CN106603544B - Data storage and cloud control method with light audit - Google Patents
Data storage and cloud control method with light audit Download PDFInfo
- Publication number
- CN106603544B CN106603544B CN201611198524.1A CN201611198524A CN106603544B CN 106603544 B CN106603544 B CN 106603544B CN 201611198524 A CN201611198524 A CN 201611198524A CN 106603544 B CN106603544 B CN 106603544B
- Authority
- CN
- China
- Prior art keywords
- cloud server
- user
- data owner
- random
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data storage and cloud control method with light audit, which comprises the steps that firstly, a data owner generates an attribute set { A ] required by attribute encryption according to the access authority requirement of a file M to be uploaded1,A2,...,AnAnd access strategy A, and generates a random session key K and N random character strings S1,S2,...,SN}; the data owner carries out corresponding encryption processing; data owner selects secure hash algorithm to random string { S1,S2,...,SNProcessing and uploading the ciphertext CT to a cloud server; when other users need to acquire the file M stored by the cloud server, the cloud server and the users complete a challenge-response process; the cloud server corresponds the data ciphertext E in the ciphertext CT to the file M requested by the userK(M) sending to the user; user adopts random session key K to decrypt EK(M) obtaining a required file M; and auditing the resource consumption record provided by the cloud server by the data owner. The method effectively judges the access authority of the specific user, and simultaneously ensures that the user can effectively monitor the resources provided by the cloud server.
Description
Technical Field
The invention relates to the technical field of cloud data storage, in particular to a data storage and cloud control method with light-weight audit.
Background
Currently, in a cloud storage environment, a user outsources own data to a cloud server for economic and convenience reasons, and access control is an indispensable protection means for protecting confidentiality and privacy of user data. However, since the user cannot fully trust the cloud server provider, the conventional access control method cannot be well applied to the cloud storage environment. To solve this problem, an attribute-based encryption scheme (ABE) is introduced into cloud storage, and the ABE enables a data owner to directly perform access control on own data, and is an effective user-side access control means. Among them, an attribute-based encryption scheme (CP-ABE) in which a policy is related to a ciphertext is considered as one of the most suitable means for implementing access control in cloud storage.
However, CP-ABE is still difficult to deploy directly into the actual public cloud environment due to the lack of a corresponding compatible cloud access control policy. In the current cloud access control scheme, the cloud server is always assumed to be completely trusted, so that the schemes are difficult to be compatible with the CP-ABE scheme. Due to the lack of corresponding cloud access control, in a CP-ABE-based access control scheme, a cloud server is always exposed to multiple security threats, one of the most important security threats is denial of service attack (DoS/DDoS), and a malicious user can download files shared by other users on the cloud server without limit, so that various resources on the cloud server are consumed, and the cloud server cannot work normally; in addition, due to the lack of cloud access control, malicious users can carry out attack related to ciphertext analysis by downloading a large number of files, and the confidentiality of user data is threatened; meanwhile, in order to reasonably pay for resources consumed by the cloud server, the cloud server needs to provide an auditing mechanism in the aspect of related resource consumption for a user, and at present, some work is performed to try to solve the resource auditing problem at the cloud server side, but the solutions are difficult to work in cooperation with the current CP-ABE access control scheme.
Disclosure of Invention
The invention aims to provide a data storage and cloud control method with light-weight audit.
A data storage and cloud control method with lightweight audit, the method comprising:
step 1, the data owner generates an attribute set { A ] required for attribute encryption according to the access authority requirement of the file M to be uploaded1,A2,...,An} and an access policy A;
step 2, the data owner generates a random session key K and N random character strings { S1,S2,...,SNRespectively encrypting the file M and the N random character strings by adopting a symmetric encryption algorithm, and encrypting the random session key K by adopting an attribute encryption method according to the access strategy A;
step 4, the data owner uploads the ciphertext CT to a cloud server for storage, and meanwhile, the random character string { S ] is stored locally1,S2,...,SNThe random session key K is used for updating the random character string when the resource is audited;
step 5, when other users need to acquire the file M stored by the cloud server, the cloud server and the user who makes a request complete a challenge-response process, and the access authority of the user to the file is verified before the user acquires the file M;
step 6, the cloud server enables the data ciphertext E in the ciphertext CT corresponding to the file M requested by the userK(M) sending to the user;
and 8, auditing the resource consumption record provided by the cloud server by the data owner so as to verify the resource amount consumed by the outsourcing data service provided by the cloud server for the data owner.
According to the technical scheme provided by the invention, the access authority of the specific user can be effectively judged by using the method, the illegal downloading of the cloud storage file by a malicious user is avoided, the safety of the cloud server and the stored data is effectively ensured, meanwhile, the user can effectively monitor the resources provided by the cloud server, and the payment is reasonably carried out on the cloud server outsourcing service.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a data storage and cloud control method with lightweight audit according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an access structure according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating an update process performed by a data owner according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
The following describes an embodiment of the present invention in further detail with reference to the accompanying drawings, and as shown in fig. 1, a schematic flow chart of a data storage and cloud control method with lightweight audit provided in the embodiment of the present invention is shown, where the method includes:
step 1, the data owner generates an attribute set { A ] required for attribute encryption according to the access authority requirement of the file M to be uploaded1,A2,...,An} and an access policy A;
in this step, the access policy a is a monotonic access structure, which can be represented as a tree structure.
For example, as shown in fig. 2, a schematic diagram of an access structure according to an embodiment of the present invention is shown, in fig. 2: the corresponding attribute set in the access policy a is { disease: cold, hospital: a, age: child, age: the elderly }.
Step 2, the data owner generates a random session key K and N random character strings { S1,S2,...,SNRespectively encrypting the file M and the N random character strings by adopting a symmetric encryption algorithm, and encrypting the random session key K by adopting an attribute encryption method according to the access strategy A;
in this step, the generated random string { S }1,S2,...,SNStart with a predefined fixed string, as "SAMPLE: ".
The encryption processing process specifically includes:
firstly, the data owner selects a symmetric encryption algorithm to encrypt a file M by using the random session key K to obtain a corresponding data ciphertext EK(M);
Then the data owner encrypts the random session key K according to the access strategy A by using an attribute encryption algorithm to obtain a corresponding key ciphertext EA(K);
Finally, the data owner generates the N random strings S1,S2,...,SN},For any random string Si,i∈[1,N]The data owner selects the same symmetric encryption algorithm and encrypts the random character string by using the session key K to obtain a ciphertext E corresponding to the random character stringK(Si)。
step 4, the data owner uploads the ciphertext CT to a cloud server for storage, and meanwhile, the random character string { S ] is stored locally1,S2,...,SNThe random session key K is used for updating the random character string when the resource is audited;
step 5, when other users need to acquire the file M stored by the cloud server, the cloud server and the user who makes a request complete a challenge-response process, and the access authority of the user to the file is verified before the user acquires the file M;
in this step, the step of the cloud server and the requesting user completing the challenge-response process specifically includes:
the cloud server randomly selects a set of unused { H (S) from the ciphertext CTi),EK(Si) And E isA(K) And EK(Si) To the requesting user as a challenge;
the user decrypts E according to the attribute of the userA(K) Get K' and decrypt E using KK(Si) To obtain S'i(ii) a Here, if the user attribute can satisfy the access structure a, for example, the user attribute is { disease: cold, age: children, hospitals: a }, then the user can decrypt EA(K) Obtaining a session key K'; otherwise, the user cannot decrypt the ciphertext, e.g., as it is usedThe attributes of the house are { disease: cold, age: children, hospitals: b, the user cannot obtain the session key K'. The user who satisfies the access structure can decrypt E by using the session key K' obtained by decryptionK(Si) To obtain S'i;
The user further judges S'iWhether to start with a predefined fixed string, if so, the user will be S 'through a secure channel'iSending the response to the cloud server;
the cloud server calculates the returned S of the user'iHash value of H (S'i) And with the selected { H (S) }i),EK(Si) H (S) ini) Comparing, if equal, judging that the attribute of the user meets the access policy of the requested file, and converting into { H (S)i),EK(Si) Mark used and store S returned by said useriAs a voucher of resource consumption, the operation of the subsequent step 6 is carried out; otherwise, judging that the attribute of the user cannot meet the access strategy of the requested file, and terminating the operation by the cloud server.
Step 6, the cloud server enables the data ciphertext E in the ciphertext CT corresponding to the file M requested by the userK(M) sending to the user;
and 8, auditing the resource consumption record provided by the cloud server by the data owner so as to verify the resource amount consumed by the outsourcing data service provided by the cloud server for the data owner.
In this step, the cloud server may charge a certain fee for the data owner according to the resource consumed by the cloud server, and when the data owner suspects the resource consumption record provided by the cloud server in a specific time period, the data owner may request to audit the resource consumption record in the time period of the cloud server, where the auditing process specifically includes:
firstly, the data owner applies for a resource consumption record in a specific time period from the cloud server;
the cloud server returns resource consumption credentials { S } for the data owner within a specific time period of its applicationt1,St2,...,Stj};
The data owner compares a resource consumption certificate { S) returned by the cloud servert1,St2,...,StjAnd the random character string (S) stored locally in the step 41,S2,...,SN-to verify resource consumption by the cloud server over a certain period of time.
In specific implementation, as the random character string and the ciphertext thereof are consumed at the cloud server, the data owner can update the random character string and the ciphertext thereof;
the update operation is performed periodically, or when { H (S) }i),EK(Si)}Requesting, by the cloud server, the data owner to perform an update process when all are used.
Fig. 3 is a schematic flow chart illustrating an update process executed by a data owner according to an embodiment of the present invention, where a scheme of the update process specifically includes:
step 31; the data owner generates new N random strings { S'1,S′2,...,S′N};
Step 32: the data owner adopts a locally stored random session key K to encrypt the random character string { S 'based on a symmetric encryption algorithm'1,S′2,...,S′NIs encrypted to obtain { S'i,EK(S′i)}(i∈[1,N]);
Step 33: the data owner calculates a hash value { H (S) 'corresponding to the random character string by using a hash algorithm'1),H(S′2),...,H(S′N) H, the corresponding ciphertext { H (S'i),EK(S′i)}(i∈[1,N]) Uploading to a cloud server through a secure channel, and transmitting a random character string S'1,S′2,...,S′NKeep it locally;
step 34: the cloud server uses newly obtained { H (S'i),EK(S′i)}(i∈[1,N]) Replace original { H (S)i),EK(Si)}(i∈[1,N]) And finishing the updating process.
In summary, the method provided by the embodiment of the invention has the following advantages:
1) enhancing the security of the cloud server: by means of random character string and its encrypted content { H (S)i),EK(Si) And the cloud server can prejudge the access right of the user only by small communication overhead, so that the overhead of the cloud server side when a malicious user applies for downloading the file at the cloud server side is reduced, and the cloud server can effectively resist the DoS/DDoS attack consuming communication resources.
2) Enhancing the security of the data stored by the cloud server: due to the existence of the cloud access control mechanism, a malicious user is difficult to download any file from the cloud server, so that the attack of the malicious user on ciphertext analysis is prevented.
3) And (3) lightweight audit of cloud resource consumption by a data owner: with the help of the one-way property of the hash function, the cloud server only decrypts E correctly when the userK(Si) Can get SiTherefore, the data owner can accurately audit the resources provided by the cloud, and the stability of the cloud storage system is enhanced by the light-weight auditing mechanism.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (4)
1. A data storage and cloud control method with light audit is characterized by comprising the following steps:
step 1, the data owner generates an attribute set { A ] required for attribute encryption according to the access authority requirement of the file M to be uploaded1,A2,...,AnAnd access policy
Step 2, the data owner generates a random session key K and N random character strings { S1,S2,...,SNAnd encrypting the file M and the N random character strings respectively by adopting a symmetric encryption algorithm, and then according to the access strategyEncrypting the random session key K by adopting an attribute encryption method; the encryption processing process specifically comprises the following steps:
firstly, the data owner selects a symmetric encryption algorithm to encrypt a file M by using the random session key K to obtain a corresponding data ciphertext EK(M);
The data owner then utilizes an attribute encryption algorithm in accordance with the access policyEncrypting the random session key K to obtain a corresponding key ciphertext
Finally, the data owner generates N random strings S1,S2,...,SNFor any random string Si,i∈[1,N]The data owner selects the same symmetric encryption algorithm and uses the random session key K to encrypt the random string Si,i∈[1,N]Encrypting to obtain corresponding random wordCiphertext E of stringK(Si);
Step 3, the data owner selects a secure hash algorithm to the random character string { S1,S2,...,SNProcessing to obtain { H (S) }1),H(S2),...,H(SN) And recording the processed ciphertext as:
step 4, the data owner uploads the ciphertext CT to a cloud server for storage, and meanwhile, the random character string { S ] is stored locally1,S2,...,SNThe random session key K is used for updating the random character string when the resource is audited;
step 5, when other users need to acquire the file M stored by the cloud server, the cloud server and the other users finish a challenge-response process, and the access authority of the user to the file is verified before the user acquires the file M;
step 6, the cloud server enables the data ciphertext E in the ciphertext CT corresponding to the file M requested by the userK(M) sending to the user;
step 7, the user adopts the random session key K to decrypt EK(M) obtaining a required file M;
8, auditing the resource consumption record provided by the cloud server by the data owner to verify the resource amount consumed by the outsourcing data service provided by the cloud server for the data owner;
wherein the method further comprises:
updating the random character string and the ciphertext thereof by the data owner;
the update operation is performed periodically, or when { H (S) }i),EK(Si)}) When all are used, the above-mentioned materials are mixedRequesting, by the cloud server, the data owner to perform an update process;
the process of auditing the resource consumption record provided by the cloud server by the data owner specifically comprises the following steps:
the data owner applies for resource consumption records in a specific time period from the cloud server;
the cloud server returns resource consumption credentials { S } for the data owner within a specific time period of its applicationt1,St2,...,Stj};
The data owner compares a resource consumption certificate { S) returned by the cloud servert1,St2,...,StjAnd the random character string (S) stored locally in the step 41,S2,...,SN-to verify resource consumption by the cloud server over a certain period of time.
2. The data storage and cloud control method with lightweight audit as claimed in claim 1, wherein the step of the cloud server and the requesting user completing the challenge-response process specifically comprises:
the cloud server randomly selects a set of unused { H (S) from the ciphertext CTi),EK(Si) And will beAnd EK(Si) To the requesting user as a challenge;
The user further judges S'iWhether to start with a predefined fixed string, if so, the user will be S 'through a secure channel'iSending the response to the cloud server;
the cloud server calculates the returned S of the user'iHash value of H (S'i) And with the selected { H (S) }i),EK(Si) H (S) ini) Comparing, if equal, judging that the attribute of the user meets the access policy of the requested file, and converting into { H (S)i),EK(Si) Mark used and store S returned by said useriAs a voucher of resource consumption, the operation of the subsequent step 6 is carried out; otherwise, judging that the attribute of the user cannot meet the access strategy of the requested file, and terminating the operation by the cloud server.
3. The data storage and cloud control method with lightweight audit as claimed in claim 1, wherein in step 2:
generated random string S1,S2,...,SNIt starts with a predefined fixed string.
4. The data storage and cloud control method with lightweight audit as claimed in claim 1, wherein the scheme for the data owner to perform the update process is specifically as follows:
the data owner generates new N random strings { S'1,S′2,...,S′N};
The data owner adopts a locally stored random session key K to encrypt the random character string { S 'based on a symmetric encryption algorithm'1,S′2,...,S′NIs encrypted to obtain { S'i,EK(S′i)}(i∈[1,N]);
The data owner calculates a hash value { H (S) 'corresponding to the random character string by using a hash algorithm'1),H(S′2),...,H(S′N) And the corresponding ciphertext { H (S'i),EK(S′i)}(i∈[1,N]) Uploading to a cloud server through a secure channel, and transmitting a random character string S'1,S′2,...,S′NKeep it locally;
the cloud server uses newly obtained { H (S'i),EK(S′i)}(i∈[1,N]) Replace original { H (S)i),EK(Si)}(i∈[1,N]) And finishing the updating process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611198524.1A CN106603544B (en) | 2016-12-22 | 2016-12-22 | Data storage and cloud control method with light audit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611198524.1A CN106603544B (en) | 2016-12-22 | 2016-12-22 | Data storage and cloud control method with light audit |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106603544A CN106603544A (en) | 2017-04-26 |
CN106603544B true CN106603544B (en) | 2020-01-03 |
Family
ID=58602838
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611198524.1A Active CN106603544B (en) | 2016-12-22 | 2016-12-22 | Data storage and cloud control method with light audit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106603544B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109326337B (en) * | 2018-09-06 | 2021-09-03 | 西安电子科技大学 | Model and method for storing and sharing electronic medical record based on block chain |
CN111625869B (en) * | 2020-04-23 | 2022-02-25 | 腾讯科技(深圳)有限公司 | Data processing method and data processing device |
CN112416948B (en) * | 2020-12-15 | 2022-11-01 | 暨南大学 | Verifiable gene data outsourcing query method and system |
CN114666331A (en) * | 2022-03-29 | 2022-06-24 | 南京承邮信息科技有限公司 | Intelligent equipment monitoring and management system based on cloud computing platform |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413197A (en) * | 2011-08-01 | 2012-04-11 | 中国科学院计算机网络信息中心 | Access statistics processing method and device |
CN104079574A (en) * | 2014-07-02 | 2014-10-01 | 南京邮电大学 | User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment |
CN105991278A (en) * | 2016-07-11 | 2016-10-05 | 河北省科学院应用数学研究所 | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9705850B2 (en) * | 2013-03-15 | 2017-07-11 | Arizona Board Of Regents On Behalf Of Arizona State University | Enabling comparable data access control for lightweight mobile devices in clouds |
-
2016
- 2016-12-22 CN CN201611198524.1A patent/CN106603544B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413197A (en) * | 2011-08-01 | 2012-04-11 | 中国科学院计算机网络信息中心 | Access statistics processing method and device |
CN104079574A (en) * | 2014-07-02 | 2014-10-01 | 南京邮电大学 | User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment |
CN105991278A (en) * | 2016-07-11 | 2016-10-05 | 河北省科学院应用数学研究所 | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) |
Non-Patent Citations (2)
Title |
---|
Adaptively secure multi-authority attribute-based encryption with verifiable outsourced decryption;Kai ZHANG 等;《Science China(Information Sciences)》;20160901;全文 * |
可支持属性撤销的基于CP-ABE可搜索加密方案;陈燕俐 等;《重庆邮电大学学报(自然科学版)》;20160815;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106603544A (en) | 2017-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6941146B2 (en) | Data security service | |
US11855767B2 (en) | Methods and systems for distributing encrypted cryptographic data | |
US7379551B2 (en) | Method and system for recovering password protected private data via a communication network without exposing the private data | |
US8819444B2 (en) | Methods for single signon (SSO) using decentralized password and credential management | |
US9537864B2 (en) | Encryption system using web browsers and untrusted web servers | |
CA2706145C (en) | Apparatus and method for facilitating cryptographic key management services | |
WO2016197770A1 (en) | Access control system and access control method thereof for cloud storage service platform | |
US9805350B2 (en) | System and method for providing access of digital contents to offline DRM users | |
US8813247B1 (en) | Providing cryptographic security for objective-oriented programming files | |
US20100082989A1 (en) | Storing Composite Services on Untrusted Hosts | |
US20080148373A1 (en) | Simplified management of authentication credentials for unattended applications | |
US8977857B1 (en) | System and method for granting access to protected information on a remote server | |
US8230487B2 (en) | Method and system for controlling access to a secondary system | |
US20140053252A1 (en) | System and Method for Secure Document Distribution | |
US9356924B1 (en) | Systems, methods, and computer readable media for single sign-on (SSO) using optical codes | |
CN106603544B (en) | Data storage and cloud control method with light audit | |
CN105122265A (en) | Data security service system | |
CN114239046A (en) | Data sharing method | |
Yan et al. | Controlling cloud data access based on reputation | |
US11777721B2 (en) | Method and apparatus for two-step data signing | |
Guo et al. | Using blockchain to control access to cloud data | |
CN108494724B (en) | Cloud storage encryption system based on multi-authority attribute encryption algorithm | |
TWI611302B (en) | Method And System For Securely Sharing Content | |
Bacis et al. | Managing data sharing in OpenStack swift with over-encryption | |
CN106790100B (en) | Data storage and access control method based on asymmetric cryptographic algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |