CN108040068A - quick access control system based on cloud security platform - Google Patents

quick access control system based on cloud security platform Download PDF

Info

Publication number
CN108040068A
CN108040068A CN201711440321.3A CN201711440321A CN108040068A CN 108040068 A CN108040068 A CN 108040068A CN 201711440321 A CN201711440321 A CN 201711440321A CN 108040068 A CN108040068 A CN 108040068A
Authority
CN
China
Prior art keywords
key
terminal
msup
ciphertext
mrow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711440321.3A
Other languages
Chinese (zh)
Other versions
CN108040068B (en
Inventor
王树兰
王磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Technology University
Original Assignee
Shenzhen Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Technology University filed Critical Shenzhen Technology University
Priority to CN201711440321.3A priority Critical patent/CN108040068B/en
Priority to PCT/CN2018/078903 priority patent/WO2019127913A1/en
Publication of CN108040068A publication Critical patent/CN108040068A/en
Application granted granted Critical
Publication of CN108040068B publication Critical patent/CN108040068B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of quick access control system based on cloud security platform, the system comprises authorization center, Cloud Server, data owner, terminal, outsourcing service device;Compared to existing technologies, the embodiment of the present invention employs the half trusted entity outsourcing service device of third party of outsourcing to perform most of calculating task of decryption phase, the computation complexity of terminal local is considerably reduced, therefore can be adapted for the limited terminal of computing resource;At the same time, the embodiment of the present invention is based on cloud security platform, the corresponding key generation task of above-mentioned authorization center and data owner and data cryptographic tasks can be completed by off-line operation and on-line operation, effectively improve the resource utilization of above-mentioned authorization center and data owner, therefore when substantial amounts of terminal asks for key or need more new key to authorization center, authorization center can be effectively prevented from and maloperation occur.

Description

Quick access control system based on cloud security platform
Technical field
The present invention relates to data access technology field, more particularly to a kind of quick access control system based on cloud security platform System.
Background technology
With the explosive growth of data, online data, which is shared, has changed into one of application most potential in cloud computing, However, under huge interests temptation, cloud service provider and key authorization center may reveal the confidential information of user, therefore use It is complete believable entity that family, which is no longer regarded as them, and in order to avoid leaking data, user needs to encrypt before shared data respective Data.
At present, CP-ABE (Ciphertext Policy-Attribute Based Encryption, based on Ciphertext policy Encryption attribute system) be used as a kind of novel cryptographic primitives, received more and more attention, reason is that it not only may be used To protect data-privacy, fine-grained, one-to-many and noninteractive access control can also be realized, particularly suitable for open Cloud computing platform.However, most CP-ABE schemes especially generate rank there are the big problem of computational complexity in key Section, encrypting stage and decryption phase, its computation complexity can be improved with the increase of user key attribute number, therefore inapplicable In the user terminal that computing resource is limited.In addition, when substantial amounts of user terminal wants key to key authorization axial cable or needs more During new key, the computational load at key authorization center is higher, maloperation easily occurs, hinders the practical of CP-ABE schemes.
The content of the invention
The main purpose of the embodiment of the present invention is to provide a kind of quick access control system based on cloud security platform, can It is not suitable for the limited user terminal of computing resource to solve existing CP-ABE schemes, and when substantial amounts of user terminal is to close When key authorization center asks for key or needs key updating, the computational load at key authorization center is higher, maloperation easily occurs Technical problem.
To achieve the above object, the embodiment of the present invention provides a kind of quick access control system based on cloud security platform, The system includes authorization center, Cloud Server, data owner, terminal, outsourcing service device;
The data owner and the terminal are communicated to connect with the authorization center, and the authorization center is used for according to pre- If key schedule generation public key and user key, and the public key of generation was sent to the data owner and end End, the user key of generation is sent to the terminal;
The Cloud Server is communicated to connect with the data owner, and the data owner is used to treat guarantor according to the public key The data of shield are encrypted, and the ciphertext that encryption is obtained is sent to the Cloud Server;
The Cloud Server and the outsourcing service device are connected with the terminal, and the outsourcing service device is used for described Terminal provides decipherment algorithm, and the terminal is used to obtaining the ciphertext that is stored in the Cloud Server, and based on the decipherment algorithm, The ciphertext is decrypted in the public key and the user key.
Optionally, the authorization center is used for:
Defined attribute set A={ a1..., an};
Establish hash function H:{0,1}*→G0
Random number α, β is selected, and using the following formula generation public key PK and main private key MSK, and by the public key of generation PK is sent to the data owner and the terminal;
PK={ G0, g, h=gβ,e(g,g)α}
MSK={ gα,β}
Wherein, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0One generation member, Bilinear map e:G0×G0 →GT, e (g, g) is GTGeneration member, α, β ∈ ZP, ZPFor set of random numbers.
Optionally, the authorization center is additionally operable to:
For each attribute ai, select a random number ri, ri∈Zp, utilize the following formula computation attribute key SKAttr
Wherein, ai∈ A,ZPFor set of random numbers.
Optionally, the authorization center is additionally operable to:
Select random number r, a r ∈ Zp, and defined attribute set S,
Based on the attribute key SKAttrWith the main private key MSK, calculated and the attribute set S using the following formula Relevant user key SKUser, and by the user key SK of generationUserSend to the terminal;
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
Optionally, the data owner is used for:
Default offline cryptographic operation is performed based on the public key PK, generates initial ciphertext;
The data to be protected are encrypted based on the initial ciphertext, the obtained ciphertext is sent to described Cloud Server.
Optionally, the terminal is used for:
The ciphertext is obtained from the Cloud Server;
Select a random number t, and t ∈ Zp, the corresponding outsourcing key of the outsourcing service device is calculated using the following formula OSK and trustship key SKDelegate, and the ciphertext, the outsourcing key OSK and the public key PK are sent to the outsourcing and taken Business device;
SKDelegate={ t }
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
Optionally, the outsourcing service device is used for:
Intermediate result is generated based on the public key PK, the ciphertext and the outsourcing key OSK, and by the intermediate result Send to the terminal.
Optionally, the terminal is additionally operable to:
Based on the intermediate result and the trustship key SKDelegateThe ciphertext is decrypted, obtains the ciphertext Corresponding cleartext information.
A kind of quick access control system based on cloud security platform provided in an embodiment of the present invention, the system comprises award Power center, Cloud Server, data owner, terminal, outsourcing service device;Compared to existing technologies, the embodiment of the present invention uses The third party half trusted entity outsourcing service device of outsourcing performs most of calculating task of decryption phase, considerably reduces The computation complexity of terminal local, therefore can be adapted for the limited terminal of computing resource;Meanwhile the embodiment of the present invention is based on cloud Security platform, the corresponding key generation task of above-mentioned authorization center and data owner and data cryptographic tasks can be by grasping offline Make to complete with on-line operation, effectively improve the resource utilization of above-mentioned authorization center and data owner, therefore when a large amount of Terminal to authorization center ask for key or need more new key when, authorization center can be effectively prevented from and maloperation occur.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those skilled in the art, without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is the structure diagram of the quick access control system based on cloud security platform in the embodiment of the present invention.
Embodiment
Goal of the invention, feature, advantage to enable the present invention is more obvious and understandable, below in conjunction with the present invention Attached drawing in embodiment, is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that described reality It is only part of the embodiment of the present invention to apply example, and not all embodiments.Based on the embodiments of the present invention, people in the art Member's all other embodiments obtained without making creative work, belong to the scope of protection of the invention.
With reference to Fig. 1, Fig. 1 is the structural representation of the quick access control system based on cloud security platform in the embodiment of the present invention Scheme, in the embodiment of the present invention, said system includes authorization center 10, Cloud Server 20, data owner 30, terminal 40, outsourcing clothes Business device 50;
Data owner 30 and terminal 40 are communicated to connect with authorization center 10, and authorization center 10 is used for according to default key Generating algorithm generates public key and user key, and the public key of generation is sent to data owner 30 and terminal 40, by the use of generation Family key is sent to terminal 40;
Cloud Server 20 is communicated to connect with data owner 30, and data owner 30 is used for according to above-mentioned public key to number to be protected According to being encrypted, and obtained ciphertext will be encrypted and sent to Cloud Server 20;
Cloud Server 20 is connected with outsourcing service device 50 with terminal 40, and outsourcing service device 50 is used to provide solution to terminal 40 Close algorithm, terminal 40 are used to obtaining the ciphertext that is stored in Cloud Server 20, and based on above-mentioned decipherment algorithm, above-mentioned public key and above-mentioned Above-mentioned ciphertext is decrypted in user key.
Wherein, authorization center 10 is complete believable entity, it is used for management terminal 40, and is responsible for producing public key and user Key.On the other hand, it also needs to 40 corresponding user information of maintenance terminal and attribute information.It can also carry out two kinds of keys Generating algorithm, a kind of offline key schedule and a kind of online key schedule.
Cloud Server 20 is the manager of shared data, and is half believable entity, it provides a variety of services, as data are deposited Storage, data transfer, outsourcing calculating etc., mainly for ciphertext storage and file transmission (upload/download) service.
Data owner 30 is the holder of data file to be protected, and in cloud computing platform, it has substantial amounts of data file Need to store and be shared in cloud computing platform.Meanwhile the entity needs the attribute definition according to system and the relevant access of ciphertext Structure, and perform data encryption operation.In order to improve the computational efficiency of data owner 30, calculated in data owner 30 comprising two sons Method:Off-line data Encryption Algorithm and online data Encryption Algorithm.
Terminal 40 is the object of share of data file.In open cloud computing environment, it is used for access and is stored in cloud clothes The mass data information being engaged in device 20.If user needs to obtain information, can be downloaded using it from Cloud Server 20 corresponding close Text simultaneously carries out decryption oprerations.Meanwhile if the computing capability of terminal 40 is limited, terminal 40 can give most of work of decryption Outsourcing service device 50 performs trustship key generation operation relevant with outsourcing and corresponding decryption oprerations on behalf of processing.Therefore, eventually End 40 only needs to perform the trustship key generation operation of less calculation amount and decryption oprerations.
Wherein, terminal 40 can be communication terminal, access terminals, music/video playback terminal, for example, can be mobile phone, The equipment such as tablet computer, laptop, desktop computer, smart television, set-top box.
The succedaneum that outsourcing service device 50 works as data deciphering, in cloud computing system, outsourcing service device 50 can The various task of decryption of the honest distribution of execution terminal 40 simultaneously return to correct result, so that the calculating for mitigating terminal 40 significantly is opened Pin.
The quick access control system based on cloud security platform that the embodiment of the present invention is provided, including authorization center 10, Cloud Server 20, data owner 30, terminal 40, outsourcing service device 50;Compared to existing technologies, the embodiment of the present invention uses The third party half trusted entity outsourcing service device 50 of outsourcing performs most of calculating task of decryption phase, greatly reduces The computation complexity of system local, therefore can be adapted for the limited terminal of computing resource;Meanwhile the embodiment of the present invention is based on Cloud security platform, above-mentioned authorization center 10 and 30 corresponding key of data owner generation task and data cryptographic tasks can pass through Off-line operation and on-line operation are completed, and effectively improve above-mentioned authorization center 10 and the resource utilization of data owner 30, Therefore when substantial amounts of terminal asks for key or need more new key to authorization center 10, authorization center 10 can be effectively prevented from There is maloperation.
Further, it is above-mentioned based on the quick of cloud security platform in the embodiment of the present invention based on first embodiment of the invention Access control system specifically includes following four process:
First, system initialization
Following work is completed using authorization center 10:
(1), defined attribute set A={ a1..., an};
(2), hash function H is established:{0,1}*→G0
(3), random number α, β is selected, and using the following formula generation public key PK and main private key MSK, and by the public key of generation PK is sent to data owner 30 and terminal 40;
PK={ G0, g, h=gβ,e(g,g)α}
MSK={ gα,β}
Wherein, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0One generation member, Bilinear map e:G0×G0 →GT, e (g, g) is GTGeneration member, α, β ∈ ZP, ZPFor set of random numbers.
2nd, user key is generated
Authorization center 10 performs default off-line data Encryption Algorithm, which is based on above-mentioned public key PK and attribute set A ={ a1..., an, for each attribute ai, select a random number ri, ri∈Zp, utilize the following formula computation attribute key SKAttr
Wherein, ai∈ A,ZPFor set of random numbers.
Further, authorization center 10 performs default online data Encryption Algorithm, which is based on above-mentioned main private key MSK, attribute set S () and above-mentioned attribute key SKAttr, random number r, a r ∈ Z is selected for above-mentioned terminal 40p, and it is fixed Justice;
The user key SK closed with above-mentioned attribute set S-phase is calculated using the following formulaUser, by the user key of generation SKUserSend to above-mentioned terminal 40;
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
3rd, data encryption
Data owner 30 is based on above-mentioned public key PK and performs default offline cryptographic operation, the operation be based on above-mentioned public key PK and One default access structure tree T, generates above-mentioned initial ciphertext, be then based on the initial ciphertext to above-mentioned data to be protected into Row encryption, obtained ciphertext is sent to Cloud Server 20.
Specifically, for each node x (including leaf node) in access structure tree T, the needs of data owner 30 are They define a multinomial qx.Polynomial construction rule:Since root node R, the multinomial q of these nodesxUsing from upper and Under mode randomly choose.For accessing each node x, multinomial q that set in TxDegree be arranged to kx- 1, wherein kxRepresent Threshold value.
Then, since root node R, q is setR(0)=s (s ∈ Zp), wherein s is selected at random;Meanwhile randomly choose dR A others node completely defines multinomial qR.For each non-root node x, q is setx(0)=qparent(x)(index (x)), and d is randomly choosedxA others node completely defines qx
In access structure tree T, it is assumed that Y represents the set of leaf node, and all nodes in the set are y, data category Main 30 can generate above-mentioned initial ciphertext CT using the following formula1
When there is plaintext M to need encryption in data owner 30, it just performs online cryptographic operation, which is based on above-mentioned defeated Enter to need encrypted plaintext M and initial ciphertext CT1, you can produce complete ciphertext CT2
4th, data deciphering
When terminal 40 needs to check in Cloud Server 20 data stored, then relevant ciphertext is downloaded from Cloud Server 20 CT2;Then default trustship key schedule is performed, which is based on above-mentioned user key SKUser, select a random number T, t ∈ Zp, 50 corresponding outsourcing key OSK of outsourcing service device and trustship key SK are calculated using the following formulaDelegate, and will be upper State ciphertext CT2, outsourcing key OSK and above-mentioned public key PK sent to outsourcing service device 50;
SKDelegate={ t }
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
Wherein, outsourcing service device 50 is based on above-mentioned public key PK, ciphertext CT2And outsourcing key OSK generation intermediate result IT, so Intermediate result IT is sent to terminal 40 afterwards.
Wherein, can by calculating if meet access strategy T with the attribute set S of outsourcing key OSK indirect correlations To obtain e (g, g)rβs;Otherwise, a mismark ⊥ will be exported;
Specifically, defining a recursive operation DecryptNode (CT, SK, x), it is assumed that node x is leaf node, we It is assumed that i=att (x), and it is as follows to define DecryptNode (CT, SK, x):
IfThen DecryptNode (CT, SK, x)=⊥.
If i ∈ S, DecryptNode (CT, SK, x) are calculated by following formula.
In addition, if x is non-leaf nodes, then DecryptNode (CT, SK, x) is defined as foloows:
For all child nodes z in node x, it returns to DecryptNode (CT, SK, z), and stores the defeated of the value Go out for Fz;If SxIt is arbitrary kxThe set of-sized child nodes z, then:
If set SxIt is not present, then Fz=DecryptNode (CT, SK, z)=⊥.
If set SxIn the presence of then function FzCalculated by following formula:
Finally, if attribute set S is matched with access control policy T-phase, using Lagrange interpolation formula, just deposit :
Further, outsourcing service device 50 performs following calculating and exports result IT2
Further, terminal 40 is based on above-mentioned intermediate result IT1And IT2With above-mentioned trustship key SKDelegateTo ciphertext CT2 It is decrypted, obtains ciphertext CT2Corresponding cleartext information M:
Wherein, α, s, β, r ∈ ZP, ZPFor set of random numbers, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0's One generation member, Bilinear map e:G0×G0→GT, e (g, g) is GTGeneration member.
The quick access control system based on cloud security platform that the embodiment of the present invention is provided, can utilize outsourcing service Device performs most of calculating task of decryption phase, considerably reduces the computation complexity of system local, therefore can fit The terminal limited for computing resource;Meanwhile based on cloud security platform, the corresponding key life of above-mentioned authorization center and data owner It can be completed into task and data cryptographic tasks by off-line operation and on-line operation, effectively improve above-mentioned authorization center With the resource utilization of data owner, therefore when substantial amounts of terminal to authorization center ask for key or need more new key when, can There is maloperation to avoid authorization center.
It is above the description to the quick access control system provided by the present invention based on cloud security platform, for ability The technical staff in domain, according to the thought of the embodiment of the present invention, there will be changes in specific embodiments and applications, To sum up, this specification content should not be construed as limiting the invention.

Claims (8)

1. a kind of quick access control system based on cloud security platform, it is characterised in that the system comprises authorization center, cloud Server, data owner, terminal, outsourcing service device;
The data owner and the terminal are communicated to connect with the authorization center, and the authorization center is used for according to default Key schedule generates public key and user key, and the public key of generation is sent to the data owner and terminal, will The user key of generation is sent to the terminal;
The Cloud Server is communicated to connect with the data owner, and the data owner is used for according to the public key to be protected Data are encrypted, and the ciphertext that encryption is obtained is sent to the Cloud Server;
The Cloud Server and the outsourcing service device are connected with the terminal, and the outsourcing service device is used for the terminal Decipherment algorithm is provided, the terminal is used to obtaining the ciphertext that is stored in the Cloud Server, and based on the decipherment algorithm, described The ciphertext is decrypted in public key and the user key.
2. system according to claim 1, it is characterised in that the authorization center is used for:
Defined attribute set A={ a1,…,an};
Establish hash function H:{0,1}*→G0
Random number α, β is selected, and is sent out using the following formula generation public key PK and main private key MSK, and by the public key PK of generation Send to the data owner and the terminal;
PK={ G0, g, h=gβ,e(g,g)α}
MSK={ gα,β}
Wherein, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0One generation member, Bilinear map e:G0×G0→ GT, e (g, g) is GTGeneration member, α, β ∈ ZP, ZPFor set of random numbers.
3. system according to claim 2, it is characterised in that the authorization center is additionally operable to:
For each attribute ai, select a random number ri, ri∈Zp, utilize the following formula computation attribute key SKAttr
<mrow> <msub> <mi>SK</mi> <mrow> <mi>A</mi> <mi>t</mi> <mi>t</mi> <mi>r</mi> </mrow> </msub> <mo>=</mo> <mo>{</mo> <mo>&amp;ForAll;</mo> <mi>i</mi> <mo>&amp;Element;</mo> <mo>&amp;lsqb;</mo> <mn>1</mn> <mo>,</mo> <mi>n</mi> <mo>&amp;rsqb;</mo> <mo>:</mo> <msubsup> <mi>D</mi> <mi>i</mi> <mo>*</mo> </msubsup> <mo>=</mo> <mi>H</mi> <msup> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> <msub> <mi>r</mi> <mi>i</mi> </msub> </msup> <mo>,</mo> <msubsup> <mi>D</mi> <mi>i</mi> <mo>&amp;prime;</mo> </msubsup> <mo>=</mo> <msup> <mi>h</mi> <msub> <mi>r</mi> <mi>i</mi> </msub> </msup> <mo>}</mo> </mrow>
Wherein, ai∈ A,ZPFor set of random numbers.
4. system according to claim 3, it is characterised in that the authorization center is additionally operable to:
Select random number r, a r ∈ Zp, and defined attribute set S,
Based on the attribute key SKAttrWith the main private key MSK, calculate what is closed with the attribute set S-phase using the following formula User key SKUser, and by the user key SK of generationUserSend to the terminal;
<mrow> <msub> <mi>SK</mi> <mrow> <mi>U</mi> <mi>s</mi> <mi>e</mi> <mi>r</mi> </mrow> </msub> <mo>=</mo> <mo>{</mo> <mi>D</mi> <mo>=</mo> <msup> <mi>g</mi> <mi>&amp;alpha;</mi> </msup> <mo>&amp;CenterDot;</mo> <msup> <mi>h</mi> <mi>r</mi> </msup> <mo>,</mo> <mo>&amp;ForAll;</mo> <mi>j</mi> <mo>&amp;Element;</mo> <mi>S</mi> <mo>:</mo> <msub> <mi>D</mi> <mi>j</mi> </msub> <mo>=</mo> <msup> <mi>g</mi> <mi>r</mi> </msup> <mo>&amp;CenterDot;</mo> <msubsup> <mi>D</mi> <mi>j</mi> <mo>*</mo> </msubsup> <mo>,</mo> <msubsup> <mi>D</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>}</mo> </mrow>
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
5. system according to claim 4, it is characterised in that the data owner is used for:
Default offline cryptographic operation is performed based on the public key PK, generates initial ciphertext;
The data to be protected are encrypted based on the initial ciphertext, the obtained ciphertext is sent to the cloud and is taken Business device.
6. system according to claim 5, it is characterised in that the terminal is used for:
The ciphertext is obtained from the Cloud Server;
Select a random number t, and t ∈ Zp, using the following formula calculate the corresponding outsourcing key OSK of the outsourcing service device with Trustship key SKDelegate, and the ciphertext, the outsourcing key OSK and the public key PK are sent to the outsourcing service device;
<mrow> <mi>O</mi> <mi>S</mi> <mi>K</mi> <mo>=</mo> <mo>{</mo> <msup> <mi>D</mi> <mo>&amp;prime;</mo> </msup> <mo>=</mo> <msup> <mrow> <mo>(</mo> <msup> <mi>g</mi> <mi>&amp;alpha;</mi> </msup> <mo>&amp;CenterDot;</mo> <msup> <mi>h</mi> <mi>r</mi> </msup> <mo>)</mo> </mrow> <mfrac> <mn>1</mn> <mi>t</mi> </mfrac> </msup> <mo>,</mo> <mo>&amp;ForAll;</mo> <mi>j</mi> <mo>&amp;Element;</mo> <mi>S</mi> <mo>:</mo> <msub> <mi>D</mi> <mi>j</mi> </msub> <mo>=</mo> <msup> <mi>g</mi> <mi>r</mi> </msup> <mo>&amp;CenterDot;</mo> <msubsup> <mi>D</mi> <mi>j</mi> <mo>*</mo> </msubsup> <mo>,</mo> <msubsup> <mi>D</mi> <mi>j</mi> <mo>&amp;prime;</mo> </msubsup> <mo>}</mo> </mrow>
SKDelegate={ t }
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
7. system according to claim 6, it is characterised in that the outsourcing service device is used for:
Intermediate result is generated based on the public key PK, the ciphertext and the outsourcing key OSK, and the intermediate result is sent To the terminal.
8. system according to claim 7, it is characterised in that the terminal is additionally operable to:
Based on the intermediate result and the trustship key SKDelegateThe ciphertext is decrypted, the ciphertext is obtained and corresponds to Cleartext information.
CN201711440321.3A 2017-12-27 2017-12-27 Quick access control system based on cloud security platform Active CN108040068B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201711440321.3A CN108040068B (en) 2017-12-27 2017-12-27 Quick access control system based on cloud security platform
PCT/CN2018/078903 WO2019127913A1 (en) 2017-12-27 2018-03-14 Rapid access control system based on cloud security platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711440321.3A CN108040068B (en) 2017-12-27 2017-12-27 Quick access control system based on cloud security platform

Publications (2)

Publication Number Publication Date
CN108040068A true CN108040068A (en) 2018-05-15
CN108040068B CN108040068B (en) 2020-07-10

Family

ID=62097722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711440321.3A Active CN108040068B (en) 2017-12-27 2017-12-27 Quick access control system based on cloud security platform

Country Status (2)

Country Link
CN (1) CN108040068B (en)
WO (1) WO2019127913A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
US20160241399A1 (en) * 2013-03-15 2016-08-18 Arizona Board Of Regents On Behalf Of Arizona State University Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption
CN106487506A (en) * 2016-10-08 2017-03-08 西安电子科技大学 A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering
CN107197041A (en) * 2017-07-04 2017-09-22 深圳齐心集团股份有限公司 A kind of safe cloud computing system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9705850B2 (en) * 2013-03-15 2017-07-11 Arizona Board Of Regents On Behalf Of Arizona State University Enabling comparable data access control for lightweight mobile devices in clouds

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241399A1 (en) * 2013-03-15 2016-08-18 Arizona Board Of Regents On Behalf Of Arizona State University Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
CN106487506A (en) * 2016-10-08 2017-03-08 西安电子科技大学 A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering
CN107197041A (en) * 2017-07-04 2017-09-22 深圳齐心集团股份有限公司 A kind of safe cloud computing system

Also Published As

Publication number Publication date
WO2019127913A1 (en) 2019-07-04
CN108040068B (en) 2020-07-10

Similar Documents

Publication Publication Date Title
Shen et al. A privacy-preserving and untraceable group data sharing scheme in cloud computing
CN106850221B (en) Information encryption and decryption method and device
CN104486315B (en) A kind of revocable key outsourcing decryption method based on contents attribute
CN105262843B (en) A kind of anti-data-leakage guard method for cloud storage environment
CN108833393A (en) A kind of revocable data sharing method calculated based on mist
CN110474893A (en) A kind of isomery is across the close state data safety sharing method of trust domain and system
CN109981641A (en) A kind of safe distribution subscription system and distribution subscription method based on block chain technology
CN107634829A (en) Encrypted electronic medical records system and encryption method can search for based on attribute
CN106127075A (en) The encryption method of can search for based on secret protection under a kind of cloud storage environment
CN106160995A (en) Multinomial complete homomorphic cryptography method and system based on coefficient mapping conversion
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN109286491A (en) A kind of key policy attribute base encryption method based on proxy revocation
CN109361644A (en) A kind of Fog property base encryption method for supporting fast search and decryption
Zhang et al. Feacs: A flexible and efficient access control scheme for cloud computing
CN107968780A (en) A kind of method for secret protection of mobile cloud storage shared data
CN109214201A (en) A kind of data sharing method, terminal device and computer readable storage medium
CN108111295A (en) A kind of homomorphic encryption algorithm based on similar modul
CN109981643A (en) A kind of inquiry authorization of fine granularity can search for encryption method and system
CN112199697A (en) Information processing method, device, equipment and medium based on shared root key
Gupta et al. Compendium of data security in cloud storage by applying hybridization of encryption algorithm
Jammula et al. Hybrid lightweight cryptography with attribute-based encryption standard for secure and scalable IoT system
CN105978680A (en) Implementing padding in a white-box implementation
Luo et al. Accountable data sharing scheme based on blockchain and SGX
CN108055130A (en) The ciphertext protection system of differentiation safety
CN114244567B (en) CP-ABE method for supporting circuit structure in cloud environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant