Server uses the { H (S ' for newly obtainingi),EK(S′i) original { H (S of (i ∈ [1, N]) replacementi),EK(Si)} (i ∈ [1, N]), completes renewal process.
7. the data storage audited with lightweight according to claim 1 and cloud control method, it is characterised in that described In step 8, the process that the resource consumption record that the data owner is provided the Cloud Server is audited is specially:
The data owner to the resource consumption in the Cloud Server application special time period is recorded;
The Cloud Server returns the resource consumption voucher { S in the special time period of its application to the data ownert1, St2,...,Stj};
The data owner compares the resource consumption voucher { S that the Cloud Server is returnedt1,St2,...,StjWith the step Random string { S locally stored in 41,S2,...,SN, to verify that resource of the Cloud Server in special time period disappears Consumption.
CN201611198524.1A 2016-12-22 2016-12-22 Data storage and cloud control method with light audit Active CN106603544B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611198524.1A CN106603544B (en) 2016-12-22 2016-12-22 Data storage and cloud control method with light audit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611198524.1A CN106603544B (en) 2016-12-22 2016-12-22 Data storage and cloud control method with light audit

Publications (2)

Publication Number Publication Date
CN106603544A true CN106603544A (en) 2017-04-26
CN106603544B CN106603544B (en) 2020-01-03

Family

ID=58602838

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611198524.1A Active CN106603544B (en) 2016-12-22 2016-12-22 Data storage and cloud control method with light audit

Country Status (1)

Country Link
CN (1) CN106603544B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN111625869A (en) * 2020-04-23 2020-09-04 腾讯科技(深圳)有限公司 Data processing method and data processing device
CN112416948A (en) * 2020-12-15 2021-02-26 暨南大学 Verifiable gene data outsourcing query protocol and system
CN114666331A (en) * 2022-03-29 2022-06-24 南京承邮信息科技有限公司 Intelligent equipment monitoring and management system based on cloud computing platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413197A (en) * 2011-08-01 2012-04-11 中国科学院计算机网络信息中心 Access statistics processing method and device
US20140289513A1 (en) * 2013-03-15 2014-09-25 Arizona Board Of Regents On Behalf Of Arizona State University Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds
CN104079574A (en) * 2014-07-02 2014-10-01 南京邮电大学 User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413197A (en) * 2011-08-01 2012-04-11 中国科学院计算机网络信息中心 Access statistics processing method and device
US20140289513A1 (en) * 2013-03-15 2014-09-25 Arizona Board Of Regents On Behalf Of Arizona State University Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds
CN104079574A (en) * 2014-07-02 2014-10-01 南京邮电大学 User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
KAI ZHANG 等: "Adaptively secure multi-authority attribute-based encryption with verifiable outsourced decryption", 《SCIENCE CHINA(INFORMATION SCIENCES)》 *
陈燕俐 等: "可支持属性撤销的基于CP-ABE可搜索加密方案", 《重庆邮电大学学报(自然科学版)》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109326337A (en) * 2018-09-06 2019-02-12 西安电子科技大学 Electronic medical record storage and shared model and method based on block chain
CN109326337B (en) * 2018-09-06 2021-09-03 西安电子科技大学 Model and method for storing and sharing electronic medical record based on block chain
CN111625869A (en) * 2020-04-23 2020-09-04 腾讯科技(深圳)有限公司 Data processing method and data processing device
CN111625869B (en) * 2020-04-23 2022-02-25 腾讯科技(深圳)有限公司 Data processing method and data processing device
CN112416948A (en) * 2020-12-15 2021-02-26 暨南大学 Verifiable gene data outsourcing query protocol and system
CN114666331A (en) * 2022-03-29 2022-06-24 南京承邮信息科技有限公司 Intelligent equipment monitoring and management system based on cloud computing platform

Also Published As

Publication number Publication date
CN106603544B (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CN111343001B (en) Social data sharing system based on block chain
CN108259169B (en) File secure sharing method and system based on block chain cloud storage
US7454021B2 (en) Off-loading data re-encryption in encrypted data management systems
JP5777630B2 (en) Method and apparatus for document sharing
KR102224998B1 (en) Computer-implemented system and method for protecting sensitive data via data re-encryption
CN105122265B (en) Data safety service system
CN110519049A (en) A kind of cloud data protection system based on credible performing environment
CN103731432A (en) Multi-user supported searchable encryption system and method
CN106603544A (en) Data storage and cloud control method capable of lightweight auditing
Yan et al. Controlling cloud data access based on reputation
CN106411962A (en) Data storage method combining user side access control and cloud access control
CN113872944A (en) Block chain-oriented zero-trust security architecture and cluster deployment framework thereof
Jalil et al. A secure and efficient public auditing system of cloud storage based on BLS signature and automatic blocker protocol
US10623400B2 (en) Method and device for credential and data protection
Mishra et al. Enhancing privacy‐preserving mechanisms in Cloud storage: A novel conceptual framework
CN118260264A (en) User-friendly encrypted storage system and method for distributed file system
Goswami et al. Investigation on storage level data integrity strategies in cloud computing: classification, security obstructions, challenges and vulnerability
Bhatt et al. A personal mobile DRM manager for smartphones
Suthar et al. EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques
CN111083140A (en) Data sharing method under hybrid cloud environment
CN106790100A (en) A kind of data storage and access control method based on asymmetric cryptographic algorithm
Fernandez et al. Securing Blockchain with Quantum Safe Cryptography: When and How?
Sasikumar et al. Invalidating Malicious Users by Identification of Medium Access Control Address Using Efficient Traitor Tracing and Revocation
Al-Hamid et al. Securing photos in the cloud using decoy photo gallery
Gupta et al. Secure Group Data Sharing with an Efficient Key Management without Re-Encryption Scheme in Cloud Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant