CN108040068B - Quick access control system based on cloud security platform - Google Patents

Quick access control system based on cloud security platform Download PDF

Info

Publication number
CN108040068B
CN108040068B CN201711440321.3A CN201711440321A CN108040068B CN 108040068 B CN108040068 B CN 108040068B CN 201711440321 A CN201711440321 A CN 201711440321A CN 108040068 B CN108040068 B CN 108040068B
Authority
CN
China
Prior art keywords
key
terminal
ciphertext
data
outsourcing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711440321.3A
Other languages
Chinese (zh)
Other versions
CN108040068A (en
Inventor
王树兰
王磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Technology University
Original Assignee
Shenzhen Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Technology University filed Critical Shenzhen Technology University
Priority to CN201711440321.3A priority Critical patent/CN108040068B/en
Priority to PCT/CN2018/078903 priority patent/WO2019127913A1/en
Publication of CN108040068A publication Critical patent/CN108040068A/en
Application granted granted Critical
Publication of CN108040068B publication Critical patent/CN108040068B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a quick access control system based on a cloud security platform, which comprises an authorization center, a cloud server, a data owner, a terminal and an outsourcing server; compared with the prior art, the embodiment of the invention adopts the outsourcing third-party semi-trusted entity outsourcing server to execute most of the calculation tasks in the decryption stage, thereby greatly reducing the local calculation complexity of the terminal, and being suitable for the terminal with limited calculation resources; meanwhile, based on the cloud security platform, the key generation task and the data encryption task corresponding to the authorization center and the data owner can be completed through off-line operation and on-line operation, so that the resource utilization rate of the authorization center and the data owner is effectively improved, and therefore when a large number of terminals ask for keys from the authorization center or need to update the keys, misoperation of the authorization center can be effectively avoided.

Description

Quick access control system based on cloud security platform
Technical Field
The invention relates to the technical field of data access, in particular to a quick access control system based on a cloud security platform.
Background
With the explosive growth of data, online data sharing has become one of the most potential applications in cloud computing, however, under the temptation of huge benefits, a cloud service provider and a key authorization center may reveal confidential information of users, so that the users no longer consider them to be completely trusted entities, and in order to avoid data disclosure, the users need to encrypt respective data before sharing the data.
At present, CP-ABE (Ciphertext-Policy-Based Attribute Encryption) has received more and more attention as a novel Encryption primitive, because the CP-ABE can protect data privacy, can realize fine-grained, one-to-many and non-interactive access control, and is particularly suitable for an open cloud computing platform. However, most CP-ABE schemes have a problem of high computational complexity, and especially in the key generation stage, encryption stage and decryption stage, the computational complexity increases with the increase of the number of user key attributes, so that the CP-ABE schemes are not suitable for user terminals with limited computational resources. In addition, when a large number of user terminals ask for a key from the key authorization center or need to update the key, the calculation load of the key authorization center is high, misoperation is easy to occur, and the practicability of the CP-ABE scheme is hindered.
Disclosure of Invention
The embodiment of the invention mainly aims to provide a quick access control system based on a cloud security platform, which can solve the technical problems that the existing CP-ABE scheme is not suitable for user terminals with limited computing resources, and when a large number of user terminals ask a key from a key authorization center or need to update the key, the computing load of the key authorization center is high, and misoperation is easy to occur.
In order to achieve the above object, an embodiment of the present invention provides a fast access control system based on a cloud security platform, where the system includes an authorization center, a cloud server, a data owner, a terminal, and an outsourcing server;
the data owner and the terminal are both in communication connection with the authorization center, and the authorization center is used for generating a public key and a user key according to a preset key generation algorithm, sending the generated public key to the data owner and the terminal, and sending the generated user key to the terminal;
the cloud server is in communication connection with the data owner, and the data owner is used for encrypting data to be protected according to the public key and sending a ciphertext obtained through encryption to the cloud server;
the cloud server and the outsourcing server are both connected with the terminal, the outsourcing server is used for providing a decryption algorithm for the terminal, and the terminal is used for acquiring a ciphertext stored in the cloud server and decrypting the ciphertext based on the decryption algorithm, the public key and the user key.
Optionally, the authorization center is configured to:
define attribute set a ═ { a ═ a1,…,an};
Establishing a hash function H: {0,1}*→G0
Selecting random numbers α, β, generating a public key PK and a master private key MSK by using the following formula, and sending the generated public key PK to the data owner and the terminal;
PK={G0,g,h=gβ,e(g,g)α}
MSK={gα,β}
wherein G is0And GTAre two cyclic groups of prime order p, and G is a group G0One generator of (1), bilinear pair e: G0×G0→GTE (G, G) is GTα, β∈ ZP,ZPIs a set of random numbers.
Optionally, the authorization center is further configured to:
for each attribute aiSelecting a random number ri,ri∈ZpThe attribute key SK is calculated using the following formulaAttr
Figure BDA0001526535450000021
Wherein, ai∈A,
Figure BDA0001526535450000022
ZPIs a set of random numbers.
Optionally, the authorization center is further configured to:
selecting a random number r, r ∈ ZpAnd a set of attributes S is defined,
Figure BDA0001526535450000031
based on the attribute key SKAttrCalculating a user key SK associated with the attribute set S using the following formula with the master private key MSKUserAnd generating the user key SKUserSending the data to the terminal;
Figure BDA0001526535450000032
wherein G is a group G0H is gβ,ZPIs a set of random numbers.
Optionally, the data owner is configured to:
executing a preset offline encryption operation based on the public key PK to generate an initial ciphertext;
and encrypting the data to be protected based on the initial ciphertext, and sending the obtained ciphertext to the cloud server.
Optionally, the terminal is configured to:
acquiring the ciphertext from the cloud server;
a random number t is selected, t ∈ ZpCalculating an outsourcing key OSK and a escrow key SK corresponding to the outsourcing server by using the following formulaDelegateAnd sending the ciphertext, the outsourcing secret key OSK and the public key PK to the outsourcing server;
Figure BDA0001526535450000033
SKDelegate={t}
wherein G is a group G0H is gβ,ZPIs a set of random numbers.
Optionally, the outsourcing server is configured to:
and generating an intermediate result based on the public key PK, the ciphertext and the outsourced secret key OSK, and sending the intermediate result to the terminal.
Optionally, the terminal is further configured to:
based on the intermediate result and the escrow key SKDelegateAnd decrypting the ciphertext to obtain plaintext information corresponding to the ciphertext.
The embodiment of the invention provides a rapid access control system based on a cloud security platform, which comprises an authorization center, a cloud server, a data owner, a terminal and an outsourcing server; compared with the prior art, the embodiment of the invention adopts the outsourcing third-party semi-trusted entity outsourcing server to execute most of the calculation tasks in the decryption stage, thereby greatly reducing the local calculation complexity of the terminal, and being suitable for the terminal with limited calculation resources; meanwhile, based on the cloud security platform, the key generation task and the data encryption task corresponding to the authorization center and the data owner can be completed through off-line operation and on-line operation, so that the resource utilization rate of the authorization center and the data owner is effectively improved, and therefore when a large number of terminals ask for keys from the authorization center or need to update the keys, misoperation of the authorization center can be effectively avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a fast access control system based on a cloud security platform in an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a fast access control system based on a cloud security platform in an embodiment of the present invention, where in the embodiment of the present invention, the system includes an authorization center 10, a cloud server 20, a data owner 30, a terminal 40, and an outsourcing server 50;
the data owner 30 and the terminal 40 are both in communication connection with the authorization center 10, and the authorization center 10 is configured to generate a public key and a user key according to a preset key generation algorithm, send the generated public key to the data owner 30 and the terminal 40, and send the generated user key to the terminal 40;
the cloud server 20 is in communication connection with the data owner 30, and the data owner 30 is configured to encrypt data to be protected according to the public key and send a ciphertext obtained through encryption to the cloud server 20;
the cloud server 20 and the outsource server 50 are both connected to the terminal 40, the outsource server 50 is configured to provide a decryption algorithm to the terminal 40, and the terminal 40 is configured to obtain a ciphertext stored in the cloud server 20 and decrypt the ciphertext based on the decryption algorithm, the public key, and the user key.
Wherein the rights issuer 10 is a fully trusted entity that manages the terminal 40 and is responsible for generating public and user keys. On the other hand, it also needs to maintain the user information and attribute information corresponding to the terminal 40. It may also perform two key generation algorithms, an offline key generation algorithm and an online key generation algorithm.
The cloud server 20 is a manager of shared data, and is a semi-trusted entity, which provides various services, such as data storage, data transmission, outsourced computing, and the like, mainly for ciphertext storage and file transmission (upload/download) services.
The data owner 30 is a holder of data files to be protected, and in the cloud computing platform, a large number of data files need to be stored and shared in the cloud computing platform. Meanwhile, the entity needs to define an access structure related to the ciphertext according to the attribute of the system and perform data encryption operation. In order to improve the calculation efficiency of the data owner 30, the data owner 30 includes two sub-algorithms: an offline data encryption algorithm and an online data encryption algorithm.
The terminal 40 is an object of data file sharing. In an open cloud computing environment, it is used to access large amounts of data information stored in cloud servers 20. If the user needs to acquire the information, the user can download the corresponding ciphertext from the cloud server 20 and perform decryption operation. Meanwhile, if the computing power of the terminal 40 is limited, the terminal 40 may hand most of the decryption work to the outsource server 50 for processing, and perform the escrow key generation operation and the corresponding decryption operation related to outsourcing. Therefore, the terminal 40 only needs to perform the escrow key generation operation and the decryption operation with a smaller amount of calculation.
The terminal 40 may be a communication terminal, a web-surfing terminal, and a music/video playing terminal, and may be, for example, a mobile phone, a tablet computer, a notebook computer, a desktop computer, an intelligent television, a set-top box, and the like.
The outsourcing server 50 serves as an agent of data decryption work, and in the cloud computing system, the outsourcing server 50 can honestly execute various decryption tasks distributed by the terminal 40 and return correct results, so that the computing overhead of the terminal 40 is greatly reduced.
The cloud security platform-based quick access control system provided by the embodiment of the invention comprises an authorization center 10, a cloud server 20, a data owner 30, a terminal 40 and an outsourcing server 50; compared with the prior art, the embodiment of the invention adopts the outsourcing third-party semi-trusted entity outsourcing server 50 to execute most of the computing tasks in the decryption stage, thereby greatly reducing the local computing complexity of the system, and being suitable for terminals with limited computing resources; meanwhile, based on the cloud security platform, the key generation task and the data encryption task corresponding to the authorization center 10 and the data owner 30 can be completed through offline operation and online operation, so that the resource utilization rate of the authorization center 10 and the data owner 30 is effectively improved, and therefore, when a large number of terminals ask for keys from the authorization center 10 or need to update the keys, misoperation of the authorization center 10 can be effectively avoided.
Further, based on the first embodiment of the present invention, in the embodiment of the present invention, the quick access control system based on the cloud security platform specifically includes the following four processes:
first, system initialization
The following work is done with the authorization center 10:
(1) and defining attribute set A ═ a1,…,an};
(2) Establishing a Hash function H: {0,1}*→G0
(3) Selecting random numbers α, β, generating a public key PK and a master private key MSK by using the following formula, and sending the generated public key PK to the data owner 30 and the terminal 40;
PK={G0,g,h=gβ,e(g,g)α}
MSK={gα,β}
wherein G is0And GTAre two cyclic groups of prime order p, and G is a group G0One generator of (1), bilinear pair e: G0×G0→GTE (G, G) is GTα, β∈ ZP,ZPIs a set of random numbers.
Second, generating user key
The authorization center 10 executes a preset offline data encryption algorithm based on the public key PK and the attribute set a ═ a1,…,anFor each attribute a }iSelecting a random number ri,ri∈ZpThe attribute key SK is calculated using the following formulaAttr
Figure BDA0001526535450000071
Wherein, ai∈A,
Figure BDA0001526535450000072
ZPIs a set of random numbers.
Further, the authorization center 10 executes a preset online data encryption algorithm based on the master private key MSK and the attribute set S (S: (a:) (b))
Figure BDA0001526535450000073
) And the above-mentioned attribute key SKAttrSelecting a random number r, r ∈ Z for said terminal 40pAnd defining;
the user key SK associated with the set S of attributes is calculated using the following formulaUserThe generated user key SKUserSending to the terminal 40;
Figure BDA0001526535450000074
wherein G is a group G0H is gβ,ZPIs a set of random numbers.
Third, data encryption
The data owner 30 performs a preset offline encryption operation based on the public key PK, generates the initial ciphertext based on the public key PK and a preset access structure tree T, encrypts the data to be protected based on the initial ciphertext, and sends the obtained ciphertext to the cloud server 20.
In particular, for each node x (including leaf nodes) in the access structure tree T, the data owner 30 needs to define a polynomial q for themx. Polynomial construction rules: starting from the root node R, the polynomials q of these nodesxThe selection is random in a top-down manner. For each node x in the access tree T, a polynomial qxDegree of is set to kx-1, wherein kxIndicating a threshold value.
Then, starting from the root node R, q is setR(0)=s(s∈Zp) Wherein s is selected randomly; at the same time, d is randomly selectedRA plurality of other nodes to completely define the polynomial qR. For each non-root node x, set qx(0)=qparent(x)(index (x)), and randomly selecting dxA further node to define q completelyx
In the access structure tree T, assuming that Y represents a set of leaf nodes, and all the nodes in the set are Y, the data owner 30 can generate the initial ciphertext CT using the following formula1
Figure BDA0001526535450000081
When the plaintext M is required to be encrypted in the data owner 30, it performs an on-line encryption operation based on the input plaintext M required to be encrypted and the initial ciphertext CT1Can generate complete ciphertext CT2
Figure BDA0001526535450000082
Fourth, data decryption
When the terminal 40 needs to view the data stored in the cloud server 20, the data is read fromCloud server 20 downloads relevant ciphertext CT2(ii) a Then executing a preset managed key generation algorithm based on the user key SKUserSelecting a random number t, t ∈ ZpThe outsourcing key OSK and escrow key SK corresponding to the outsourcing server 50 are calculated by using the following formulaDelegateAnd the above-mentioned ciphertext CT2The outsourcing key OSK and the public key PK are sent to an outsourcing server 50;
Figure BDA0001526535450000083
SKDelegate={t}
wherein G is a group G0H is gβ,ZPIs a set of random numbers.
Wherein, the outsourcing server 50 is based on the public key PK and the ciphertext CT2And the outsourcing key OSK generates an intermediate result IT, and then transmits the intermediate result IT to the terminal 40.
Wherein e (g, g) can be obtained by calculation if the attribute set S indirectly related to the outsourcing key OSK meets the access policy TrβsOtherwise, an error symbol ⊥ is output;
specifically, a recursive operation DecryptNode (CT, SK, x) is defined, assuming that node x is a leaf node, we assume that i ═ att (x), and DecryptNode (CT, SK, x) is defined as follows:
if it is
Figure BDA0001526535450000084
Then DecryptNode (CT, SK, x) ⊥.
If i ∈ S, DecryptNode (CT, SK, x) is calculated by the following equation.
Figure BDA0001526535450000091
In addition, if x is a non-leaf node, then DecryptNode (CT, SK, x) is defined as follows:
for all child nodes z in node x, it returns a default node (CT, SK,z) and stores the output of this value as Fz(ii) a Let SxIs arbitrary kx-set of sized child nodes z, then:
if set SxAbsent, then Fz=DecryptNode(CT,SK,z)=⊥。
If set SxIf present, then function FzThe calculation is made by the following formula:
Figure BDA0001526535450000092
finally, if the attribute set S matches the access control policy T, the lagrangian interpolation theorem is used, and there are:
Figure BDA0001526535450000093
further, the outsourcing server 50 performs the following calculation and outputs the result IT2
Figure BDA0001526535450000094
Further, the terminal 40 bases on the intermediate result IT1And IT2With the escrow key SKDelegateFor ciphertext CT2Decrypting to obtain ciphertext CT2Corresponding plaintext information M:
Figure BDA0001526535450000101
wherein, α, s, β, r ∈ ZP,ZPIs a set of random numbers, G0And GTAre two cyclic groups of prime order p, and G is a group G0One generator of (1), bilinear pair e: G0×G0→GTE (G, G) is GTThe generator of (1).
The cloud security platform-based quick access control system provided by the embodiment of the invention can utilize the outsourcing server to execute most of computing tasks in a decryption stage, thereby greatly reducing the local computing complexity of the system, and being suitable for terminals with limited computing resources; meanwhile, based on the cloud security platform, the key generation task and the data encryption task corresponding to the authorization center and the data owner can be completed through offline operation and online operation, so that the resource utilization rate of the authorization center and the data owner is effectively improved, and therefore, when a large number of terminals ask for keys from the authorization center or the keys need to be updated, misoperation of the authorization center can be avoided.
In the above description, for a person skilled in the art, there are variations on the specific implementation and application scope according to the ideas of the embodiments of the present invention, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (7)

1. A quick access control system based on a cloud security platform is characterized by comprising an authorization center, a cloud server, a data owner, a terminal and an outsourcing server; the data owner and the terminal are both in communication connection with the authorization center, and the authorization center is used for generating a public key and a user key according to a preset key generation algorithm, sending the generated public key to the data owner and the terminal, and sending the generated user key to the terminal; the cloud server is in communication connection with the data owner, and the data owner is used for encrypting data to be protected according to the public key and sending a ciphertext obtained through encryption to the cloud server; the cloud server and the outsourcing server are both connected with the terminal, the outsourcing server is used for providing a decryption algorithm for the terminal, and the terminal is used for acquiring a ciphertext stored in the cloud server and decrypting the ciphertext based on the decryption algorithm, the public key and the user key;
the authorization center is used for defining attribute set A ═ { a1, …, an };
the method comprises the steps of establishing a hash function H {0,1} → G0, selecting random numbers α and β, generating a public key PK and a main private key MSK by using the following formulas, and sending the generated public key PK to a data owner and a terminal;
PK ═ G0, G, h ═ G β, e (G, G) α }, MSK ═ G α } where G0 and GT are two cyclic groups of prime p order, and G is the group G0G0 × G0 → GT, e (G, G) is the generation element of GT, α, β∈ ZP, ZP is the random number set;
the authorization center is a completely credible entity, is used for managing the terminal, needs to maintain user information and attribute information corresponding to the terminal, and can also execute two key generation algorithms, namely an offline key generation algorithm and an online key generation algorithm;
the data owner is a holder of a data file to be protected, in the cloud computing platform, a large number of data files need to be stored and shared in the cloud computing platform, meanwhile, the entity needs to define an access structure related to a ciphertext according to the attribute of a system, and the data owner comprises two sub-algorithms: an offline data encryption algorithm and an online data encryption algorithm.
2. The system of claim 1, wherein the authorization center is further configured to: for each attribute aiSelecting a random number ri,ri∈ ZP, calculating the attribute key SK using the following formulaAttr:
Figure FDA0002412876150000021
Wherein, ai∈A,
Figure FDA0002412876150000022
ZP is a set of random numbers.
3. The system according to claim 2, wherein the rights issuer is further arranged to select a random number r, r ∈ ZP and to define a set of attributes S,
Figure FDA0002412876150000023
based on the attribute key SKAttrCalculating a user key SK associated with the attribute set S using the following formula with the master private key MSKUserAnd sending the generated user key to the terminal;
Figure FDA0002412876150000024
wherein G is a generator of group G0, and h is GβZP is a random number set.
4. The system of claim 3, wherein the data owner is configured to:
executing a preset offline encryption operation based on the public key PK to generate an initial ciphertext;
and encrypting the data to be protected based on the initial ciphertext, and sending the obtained ciphertext to the cloud server.
5. The system of claim 4, wherein the terminal is configured to: acquiring the ciphertext from the cloud server;
selecting a random number t and t ∈ ZP, and calculating an outsourcing key OSK and a escrow key SK corresponding to the outsourcing server by using the following formulasDelegateAnd sending the ciphertext, the outsourcing secret key OSK and the public key PK to the outsourcing server;
Figure FDA0002412876150000031
SKDelegate={t}
wherein G is a generator of group G0, and h is GβZP is a random number set.
6. The system of claim 5, wherein the outsourcing server is configured to: and generating an intermediate result based on the public key PK, the ciphertext and the outsourced secret key OSK, and sending the intermediate result to the terminal.
7. The system of claim 6, wherein the terminal is further configured to: based on the intermediate result and the escrow key SKDelegateAnd decrypting the ciphertext to obtain plaintext information corresponding to the ciphertext.
CN201711440321.3A 2017-12-27 2017-12-27 Quick access control system based on cloud security platform Active CN108040068B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201711440321.3A CN108040068B (en) 2017-12-27 2017-12-27 Quick access control system based on cloud security platform
PCT/CN2018/078903 WO2019127913A1 (en) 2017-12-27 2018-03-14 Rapid access control system based on cloud security platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711440321.3A CN108040068B (en) 2017-12-27 2017-12-27 Quick access control system based on cloud security platform

Publications (2)

Publication Number Publication Date
CN108040068A CN108040068A (en) 2018-05-15
CN108040068B true CN108040068B (en) 2020-07-10

Family

ID=62097722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711440321.3A Active CN108040068B (en) 2017-12-27 2017-12-27 Quick access control system based on cloud security platform

Country Status (2)

Country Link
CN (1) CN108040068B (en)
WO (1) WO2019127913A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160241399A1 (en) * 2013-03-15 2016-08-18 Arizona Board Of Regents On Behalf Of Arizona State University Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption
US9705850B2 (en) * 2013-03-15 2017-07-11 Arizona Board Of Regents On Behalf Of Arizona State University Enabling comparable data access control for lightweight mobile devices in clouds
CN103618728B (en) * 2013-12-04 2018-03-02 南京邮电大学 A kind of encryption attribute method at more mechanism centers
CN106487506B (en) * 2016-10-08 2020-07-28 西安电子科技大学 Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN107197041A (en) * 2017-07-04 2017-09-22 深圳齐心集团股份有限公司 A kind of safe cloud computing system

Also Published As

Publication number Publication date
CN108040068A (en) 2018-05-15
WO2019127913A1 (en) 2019-07-04

Similar Documents

Publication Publication Date Title
Shen et al. A privacy-preserving and untraceable group data sharing scheme in cloud computing
Han et al. A data sharing protocol to minimize security and privacy risks of cloud storage in big data era
Zhang et al. Feacs: A flexible and efficient access control scheme for cloud computing
Das et al. MACPABE: Multi‐Authority‐based CP‐ABE with efficient attribute revocation for IoT‐enabled healthcare infrastructure
WO2021098152A1 (en) Blockchain-based data processing method, device, and computer apparatus
CN114528331A (en) Data query method, device, medium and equipment based on block chain
CN106888213B (en) Cloud ciphertext access control method and system
Gupta et al. Compendium of data security in cloud storage by applying hybridization of encryption algorithm
Aruna et al. Medical healthcare system with hybrid block based predictive models for quality preserving in medical images using machine learning techniques
Qinlong et al. Improving security and efciency for encrypted data sharing in online social networks
Pervez et al. SAPDS: self-healing attribute-based privacy aware data sharing in cloud
CN110611571A (en) Revocable access control method of smart grid system based on fog
CN114143072A (en) CP-ABE-based attribute revocation optimization method and system
Zhao et al. A metaverse-oriented CP-ABE scheme with cryptographic reverse firewall
Abi-Char A BP-based key management protocol for data sharing on cloud storage with access control
WO2019127912A1 (en) Differential security ciphertext protection system
CN114244567B (en) CP-ABE method for supporting circuit structure in cloud environment
CN108040068B (en) Quick access control system based on cloud security platform
EP3959841B1 (en) Compression and oblivious expansion of rlwe ciphertexts
Hwang et al. An SKP‐ABE Scheme for Secure and Efficient Data Sharing in Cloud Environments
Yasmin et al. Decentralized Entrance Power with Secret Endorsement of Data Stored in Clouds
Liu et al. Lightweight Fine‐Grained Multiowner Search over Encrypted Data in Cloud‐Edge Computing
Liu et al. A secure and efficient data sharing framework with delegated capabilities in hybrid cloud
Xie et al. Assured Deletion: A Scheme Based on Strong Nonseparability
Zhang et al. A Secure Access Control Framework for Cloud Management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant