CN108390876A - Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server - Google Patents

Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server Download PDF

Info

Publication number
CN108390876A
CN108390876A CN201810149575.8A CN201810149575A CN108390876A CN 108390876 A CN108390876 A CN 108390876A CN 201810149575 A CN201810149575 A CN 201810149575A CN 108390876 A CN108390876 A CN 108390876A
Authority
CN
China
Prior art keywords
user
key
service provider
ciphertext
cloud service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810149575.8A
Other languages
Chinese (zh)
Other versions
CN108390876B (en
Inventor
樊凯
王俊雄
许辉岳
潘强
李晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810149575.8A priority Critical patent/CN108390876B/en
Publication of CN108390876A publication Critical patent/CN108390876A/en
Application granted granted Critical
Publication of CN108390876B publication Critical patent/CN108390876B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field characterized by agreement, discloses a kind of support revocation outsourcing and can verify that more authorization center access control methods, Cloud Server, including:System initialization includes the initialization of global authentication center and other authorization centers;Authorization center is user's distributive property collection, and is the key needed for its generation decryption;File is encrypted in data owner, and wherein ciphering process includes outsourcing encryption, the verification of outsourcing result and the final encryption of data owner;User sends out file access request to cloud service provider, which includes cloud service provider outsourcing decryption, the verification of outsourcing result and the final decryption of user;Certain user in cancellation system or certain attributes.The present invention has many advantages, such as that system access efficiency is high, computing cost is relatively low, supports dynamic user authority management, can be used in cloud storage ensureing the security of private data of user, reduces the permission of user in the computing cost of user, and dynamic management system.

Description

Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
Technical field
The invention belongs to characterized by agreement technical field more particularly to a kind of support revocation outsourcing can verify that more mandates Center access control method, Cloud Server.
Background technology
Currently, the prior art commonly used in the trade is such:With the continuous development of information technology, people’s lives obtain Huge improvement.Wherein, the growth momentum of cloud computing is swift and violent, causes the extensive concern of people.Cloud computing, which is one, to be had The entity of huge computing capability and storage capacity, be network storage, virtualization, load balancing, Distributed Calculation, parallel computation, The product that traditional calculations technology and the network technical developments such as effectiveness calculating are combined.Its powerful place is, can will calculate Resource is distributed to user by network dynamic.Meanwhile the data of itself or resource can be also stored in Cloud Server by user, Or some complicated calculating tasks are contracted out to cloud service provider.In this way, user will no longer by geographical location and have The limitation of the computing resource of limit will calculate side in addition, complicated calculating task can dispose on distributed computer at the far end Edge greatly improves the efficiency of calculating.Cloud storage is from cloud computing conception deriving and a kind of data outsourcing to grow up Service technology refers to by functions such as cluster application, network technology or distributed file systems, by a large amount of various differences in network The storage device of type gathers the common externally offer data of collaborative work by application software, possesses low cost, is easy to The advantage of the interface and enhanced scalability that use.For users, it is not very beyond the clouds by the sensitive data of itself storage Safety.Cloud service provider is not completely believable, may be colluded with due to interests and disabled user, to reveal the number of user According to.The safety of data and shortage controlling are to hinder the biggest obstacle of cloud storage development.Access control can ensure only to award Weigh user's ability access sensitive data, it is considered to be solve the important means of cloud storage safety problem.However traditional access control There are many problems for scheme processed, it can not be applied to the more flexible access controlled environments of more fine granularity, and need trusted entity Implement access control policy.Access control scheme based on encryption attribute can solve the above problems, it is considered to be one kind is suitble to Applied to the access control technology for protecting data safety in cloud storage environment.Encryption mechanism based on attribute is in identity-based It is developed on encryption mechanism.2005, Sahai and Waters proposed the concept that attribute base encrypts (ABE) at first.It compares In traditional public key encryption, it is a kind of to support one-to-many more flexible encryption mechanism.It, will in attribute-based encryption system Originally indicate that the mark of user identity is extended to a series of attributes, the key of ciphertext and user is respectively by access control policy and can The attribute set of description identifies.By introducing access structure, it is ensured that only property set meets the user of access strategy It can successful decryption ciphertext.Encryption mechanism based on attribute greatly reduces the computing cost of user's encryption and decryption, it is ensured that number According to confidentiality, be suitably applied the numerous situation of number of users under distributed environment.Encryption based on attribute is divided into two classes: (1) encryption attribute (CP-ABE) of Ciphertext policy:In the encryption attribute of Ciphertext policy, ciphertext corresponds to access control policy, I.e. an encipherer defines a control strategy and some attributes, wherein this strategy is used for encrypted cipher text, these attributes are used for The key of user is described;(2) encryption attribute (KP-ABE) of key strategy:In the encryption attribute of key strategy, key pair is answered In access control policy, ciphering process is opposite with the ciphering process of Ciphertext policy.Although KP-ABE and CP-ABE can be realized Fine-grained access control, but CP-ABE can make data owner determine specific access control policy, therefore CP-ABE It is considered as most suitable data access control program in cloud storage.In CP-ABE schemes, each validated user in system Certain attribute is had been assigned, according to the property set of each user, to generate the key of each user.Data owner will first count According to plaintext symmetric key encryption, then key public key encryption method is encrypted, and during public key encryption, including One access structure T.If certain user wants decryption ciphertext, attribute must satisfy access structure T.Data owner is by setting Access structure T is determined, to implement its access control policy.Existing CP-ABE schemes are mostly based on an authorization center, all Key is all managed and is issued by the authorization center.However, user may possess and be awarded from multiple authorization centers in practical applications Data sharing can also may be given the user of other authorization center management by the attribute given, data owner.For example, in medical cloud system In system, their medical record data may be shared to doctor and researcher by patient, and doctor this attribute is by therapeutic machine What structure was authorized, this attribute of researcher is authorized by research institute, they are from different Attribute domains, therefore, more authorization centers CP-ABE schemes are more suitable in cloud storage system.In attribute-based encryption system, the computing cost of encryption and decryption phase It is no small.It is a good selection that part in the process, which is calculated, and is contracted out to cloud service provider.However, cloud service provider has not been Complete believable, it may only carry out part calculating, return to a median, or deliberately give return one wrong result. It is therefore proposed that a kind of method for the result of calculation being able to verify that cloud service provider, it appears particularly important.In addition, being based on encryption attribute Access control technology also bring along great administrative burden, especially cancel problem it is more intractable always.On the one hand, due to cloud Number of users is more huge in storage system, and user may frequently replace.In addition, the attribute of user can may also often become More.Certain new attributes may be awarded in user, it is also possible to be revoked some current attributes, his access rights to data It can change therewith.On the other hand, it when needing to cancel the permission of some user, needs to carry out re-encryption to the ciphertext being related to, File after re-encryption cannot be again by secret key decryption before, so other affected users need upgrade key ability Decryption, this makes no longer independent between each user, interferes each other.In addition, if permission revocation is frequently, calculate negative Load also can be very big, and the dynamic of attribute increases the expense and difficulty of key updating.Most prior art is all not efficient enough, no The revocation of flexible user and attribute in cloud storage system are supported, it is therefore proposed that a kind of support revocation outsourcing can verify that more mandates Center access control method is necessary.
In conclusion problem of the existing technology is:The prior art all not enough efficiently, is not supported clever in cloud storage system The revocation of user and attribute living;Computation complexity is high, and expense is big, and revocation is difficult.
Solve the difficulty and meaning of above-mentioned technical problem:Access control technology based on encryption attribute is also brought along greatly It is more intractable always especially to cancel problem for administrative burden.On the one hand, due in cloud storage system number of users it is more huge, User may frequently replace.In addition, the attribute of user can may also often change.Certain new categories may be awarded in user Property, it is also possible to some current attributes are revoked, he can also change the access rights of data therewith.On the other hand, work as needs When cancelling the permission of some user, need to carry out re-encryption to the ciphertext being related to, the file after re-encryption cannot be again by it Preceding secret key decryption, so other affected users need upgrade key that could decrypt, this makes between each user not It is independent again, it interferes each other.In addition, if permission revocation is frequently, computation burden also can be very big, and the dynamic of attribute increases The expense and difficulty of key updating are added.
Invention content
In view of the problems of the existing technology, the present invention provides a kind of support revocation outsourcings can verify that more authorization centers are visited Ask control method, Cloud Server.
The invention is realized in this way a kind of support revocation outsourcing can verify that more authorization center access control methods, it is described Revocation outsourcing is supported to can verify that more authorization center access control methods include:Global authentication center CA's and other authorization centers AA Initialization is that all authorization centers and user distribute corresponding identity in system, generates global common parameter and encryption Required key;Authorization center is user's distributive property collection, and generates the key needed for decryption;Data owner carries out file Encryption;User sends out file access request to cloud service provider;Certain user in cancellation system or certain attributes.
Further, the key includes:Storage is used for completing beyond the clouds the proxy signature key of part decryption and by user oneself The private key for user for being used for completing finally to decrypt of keeping;
Ciphering process includes the computations of part being carried out by cloud service provider, and the ciphertext of generation is sent to data and is possessed Person, data owner complete final encryption again;After the completion of encryption, ciphertext is uploaded to cloud service provider and is stored;
After cloud service provider receives request, part decryption is carried out to file using the proxy signature key of the user of storage beyond the clouds, And the ciphertext that the part is decrypted is sent to user;After receiving ciphertext, user reuses the private key of oneself and is decrypted, and only belongs to Property meet the user of access strategy could successful decryption ciphertext;
When user's revocation occurs, the identity for cancelling user is sent to cloud service provider, cloud service by data owner Quotient searches proxy signature key list, and deletes the proxy signature key of the user, loses proxy signature key, and user can not then decrypt to extensive Recover lost eyesight text;When attribute revocation occurs, data owner needs re-encryption ciphertext, while authorization center needs other in more new system are non-to remove Sell the key of user;The work of the part of ciphertext re-encryption and key updating is contracted out to cloud service provider completion.
Further, the initialization specifically includes:
(1) CA is initialized, and CA chooses a system security parameter λ and an Attribute domain U first, and then selecting three ranks is The multiplicative cyclic group G of p1, G2And GT, g1, g2For G1, G2Generation member, bilinear map e:G1×G2→GT, and select two Hash function H:{0,1}*→Zp, F:GT→Zp.One random number a ∈ Z of CA reselectionsp, ultimately produce global common parameter:
CA can be that each legal authorization center issues a globally unique identity aid in system, be closed to be each Method user issues a globally unique identity uid;
(2) AA is initialized, AAaidThe property set of management is defined asRelevant authorization center set is defined as IA;AAaid Two random number α are selected firstaidaid∈Zp, for property setIn each attribute xk, AAaidAll randomly choose one only One version number vk, last computation attribute public key, authorization center public key, authorization center private key are as follows:
Further, authorization center is user's distributive property collection, and the key generated needed for decryption specifically includes:
(1)AAaidIt is that each validated user distributes corresponding property set S firstuid,aid, it is then each user selection one A globally unique random number zuid∈Zp, as private key for user, proxy signature key and the private key for user for calculating user are as follows:
SKuid=zuid
(2) proxy signature key { PxK generateduid,aidIt will be sent to cloud service provider storage, cloud service provider executes LPxK= LPxK∪{uid,PxKuid,aid, the proxy signature key of user is added to proxy signature key list LPxKIn, private key for user SKuidThen send out Corresponding user is given, is taken care of by user oneself.
Further, data owner is encrypted file and specifically includes:
(1) cloud service provider selects a random number s ' ∈ Z firstp, for i ∈ { 1 ..., l }, all randomly choose λi′,γi′ ∈Zp, it is as follows to calculate ciphertext:
The encrypted ciphertext CT of output par, cout={ s ', C0,(Ci,1,Ci,2i′,γi′)i∈{1,…,l}};
(2) data owner receives CToutAfterwards, it is whether correct that the result will be verified, first checked forIt is whether true; If invalid, b=0 is directly exported, the result for representing outsourcing calculating is incorrect;Otherwise, to i ∈ { 1 ..., l }, data possess Person calculates:
ti=(a λi′-vρ(i)·γi-H(ρ(i))·γi)modp;
And then a security parameter r is chosen, and randomly choose s1,…,sl∈{0,1}r, calculate:
IfB=1 is exported, indicates that result of calculation is correct;Otherwise, b=0 is exported, indicates result mistake;
(3) data owner demonstrates CToutAfter correct, remaining cryptographic operation will be continued to complete, enable A indicate a l × The matrix of n, l are the sum of attribute;The often row of matrix has all been mapped to an attribute by function ρ, and data owner selects first One secret random number s ∈ ZpWith a random vectorWherein, y2,…,ynIt is used to share s.For i ∈ { 1 ..., l }, calculateAiThe i-th row of representing matrix A;Then, then γ is randomly choosed12,…, γl∈Zp, and it is as follows to calculate ciphertext:
Wherein, C ', Ci,3,Ci,4For correcting s, λii。CvResult for verifying outsourcing decryption;Finally, output is complete Ciphertext CT={ C, C ', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
Further, user sends out file access request to cloud service provider and specifically includes:
(1) when user sends out file access request, cloud service provider first checks for whether his attribute set meets access Structure;If his attribute meets access structure, one group of constant w can be foundi∈ZpSo thatWherein I= { 1 ..., l }, then the ciphertext of calculating section decryption is as follows:
After successful decryption, the ciphertext CT ' of part decryption is sent to user;
(2) after user receives the ciphertext CT ' that the part from cloud service provider is decrypted, the result of calculation will be verified whether just Really;User only needs to calculateIt is whether true;If set up, b=1 is exported, indicates that result of calculation is correct;Otherwise, Output b=0 indicates that cloud service provider returns a wrong result;
(3) after user's checking CT ' is correct, with the private key SK of oneselfuidIt can restore in plain text, to calculate as follows:
Further, the certain user in cancellation system or certain attributes specifically include:
(1) when user's revocation occurs, the identity uid for cancelling user is sent to cloud service provider by data owner, After cloud service provider receives user's revocation information, proxy signature key list L will be searchedPxK, and the corresponding proxy signature key of the uid is deleted, so Afterwards by proxy signature key list update to L 'PxK
(2) when attribute revocation occurs, it is non-that data owner needs re-encryption ciphertext while authorization center that need to update other Cancel the key of user;
Authorization center will generate some key updating materials first, prepare for subsequent key updating;Uid indicates all The identity of other non-revocation users, relevant authorization center firstly generate a new attribute version numberCalculated version updates Key isPossess attribute with it to be all againNon- revocation user calculate agent update key beAAaidAttribute Update attribute public key to be revoked isAnd in system Data owner broadcast a piece of news so that they can receive newer attribute public key;Cloud clothes will be sent to Business commercialization carrys out renewal agency key PxKuid,aid,Data owner will be sent to;
Cloud service provider receives agent update keyAfterwards, attribute will be possessed to be allNon- revocation user more cenotype The proxy signature key answeredProxy signature key PxKuid,aidIt will be updated to:
Data owner receives version updating keyAfterwards, calculating ciphertext more new key isAnd Cloud service provider is sent it to re-encryption ciphertext;
Cloud service provider receives ciphertext more new keyAfterwards, updating corresponding ciphertext isRe-encryption Ciphertext afterwards will come forth as follows:
Another object of the present invention is to provide a kind of application support revocation outsourcings can verify that more authorization centers access The Cloud Server of control method.
In conclusion advantages of the present invention and good effect are:The present invention considers the application scenarios of more authorization centers, avoids The single point failure and system bottleneck problem that single authorization center is brought, enrich the Attribute domain of user, improve the efficiency of system, More meet practical application request.Invention introduces outsourcing is calculated, encryption and most of calculate decrypted can be contracted out to cloud clothes Business quotient completes, and greatly reduces the computing cost of data owner's encryption and user's decryption, and improves the access of system Efficiency.
The present invention calculates proof scheme using corresponding outsourcing, by running corresponding verification algorithm, once cloud service provider Return mistake as a result, user can perceive at once, it is ensured that the correctness of follow-up result of calculation.New user and category Property revocation scheme, during user cancels, without completing the work of ciphertext re-encryption and key updating, data owner only needs Cloud service provider is allowed to delete the proxy signature key of revocation user storage beyond the clouds;During attribute cancels, most update It is all contracted out to cloud service provider with re-encryption calculating, user need to only complete to calculate on a small quantity.
Can be respectively that all authorization centers in system and user's distribution are complete invention introduces global authentication center CA Office unique identity aid and uid, only belonging to the private key of same uid could be used for decrypting, so as to avoid user it Between collusion attack.
Description of the drawings
Fig. 1 is that support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control method flows Figure.
Fig. 2 is that support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control methods realize stream Cheng Tu.
Fig. 3 is the sub-process figure of user accesses data provided in an embodiment of the present invention.
Fig. 4 is the sub-process figure of revocation provided in an embodiment of the present invention.
Fig. 5 is the time analogous diagram of encryption consumption provided in an embodiment of the present invention.
Fig. 6 is the time analogous diagram of decryption consumption provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
The present invention is applied to that revocation outsourcing is supported to can verify that more authorization center access control methods in cloud storage, to ensure use The security of private data at family reduces the permission of user in the computing cost of user, and dynamic management system.
As shown in Figure 1, support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control methods Include the following steps:
S101:System initialization includes the initialization of global authentication center CA and other authorization centers AA;
S102:Authorization center is user's distributive property collection, and is the key needed for its generation decryption;
S103:File is encrypted in data owner, and wherein ciphering process includes outsourcing encryption, the verification of outsourcing result And the final encryption of data owner;
S104:User sends out file access request to cloud service provider, which includes cloud service provider outsourcing decryption, outer inclusion The verification of fruit and the final decryption of user;
S105:Certain user in cancellation system or certain attributes.
The application principle of the present invention is further described below in conjunction with the accompanying drawings.
As shown in Fig. 2, support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control methods Specifically include following steps:
Step 1:System initialization.
1.1) CA is initialized.CA chooses a system security parameter λ and an Attribute domain U first, then selects three ranks For the multiplicative cyclic group G of p1, G2And GT, g1, g2For G1, G2Generation member, bilinear map e:G1×G2→GT, and select two A hash function H:{0,1}*→Zp, F:GT→Zp.One random number a ∈ Z of CA reselectionsp, ultimately produce global common parameter:
In addition, all authorization centers and user are required for registering to CA, to verify the legal identity of oneself.CA can be Each legal authorization center issues a globally unique identity aid in system, and one is issued entirely for each validated user The unique identity uid of office;
1.2) AA is initialized.AAaidThe property set of management is defined asRelevant authorization center set is defined as IA。 AAaidTwo random number α are selected firstaidaid∈Zp, for property setIn each attribute xk, AAaidAll randomly choose one A unique version number vk, last computation attribute public key, authorization center public key, authorization center private key are as follows:
Step 2:Authorization center is user's distributive property collection, and is the key needed for its generation decryption.
2.1)AAaidIt is that each validated user distributes corresponding property set S firstuid,aid, it is then each user selection one A globally unique random number zuid∈Zp, as private key for user.Then, proxy signature key and the private key for user for calculating user are as follows:
SKuid=zuid
2.2) proxy signature key { PxK generateduid,aidIt will be sent to cloud service provider storage, cloud service provider executes LPxK= LPxK∪{uid,PxKuid,aid, the proxy signature key of user is added to proxy signature key list LPxKIn.Private key for user SKuidThen send out Corresponding user is given, is taken care of by user oneself.
Step 3:File is encrypted in data owner.
3.1) cloud service provider selects a random number s ' ∈ Z firstp, for i ∈ { 1 ..., l }, all randomly choose λ 'i, γ′i∈Zp, it is as follows to calculate ciphertext:
Then, the encrypted ciphertext CT of output par, cout={ s ', C0,(Ci,1,Ci,2,λ′i,γ′i)i∈{1,…,l}}。
3.2) data owner receives CToutAfterwards, it is whether correct that the result will be verified.It first checks forIt is whether true. If invalid, b=0 is directly exported, the result for representing outsourcing calculating is incorrect.Otherwise, to i ∈ { 1 ..., l }, data possess Person calculates:
ti=(a λi′-vρ(i)·γi-H(ρ(i))·γi)modp;
And then a security parameter r is chosen, and randomly choose s1,…,sl∈{0,1}r, calculate:
IfB=1 is exported, indicates that result of calculation is correct.Otherwise, b=0 is exported, indicates result mistake.
3.3) data owner demonstrates CToutAfter correct, remaining cryptographic operation will be continued to complete.A is enabled to indicate a l The matrix of × n, l are the sum of attribute.The often row of matrix has all been mapped to an attribute by function ρ.Data owner selects first Select a secret random number s ∈ ZpWith a random vectorWherein, y2,…,ynIt is used for point Enjoy s.For i ∈ { 1 ..., l }, calculateAiThe i-th row of representing matrix A.Then, then γ is randomly choosed12,…, γl∈Zp, and it is as follows to calculate ciphertext:
Wherein, C ', Ci,3,Ci,4For correcting s, λii。CvResult for verifying outsourcing decryption.Finally, output is complete Ciphertext CT={ C, C ', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
Step 4:User sends out file access request to cloud service provider.
As shown in figure 3, this step is implemented as follows:
4.1) when user sends out file access request, cloud service provider first checks for whether his attribute set meets access Structure.If his attribute meets access structure, one group of constant w can be foundi∈ZpSo thatWherein I= { 1 ..., l }, then the ciphertext of calculating section decryption is as follows:
After successful decryption, the ciphertext CT ' of part decryption is sent to user.
4.2) after user receives the ciphertext CT ' that the part from cloud service provider is decrypted, the result of calculation will be verified whether just Really.User only needs to calculateIt is whether true.If set up, b=1 is exported, indicates that result of calculation is correct.Otherwise, Output b=0 indicates that cloud service provider returns a wrong result.
4.3) after user's checking CT ' is correct, only the private key SK of oneself need to be useduidIt can restore in plain text, to calculate as follows:
Step 5:Certain user in cancellation system or certain attributes.
As shown in figure 4, this step is implemented as follows:
5.1) when user's revocation occurs, the identity uid for cancelling user is sent to cloud service provider by data owner, After cloud service provider receives user's revocation information, proxy signature key list L will be searchedPxK, and the corresponding proxy signature key of the uid is deleted, so Afterwards by proxy signature key list update to L 'PxK
5.2) when attribute revocation occurs, it is non-that data owner needs re-encryption ciphertext while authorization center that need to update other Cancel the key of user.
5.21) authorization center will generate some key updating materials first, prepare for subsequent key updating.Here it allows Uid indicates that the identity of every other non-revocation user, relevant authorization center firstly generate a new attribute version numberSo Calculated version more new key is afterwardsPossess attribute with it to be all againNon- revocation user calculate agency More new key isThen, AAaidAttribute Update attribute public key to be revoked is And broadcast a piece of news for the data owner in system so that they can receive newer attribute public key.Then, Cloud service provider will be sent to and be used for renewal agency key PxKuid,aid,Data owner will be sent to.
5.22) cloud service provider receives agent update keyAfterwards, attribute will be possessed to be allNon- revocation user Update corresponding proxy signature keyProxy signature key PxKuid,aidIt will be updated to:
5.23) data owner receives version updating keyAfterwards, calculating ciphertext more new key is And cloud service provider is sent it to re-encryption ciphertext.
5.24) cloud service provider receives ciphertext more new keyAfterwards, updating corresponding ciphertext is Ciphertext after re-encryption will come forth as follows:
The application effect of the present invention is explained in detail with reference to emulation.
1. simulated conditions
Simulated environment is:Desktop computer, configuration areCPU G630@270GHz 4.00GB RAM, behaviour It is 64 Ubuntu14.04 to make system.Based on Charm tools, realization language is Python.
2. emulation content and interpretation of result
It is accessed to data file using the method for the present invention, as a result as shown in Figure 5 and Figure 6, from figure 5 it can be seen that encrypting The time of cloud service provider outsourcing encryption consumption encrypts time big more of consumption than data owner in the process, and with attribute Several increase and it is elongated, and data owner encrypts the time of consumption probably in 0.05s or so.Just because of most of complexity Calculating has all been contracted out to cloud service provider, and data owner need to only complete to calculate on a small quantity, greatly reduce data owner Computing cost.In figure 6, the time of outsourcing decryption consumption decrypts the time of consumption also much larger than user, and with attribute number Increase and it is elongated, and user decrypt consumption time probably in 0.03s or so, almost steady state value.Likewise, due to big portion Complicated calculating is divided all to be contracted out to cloud service provider, user finally need to only complete simple exponent arithmetic, greatly reduce The computing cost of user.
By simulation result it is found that the present invention can greatly in reduction system user computing cost, improve the access of system Efficiency, this is extremely important in practical applications.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.

Claims (8)

1. a kind of support revocation outsourcing can verify that more authorization center access control methods, which is characterized in that the support revocation is outer Packet can verify that more authorization center access control methods include:The initialization of global authentication center CA and other authorization centers AA is All authorization centers and user distribute corresponding identity in system, generate close needed for global common parameter and encryption Key;Authorization center is user's distributive property collection, and generates the key needed for decryption;File is encrypted in data owner;With Family sends out file access request to cloud service provider;Certain user in cancellation system or certain attributes.
2. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that institute Stating key includes:Storage is used for completing beyond the clouds the proxy signature key of part decryption and is taken care of by user oneself final for completing The private key for user of decryption;
Ciphering process includes the computations of part being carried out by cloud service provider, and the ciphertext of generation is sent to data owner, Data owner completes final encryption again;After the completion of encryption, ciphertext is uploaded to cloud service provider and is stored;
After cloud service provider receives request, part decryption is carried out to file using the proxy signature key of the user of storage beyond the clouds, and will The ciphertext of part decryption is sent to user;After receiving ciphertext, user reuses the private key of oneself and is decrypted, and only attribute is full The user of sufficient access strategy could successful decryption ciphertext;
When user's revocation occurs, the identity for cancelling user is sent to cloud service provider by data owner, and cloud service provider is looked into Proxy signature key list is looked for, and deletes the proxy signature key of the user, loses proxy signature key, user can not then decrypt to restore bright Text;When attribute revocation occurs, data owner needs re-encryption ciphertext, while authorization center needs the non-revocation of other in more new system to use The key at family;The work of the part of ciphertext re-encryption and key updating is contracted out to cloud service provider completion.
3. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that institute Initialization is stated to specifically include:
(1) CA is initialized, and CA chooses a system security parameter λ and an Attribute domain U first, and it is p's then to select three ranks Multiplicative cyclic group G1, G2And GT, g1, g2For G1, G2Generation member, bilinear map e:G1×G2→GT, and select two Hash Function H:{0,1}*→Zp, F:GT→Zp;One random number a ∈ Z of CA reselectionsp, ultimately produce global common parameter:
CA can be that each legal authorization center issues a globally unique identity aid in system, for each legal use Issue a globally unique identity uid in family;
(2) AA is initialized, AAaidThe property set of management is defined asRelevant authorization center set is defined as IA;AAaidFirst Select two random number αaidaid∈Zp, for property setIn each attribute xk, AAaidAll randomly choose one uniquely Version number vk, last computation attribute public key, authorization center public key, authorization center private key are as follows:
4. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that award Power center is user's distributive property collection, and the key generated needed for decryption specifically includes:
(1)AAaidIt is that each validated user distributes corresponding property set S firstuid,aid, then an overall situation is selected for each user Unique random number zuid∈Zp, as private key for user, proxy signature key and the private key for user for calculating user are as follows:
SKuid=zuid
(2) proxy signature key { PxK generateduid,aidIt will be sent to cloud service provider storage, cloud service provider executes LPxK=LPxK∪ {uid,PxKuid,aid, the proxy signature key of user is added to proxy signature key list LPxKIn, private key for user SKuidThen it is sent to phase The user answered is taken care of by user oneself.
5. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that number File is encrypted according to owner and is specifically included:
(1) cloud service provider selects a random number s ' ∈ Z firstp, for i ∈ { 1 ..., l }, all randomly choose λi′,γi′∈Zp, It is as follows to calculate ciphertext:
The encrypted ciphertext CT of output par, cout={ s ', C0,(Ci,1,Ci,2i′,γi′)i∈{1,…,l}};
(2) data owner receives CToutAfterwards, it is whether correct that the result will be verified, first checked forIt is whether true;If It is invalid, b=0 is directly exported, the result for representing outsourcing calculating is incorrect;Otherwise, to i ∈ { 1 ..., l }, data owner's meter It calculates:
ti=(a λi′-vρ(i)·γi-H(ρ(i))·γi)modp;
And then a security parameter r is chosen, and randomly choose s1,…,sl∈{0,1}r, calculate:
IfB=1 is exported, indicates that result of calculation is correct;Otherwise, b=0 is exported, indicates result mistake;
(3) data owner demonstrates CToutAfter correct, remaining cryptographic operation will be continued to complete, enables one l × n's of A expressions Matrix, l are the sum of attribute;The often row of matrix has all been mapped to an attribute by function ρ, and data owner selects one first Secret random number s ∈ ZpWith a random vectorWherein, y2,…,ynIt is used to share s;It is right In i ∈ { 1 ..., l }, calculateAiThe i-th row of representing matrix A;Then, then γ is randomly choosed12,…,γl∈ Zp, and it is as follows to calculate ciphertext:
Wherein, C ', Ci,3,Ci,4For correcting s, λii;CvResult for verifying outsourcing decryption;Finally, output is complete close Literary CT={ C, C ', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
6. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that use Family sends out file access request to cloud service provider and specifically includes:
(1) when user sends out file access request, cloud service provider first checks for whether his attribute set meets access structure; If his attribute meets access structure, one group of constant w can be foundi∈ZpSo thatWherein I={ 1 ..., l }, Then the ciphertext of calculating section decryption is as follows:
After successful decryption, the ciphertext CT ' of part decryption is sent to user;
(2) after user receives the ciphertext CT ' that the part from cloud service provider is decrypted, it is whether correct that the result of calculation will be verified;With Family only needs to calculateIt is whether true;If set up, b=1 is exported, indicates that result of calculation is correct;Otherwise, b is exported =0 expression cloud service provider returns a wrong result;
(3) after user's checking CT ' is correct, with the private key SK of oneselfuidIt can restore in plain text, to calculate as follows:
7. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that remove Certain user or certain attributes in pin system specifically include:
(1) when user's revocation occurs, the identity uid for cancelling user is sent to cloud service provider, cloud clothes by data owner After business quotient receives user's revocation information, proxy signature key list L will be searchedPxK, and the corresponding proxy signature key of the uid is deleted, then will Proxy signature key list update is to L 'PxK
(2) when attribute revocation occurs, data owner needs re-encryption ciphertext, and authorization center need to update other non-revocations simultaneously The key of user;
Authorization center will generate some key updating materials first, prepare for subsequent key updating;Uid indicates every other non- The identity of user is cancelled, relevant authorization center firstly generates a new attribute version numberCalculated version more new key isPossess attribute with it to be all againNon- revocation user calculate agent update key be AAaidAttribute Update attribute public key to be revoked isAnd it is data owner's broadcast one in system Message so that they can receive newer attribute public key;It is close for renewal agency that cloud service provider will be sent to Key PxKuid,aid,Data owner will be sent to;
Cloud service provider receives agent update keyAfterwards, attribute will be possessed to be allNon- revocation user update it is corresponding Proxy signature keyProxy signature key PxKuid,aidIt will be updated to:
Data owner receives version updating keyAfterwards, calculating ciphertext more new key isAnd by its Cloud service provider is sent to re-encryption ciphertext;
Cloud service provider receives ciphertext more new keyAfterwards, updating corresponding ciphertext isAfter re-encryption Ciphertext will come forth as follows:
8. revocation outsourcing is supported to can verify that more authorization center access control sides described in a kind of application claim 1~7 any one The Cloud Server of method.
CN201810149575.8A 2018-02-13 2018-02-13 Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server Active CN108390876B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810149575.8A CN108390876B (en) 2018-02-13 2018-02-13 Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810149575.8A CN108390876B (en) 2018-02-13 2018-02-13 Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server

Publications (2)

Publication Number Publication Date
CN108390876A true CN108390876A (en) 2018-08-10
CN108390876B CN108390876B (en) 2021-12-14

Family

ID=63069620

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810149575.8A Active CN108390876B (en) 2018-02-13 2018-02-13 Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server

Country Status (1)

Country Link
CN (1) CN108390876B (en)

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547413A (en) * 2018-10-23 2019-03-29 莆田学院 The access control method of convertible data cloud storage with data source authentication
CN109768858A (en) * 2018-12-26 2019-05-17 西安电子科技大学 Based on the encryption attribute access control system more authorized and design method under cloud environment
CN109831430A (en) * 2019-01-30 2019-05-31 中国科学院信息工程研究所 Safely controllable efficient data sharing method and system under a kind of cloud computing environment
CN109981641A (en) * 2019-03-26 2019-07-05 北京邮电大学 A kind of safe distribution subscription system and distribution subscription method based on block chain technology
CN109981263A (en) * 2019-02-28 2019-07-05 复旦大学 A kind of distribution based on CP-ABE can verify that random digit generation method
CN109981601A (en) * 2019-03-06 2019-07-05 南京信息工程大学 Business administration common data under cloud environment based on dual factors protects system and method
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN110247767A (en) * 2019-06-28 2019-09-17 北京工业大学 Voidable attribute base outsourcing encryption method in mist calculating
CN110443069A (en) * 2019-08-06 2019-11-12 广东工业大学 A kind of method, system and the equipment of mobile social networking secret protection
CN110602063A (en) * 2019-08-27 2019-12-20 西安电子科技大学 Multi-authorization-center access control method and system and cloud storage system
CN110636500A (en) * 2019-08-27 2019-12-31 西安电子科技大学 Access control system and method supporting cross-domain data sharing and wireless communication system
CN111130767A (en) * 2019-11-30 2020-05-08 西安电子科技大学 Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking
CN111181719A (en) * 2019-12-30 2020-05-19 山东师范大学 Hierarchical access control method and system based on attribute encryption in cloud environment
CN111241561A (en) * 2020-01-10 2020-06-05 福州大学 User authenticable outsourcing image denoising method based on privacy protection
CN111447200A (en) * 2020-03-24 2020-07-24 湖南兴天电子科技有限公司 Data processing method, device, system, electronic equipment and storage medium
CN111698083A (en) * 2020-06-03 2020-09-22 湖南大学 Attribute-based encryption method capable of outsourcing multiple authorization centers
CN111901320A (en) * 2020-07-16 2020-11-06 西南交通大学 Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack
CN111917721A (en) * 2020-06-28 2020-11-10 石家庄铁道大学 Attribute encryption method based on block chain
CN112187777A (en) * 2020-09-24 2021-01-05 深圳市赛为智能股份有限公司 Intelligent traffic sensing data encryption method and device, computer equipment and storage medium
CN112564903A (en) * 2020-12-08 2021-03-26 西安电子科技大学 Decentering access control method for data security sharing in smart power grid
CN112565223A (en) * 2020-11-27 2021-03-26 东莞职业技术学院 Internet of things-oriented attribute encryption access control method, system and storage medium
CN113079177A (en) * 2021-04-15 2021-07-06 河南大学 Remote sensing data sharing method based on time and decryption frequency limitation
CN113411323A (en) * 2021-06-16 2021-09-17 上海应用技术大学 Medical record data access control system and method based on attribute encryption
CN113438254A (en) * 2021-08-24 2021-09-24 北京金睛云华科技有限公司 Distributed classification method and system for ciphertext data in cloud environment
CN113489683A (en) * 2021-06-11 2021-10-08 东莞职业技术学院 Key abuse prevention decentralized attribute-based encryption method, system and storage medium
CN113489732A (en) * 2021-07-13 2021-10-08 郑州轻工业大学 Content sharing privacy protection method for resisting collusion attack
CN113486384A (en) * 2021-07-28 2021-10-08 北京字节跳动网络技术有限公司 Key updating method, device, multi-attribute authority management system, equipment and medium
CN114362924A (en) * 2020-09-29 2022-04-15 湖南大学 CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization
CN114944915A (en) * 2022-06-10 2022-08-26 敏于行(北京)科技有限公司 Threshold proxy re-encryption method and related device for non-interactive dynamic proxy
CN115834130A (en) * 2022-10-25 2023-03-21 西安电子科技大学 Attribute-based encryption method for realizing partial strategy hiding

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
CN104486315A (en) * 2014-12-08 2015-04-01 北京航空航天大学 Revocable key external package decryption method based on content attributes
US20150222605A1 (en) * 2012-08-17 2015-08-06 Koninklijke Philips. N.V. Attribute-based encryption
CN104901942A (en) * 2015-03-10 2015-09-09 重庆邮电大学 Distributed access control method for attribute-based encryption
WO2018006715A1 (en) * 2016-07-05 2018-01-11 阿里巴巴集团控股有限公司 Authority revoking method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150222605A1 (en) * 2012-08-17 2015-08-06 Koninklijke Philips. N.V. Attribute-based encryption
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
CN104486315A (en) * 2014-12-08 2015-04-01 北京航空航天大学 Revocable key external package decryption method based on content attributes
CN104901942A (en) * 2015-03-10 2015-09-09 重庆邮电大学 Distributed access control method for attribute-based encryption
WO2018006715A1 (en) * 2016-07-05 2018-01-11 阿里巴巴集团控股有限公司 Authority revoking method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HU XIONG 等: "Comments on "Verifiable and Exculpable Outsourced Attribute-Based Encryption for Access Control in Cloud Computing"", 《 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 *
关志有 等: "面向云存储的基于属性加密的多授权中心访问控制方案", 《通信学报》 *

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547413B (en) * 2018-10-23 2021-04-27 莆田学院 Access control method of convertible data cloud storage with data source authentication
CN109547413A (en) * 2018-10-23 2019-03-29 莆田学院 The access control method of convertible data cloud storage with data source authentication
CN109768858A (en) * 2018-12-26 2019-05-17 西安电子科技大学 Based on the encryption attribute access control system more authorized and design method under cloud environment
CN109768858B (en) * 2018-12-26 2022-03-08 西安电子科技大学 Multi-authorization-based attribute encryption access control system in cloud environment and design method
CN109831430A (en) * 2019-01-30 2019-05-31 中国科学院信息工程研究所 Safely controllable efficient data sharing method and system under a kind of cloud computing environment
CN109831430B (en) * 2019-01-30 2020-05-22 中国科学院信息工程研究所 Safe, controllable and efficient data sharing method and system under cloud computing environment
CN109981263A (en) * 2019-02-28 2019-07-05 复旦大学 A kind of distribution based on CP-ABE can verify that random digit generation method
CN109981601A (en) * 2019-03-06 2019-07-05 南京信息工程大学 Business administration common data under cloud environment based on dual factors protects system and method
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system
CN109981641A (en) * 2019-03-26 2019-07-05 北京邮电大学 A kind of safe distribution subscription system and distribution subscription method based on block chain technology
CN109981641B (en) * 2019-03-26 2020-10-02 北京邮电大学 Block chain technology-based safe publishing and subscribing system and publishing and subscribing method
CN110247767B (en) * 2019-06-28 2022-03-29 北京工业大学 Revocable attribute-based outsourcing encryption method in fog calculation
CN110247767A (en) * 2019-06-28 2019-09-17 北京工业大学 Voidable attribute base outsourcing encryption method in mist calculating
CN110443069A (en) * 2019-08-06 2019-11-12 广东工业大学 A kind of method, system and the equipment of mobile social networking secret protection
CN110636500A (en) * 2019-08-27 2019-12-31 西安电子科技大学 Access control system and method supporting cross-domain data sharing and wireless communication system
CN110602063A (en) * 2019-08-27 2019-12-20 西安电子科技大学 Multi-authorization-center access control method and system and cloud storage system
CN110636500B (en) * 2019-08-27 2022-04-05 西安电子科技大学 Access control system and method supporting cross-domain data sharing and wireless communication system
CN111130767A (en) * 2019-11-30 2020-05-08 西安电子科技大学 Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking
CN111181719A (en) * 2019-12-30 2020-05-19 山东师范大学 Hierarchical access control method and system based on attribute encryption in cloud environment
CN111241561A (en) * 2020-01-10 2020-06-05 福州大学 User authenticable outsourcing image denoising method based on privacy protection
CN111241561B (en) * 2020-01-10 2022-05-03 福州大学 User certifiable outsourcing image denoising method based on privacy protection
CN111447200A (en) * 2020-03-24 2020-07-24 湖南兴天电子科技有限公司 Data processing method, device, system, electronic equipment and storage medium
CN111447200B (en) * 2020-03-24 2022-03-08 湖南兴天电子科技有限公司 Data processing method, device, system, electronic equipment and storage medium
CN111698083A (en) * 2020-06-03 2020-09-22 湖南大学 Attribute-based encryption method capable of outsourcing multiple authorization centers
CN111917721A (en) * 2020-06-28 2020-11-10 石家庄铁道大学 Attribute encryption method based on block chain
CN111917721B (en) * 2020-06-28 2022-04-05 石家庄铁道大学 Attribute encryption method based on block chain
CN111901320A (en) * 2020-07-16 2020-11-06 西南交通大学 Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack
CN111901320B (en) * 2020-07-16 2021-05-11 西南交通大学 Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack
CN112187777A (en) * 2020-09-24 2021-01-05 深圳市赛为智能股份有限公司 Intelligent traffic sensing data encryption method and device, computer equipment and storage medium
CN114362924A (en) * 2020-09-29 2022-04-15 湖南大学 CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization
CN112565223A (en) * 2020-11-27 2021-03-26 东莞职业技术学院 Internet of things-oriented attribute encryption access control method, system and storage medium
CN112564903A (en) * 2020-12-08 2021-03-26 西安电子科技大学 Decentering access control method for data security sharing in smart power grid
CN113079177A (en) * 2021-04-15 2021-07-06 河南大学 Remote sensing data sharing method based on time and decryption frequency limitation
CN113489683A (en) * 2021-06-11 2021-10-08 东莞职业技术学院 Key abuse prevention decentralized attribute-based encryption method, system and storage medium
CN113489683B (en) * 2021-06-11 2023-05-16 东莞职业技术学院 Anti-misuse key decentralization attribute-based encryption method, system and storage medium
CN113411323A (en) * 2021-06-16 2021-09-17 上海应用技术大学 Medical record data access control system and method based on attribute encryption
CN113489732A (en) * 2021-07-13 2021-10-08 郑州轻工业大学 Content sharing privacy protection method for resisting collusion attack
CN113486384A (en) * 2021-07-28 2021-10-08 北京字节跳动网络技术有限公司 Key updating method, device, multi-attribute authority management system, equipment and medium
CN113438254A (en) * 2021-08-24 2021-09-24 北京金睛云华科技有限公司 Distributed classification method and system for ciphertext data in cloud environment
CN113438254B (en) * 2021-08-24 2021-11-05 北京金睛云华科技有限公司 Distributed classification method and system for ciphertext data in cloud environment
CN114944915A (en) * 2022-06-10 2022-08-26 敏于行(北京)科技有限公司 Threshold proxy re-encryption method and related device for non-interactive dynamic proxy
CN114944915B (en) * 2022-06-10 2023-03-10 敏于行(北京)科技有限公司 Threshold proxy re-encryption method and related device for non-interactive dynamic proxy
CN115834130A (en) * 2022-10-25 2023-03-21 西安电子科技大学 Attribute-based encryption method for realizing partial strategy hiding

Also Published As

Publication number Publication date
CN108390876B (en) 2021-12-14

Similar Documents

Publication Publication Date Title
CN108390876A (en) Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
CN108810004A (en) More authorization center access control methods, cloud storage system can be revoked based on agency
Tong et al. Cloud-assisted mobile-access of health data with privacy and auditability
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN108833393A (en) A kind of revocable data sharing method calculated based on mist
CN111695095B (en) Partial strategy hiding access control method, system and wireless communication system
CN109818757A (en) Cloud storage data access control method, Attribute certificate awarding method and system
CN108418784A (en) A kind of distributed cross-domain authorization and access control method based on properties secret
CN110602063A (en) Multi-authorization-center access control method and system and cloud storage system
Zuo et al. BCAS: A blockchain-based ciphertext-policy attribute-based encryption scheme for cloud data security sharing
CN103227789B (en) The fine-grained access control method of lightweight under a kind of cloud environment
CN104935590A (en) HDFS access control method based on role and user trust value
CN103179114A (en) Fine-grained access control method for data in cloud storage
CN108111540A (en) The hierarchical access control system and method for data sharing are supported in a kind of cloud storage
Shen et al. Multi-security-level cloud storage system based on improved proxy re-encryption
Fan et al. A secure and efficient outsourced computation on data sharing scheme for privacy computing
CN106487506A (en) A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering
Susilo et al. EACSIP: Extendable access control system with integrity protection for enhancing collaboration in the cloud
CN106656997A (en) Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method
CN107040374A (en) The attribute base data encryption method of user's Dynamic Revocation is supported under a kind of cloud storage environment
Zhang et al. Efficient and privacy-aware attribute-based data sharing in mobile cloud computing
CN109617855B (en) File sharing method, device, equipment and medium based on CP-ABE layered access control
CN108880801A (en) The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice
Sethia et al. CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant