CN108040068A - quick access control system based on cloud security platform - Google Patents
quick access control system based on cloud security platform Download PDFInfo
- Publication number
- CN108040068A CN108040068A CN201711440321.3A CN201711440321A CN108040068A CN 108040068 A CN108040068 A CN 108040068A CN 201711440321 A CN201711440321 A CN 201711440321A CN 108040068 A CN108040068 A CN 108040068A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- msup
- ciphertext
- mrow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of quick access control system based on cloud security platform, the system comprises authorization center, Cloud Server, data owner, terminal, outsourcing service device;Compared to existing technologies, the embodiment of the present invention employs the half trusted entity outsourcing service device of third party of outsourcing to perform most of calculating task of decryption phase, the computation complexity of terminal local is considerably reduced, therefore can be adapted for the limited terminal of computing resource;At the same time, the embodiment of the present invention is based on cloud security platform, the corresponding key generation task of above-mentioned authorization center and data owner and data cryptographic tasks can be completed by off-line operation and on-line operation, effectively improve the resource utilization of above-mentioned authorization center and data owner, therefore when substantial amounts of terminal asks for key or need more new key to authorization center, authorization center can be effectively prevented from and maloperation occur.
Description
Technical field
The present invention relates to data access technology field, more particularly to a kind of quick access control system based on cloud security platform
System.
Background technology
With the explosive growth of data, online data, which is shared, has changed into one of application most potential in cloud computing,
However, under huge interests temptation, cloud service provider and key authorization center may reveal the confidential information of user, therefore use
It is complete believable entity that family, which is no longer regarded as them, and in order to avoid leaking data, user needs to encrypt before shared data respective
Data.
At present, CP-ABE (Ciphertext Policy-Attribute Based Encryption, based on Ciphertext policy
Encryption attribute system) be used as a kind of novel cryptographic primitives, received more and more attention, reason is that it not only may be used
To protect data-privacy, fine-grained, one-to-many and noninteractive access control can also be realized, particularly suitable for open
Cloud computing platform.However, most CP-ABE schemes especially generate rank there are the big problem of computational complexity in key
Section, encrypting stage and decryption phase, its computation complexity can be improved with the increase of user key attribute number, therefore inapplicable
In the user terminal that computing resource is limited.In addition, when substantial amounts of user terminal wants key to key authorization axial cable or needs more
During new key, the computational load at key authorization center is higher, maloperation easily occurs, hinders the practical of CP-ABE schemes.
The content of the invention
The main purpose of the embodiment of the present invention is to provide a kind of quick access control system based on cloud security platform, can
It is not suitable for the limited user terminal of computing resource to solve existing CP-ABE schemes, and when substantial amounts of user terminal is to close
When key authorization center asks for key or needs key updating, the computational load at key authorization center is higher, maloperation easily occurs
Technical problem.
To achieve the above object, the embodiment of the present invention provides a kind of quick access control system based on cloud security platform,
The system includes authorization center, Cloud Server, data owner, terminal, outsourcing service device;
The data owner and the terminal are communicated to connect with the authorization center, and the authorization center is used for according to pre-
If key schedule generation public key and user key, and the public key of generation was sent to the data owner and end
End, the user key of generation is sent to the terminal;
The Cloud Server is communicated to connect with the data owner, and the data owner is used to treat guarantor according to the public key
The data of shield are encrypted, and the ciphertext that encryption is obtained is sent to the Cloud Server;
The Cloud Server and the outsourcing service device are connected with the terminal, and the outsourcing service device is used for described
Terminal provides decipherment algorithm, and the terminal is used to obtaining the ciphertext that is stored in the Cloud Server, and based on the decipherment algorithm,
The ciphertext is decrypted in the public key and the user key.
Optionally, the authorization center is used for:
Defined attribute set A={ a1..., an};
Establish hash function H:{0,1}*→G0;
Random number α, β is selected, and using the following formula generation public key PK and main private key MSK, and by the public key of generation
PK is sent to the data owner and the terminal;
PK={ G0, g, h=gβ,e(g,g)α}
MSK={ gα,β}
Wherein, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0One generation member, Bilinear map e:G0×G0
→GT, e (g, g) is GTGeneration member, α, β ∈ ZP, ZPFor set of random numbers.
Optionally, the authorization center is additionally operable to:
For each attribute ai, select a random number ri, ri∈Zp, utilize the following formula computation attribute key SKAttr:
Wherein, ai∈ A,ZPFor set of random numbers.
Optionally, the authorization center is additionally operable to:
Select random number r, a r ∈ Zp, and defined attribute set S,
Based on the attribute key SKAttrWith the main private key MSK, calculated and the attribute set S using the following formula
Relevant user key SKUser, and by the user key SK of generationUserSend to the terminal;
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
Optionally, the data owner is used for:
Default offline cryptographic operation is performed based on the public key PK, generates initial ciphertext;
The data to be protected are encrypted based on the initial ciphertext, the obtained ciphertext is sent to described
Cloud Server.
Optionally, the terminal is used for:
The ciphertext is obtained from the Cloud Server;
Select a random number t, and t ∈ Zp, the corresponding outsourcing key of the outsourcing service device is calculated using the following formula
OSK and trustship key SKDelegate, and the ciphertext, the outsourcing key OSK and the public key PK are sent to the outsourcing and taken
Business device;
SKDelegate={ t }
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
Optionally, the outsourcing service device is used for:
Intermediate result is generated based on the public key PK, the ciphertext and the outsourcing key OSK, and by the intermediate result
Send to the terminal.
Optionally, the terminal is additionally operable to:
Based on the intermediate result and the trustship key SKDelegateThe ciphertext is decrypted, obtains the ciphertext
Corresponding cleartext information.
A kind of quick access control system based on cloud security platform provided in an embodiment of the present invention, the system comprises award
Power center, Cloud Server, data owner, terminal, outsourcing service device;Compared to existing technologies, the embodiment of the present invention uses
The third party half trusted entity outsourcing service device of outsourcing performs most of calculating task of decryption phase, considerably reduces
The computation complexity of terminal local, therefore can be adapted for the limited terminal of computing resource;Meanwhile the embodiment of the present invention is based on cloud
Security platform, the corresponding key generation task of above-mentioned authorization center and data owner and data cryptographic tasks can be by grasping offline
Make to complete with on-line operation, effectively improve the resource utilization of above-mentioned authorization center and data owner, therefore when a large amount of
Terminal to authorization center ask for key or need more new key when, authorization center can be effectively prevented from and maloperation occur.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those skilled in the art, without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the structure diagram of the quick access control system based on cloud security platform in the embodiment of the present invention.
Embodiment
Goal of the invention, feature, advantage to enable the present invention is more obvious and understandable, below in conjunction with the present invention
Attached drawing in embodiment, is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that described reality
It is only part of the embodiment of the present invention to apply example, and not all embodiments.Based on the embodiments of the present invention, people in the art
Member's all other embodiments obtained without making creative work, belong to the scope of protection of the invention.
With reference to Fig. 1, Fig. 1 is the structural representation of the quick access control system based on cloud security platform in the embodiment of the present invention
Scheme, in the embodiment of the present invention, said system includes authorization center 10, Cloud Server 20, data owner 30, terminal 40, outsourcing clothes
Business device 50;
Data owner 30 and terminal 40 are communicated to connect with authorization center 10, and authorization center 10 is used for according to default key
Generating algorithm generates public key and user key, and the public key of generation is sent to data owner 30 and terminal 40, by the use of generation
Family key is sent to terminal 40;
Cloud Server 20 is communicated to connect with data owner 30, and data owner 30 is used for according to above-mentioned public key to number to be protected
According to being encrypted, and obtained ciphertext will be encrypted and sent to Cloud Server 20;
Cloud Server 20 is connected with outsourcing service device 50 with terminal 40, and outsourcing service device 50 is used to provide solution to terminal 40
Close algorithm, terminal 40 are used to obtaining the ciphertext that is stored in Cloud Server 20, and based on above-mentioned decipherment algorithm, above-mentioned public key and above-mentioned
Above-mentioned ciphertext is decrypted in user key.
Wherein, authorization center 10 is complete believable entity, it is used for management terminal 40, and is responsible for producing public key and user
Key.On the other hand, it also needs to 40 corresponding user information of maintenance terminal and attribute information.It can also carry out two kinds of keys
Generating algorithm, a kind of offline key schedule and a kind of online key schedule.
Cloud Server 20 is the manager of shared data, and is half believable entity, it provides a variety of services, as data are deposited
Storage, data transfer, outsourcing calculating etc., mainly for ciphertext storage and file transmission (upload/download) service.
Data owner 30 is the holder of data file to be protected, and in cloud computing platform, it has substantial amounts of data file
Need to store and be shared in cloud computing platform.Meanwhile the entity needs the attribute definition according to system and the relevant access of ciphertext
Structure, and perform data encryption operation.In order to improve the computational efficiency of data owner 30, calculated in data owner 30 comprising two sons
Method:Off-line data Encryption Algorithm and online data Encryption Algorithm.
Terminal 40 is the object of share of data file.In open cloud computing environment, it is used for access and is stored in cloud clothes
The mass data information being engaged in device 20.If user needs to obtain information, can be downloaded using it from Cloud Server 20 corresponding close
Text simultaneously carries out decryption oprerations.Meanwhile if the computing capability of terminal 40 is limited, terminal 40 can give most of work of decryption
Outsourcing service device 50 performs trustship key generation operation relevant with outsourcing and corresponding decryption oprerations on behalf of processing.Therefore, eventually
End 40 only needs to perform the trustship key generation operation of less calculation amount and decryption oprerations.
Wherein, terminal 40 can be communication terminal, access terminals, music/video playback terminal, for example, can be mobile phone,
The equipment such as tablet computer, laptop, desktop computer, smart television, set-top box.
The succedaneum that outsourcing service device 50 works as data deciphering, in cloud computing system, outsourcing service device 50 can
The various task of decryption of the honest distribution of execution terminal 40 simultaneously return to correct result, so that the calculating for mitigating terminal 40 significantly is opened
Pin.
The quick access control system based on cloud security platform that the embodiment of the present invention is provided, including authorization center 10,
Cloud Server 20, data owner 30, terminal 40, outsourcing service device 50;Compared to existing technologies, the embodiment of the present invention uses
The third party half trusted entity outsourcing service device 50 of outsourcing performs most of calculating task of decryption phase, greatly reduces
The computation complexity of system local, therefore can be adapted for the limited terminal of computing resource;Meanwhile the embodiment of the present invention is based on
Cloud security platform, above-mentioned authorization center 10 and 30 corresponding key of data owner generation task and data cryptographic tasks can pass through
Off-line operation and on-line operation are completed, and effectively improve above-mentioned authorization center 10 and the resource utilization of data owner 30,
Therefore when substantial amounts of terminal asks for key or need more new key to authorization center 10, authorization center 10 can be effectively prevented from
There is maloperation.
Further, it is above-mentioned based on the quick of cloud security platform in the embodiment of the present invention based on first embodiment of the invention
Access control system specifically includes following four process:
First, system initialization
Following work is completed using authorization center 10:
(1), defined attribute set A={ a1..., an};
(2), hash function H is established:{0,1}*→G0;
(3), random number α, β is selected, and using the following formula generation public key PK and main private key MSK, and by the public key of generation
PK is sent to data owner 30 and terminal 40;
PK={ G0, g, h=gβ,e(g,g)α}
MSK={ gα,β}
Wherein, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0One generation member, Bilinear map e:G0×G0
→GT, e (g, g) is GTGeneration member, α, β ∈ ZP, ZPFor set of random numbers.
2nd, user key is generated
Authorization center 10 performs default off-line data Encryption Algorithm, which is based on above-mentioned public key PK and attribute set A
={ a1..., an, for each attribute ai, select a random number ri, ri∈Zp, utilize the following formula computation attribute key
SKAttr:
Wherein, ai∈ A,ZPFor set of random numbers.
Further, authorization center 10 performs default online data Encryption Algorithm, which is based on above-mentioned main private key
MSK, attribute set S () and above-mentioned attribute key SKAttr, random number r, a r ∈ Z is selected for above-mentioned terminal 40p, and it is fixed
Justice;
The user key SK closed with above-mentioned attribute set S-phase is calculated using the following formulaUser, by the user key of generation
SKUserSend to above-mentioned terminal 40;
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
3rd, data encryption
Data owner 30 is based on above-mentioned public key PK and performs default offline cryptographic operation, the operation be based on above-mentioned public key PK and
One default access structure tree T, generates above-mentioned initial ciphertext, be then based on the initial ciphertext to above-mentioned data to be protected into
Row encryption, obtained ciphertext is sent to Cloud Server 20.
Specifically, for each node x (including leaf node) in access structure tree T, the needs of data owner 30 are
They define a multinomial qx.Polynomial construction rule:Since root node R, the multinomial q of these nodesxUsing from upper and
Under mode randomly choose.For accessing each node x, multinomial q that set in TxDegree be arranged to kx- 1, wherein kxRepresent
Threshold value.
Then, since root node R, q is setR(0)=s (s ∈ Zp), wherein s is selected at random;Meanwhile randomly choose dR
A others node completely defines multinomial qR.For each non-root node x, q is setx(0)=qparent(x)(index
(x)), and d is randomly choosedxA others node completely defines qx。
In access structure tree T, it is assumed that Y represents the set of leaf node, and all nodes in the set are y, data category
Main 30 can generate above-mentioned initial ciphertext CT using the following formula1:
When there is plaintext M to need encryption in data owner 30, it just performs online cryptographic operation, which is based on above-mentioned defeated
Enter to need encrypted plaintext M and initial ciphertext CT1, you can produce complete ciphertext CT2:
4th, data deciphering
When terminal 40 needs to check in Cloud Server 20 data stored, then relevant ciphertext is downloaded from Cloud Server 20
CT2;Then default trustship key schedule is performed, which is based on above-mentioned user key SKUser, select a random number
T, t ∈ Zp, 50 corresponding outsourcing key OSK of outsourcing service device and trustship key SK are calculated using the following formulaDelegate, and will be upper
State ciphertext CT2, outsourcing key OSK and above-mentioned public key PK sent to outsourcing service device 50;
SKDelegate={ t }
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
Wherein, outsourcing service device 50 is based on above-mentioned public key PK, ciphertext CT2And outsourcing key OSK generation intermediate result IT, so
Intermediate result IT is sent to terminal 40 afterwards.
Wherein, can by calculating if meet access strategy T with the attribute set S of outsourcing key OSK indirect correlations
To obtain e (g, g)rβs;Otherwise, a mismark ⊥ will be exported;
Specifically, defining a recursive operation DecryptNode (CT, SK, x), it is assumed that node x is leaf node, we
It is assumed that i=att (x), and it is as follows to define DecryptNode (CT, SK, x):
IfThen DecryptNode (CT, SK, x)=⊥.
If i ∈ S, DecryptNode (CT, SK, x) are calculated by following formula.
In addition, if x is non-leaf nodes, then DecryptNode (CT, SK, x) is defined as foloows:
For all child nodes z in node x, it returns to DecryptNode (CT, SK, z), and stores the defeated of the value
Go out for Fz;If SxIt is arbitrary kxThe set of-sized child nodes z, then:
If set SxIt is not present, then Fz=DecryptNode (CT, SK, z)=⊥.
If set SxIn the presence of then function FzCalculated by following formula:
Finally, if attribute set S is matched with access control policy T-phase, using Lagrange interpolation formula, just deposit
:
Further, outsourcing service device 50 performs following calculating and exports result IT2:
Further, terminal 40 is based on above-mentioned intermediate result IT1And IT2With above-mentioned trustship key SKDelegateTo ciphertext CT2
It is decrypted, obtains ciphertext CT2Corresponding cleartext information M:
Wherein, α, s, β, r ∈ ZP, ZPFor set of random numbers, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0's
One generation member, Bilinear map e:G0×G0→GT, e (g, g) is GTGeneration member.
The quick access control system based on cloud security platform that the embodiment of the present invention is provided, can utilize outsourcing service
Device performs most of calculating task of decryption phase, considerably reduces the computation complexity of system local, therefore can fit
The terminal limited for computing resource;Meanwhile based on cloud security platform, the corresponding key life of above-mentioned authorization center and data owner
It can be completed into task and data cryptographic tasks by off-line operation and on-line operation, effectively improve above-mentioned authorization center
With the resource utilization of data owner, therefore when substantial amounts of terminal to authorization center ask for key or need more new key when, can
There is maloperation to avoid authorization center.
It is above the description to the quick access control system provided by the present invention based on cloud security platform, for ability
The technical staff in domain, according to the thought of the embodiment of the present invention, there will be changes in specific embodiments and applications,
To sum up, this specification content should not be construed as limiting the invention.
Claims (8)
1. a kind of quick access control system based on cloud security platform, it is characterised in that the system comprises authorization center, cloud
Server, data owner, terminal, outsourcing service device;
The data owner and the terminal are communicated to connect with the authorization center, and the authorization center is used for according to default
Key schedule generates public key and user key, and the public key of generation is sent to the data owner and terminal, will
The user key of generation is sent to the terminal;
The Cloud Server is communicated to connect with the data owner, and the data owner is used for according to the public key to be protected
Data are encrypted, and the ciphertext that encryption is obtained is sent to the Cloud Server;
The Cloud Server and the outsourcing service device are connected with the terminal, and the outsourcing service device is used for the terminal
Decipherment algorithm is provided, the terminal is used to obtaining the ciphertext that is stored in the Cloud Server, and based on the decipherment algorithm, described
The ciphertext is decrypted in public key and the user key.
2. system according to claim 1, it is characterised in that the authorization center is used for:
Defined attribute set A={ a1,…,an};
Establish hash function H:{0,1}*→G0;
Random number α, β is selected, and is sent out using the following formula generation public key PK and main private key MSK, and by the public key PK of generation
Send to the data owner and the terminal;
PK={ G0, g, h=gβ,e(g,g)α}
MSK={ gα,β}
Wherein, G0And GTIt is the cyclic group that two ranks are prime number p, g is crowd G0One generation member, Bilinear map e:G0×G0→
GT, e (g, g) is GTGeneration member, α, β ∈ ZP, ZPFor set of random numbers.
3. system according to claim 2, it is characterised in that the authorization center is additionally operable to:
For each attribute ai, select a random number ri, ri∈Zp, utilize the following formula computation attribute key SKAttr:
<mrow>
<msub>
<mi>SK</mi>
<mrow>
<mi>A</mi>
<mi>t</mi>
<mi>t</mi>
<mi>r</mi>
</mrow>
</msub>
<mo>=</mo>
<mo>{</mo>
<mo>&ForAll;</mo>
<mi>i</mi>
<mo>&Element;</mo>
<mo>&lsqb;</mo>
<mn>1</mn>
<mo>,</mo>
<mi>n</mi>
<mo>&rsqb;</mo>
<mo>:</mo>
<msubsup>
<mi>D</mi>
<mi>i</mi>
<mo>*</mo>
</msubsup>
<mo>=</mo>
<mi>H</mi>
<msup>
<mrow>
<mo>(</mo>
<mi>i</mi>
<mo>)</mo>
</mrow>
<msub>
<mi>r</mi>
<mi>i</mi>
</msub>
</msup>
<mo>,</mo>
<msubsup>
<mi>D</mi>
<mi>i</mi>
<mo>&prime;</mo>
</msubsup>
<mo>=</mo>
<msup>
<mi>h</mi>
<msub>
<mi>r</mi>
<mi>i</mi>
</msub>
</msup>
<mo>}</mo>
</mrow>
Wherein, ai∈ A,ZPFor set of random numbers.
4. system according to claim 3, it is characterised in that the authorization center is additionally operable to:
Select random number r, a r ∈ Zp, and defined attribute set S,
Based on the attribute key SKAttrWith the main private key MSK, calculate what is closed with the attribute set S-phase using the following formula
User key SKUser, and by the user key SK of generationUserSend to the terminal;
<mrow>
<msub>
<mi>SK</mi>
<mrow>
<mi>U</mi>
<mi>s</mi>
<mi>e</mi>
<mi>r</mi>
</mrow>
</msub>
<mo>=</mo>
<mo>{</mo>
<mi>D</mi>
<mo>=</mo>
<msup>
<mi>g</mi>
<mi>&alpha;</mi>
</msup>
<mo>&CenterDot;</mo>
<msup>
<mi>h</mi>
<mi>r</mi>
</msup>
<mo>,</mo>
<mo>&ForAll;</mo>
<mi>j</mi>
<mo>&Element;</mo>
<mi>S</mi>
<mo>:</mo>
<msub>
<mi>D</mi>
<mi>j</mi>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<mi>r</mi>
</msup>
<mo>&CenterDot;</mo>
<msubsup>
<mi>D</mi>
<mi>j</mi>
<mo>*</mo>
</msubsup>
<mo>,</mo>
<msubsup>
<mi>D</mi>
<mi>j</mi>
<mo>&prime;</mo>
</msubsup>
<mo>}</mo>
</mrow>
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
5. system according to claim 4, it is characterised in that the data owner is used for:
Default offline cryptographic operation is performed based on the public key PK, generates initial ciphertext;
The data to be protected are encrypted based on the initial ciphertext, the obtained ciphertext is sent to the cloud and is taken
Business device.
6. system according to claim 5, it is characterised in that the terminal is used for:
The ciphertext is obtained from the Cloud Server;
Select a random number t, and t ∈ Zp, using the following formula calculate the corresponding outsourcing key OSK of the outsourcing service device with
Trustship key SKDelegate, and the ciphertext, the outsourcing key OSK and the public key PK are sent to the outsourcing service device;
<mrow>
<mi>O</mi>
<mi>S</mi>
<mi>K</mi>
<mo>=</mo>
<mo>{</mo>
<msup>
<mi>D</mi>
<mo>&prime;</mo>
</msup>
<mo>=</mo>
<msup>
<mrow>
<mo>(</mo>
<msup>
<mi>g</mi>
<mi>&alpha;</mi>
</msup>
<mo>&CenterDot;</mo>
<msup>
<mi>h</mi>
<mi>r</mi>
</msup>
<mo>)</mo>
</mrow>
<mfrac>
<mn>1</mn>
<mi>t</mi>
</mfrac>
</msup>
<mo>,</mo>
<mo>&ForAll;</mo>
<mi>j</mi>
<mo>&Element;</mo>
<mi>S</mi>
<mo>:</mo>
<msub>
<mi>D</mi>
<mi>j</mi>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<mi>r</mi>
</msup>
<mo>&CenterDot;</mo>
<msubsup>
<mi>D</mi>
<mi>j</mi>
<mo>*</mo>
</msubsup>
<mo>,</mo>
<msubsup>
<mi>D</mi>
<mi>j</mi>
<mo>&prime;</mo>
</msubsup>
<mo>}</mo>
</mrow>
SKDelegate={ t }
Wherein, g is crowd G0One generation member, h=gβ, ZPFor set of random numbers.
7. system according to claim 6, it is characterised in that the outsourcing service device is used for:
Intermediate result is generated based on the public key PK, the ciphertext and the outsourcing key OSK, and the intermediate result is sent
To the terminal.
8. system according to claim 7, it is characterised in that the terminal is additionally operable to:
Based on the intermediate result and the trustship key SKDelegateThe ciphertext is decrypted, the ciphertext is obtained and corresponds to
Cleartext information.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711440321.3A CN108040068B (en) | 2017-12-27 | 2017-12-27 | Quick access control system based on cloud security platform |
PCT/CN2018/078903 WO2019127913A1 (en) | 2017-12-27 | 2018-03-14 | Rapid access control system based on cloud security platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711440321.3A CN108040068B (en) | 2017-12-27 | 2017-12-27 | Quick access control system based on cloud security platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108040068A true CN108040068A (en) | 2018-05-15 |
CN108040068B CN108040068B (en) | 2020-07-10 |
Family
ID=62097722
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711440321.3A Active CN108040068B (en) | 2017-12-27 | 2017-12-27 | Quick access control system based on cloud security platform |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108040068B (en) |
WO (1) | WO2019127913A1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
US20160241399A1 (en) * | 2013-03-15 | 2016-08-18 | Arizona Board Of Regents On Behalf Of Arizona State University | Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption |
CN106487506A (en) * | 2016-10-08 | 2017-03-08 | 西安电子科技大学 | A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering |
CN107197041A (en) * | 2017-07-04 | 2017-09-22 | 深圳齐心集团股份有限公司 | A kind of safe cloud computing system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9705850B2 (en) * | 2013-03-15 | 2017-07-11 | Arizona Board Of Regents On Behalf Of Arizona State University | Enabling comparable data access control for lightweight mobile devices in clouds |
-
2017
- 2017-12-27 CN CN201711440321.3A patent/CN108040068B/en active Active
-
2018
- 2018-03-14 WO PCT/CN2018/078903 patent/WO2019127913A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160241399A1 (en) * | 2013-03-15 | 2016-08-18 | Arizona Board Of Regents On Behalf Of Arizona State University | Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption |
CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
CN106487506A (en) * | 2016-10-08 | 2017-03-08 | 西安电子科技大学 | A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering |
CN107197041A (en) * | 2017-07-04 | 2017-09-22 | 深圳齐心集团股份有限公司 | A kind of safe cloud computing system |
Also Published As
Publication number | Publication date |
---|---|
WO2019127913A1 (en) | 2019-07-04 |
CN108040068B (en) | 2020-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Shen et al. | A privacy-preserving and untraceable group data sharing scheme in cloud computing | |
CN106850221B (en) | Information encryption and decryption method and device | |
CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
CN105262843B (en) | A kind of anti-data-leakage guard method for cloud storage environment | |
CN108833393A (en) | A kind of revocable data sharing method calculated based on mist | |
CN110474893A (en) | A kind of isomery is across the close state data safety sharing method of trust domain and system | |
CN109981641A (en) | A kind of safe distribution subscription system and distribution subscription method based on block chain technology | |
CN107634829A (en) | Encrypted electronic medical records system and encryption method can search for based on attribute | |
CN106127075A (en) | The encryption method of can search for based on secret protection under a kind of cloud storage environment | |
CN106160995A (en) | Multinomial complete homomorphic cryptography method and system based on coefficient mapping conversion | |
CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
CN109286491A (en) | A kind of key policy attribute base encryption method based on proxy revocation | |
CN109361644A (en) | A kind of Fog property base encryption method for supporting fast search and decryption | |
Zhang et al. | Feacs: A flexible and efficient access control scheme for cloud computing | |
CN107968780A (en) | A kind of method for secret protection of mobile cloud storage shared data | |
CN109214201A (en) | A kind of data sharing method, terminal device and computer readable storage medium | |
CN108111295A (en) | A kind of homomorphic encryption algorithm based on similar modul | |
CN109981643A (en) | A kind of inquiry authorization of fine granularity can search for encryption method and system | |
CN112199697A (en) | Information processing method, device, equipment and medium based on shared root key | |
Gupta et al. | Compendium of data security in cloud storage by applying hybridization of encryption algorithm | |
Jammula et al. | Hybrid lightweight cryptography with attribute-based encryption standard for secure and scalable IoT system | |
CN105978680A (en) | Implementing padding in a white-box implementation | |
Luo et al. | Accountable data sharing scheme based on blockchain and SGX | |
CN108055130A (en) | The ciphertext protection system of differentiation safety | |
CN114244567B (en) | CP-ABE method for supporting circuit structure in cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |