CN107302524B - Ciphertext data sharing system under cloud computing environment - Google Patents
Ciphertext data sharing system under cloud computing environment Download PDFInfo
- Publication number
- CN107302524B CN107302524B CN201710408094.XA CN201710408094A CN107302524B CN 107302524 B CN107302524 B CN 107302524B CN 201710408094 A CN201710408094 A CN 201710408094A CN 107302524 B CN107302524 B CN 107302524B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- user
- attribute
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The invention provides a ciphertext data sharing system in a cloud computing environment, which is used for solving the technical problems of high attribute revocation cost and low user data sharing efficiency in the existing ciphertext data sharing system and comprises an authorization module, a data owner module, a user module and a cloud service provider module, wherein the authorization module comprises a plurality of attribute authority modules, and each attribute authority module adopts a hierarchy or parallel relationship; the data owner module comprises a XACML access policy constructing module and a policy file generating module, wherein the XACML access policy constructing module is used for generating a policy file; the user module comprises a private key decryption module and a CP-ABE decryption module, the private key decryption module is used for decrypting AES key ciphertext data of the private domain user, and the CP-ABE decryption module is used for decrypting AES key ciphertext data of the public domain user. The method can be used for information sharing in the field of data exchange in the cloud computing environment.
Description
Technical Field
The invention belongs to the technical field of network and information security, realizes a ciphertext data sharing system in a cloud computing environment, and can be used for information sharing in the field of data exchange in the cloud computing environment.
Background
With the rapid development of the internet technology, users begin to participate in the manufacturing and editing of information, so that the personal data volume of the users grows exponentially, the overhead of data storage and management is gradually increased, when personal PCs are not enough to support the business requirements of the users, the cloud computing technology is generated, and the gradual evolution of the cloud computing is gradually developed by inheriting some research achievements of grid computing, utility computing and software-as-a-service. Cloud computing is a network-based computing mode, and the core of the cloud computing is that scalable virtualization services can be provided for users, the operation mode of the traditional information industry is changed, the users can use the services provided by software through the internet without installing the software on a personal computer, and the traditional software providers are gradually changed into cloud service providers. Cloud computing is in a rapid development stage, various services are provided for users, the problems of storage and computation of large-scale data can be solved, the cloud computing becomes an object pursued by various manufacturers, for example, amazon AWS provides a set of commercial and mature elastic cloud services, the users only need to pay attention to own service requirements and customize the services according to requirements without paying attention to equipment purchase and maintenance, and enterprise development cost is greatly reduced; app Engine of Google creates an infinite virtual operating environment for programmers, so that the programmers do not need to worry about the problem that the system needs to be frequently reconstructed due to the expansion of the service scale; in addition, Microsoft Azure, Facebook, domestic Aliskiren and the like play important roles in respective fields. Due to the advantages of access at any time and any place, large capacity, on-demand service, low cost and the like, data stored in the cloud end tends to rise exponentially.
The safety and credibility of the cloud become major bottlenecks restricting the further development of the cloud computing technology. The traditional solution is to encrypt data at a terminal by using a cryptography technology, and then store the encrypted data at a cloud. The method enhances the security of data cloud storage to a certain extent, but introduces the problem of difficulty in secure sharing of cloud ciphertext data, namely how to share the ciphertext information to authorized users safely, and meanwhile, avoids illegal access of unauthorized users.
The method Based on the Ciphertext-Attribute Policy (CP-ABE) is one of the main technologies for secure sharing of Ciphertext data in a cloud computing environment, and is particularly suitable for situations of large scale and unknown user identity, but for user groups with definite identities and limited number, such as relatives and friends of data owners, the technology has no advantages in performance, and therefore it is necessary to perform separate processing for the users. Meanwhile, the ciphertext data sharing system based on the CP-ABE structure relates to the attribute revocation problem, and the problem can affect the performance of the whole system to a great extent.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, and provides a ciphertext data sharing system in a cloud computing environment, which is used for solving the technical problems of high attribute revocation cost and low user data sharing efficiency in the existing ciphertext data sharing system.
In order to achieve the purpose, the invention adopts the technical scheme that:
a ciphertext data sharing system in a cloud computing environment comprises an authorization module, a data owner module, a user module and a cloud service provider module, wherein the authorization module is used for authorizing the data owner module and the user module; the data owner module is used for encrypting and uploading data to be shared; the user module is used for applying for authorization to the authorization module and applying for access data to the cloud service provider module; the cloud service provider module is used for providing storage and calculation services for the data owner module and the user module, the authorization module comprises a plurality of attribute authority modules, and the attribute authority modules are in a hierarchical or parallel relationship; the data owner module comprises a XACML access policy constructing module used for generating a policy file; the user module comprises a private key decryption module and a CP-ABE decryption module, wherein the private key decryption module is used for decrypting AES key ciphertext data of a private domain user, and the CP-ABE decryption module is used for decrypting AES key ciphertext data of a public domain user.
The above ciphertext data sharing system in the cloud computing environment further includes an authentication authority module, configured to generate a system public key and a system master private key.
The above ciphertext data sharing system in a cloud computing environment, where the attribute authority module includes an initialization module, a public-private key generation module, and an attribute authorization module, where: the initialization module is used for initializing the public and private key generation module and the attribute authorization module; the public and private key generating module is used for generating a public and private key; and the attribute authorization module is used for generating a key related to the attribute.
The above ciphertext data sharing system in the cloud computing environment, the data owner module further includes an AES symmetric encryption module, a CP-ABE encryption module, a public key encryption module, and a data upload module, wherein: the AES symmetric encryption module is used for encrypting the data plaintext shared by the data owner module; the CP-ABE encryption module is used for encrypting an AES key used by a public domain user; the public key encryption module is used for encrypting an AES key used by a private domain user; and the data uploading module is used for uploading the data combination generated by the AES symmetric encryption module, the CP-ABE encryption module and the public key encryption module to the cloud service provider module.
The above ciphertext data sharing system in the cloud computing environment, the cloud service provider module includes a policy execution module, a context handler module, a policy decision module, a policy management library module, a policy information module, a management attribute library module, a cloud storage module, an agent re-encryption module, and a data download module, wherein: the strategy execution module is used for executing the response returned by the strategy decision module; a context handler module for interconverting the XACML format request/response and the non XACML format request/response and sending the message to the policy decision module; the strategy decision module is used for selecting a corresponding strategy from the strategy management library module, making a corresponding decision response according to the strategy and sending the response message to the context processor module; the strategy management library module adopts a MySql database server to manage XACML strategies in the system; the strategy information module is used for managing attribute information of corresponding main bodies, resources and environments; the management attribute library module is used for managing the user attribute set; the cloud storage module is used for storing all data uploaded to a cloud service provider by a data owner by adopting OpenStack Swift open source cloud storage; the proxy re-encryption module is used for re-encrypting the data ciphertext accessed by the private domain user; and the data downloading module is used for downloading all data accessed by the user to the client of the user.
In the above ciphertext data sharing system in the cloud computing environment, the user module further includes an AES decryption module, which is used for decrypting the data ciphertext uploaded by the data owner module.
Compared with the prior art, the invention has the following advantages:
1) the invention carries out domain division processing on the user groups in the user module, and adds the private key decryption module and the CP-ABE decryption module, wherein the private key decryption module is used for decryption operation of the private domain users, and the CP-ABE decryption module is used for decryption operation of the public domain users, so that the invention has more pertinence to different user groups and improves the efficiency of data sharing.
2) According to the invention, because a plurality of attribute authority modules are added in the authorization module, a hierarchical or parallel relation is adopted among the attribute authority modules, and a part of users are respectively managed, when the scale of the users is increased, the system bottleneck problem of a single authorization model can not be caused, so that the overall expandability of the system is enhanced, and the environmental requirements of cloud computing are better met.
3) The XACML access policy module is additionally built in the data owner module and used for generating the policy file, the data owner defines some attributes (such as 'time' attributes) which need to be updated frequently in the XACML policy file instead of the access control structure of the CP-ABE, when the attributes need to be revoked, the data owner can simply update the XACML access control file, and a series of operations needed by the property of the CP-ABE are avoided, so that the cost needed by the data owner to revoke the attributes can be effectively reduced, and the system performance is improved.
Drawings
FIG. 1 is a schematic view of the overall structure of the present invention;
FIG. 2 is a schematic diagram of the structure of the authorization module of the present invention;
FIG. 3 is a block diagram of a data owner module according to the present invention;
FIG. 4 is a schematic diagram of the structure of a cloud service provider module of the present invention;
fig. 5 is a schematic diagram of the structure of the user module of the present invention.
Detailed Description
The invention is explained in further detail below with reference to the figures and examples:
referring to fig. 1, the present invention includes an authorization module, a data owner module, a user module, and a cloud service provider module, wherein a schematic structural diagram of the authorization module is shown in fig. 2, and the authorization module communicates with the data owner module and the user module; the structural diagram of the data owner module is shown in fig. 3, and the data owner module is in communication with the authorization module and the cloud service provider module; the structural schematic diagram of the cloud service provider module is shown in fig. 4, and the cloud service provider module is in communication with the data owner module and the user module; the structure diagram of the user module is shown in fig. 5, and the user module is in communication with the cloud service provider module and the authorization module.
When the system works, the data owner module and the user module apply for the required key to the authorization module, and the authorization module generates related keys and respectively sends the keys to the data owner module and the user module through the secure socket layer; the data owner module encrypts shared data and uploads the ciphertext to the cloud service provider module; the user module applies for accessing the shared data to the cloud service provider module, and the cloud service provider module determines whether to send the ciphertext to the user module according to the user validity; and the user module downloads the shared data cipher text and respectively processes the cipher text according to different user domains.
Referring to fig. 2, the authentication authority module is responsible for authorizing the attribute authority module in the system, and when the system is initialized, the authentication authority module is responsible for generating a system public key and a system main private key, wherein the system public key is public to the whole system, and the system main private key is to be safely stored. The authentication authority module does not manage any attribute and does not generate any user private key related to the attribute, the authentication authority module authorizes the lower-layer attribute authority module by using the generated system public key and the system main private key, and the lower-layer attribute authority module is initialized to generate an authorization key. In order to eliminate the system bottleneck problem caused by an authorization model of a single authorization mechanism and improve the data sharing efficiency, a plurality of attribute authority modules are added in the authorization module, all the attribute authority modules are designed into a hierarchical or parallel relation, each attribute authority module at the upper layer in the system is responsible for authorization for the attribute authority module, the data owner module and the user module at the next layer in the jurisdiction range of the attribute authority module, and the multi-attribute authority authorization model shares user flow, so that the overall expandability of the system is enhanced, and the environmental requirement of cloud computing is better met. The attribute authority module comprises an initialization module, a public and private key generation module and an attribute authorization module, wherein the initialization module generates a system security parameter which is used for initializing the public and private key generation module and the attribute authorization module; the public and private key generation module generates a pair of public and private keys by adopting an RSA public and private key generation algorithm; the attribute authority module generates an attribute-dependent key for the CP-ABE key generation algorithm, and then sends the generated public-private key and attribute-dependent key to the data owner module.
Referring to fig. 3, the data owner module receives a public and private key generated by the authorization module and a key related to attributes, the AES symmetric encryption module runs an AES key generation algorithm to generate an AES key, then encrypts a data plaintext M to be shared by using an AES key CK by using an AES128 bit algorithm to generate a data ciphertext CT, and the data owner module encrypts the data plaintext by using the AES algorithm to improve the data encryption efficiency; then, a user group is judged, wherein the public key encryption module uses an RSA public key encryption algorithm to encrypt an AES key to generate a key ciphertext C2 for the users in the private domain; aiming at the users in the public domain, the CP-ABE encryption module uses a CP-ABE encryption algorithm to encrypt an AES key to obtain a key ciphertext C1; in order to reduce the cost of attribute revocation, the data owner module defines some attributes (such as 'time' attributes) with higher updating frequency in an XACML policy file through an XML editor by constructing an XACML access control policy module, generates an XML-format policy file, and when the attributes need to be revoked, only the XACML policy file needs to be updated, so that the cost required by the data owner module to revoke the attributes can be effectively reduced; and finally, the data owner module uploads the policy file, the data ciphertext CT, the key ciphertext C1 and the key ciphertext C2 to a cloud service provider through a data uploading module, and the uploading module is realized by using JAVA sockets.
Referring to fig. 4, a user module initiates a request for accessing shared data to a cloud service provider module, a policy execution module receives the request and forwards the request to a context handler module, a context handler module receives the request, reconstructs the request into a XACML-format request using an XML development package and sends the XACML-format request to a policy decision module, the policy decision module first queries the requested policy from a management policy repository module through a policy management module, and then requests attribute values of related subjects, resources, and environments from the management attribute repository module to a policy information module, the policy decision module runs an XACML policy decision algorithm to send a decision response to the policy execution module through the context handler module, wherein the context handler module converts a decision response format of XACML into an original request format, and the policy execution module determines a decision result according to the response information, if the answer is rejection, the strategy execution module sends rejection response information to the user module; if the private domain user is allowed to use the private key, a data query request is sent to the cloud storage module, after the cloud storage module receives the request, a corresponding data ciphertext CT is found in the request, then the user group is judged, if the user group is a user in the private domain, the key ciphertext C2 is sent to the proxy re-encryption module, and the key ciphertext C2 is re-encrypted into C3 through the proxy re-encryption module by using a proxy re-encryption algorithm, so that the private domain user can decrypt the ciphertext by using the private key of the user; if the user is in the public domain, finding a corresponding key ciphertext C1 in the cloud storage module; and finally, the cloud service provider module sends the ciphertext data CT, C1 or C3 found in the cloud storage module to the user module through the data downloading module.
Referring to fig. 5, the user module receives response data CT, C1, or C3 of the cloud service provider module, first determines a user group, and if the user group is a private user, decrypts a key ciphertext C3 by using an RSA decryption algorithm through a private key decryption module to obtain an AES key CK; if the key is the user in the public domain, the key ciphertext C1 is decrypted by using a CP-ABE decryption algorithm through a CP-ABE decryption module to obtain the AES key CK. And then, decrypting the data ciphertext CT by using an AES (advanced encryption Standard) key CK through an AES decryption module and an AES decryption algorithm to obtain a data plaintext M.
Claims (6)
1. A ciphertext data sharing system in a cloud computing environment comprises an authorization module, a data owner module, a user module and a cloud service provider module, wherein the authorization module is used for authorizing the data owner module and the user module; the data owner module is used for encrypting and uploading data to be shared; the user module is used for applying for authorization to the authorization module and applying for access data to the cloud service provider module; the cloud service provider module is used for providing storage and computing services for the data owner module and the user module, and is characterized in that the authorization module comprises a plurality of attribute authority modules, and the attribute authority modules are in a hierarchical or parallel relationship; the data owner module is used for using corresponding encryption modules according to different user groups, and comprises an AES symmetric encryption module, a CP-ABE encryption module, a public key encryption module, an XACML access policy building module and a data uploading module, and is used for using the corresponding encryption modules according to the different user groups, wherein the XACML access policy building module is used for generating a policy file in an XML format through an XML editor; the user module comprises a private key decryption module and a CP-ABE decryption module, wherein the private key decryption module is used for decrypting AES key ciphertext data of a private domain user, and the CP-ABE decryption module is used for decrypting AES key ciphertext data of a public domain user.
2. The system of claim 1, wherein the authorization module further comprises an authentication authority module configured to generate a system public key and a system master private key.
3. The system for sharing ciphertext data in a cloud computing environment of claim 1, wherein the attribute authority module comprises an initialization module, a public-private key generation module, and an attribute authorization module, wherein: the initialization module is used for initializing the public and private key generation module and the attribute authorization module; the public and private key generating module is used for generating a public and private key; and the attribute authorization module is used for generating a key related to the attribute.
4. The system of claim 1, wherein the data owner module further comprises an AES symmetric encryption module, a CP-ABE encryption module, a build XACML access policy module, a public key encryption module, and a data upload module, wherein: the AES symmetric encryption module is used for encrypting the data plaintext shared by the data owner module; the CP-ABE encryption module is used for encrypting an AES key used by a public domain user; the public key encryption module is used for encrypting an AES key used by a private domain user; and the data uploading module is used for uploading the data combination generated by the AES symmetric encryption module, the CP-ABE encryption module and the public key encryption module to the cloud service provider module.
5. The system of claim 1, wherein the cloud service provider module comprises a policy enforcement module, a context handler module, a policy decision module, a policy management library module, a policy information module, a management attribute library module, a cloud storage module, an agent re-encryption module, and a data download module, wherein: the strategy execution module is used for executing the response returned by the strategy decision module; a context handler module for interconverting the XACML format request/response and the non XACML format request/response and sending the message to the policy decision module; the strategy decision module is used for selecting a corresponding strategy from the strategy management library module, making a corresponding decision response according to the strategy and sending the response message to the context processor module; the strategy management library module adopts a MySql database server to manage XACML strategies in the system; the strategy information module is used for managing attribute information of corresponding main bodies, resources and environments; the management attribute library module is used for managing the user attribute set; the cloud storage module is used for storing all data uploaded to a cloud service provider by a data owner by adopting OpenStack Swift open source cloud storage; the proxy re-encryption module is used for re-encrypting the data ciphertext accessed by the private domain user; and the data downloading module is used for downloading all data accessed by the user to the client of the user.
6. The system for sharing ciphertext data in a cloud computing environment of claim 1, wherein the user module further comprises an AES decryption module, configured to decrypt the ciphertext of the data uploaded by the data owner module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710408094.XA CN107302524B (en) | 2017-06-02 | 2017-06-02 | Ciphertext data sharing system under cloud computing environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710408094.XA CN107302524B (en) | 2017-06-02 | 2017-06-02 | Ciphertext data sharing system under cloud computing environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107302524A CN107302524A (en) | 2017-10-27 |
| CN107302524B true CN107302524B (en) | 2020-10-09 |
Family
ID=60134603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710408094.XA Active CN107302524B (en) | 2017-06-02 | 2017-06-02 | Ciphertext data sharing system under cloud computing environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107302524B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107743133B (en) * | 2017-11-30 | 2020-06-09 | 中国石油大学(北京) | Mobile terminal and access control method and system based on trusted security environment |
| CN109787947A (en) * | 2018-04-03 | 2019-05-21 | 中建材信息技术股份有限公司 | The cloud security encryption system and method and storage medium of public cloud |
| CN109561067B (en) * | 2018-10-22 | 2020-07-28 | 深圳技术大学(筹) | Strategy updating method and system based on CP-ABE |
| CN109543439B (en) * | 2018-12-04 | 2021-07-13 | 北京锐安科技有限公司 | Service request method and device for Internet of vehicles |
| CN113360886B (en) * | 2021-04-23 | 2023-02-28 | 山东英信计算机技术有限公司 | Method, device and equipment for sharing encrypted data and readable medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916954A (en) * | 2012-10-15 | 2013-02-06 | 南京邮电大学 | Attribute-based encryption cloud computing safety access control method |
| CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
| CN106131224A (en) * | 2016-08-30 | 2016-11-16 | 孟玲 | A kind of data transmission system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8359475B2 (en) * | 2009-02-12 | 2013-01-22 | International Business Machines Corporation | System, method and program product for generating a cancelable biometric reference template on demand |
| US9495545B2 (en) * | 2014-11-13 | 2016-11-15 | Sap Se | Automatically generate attributes and access policies for securely processing outsourced audit data using attribute-based encryption |
| US10050968B2 (en) * | 2014-12-31 | 2018-08-14 | Shenzhen University | Method, apparatus, and system for access control of shared data |
-
2017
- 2017-06-02 CN CN201710408094.XA patent/CN107302524B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916954A (en) * | 2012-10-15 | 2013-02-06 | 南京邮电大学 | Attribute-based encryption cloud computing safety access control method |
| CN104378386A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Method for cloud data confidentiality protection and access control |
| CN106131224A (en) * | 2016-08-30 | 2016-11-16 | 孟玲 | A kind of data transmission system |
Non-Patent Citations (2)
| Title |
|---|
| 《医疗云中基于隐私保护的数据共享方案研究》;黄娜娜;《万方数据库学位论文》;20170525;第四章,图4.1-4.4 * |
| 《基于属性的安全增强云存储访问控制方案》;牛德华等;《通信学报》;20130831;276-284页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107302524A (en) | 2017-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107302524B (en) | Ciphertext data sharing system under cloud computing environment | |
| CN108390876B (en) | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server | |
| Yan et al. | Heterogeneous data storage management with deduplication in cloud computing | |
| Xu et al. | Lightweight and expressive fine-grained access control for healthcare Internet-of-Things | |
| Garrison et al. | On the practicality of cryptographically enforcing dynamic access control policies in the cloud | |
| WO2019214211A1 (en) | Block chain-based user data authorization method and apparatus, and medium and computing device | |
| Yu et al. | Achieving secure, scalable, and fine-grained data access control in cloud computing | |
| CN114065265B (en) | Fine-grained cloud storage access control method, system and equipment based on blockchain technology | |
| Xu et al. | Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage | |
| US20140115327A1 (en) | Trust services data encryption for multiple parties | |
| Fugkeaw et al. | Scalable and secure access control policy update for outsourced big data | |
| Bacis et al. | Access control management for secure cloud storage | |
| Wu et al. | Secure personal health records sharing based on blockchain and IPFS | |
| Zhou et al. | Data security accessing for HDFS based on attribute-group in cloud computing | |
| Ma et al. | Attribute revocable data sharing scheme based on blockchain and CP-ABE | |
| Fugkeaw | A lightweight policy update scheme for outsourced personal health records sharing | |
| Aljafer et al. | A brief overview and an experimental evaluation of data confidentiality measures on the cloud | |
| Alshehri et al. | An encryption-based approach to protect fog federations from rogue nodes | |
| KR101812311B1 (en) | User terminal and data sharing method of user terminal based on attributed re-encryption | |
| Wang et al. | Revocable, dynamic and decentralized data access control in cloud storage | |
| Tysowski | Highly scalable and secure mobile applications in cloud computing systems | |
| Merdassi et al. | A new LTMA-ABE location and time access security control scheme for mobile cloud | |
| Zhang et al. | Dynamic permission access control model based on privacy protection | |
| Cui et al. | Lightweight management of authorization update on cloud data | |
| Li et al. | CBI: A Data Access Control System Based on Cloud and Blockchain Integration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |