CN108390876A - Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server - Google Patents
Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server Download PDFInfo
- Publication number
- CN108390876A CN108390876A CN201810149575.8A CN201810149575A CN108390876A CN 108390876 A CN108390876 A CN 108390876A CN 201810149575 A CN201810149575 A CN 201810149575A CN 108390876 A CN108390876 A CN 108390876A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- service provider
- ciphertext
- cloud service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field characterized by agreement, discloses a kind of support revocation outsourcing and can verify that more authorization center access control methods, Cloud Server, including:System initialization includes the initialization of global authentication center and other authorization centers;Authorization center is user's distributive property collection, and is the key needed for its generation decryption;File is encrypted in data owner, and wherein ciphering process includes outsourcing encryption, the verification of outsourcing result and the final encryption of data owner;User sends out file access request to cloud service provider, which includes cloud service provider outsourcing decryption, the verification of outsourcing result and the final decryption of user;Certain user in cancellation system or certain attributes.The present invention has many advantages, such as that system access efficiency is high, computing cost is relatively low, supports dynamic user authority management, can be used in cloud storage ensureing the security of private data of user, reduces the permission of user in the computing cost of user, and dynamic management system.
Description
Technical field
The invention belongs to characterized by agreement technical field more particularly to a kind of support revocation outsourcing can verify that more mandates
Center access control method, Cloud Server.
Background technology
Currently, the prior art commonly used in the trade is such:With the continuous development of information technology, people’s lives obtain
Huge improvement.Wherein, the growth momentum of cloud computing is swift and violent, causes the extensive concern of people.Cloud computing, which is one, to be had
The entity of huge computing capability and storage capacity, be network storage, virtualization, load balancing, Distributed Calculation, parallel computation,
The product that traditional calculations technology and the network technical developments such as effectiveness calculating are combined.Its powerful place is, can will calculate
Resource is distributed to user by network dynamic.Meanwhile the data of itself or resource can be also stored in Cloud Server by user,
Or some complicated calculating tasks are contracted out to cloud service provider.In this way, user will no longer by geographical location and have
The limitation of the computing resource of limit will calculate side in addition, complicated calculating task can dispose on distributed computer at the far end
Edge greatly improves the efficiency of calculating.Cloud storage is from cloud computing conception deriving and a kind of data outsourcing to grow up
Service technology refers to by functions such as cluster application, network technology or distributed file systems, by a large amount of various differences in network
The storage device of type gathers the common externally offer data of collaborative work by application software, possesses low cost, is easy to
The advantage of the interface and enhanced scalability that use.For users, it is not very beyond the clouds by the sensitive data of itself storage
Safety.Cloud service provider is not completely believable, may be colluded with due to interests and disabled user, to reveal the number of user
According to.The safety of data and shortage controlling are to hinder the biggest obstacle of cloud storage development.Access control can ensure only to award
Weigh user's ability access sensitive data, it is considered to be solve the important means of cloud storage safety problem.However traditional access control
There are many problems for scheme processed, it can not be applied to the more flexible access controlled environments of more fine granularity, and need trusted entity
Implement access control policy.Access control scheme based on encryption attribute can solve the above problems, it is considered to be one kind is suitble to
Applied to the access control technology for protecting data safety in cloud storage environment.Encryption mechanism based on attribute is in identity-based
It is developed on encryption mechanism.2005, Sahai and Waters proposed the concept that attribute base encrypts (ABE) at first.It compares
In traditional public key encryption, it is a kind of to support one-to-many more flexible encryption mechanism.It, will in attribute-based encryption system
Originally indicate that the mark of user identity is extended to a series of attributes, the key of ciphertext and user is respectively by access control policy and can
The attribute set of description identifies.By introducing access structure, it is ensured that only property set meets the user of access strategy
It can successful decryption ciphertext.Encryption mechanism based on attribute greatly reduces the computing cost of user's encryption and decryption, it is ensured that number
According to confidentiality, be suitably applied the numerous situation of number of users under distributed environment.Encryption based on attribute is divided into two classes:
(1) encryption attribute (CP-ABE) of Ciphertext policy:In the encryption attribute of Ciphertext policy, ciphertext corresponds to access control policy,
I.e. an encipherer defines a control strategy and some attributes, wherein this strategy is used for encrypted cipher text, these attributes are used for
The key of user is described;(2) encryption attribute (KP-ABE) of key strategy:In the encryption attribute of key strategy, key pair is answered
In access control policy, ciphering process is opposite with the ciphering process of Ciphertext policy.Although KP-ABE and CP-ABE can be realized
Fine-grained access control, but CP-ABE can make data owner determine specific access control policy, therefore CP-ABE
It is considered as most suitable data access control program in cloud storage.In CP-ABE schemes, each validated user in system
Certain attribute is had been assigned, according to the property set of each user, to generate the key of each user.Data owner will first count
According to plaintext symmetric key encryption, then key public key encryption method is encrypted, and during public key encryption, including
One access structure T.If certain user wants decryption ciphertext, attribute must satisfy access structure T.Data owner is by setting
Access structure T is determined, to implement its access control policy.Existing CP-ABE schemes are mostly based on an authorization center, all
Key is all managed and is issued by the authorization center.However, user may possess and be awarded from multiple authorization centers in practical applications
Data sharing can also may be given the user of other authorization center management by the attribute given, data owner.For example, in medical cloud system
In system, their medical record data may be shared to doctor and researcher by patient, and doctor this attribute is by therapeutic machine
What structure was authorized, this attribute of researcher is authorized by research institute, they are from different Attribute domains, therefore, more authorization centers
CP-ABE schemes are more suitable in cloud storage system.In attribute-based encryption system, the computing cost of encryption and decryption phase
It is no small.It is a good selection that part in the process, which is calculated, and is contracted out to cloud service provider.However, cloud service provider has not been
Complete believable, it may only carry out part calculating, return to a median, or deliberately give return one wrong result.
It is therefore proposed that a kind of method for the result of calculation being able to verify that cloud service provider, it appears particularly important.In addition, being based on encryption attribute
Access control technology also bring along great administrative burden, especially cancel problem it is more intractable always.On the one hand, due to cloud
Number of users is more huge in storage system, and user may frequently replace.In addition, the attribute of user can may also often become
More.Certain new attributes may be awarded in user, it is also possible to be revoked some current attributes, his access rights to data
It can change therewith.On the other hand, it when needing to cancel the permission of some user, needs to carry out re-encryption to the ciphertext being related to,
File after re-encryption cannot be again by secret key decryption before, so other affected users need upgrade key ability
Decryption, this makes no longer independent between each user, interferes each other.In addition, if permission revocation is frequently, calculate negative
Load also can be very big, and the dynamic of attribute increases the expense and difficulty of key updating.Most prior art is all not efficient enough, no
The revocation of flexible user and attribute in cloud storage system are supported, it is therefore proposed that a kind of support revocation outsourcing can verify that more mandates
Center access control method is necessary.
In conclusion problem of the existing technology is:The prior art all not enough efficiently, is not supported clever in cloud storage system
The revocation of user and attribute living;Computation complexity is high, and expense is big, and revocation is difficult.
Solve the difficulty and meaning of above-mentioned technical problem:Access control technology based on encryption attribute is also brought along greatly
It is more intractable always especially to cancel problem for administrative burden.On the one hand, due in cloud storage system number of users it is more huge,
User may frequently replace.In addition, the attribute of user can may also often change.Certain new categories may be awarded in user
Property, it is also possible to some current attributes are revoked, he can also change the access rights of data therewith.On the other hand, work as needs
When cancelling the permission of some user, need to carry out re-encryption to the ciphertext being related to, the file after re-encryption cannot be again by it
Preceding secret key decryption, so other affected users need upgrade key that could decrypt, this makes between each user not
It is independent again, it interferes each other.In addition, if permission revocation is frequently, computation burden also can be very big, and the dynamic of attribute increases
The expense and difficulty of key updating are added.
Invention content
In view of the problems of the existing technology, the present invention provides a kind of support revocation outsourcings can verify that more authorization centers are visited
Ask control method, Cloud Server.
The invention is realized in this way a kind of support revocation outsourcing can verify that more authorization center access control methods, it is described
Revocation outsourcing is supported to can verify that more authorization center access control methods include:Global authentication center CA's and other authorization centers AA
Initialization is that all authorization centers and user distribute corresponding identity in system, generates global common parameter and encryption
Required key;Authorization center is user's distributive property collection, and generates the key needed for decryption;Data owner carries out file
Encryption;User sends out file access request to cloud service provider;Certain user in cancellation system or certain attributes.
Further, the key includes:Storage is used for completing beyond the clouds the proxy signature key of part decryption and by user oneself
The private key for user for being used for completing finally to decrypt of keeping;
Ciphering process includes the computations of part being carried out by cloud service provider, and the ciphertext of generation is sent to data and is possessed
Person, data owner complete final encryption again;After the completion of encryption, ciphertext is uploaded to cloud service provider and is stored;
After cloud service provider receives request, part decryption is carried out to file using the proxy signature key of the user of storage beyond the clouds,
And the ciphertext that the part is decrypted is sent to user;After receiving ciphertext, user reuses the private key of oneself and is decrypted, and only belongs to
Property meet the user of access strategy could successful decryption ciphertext;
When user's revocation occurs, the identity for cancelling user is sent to cloud service provider, cloud service by data owner
Quotient searches proxy signature key list, and deletes the proxy signature key of the user, loses proxy signature key, and user can not then decrypt to extensive
Recover lost eyesight text;When attribute revocation occurs, data owner needs re-encryption ciphertext, while authorization center needs other in more new system are non-to remove
Sell the key of user;The work of the part of ciphertext re-encryption and key updating is contracted out to cloud service provider completion.
Further, the initialization specifically includes:
(1) CA is initialized, and CA chooses a system security parameter λ and an Attribute domain U first, and then selecting three ranks is
The multiplicative cyclic group G of p1, G2And GT, g1, g2For G1, G2Generation member, bilinear map e:G1×G2→GT, and select two
Hash function H:{0,1}*→Zp, F:GT→Zp.One random number a ∈ Z of CA reselectionsp, ultimately produce global common parameter:
CA can be that each legal authorization center issues a globally unique identity aid in system, be closed to be each
Method user issues a globally unique identity uid;
(2) AA is initialized, AAaidThe property set of management is defined asRelevant authorization center set is defined as IA;AAaid
Two random number α are selected firstaid,βaid∈Zp, for property setIn each attribute xk, AAaidAll randomly choose one only
One version number vk, last computation attribute public key, authorization center public key, authorization center private key are as follows:
Further, authorization center is user's distributive property collection, and the key generated needed for decryption specifically includes:
(1)AAaidIt is that each validated user distributes corresponding property set S firstuid,aid, it is then each user selection one
A globally unique random number zuid∈Zp, as private key for user, proxy signature key and the private key for user for calculating user are as follows:
SKuid=zuid;
(2) proxy signature key { PxK generateduid,aidIt will be sent to cloud service provider storage, cloud service provider executes LPxK=
LPxK∪{uid,PxKuid,aid, the proxy signature key of user is added to proxy signature key list LPxKIn, private key for user SKuidThen send out
Corresponding user is given, is taken care of by user oneself.
Further, data owner is encrypted file and specifically includes:
(1) cloud service provider selects a random number s ' ∈ Z firstp, for i ∈ { 1 ..., l }, all randomly choose λi′,γi′
∈Zp, it is as follows to calculate ciphertext:
The encrypted ciphertext CT of output par, cout={ s ', C0,(Ci,1,Ci,2,λi′,γi′)i∈{1,…,l}};
(2) data owner receives CToutAfterwards, it is whether correct that the result will be verified, first checked forIt is whether true;
If invalid, b=0 is directly exported, the result for representing outsourcing calculating is incorrect;Otherwise, to i ∈ { 1 ..., l }, data possess
Person calculates:
ti=(a λi′-vρ(i)·γi-H(ρ(i))·γi)modp;
And then a security parameter r is chosen, and randomly choose s1,…,sl∈{0,1}r, calculate:
IfB=1 is exported, indicates that result of calculation is correct;Otherwise, b=0 is exported, indicates result mistake;
(3) data owner demonstrates CToutAfter correct, remaining cryptographic operation will be continued to complete, enable A indicate a l ×
The matrix of n, l are the sum of attribute;The often row of matrix has all been mapped to an attribute by function ρ, and data owner selects first
One secret random number s ∈ ZpWith a random vectorWherein, y2,…,ynIt is used to share
s.For i ∈ { 1 ..., l }, calculateAiThe i-th row of representing matrix A;Then, then γ is randomly choosed1,γ2,…,
γl∈Zp, and it is as follows to calculate ciphertext:
Wherein, C ', Ci,3,Ci,4For correcting s, λi,γi。CvResult for verifying outsourcing decryption;Finally, output is complete
Ciphertext CT={ C, C ', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
Further, user sends out file access request to cloud service provider and specifically includes:
(1) when user sends out file access request, cloud service provider first checks for whether his attribute set meets access
Structure;If his attribute meets access structure, one group of constant w can be foundi∈ZpSo thatWherein I=
{ 1 ..., l }, then the ciphertext of calculating section decryption is as follows:
After successful decryption, the ciphertext CT ' of part decryption is sent to user;
(2) after user receives the ciphertext CT ' that the part from cloud service provider is decrypted, the result of calculation will be verified whether just
Really;User only needs to calculateIt is whether true;If set up, b=1 is exported, indicates that result of calculation is correct;Otherwise,
Output b=0 indicates that cloud service provider returns a wrong result;
(3) after user's checking CT ' is correct, with the private key SK of oneselfuidIt can restore in plain text, to calculate as follows:
Further, the certain user in cancellation system or certain attributes specifically include:
(1) when user's revocation occurs, the identity uid for cancelling user is sent to cloud service provider by data owner,
After cloud service provider receives user's revocation information, proxy signature key list L will be searchedPxK, and the corresponding proxy signature key of the uid is deleted, so
Afterwards by proxy signature key list update to L 'PxK;
(2) when attribute revocation occurs, it is non-that data owner needs re-encryption ciphertext while authorization center that need to update other
Cancel the key of user;
Authorization center will generate some key updating materials first, prepare for subsequent key updating;Uid indicates all
The identity of other non-revocation users, relevant authorization center firstly generate a new attribute version numberCalculated version updates
Key isPossess attribute with it to be all againNon- revocation user calculate agent update key beAAaidAttribute Update attribute public key to be revoked isAnd in system
Data owner broadcast a piece of news so that they can receive newer attribute public key;Cloud clothes will be sent to
Business commercialization carrys out renewal agency key PxKuid,aid,Data owner will be sent to;
Cloud service provider receives agent update keyAfterwards, attribute will be possessed to be allNon- revocation user more cenotype
The proxy signature key answeredProxy signature key PxKuid,aidIt will be updated to:
Data owner receives version updating keyAfterwards, calculating ciphertext more new key isAnd
Cloud service provider is sent it to re-encryption ciphertext;
Cloud service provider receives ciphertext more new keyAfterwards, updating corresponding ciphertext isRe-encryption
Ciphertext afterwards will come forth as follows:
Another object of the present invention is to provide a kind of application support revocation outsourcings can verify that more authorization centers access
The Cloud Server of control method.
In conclusion advantages of the present invention and good effect are:The present invention considers the application scenarios of more authorization centers, avoids
The single point failure and system bottleneck problem that single authorization center is brought, enrich the Attribute domain of user, improve the efficiency of system,
More meet practical application request.Invention introduces outsourcing is calculated, encryption and most of calculate decrypted can be contracted out to cloud clothes
Business quotient completes, and greatly reduces the computing cost of data owner's encryption and user's decryption, and improves the access of system
Efficiency.
The present invention calculates proof scheme using corresponding outsourcing, by running corresponding verification algorithm, once cloud service provider
Return mistake as a result, user can perceive at once, it is ensured that the correctness of follow-up result of calculation.New user and category
Property revocation scheme, during user cancels, without completing the work of ciphertext re-encryption and key updating, data owner only needs
Cloud service provider is allowed to delete the proxy signature key of revocation user storage beyond the clouds;During attribute cancels, most update
It is all contracted out to cloud service provider with re-encryption calculating, user need to only complete to calculate on a small quantity.
Can be respectively that all authorization centers in system and user's distribution are complete invention introduces global authentication center CA
Office unique identity aid and uid, only belonging to the private key of same uid could be used for decrypting, so as to avoid user it
Between collusion attack.
Description of the drawings
Fig. 1 is that support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control method flows
Figure.
Fig. 2 is that support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control methods realize stream
Cheng Tu.
Fig. 3 is the sub-process figure of user accesses data provided in an embodiment of the present invention.
Fig. 4 is the sub-process figure of revocation provided in an embodiment of the present invention.
Fig. 5 is the time analogous diagram of encryption consumption provided in an embodiment of the present invention.
Fig. 6 is the time analogous diagram of decryption consumption provided in an embodiment of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
The present invention is applied to that revocation outsourcing is supported to can verify that more authorization center access control methods in cloud storage, to ensure use
The security of private data at family reduces the permission of user in the computing cost of user, and dynamic management system.
As shown in Figure 1, support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control methods
Include the following steps:
S101:System initialization includes the initialization of global authentication center CA and other authorization centers AA;
S102:Authorization center is user's distributive property collection, and is the key needed for its generation decryption;
S103:File is encrypted in data owner, and wherein ciphering process includes outsourcing encryption, the verification of outsourcing result
And the final encryption of data owner;
S104:User sends out file access request to cloud service provider, which includes cloud service provider outsourcing decryption, outer inclusion
The verification of fruit and the final decryption of user;
S105:Certain user in cancellation system or certain attributes.
The application principle of the present invention is further described below in conjunction with the accompanying drawings.
As shown in Fig. 2, support revocation outsourcing provided in an embodiment of the present invention can verify that more authorization center access control methods
Specifically include following steps:
Step 1:System initialization.
1.1) CA is initialized.CA chooses a system security parameter λ and an Attribute domain U first, then selects three ranks
For the multiplicative cyclic group G of p1, G2And GT, g1, g2For G1, G2Generation member, bilinear map e:G1×G2→GT, and select two
A hash function H:{0,1}*→Zp, F:GT→Zp.One random number a ∈ Z of CA reselectionsp, ultimately produce global common parameter:
In addition, all authorization centers and user are required for registering to CA, to verify the legal identity of oneself.CA can be
Each legal authorization center issues a globally unique identity aid in system, and one is issued entirely for each validated user
The unique identity uid of office;
1.2) AA is initialized.AAaidThe property set of management is defined asRelevant authorization center set is defined as IA。
AAaidTwo random number α are selected firstaid,βaid∈Zp, for property setIn each attribute xk, AAaidAll randomly choose one
A unique version number vk, last computation attribute public key, authorization center public key, authorization center private key are as follows:
Step 2:Authorization center is user's distributive property collection, and is the key needed for its generation decryption.
2.1)AAaidIt is that each validated user distributes corresponding property set S firstuid,aid, it is then each user selection one
A globally unique random number zuid∈Zp, as private key for user.Then, proxy signature key and the private key for user for calculating user are as follows:
SKuid=zuid;
2.2) proxy signature key { PxK generateduid,aidIt will be sent to cloud service provider storage, cloud service provider executes LPxK=
LPxK∪{uid,PxKuid,aid, the proxy signature key of user is added to proxy signature key list LPxKIn.Private key for user SKuidThen send out
Corresponding user is given, is taken care of by user oneself.
Step 3:File is encrypted in data owner.
3.1) cloud service provider selects a random number s ' ∈ Z firstp, for i ∈ { 1 ..., l }, all randomly choose λ 'i,
γ′i∈Zp, it is as follows to calculate ciphertext:
Then, the encrypted ciphertext CT of output par, cout={ s ', C0,(Ci,1,Ci,2,λ′i,γ′i)i∈{1,…,l}}。
3.2) data owner receives CToutAfterwards, it is whether correct that the result will be verified.It first checks forIt is whether true.
If invalid, b=0 is directly exported, the result for representing outsourcing calculating is incorrect.Otherwise, to i ∈ { 1 ..., l }, data possess
Person calculates:
ti=(a λi′-vρ(i)·γi-H(ρ(i))·γi)modp;
And then a security parameter r is chosen, and randomly choose s1,…,sl∈{0,1}r, calculate:
IfB=1 is exported, indicates that result of calculation is correct.Otherwise, b=0 is exported, indicates result mistake.
3.3) data owner demonstrates CToutAfter correct, remaining cryptographic operation will be continued to complete.A is enabled to indicate a l
The matrix of × n, l are the sum of attribute.The often row of matrix has all been mapped to an attribute by function ρ.Data owner selects first
Select a secret random number s ∈ ZpWith a random vectorWherein, y2,…,ynIt is used for point
Enjoy s.For i ∈ { 1 ..., l }, calculateAiThe i-th row of representing matrix A.Then, then γ is randomly choosed1,γ2,…,
γl∈Zp, and it is as follows to calculate ciphertext:
Wherein, C ', Ci,3,Ci,4For correcting s, λi,γi。CvResult for verifying outsourcing decryption.Finally, output is complete
Ciphertext CT={ C, C ', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
Step 4:User sends out file access request to cloud service provider.
As shown in figure 3, this step is implemented as follows:
4.1) when user sends out file access request, cloud service provider first checks for whether his attribute set meets access
Structure.If his attribute meets access structure, one group of constant w can be foundi∈ZpSo thatWherein I=
{ 1 ..., l }, then the ciphertext of calculating section decryption is as follows:
After successful decryption, the ciphertext CT ' of part decryption is sent to user.
4.2) after user receives the ciphertext CT ' that the part from cloud service provider is decrypted, the result of calculation will be verified whether just
Really.User only needs to calculateIt is whether true.If set up, b=1 is exported, indicates that result of calculation is correct.Otherwise,
Output b=0 indicates that cloud service provider returns a wrong result.
4.3) after user's checking CT ' is correct, only the private key SK of oneself need to be useduidIt can restore in plain text, to calculate as follows:
Step 5:Certain user in cancellation system or certain attributes.
As shown in figure 4, this step is implemented as follows:
5.1) when user's revocation occurs, the identity uid for cancelling user is sent to cloud service provider by data owner,
After cloud service provider receives user's revocation information, proxy signature key list L will be searchedPxK, and the corresponding proxy signature key of the uid is deleted, so
Afterwards by proxy signature key list update to L 'PxK。
5.2) when attribute revocation occurs, it is non-that data owner needs re-encryption ciphertext while authorization center that need to update other
Cancel the key of user.
5.21) authorization center will generate some key updating materials first, prepare for subsequent key updating.Here it allows
Uid indicates that the identity of every other non-revocation user, relevant authorization center firstly generate a new attribute version numberSo
Calculated version more new key is afterwardsPossess attribute with it to be all againNon- revocation user calculate agency
More new key isThen, AAaidAttribute Update attribute public key to be revoked is
And broadcast a piece of news for the data owner in system so that they can receive newer attribute public key.Then,
Cloud service provider will be sent to and be used for renewal agency key PxKuid,aid,Data owner will be sent to.
5.22) cloud service provider receives agent update keyAfterwards, attribute will be possessed to be allNon- revocation user
Update corresponding proxy signature keyProxy signature key PxKuid,aidIt will be updated to:
5.23) data owner receives version updating keyAfterwards, calculating ciphertext more new key is
And cloud service provider is sent it to re-encryption ciphertext.
5.24) cloud service provider receives ciphertext more new keyAfterwards, updating corresponding ciphertext is
Ciphertext after re-encryption will come forth as follows:
The application effect of the present invention is explained in detail with reference to emulation.
1. simulated conditions
Simulated environment is:Desktop computer, configuration areCPU G630@270GHz 4.00GB RAM, behaviour
It is 64 Ubuntu14.04 to make system.Based on Charm tools, realization language is Python.
2. emulation content and interpretation of result
It is accessed to data file using the method for the present invention, as a result as shown in Figure 5 and Figure 6, from figure 5 it can be seen that encrypting
The time of cloud service provider outsourcing encryption consumption encrypts time big more of consumption than data owner in the process, and with attribute
Several increase and it is elongated, and data owner encrypts the time of consumption probably in 0.05s or so.Just because of most of complexity
Calculating has all been contracted out to cloud service provider, and data owner need to only complete to calculate on a small quantity, greatly reduce data owner
Computing cost.In figure 6, the time of outsourcing decryption consumption decrypts the time of consumption also much larger than user, and with attribute number
Increase and it is elongated, and user decrypt consumption time probably in 0.03s or so, almost steady state value.Likewise, due to big portion
Complicated calculating is divided all to be contracted out to cloud service provider, user finally need to only complete simple exponent arithmetic, greatly reduce
The computing cost of user.
By simulation result it is found that the present invention can greatly in reduction system user computing cost, improve the access of system
Efficiency, this is extremely important in practical applications.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (8)
1. a kind of support revocation outsourcing can verify that more authorization center access control methods, which is characterized in that the support revocation is outer
Packet can verify that more authorization center access control methods include:The initialization of global authentication center CA and other authorization centers AA is
All authorization centers and user distribute corresponding identity in system, generate close needed for global common parameter and encryption
Key;Authorization center is user's distributive property collection, and generates the key needed for decryption;File is encrypted in data owner;With
Family sends out file access request to cloud service provider;Certain user in cancellation system or certain attributes.
2. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that institute
Stating key includes:Storage is used for completing beyond the clouds the proxy signature key of part decryption and is taken care of by user oneself final for completing
The private key for user of decryption;
Ciphering process includes the computations of part being carried out by cloud service provider, and the ciphertext of generation is sent to data owner,
Data owner completes final encryption again;After the completion of encryption, ciphertext is uploaded to cloud service provider and is stored;
After cloud service provider receives request, part decryption is carried out to file using the proxy signature key of the user of storage beyond the clouds, and will
The ciphertext of part decryption is sent to user;After receiving ciphertext, user reuses the private key of oneself and is decrypted, and only attribute is full
The user of sufficient access strategy could successful decryption ciphertext;
When user's revocation occurs, the identity for cancelling user is sent to cloud service provider by data owner, and cloud service provider is looked into
Proxy signature key list is looked for, and deletes the proxy signature key of the user, loses proxy signature key, user can not then decrypt to restore bright
Text;When attribute revocation occurs, data owner needs re-encryption ciphertext, while authorization center needs the non-revocation of other in more new system to use
The key at family;The work of the part of ciphertext re-encryption and key updating is contracted out to cloud service provider completion.
3. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that institute
Initialization is stated to specifically include:
(1) CA is initialized, and CA chooses a system security parameter λ and an Attribute domain U first, and it is p's then to select three ranks
Multiplicative cyclic group G1, G2And GT, g1, g2For G1, G2Generation member, bilinear map e:G1×G2→GT, and select two Hash
Function H:{0,1}*→Zp, F:GT→Zp;One random number a ∈ Z of CA reselectionsp, ultimately produce global common parameter:
CA can be that each legal authorization center issues a globally unique identity aid in system, for each legal use
Issue a globally unique identity uid in family;
(2) AA is initialized, AAaidThe property set of management is defined asRelevant authorization center set is defined as IA;AAaidFirst
Select two random number αaid,βaid∈Zp, for property setIn each attribute xk, AAaidAll randomly choose one uniquely
Version number vk, last computation attribute public key, authorization center public key, authorization center private key are as follows:
4. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that award
Power center is user's distributive property collection, and the key generated needed for decryption specifically includes:
(1)AAaidIt is that each validated user distributes corresponding property set S firstuid,aid, then an overall situation is selected for each user
Unique random number zuid∈Zp, as private key for user, proxy signature key and the private key for user for calculating user are as follows:
SKuid=zuid;
(2) proxy signature key { PxK generateduid,aidIt will be sent to cloud service provider storage, cloud service provider executes LPxK=LPxK∪
{uid,PxKuid,aid, the proxy signature key of user is added to proxy signature key list LPxKIn, private key for user SKuidThen it is sent to phase
The user answered is taken care of by user oneself.
5. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that number
File is encrypted according to owner and is specifically included:
(1) cloud service provider selects a random number s ' ∈ Z firstp, for i ∈ { 1 ..., l }, all randomly choose λi′,γi′∈Zp,
It is as follows to calculate ciphertext:
The encrypted ciphertext CT of output par, cout={ s ', C0,(Ci,1,Ci,2,λi′,γi′)i∈{1,…,l}};
(2) data owner receives CToutAfterwards, it is whether correct that the result will be verified, first checked forIt is whether true;If
It is invalid, b=0 is directly exported, the result for representing outsourcing calculating is incorrect;Otherwise, to i ∈ { 1 ..., l }, data owner's meter
It calculates:
ti=(a λi′-vρ(i)·γi-H(ρ(i))·γi)modp;
And then a security parameter r is chosen, and randomly choose s1,…,sl∈{0,1}r, calculate:
IfB=1 is exported, indicates that result of calculation is correct;Otherwise, b=0 is exported, indicates result mistake;
(3) data owner demonstrates CToutAfter correct, remaining cryptographic operation will be continued to complete, enables one l × n's of A expressions
Matrix, l are the sum of attribute;The often row of matrix has all been mapped to an attribute by function ρ, and data owner selects one first
Secret random number s ∈ ZpWith a random vectorWherein, y2,…,ynIt is used to share s;It is right
In i ∈ { 1 ..., l }, calculateAiThe i-th row of representing matrix A;Then, then γ is randomly choosed1,γ2,…,γl∈
Zp, and it is as follows to calculate ciphertext:
Wherein, C ', Ci,3,Ci,4For correcting s, λi,γi;CvResult for verifying outsourcing decryption;Finally, output is complete close
Literary CT={ C, C ', C0,(Ci,1,Ci,2,Ci,3,Ci,4)i∈{1,…,l},Cv,(A,ρ)}。
6. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that use
Family sends out file access request to cloud service provider and specifically includes:
(1) when user sends out file access request, cloud service provider first checks for whether his attribute set meets access structure;
If his attribute meets access structure, one group of constant w can be foundi∈ZpSo thatWherein I={ 1 ..., l },
Then the ciphertext of calculating section decryption is as follows:
After successful decryption, the ciphertext CT ' of part decryption is sent to user;
(2) after user receives the ciphertext CT ' that the part from cloud service provider is decrypted, it is whether correct that the result of calculation will be verified;With
Family only needs to calculateIt is whether true;If set up, b=1 is exported, indicates that result of calculation is correct;Otherwise, b is exported
=0 expression cloud service provider returns a wrong result;
(3) after user's checking CT ' is correct, with the private key SK of oneselfuidIt can restore in plain text, to calculate as follows:
7. as described in claim 1 support revocation outsourcing to can verify that more authorization center access control methods, which is characterized in that remove
Certain user or certain attributes in pin system specifically include:
(1) when user's revocation occurs, the identity uid for cancelling user is sent to cloud service provider, cloud clothes by data owner
After business quotient receives user's revocation information, proxy signature key list L will be searchedPxK, and the corresponding proxy signature key of the uid is deleted, then will
Proxy signature key list update is to L 'PxK;
(2) when attribute revocation occurs, data owner needs re-encryption ciphertext, and authorization center need to update other non-revocations simultaneously
The key of user;
Authorization center will generate some key updating materials first, prepare for subsequent key updating;Uid indicates every other non-
The identity of user is cancelled, relevant authorization center firstly generates a new attribute version numberCalculated version more new key isPossess attribute with it to be all againNon- revocation user calculate agent update key be
AAaidAttribute Update attribute public key to be revoked isAnd it is data owner's broadcast one in system
Message so that they can receive newer attribute public key;It is close for renewal agency that cloud service provider will be sent to
Key PxKuid,aid,Data owner will be sent to;
Cloud service provider receives agent update keyAfterwards, attribute will be possessed to be allNon- revocation user update it is corresponding
Proxy signature keyProxy signature key PxKuid,aidIt will be updated to:
Data owner receives version updating keyAfterwards, calculating ciphertext more new key isAnd by its
Cloud service provider is sent to re-encryption ciphertext;
Cloud service provider receives ciphertext more new keyAfterwards, updating corresponding ciphertext isAfter re-encryption
Ciphertext will come forth as follows:
8. revocation outsourcing is supported to can verify that more authorization center access control sides described in a kind of application claim 1~7 any one
The Cloud Server of method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810149575.8A CN108390876B (en) | 2018-02-13 | 2018-02-13 | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810149575.8A CN108390876B (en) | 2018-02-13 | 2018-02-13 | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108390876A true CN108390876A (en) | 2018-08-10 |
CN108390876B CN108390876B (en) | 2021-12-14 |
Family
ID=63069620
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810149575.8A Active CN108390876B (en) | 2018-02-13 | 2018-02-13 | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108390876B (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547413A (en) * | 2018-10-23 | 2019-03-29 | 莆田学院 | The access control method of convertible data cloud storage with data source authentication |
CN109768858A (en) * | 2018-12-26 | 2019-05-17 | 西安电子科技大学 | Based on the encryption attribute access control system more authorized and design method under cloud environment |
CN109831430A (en) * | 2019-01-30 | 2019-05-31 | 中国科学院信息工程研究所 | Safely controllable efficient data sharing method and system under a kind of cloud computing environment |
CN109981641A (en) * | 2019-03-26 | 2019-07-05 | 北京邮电大学 | A kind of safe distribution subscription system and distribution subscription method based on block chain technology |
CN109981263A (en) * | 2019-02-28 | 2019-07-05 | 复旦大学 | A kind of distribution based on CP-ABE can verify that random digit generation method |
CN109981601A (en) * | 2019-03-06 | 2019-07-05 | 南京信息工程大学 | Business administration common data under cloud environment based on dual factors protects system and method |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110247767A (en) * | 2019-06-28 | 2019-09-17 | 北京工业大学 | Voidable attribute base outsourcing encryption method in mist calculating |
CN110443069A (en) * | 2019-08-06 | 2019-11-12 | 广东工业大学 | A kind of method, system and the equipment of mobile social networking secret protection |
CN110602063A (en) * | 2019-08-27 | 2019-12-20 | 西安电子科技大学 | Multi-authorization-center access control method and system and cloud storage system |
CN110636500A (en) * | 2019-08-27 | 2019-12-31 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
CN111130767A (en) * | 2019-11-30 | 2020-05-08 | 西安电子科技大学 | Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking |
CN111181719A (en) * | 2019-12-30 | 2020-05-19 | 山东师范大学 | Hierarchical access control method and system based on attribute encryption in cloud environment |
CN111241561A (en) * | 2020-01-10 | 2020-06-05 | 福州大学 | User authenticable outsourcing image denoising method based on privacy protection |
CN111447200A (en) * | 2020-03-24 | 2020-07-24 | 湖南兴天电子科技有限公司 | Data processing method, device, system, electronic equipment and storage medium |
CN111698083A (en) * | 2020-06-03 | 2020-09-22 | 湖南大学 | Attribute-based encryption method capable of outsourcing multiple authorization centers |
CN111901320A (en) * | 2020-07-16 | 2020-11-06 | 西南交通大学 | Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack |
CN111917721A (en) * | 2020-06-28 | 2020-11-10 | 石家庄铁道大学 | Attribute encryption method based on block chain |
CN112187777A (en) * | 2020-09-24 | 2021-01-05 | 深圳市赛为智能股份有限公司 | Intelligent traffic sensing data encryption method and device, computer equipment and storage medium |
CN112564903A (en) * | 2020-12-08 | 2021-03-26 | 西安电子科技大学 | Decentering access control method for data security sharing in smart power grid |
CN112565223A (en) * | 2020-11-27 | 2021-03-26 | 东莞职业技术学院 | Internet of things-oriented attribute encryption access control method, system and storage medium |
CN113079177A (en) * | 2021-04-15 | 2021-07-06 | 河南大学 | Remote sensing data sharing method based on time and decryption frequency limitation |
CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
CN113438254A (en) * | 2021-08-24 | 2021-09-24 | 北京金睛云华科技有限公司 | Distributed classification method and system for ciphertext data in cloud environment |
CN113489683A (en) * | 2021-06-11 | 2021-10-08 | 东莞职业技术学院 | Key abuse prevention decentralized attribute-based encryption method, system and storage medium |
CN113489732A (en) * | 2021-07-13 | 2021-10-08 | 郑州轻工业大学 | Content sharing privacy protection method for resisting collusion attack |
CN113486384A (en) * | 2021-07-28 | 2021-10-08 | 北京字节跳动网络技术有限公司 | Key updating method, device, multi-attribute authority management system, equipment and medium |
CN114362924A (en) * | 2020-09-29 | 2022-04-15 | 湖南大学 | CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization |
CN114944915A (en) * | 2022-06-10 | 2022-08-26 | 敏于行(北京)科技有限公司 | Threshold proxy re-encryption method and related device for non-interactive dynamic proxy |
CN115834130A (en) * | 2022-10-25 | 2023-03-21 | 西安电子科技大学 | Attribute-based encryption method for realizing partial strategy hiding |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
CN104486315A (en) * | 2014-12-08 | 2015-04-01 | 北京航空航天大学 | Revocable key external package decryption method based on content attributes |
US20150222605A1 (en) * | 2012-08-17 | 2015-08-06 | Koninklijke Philips. N.V. | Attribute-based encryption |
CN104901942A (en) * | 2015-03-10 | 2015-09-09 | 重庆邮电大学 | Distributed access control method for attribute-based encryption |
WO2018006715A1 (en) * | 2016-07-05 | 2018-01-11 | 阿里巴巴集团控股有限公司 | Authority revoking method and device |
-
2018
- 2018-02-13 CN CN201810149575.8A patent/CN108390876B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150222605A1 (en) * | 2012-08-17 | 2015-08-06 | Koninklijke Philips. N.V. | Attribute-based encryption |
CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
CN104486315A (en) * | 2014-12-08 | 2015-04-01 | 北京航空航天大学 | Revocable key external package decryption method based on content attributes |
CN104901942A (en) * | 2015-03-10 | 2015-09-09 | 重庆邮电大学 | Distributed access control method for attribute-based encryption |
WO2018006715A1 (en) * | 2016-07-05 | 2018-01-11 | 阿里巴巴集团控股有限公司 | Authority revoking method and device |
Non-Patent Citations (2)
Title |
---|
HU XIONG 等: "Comments on "Verifiable and Exculpable Outsourced Attribute-Based Encryption for Access Control in Cloud Computing"", 《 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 * |
关志有 等: "面向云存储的基于属性加密的多授权中心访问控制方案", 《通信学报》 * |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109547413B (en) * | 2018-10-23 | 2021-04-27 | 莆田学院 | Access control method of convertible data cloud storage with data source authentication |
CN109547413A (en) * | 2018-10-23 | 2019-03-29 | 莆田学院 | The access control method of convertible data cloud storage with data source authentication |
CN109768858A (en) * | 2018-12-26 | 2019-05-17 | 西安电子科技大学 | Based on the encryption attribute access control system more authorized and design method under cloud environment |
CN109768858B (en) * | 2018-12-26 | 2022-03-08 | 西安电子科技大学 | Multi-authorization-based attribute encryption access control system in cloud environment and design method |
CN109831430A (en) * | 2019-01-30 | 2019-05-31 | 中国科学院信息工程研究所 | Safely controllable efficient data sharing method and system under a kind of cloud computing environment |
CN109831430B (en) * | 2019-01-30 | 2020-05-22 | 中国科学院信息工程研究所 | Safe, controllable and efficient data sharing method and system under cloud computing environment |
CN109981263A (en) * | 2019-02-28 | 2019-07-05 | 复旦大学 | A kind of distribution based on CP-ABE can verify that random digit generation method |
CN109981601A (en) * | 2019-03-06 | 2019-07-05 | 南京信息工程大学 | Business administration common data under cloud environment based on dual factors protects system and method |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN109981641A (en) * | 2019-03-26 | 2019-07-05 | 北京邮电大学 | A kind of safe distribution subscription system and distribution subscription method based on block chain technology |
CN109981641B (en) * | 2019-03-26 | 2020-10-02 | 北京邮电大学 | Block chain technology-based safe publishing and subscribing system and publishing and subscribing method |
CN110247767B (en) * | 2019-06-28 | 2022-03-29 | 北京工业大学 | Revocable attribute-based outsourcing encryption method in fog calculation |
CN110247767A (en) * | 2019-06-28 | 2019-09-17 | 北京工业大学 | Voidable attribute base outsourcing encryption method in mist calculating |
CN110443069A (en) * | 2019-08-06 | 2019-11-12 | 广东工业大学 | A kind of method, system and the equipment of mobile social networking secret protection |
CN110636500A (en) * | 2019-08-27 | 2019-12-31 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
CN110602063A (en) * | 2019-08-27 | 2019-12-20 | 西安电子科技大学 | Multi-authorization-center access control method and system and cloud storage system |
CN110636500B (en) * | 2019-08-27 | 2022-04-05 | 西安电子科技大学 | Access control system and method supporting cross-domain data sharing and wireless communication system |
CN111130767A (en) * | 2019-11-30 | 2020-05-08 | 西安电子科技大学 | Attribute-based secure communication method for Internet of things capable of verifying outsourcing and revoking |
CN111181719A (en) * | 2019-12-30 | 2020-05-19 | 山东师范大学 | Hierarchical access control method and system based on attribute encryption in cloud environment |
CN111241561A (en) * | 2020-01-10 | 2020-06-05 | 福州大学 | User authenticable outsourcing image denoising method based on privacy protection |
CN111241561B (en) * | 2020-01-10 | 2022-05-03 | 福州大学 | User certifiable outsourcing image denoising method based on privacy protection |
CN111447200A (en) * | 2020-03-24 | 2020-07-24 | 湖南兴天电子科技有限公司 | Data processing method, device, system, electronic equipment and storage medium |
CN111447200B (en) * | 2020-03-24 | 2022-03-08 | 湖南兴天电子科技有限公司 | Data processing method, device, system, electronic equipment and storage medium |
CN111698083A (en) * | 2020-06-03 | 2020-09-22 | 湖南大学 | Attribute-based encryption method capable of outsourcing multiple authorization centers |
CN111917721A (en) * | 2020-06-28 | 2020-11-10 | 石家庄铁道大学 | Attribute encryption method based on block chain |
CN111917721B (en) * | 2020-06-28 | 2022-04-05 | 石家庄铁道大学 | Attribute encryption method based on block chain |
CN111901320A (en) * | 2020-07-16 | 2020-11-06 | 西南交通大学 | Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack |
CN111901320B (en) * | 2020-07-16 | 2021-05-11 | 西南交通大学 | Attribute revocation CP-ABE-based encryption method and system for resisting key forgery attack |
CN112187777A (en) * | 2020-09-24 | 2021-01-05 | 深圳市赛为智能股份有限公司 | Intelligent traffic sensing data encryption method and device, computer equipment and storage medium |
CN114362924A (en) * | 2020-09-29 | 2022-04-15 | 湖南大学 | CP-ABE-based system and method for supporting flexible revocation and verifiable ciphertext authorization |
CN112565223A (en) * | 2020-11-27 | 2021-03-26 | 东莞职业技术学院 | Internet of things-oriented attribute encryption access control method, system and storage medium |
CN112564903A (en) * | 2020-12-08 | 2021-03-26 | 西安电子科技大学 | Decentering access control method for data security sharing in smart power grid |
CN113079177A (en) * | 2021-04-15 | 2021-07-06 | 河南大学 | Remote sensing data sharing method based on time and decryption frequency limitation |
CN113489683A (en) * | 2021-06-11 | 2021-10-08 | 东莞职业技术学院 | Key abuse prevention decentralized attribute-based encryption method, system and storage medium |
CN113489683B (en) * | 2021-06-11 | 2023-05-16 | 东莞职业技术学院 | Anti-misuse key decentralization attribute-based encryption method, system and storage medium |
CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
CN113489732A (en) * | 2021-07-13 | 2021-10-08 | 郑州轻工业大学 | Content sharing privacy protection method for resisting collusion attack |
CN113486384A (en) * | 2021-07-28 | 2021-10-08 | 北京字节跳动网络技术有限公司 | Key updating method, device, multi-attribute authority management system, equipment and medium |
CN113438254A (en) * | 2021-08-24 | 2021-09-24 | 北京金睛云华科技有限公司 | Distributed classification method and system for ciphertext data in cloud environment |
CN113438254B (en) * | 2021-08-24 | 2021-11-05 | 北京金睛云华科技有限公司 | Distributed classification method and system for ciphertext data in cloud environment |
CN114944915A (en) * | 2022-06-10 | 2022-08-26 | 敏于行(北京)科技有限公司 | Threshold proxy re-encryption method and related device for non-interactive dynamic proxy |
CN114944915B (en) * | 2022-06-10 | 2023-03-10 | 敏于行(北京)科技有限公司 | Threshold proxy re-encryption method and related device for non-interactive dynamic proxy |
CN115834130A (en) * | 2022-10-25 | 2023-03-21 | 西安电子科技大学 | Attribute-based encryption method for realizing partial strategy hiding |
Also Published As
Publication number | Publication date |
---|---|
CN108390876B (en) | 2021-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108390876A (en) | Revocation outsourcing is supported to can verify that more authorization center access control methods, Cloud Server | |
CN110099043B (en) | Multi-authorization-center access control method supporting policy hiding and cloud storage system | |
CN108810004A (en) | More authorization center access control methods, cloud storage system can be revoked based on agency | |
Tong et al. | Cloud-assisted mobile-access of health data with privacy and auditability | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN108833393A (en) | A kind of revocable data sharing method calculated based on mist | |
CN111695095B (en) | Partial strategy hiding access control method, system and wireless communication system | |
CN109818757A (en) | Cloud storage data access control method, Attribute certificate awarding method and system | |
CN108418784A (en) | A kind of distributed cross-domain authorization and access control method based on properties secret | |
CN110602063A (en) | Multi-authorization-center access control method and system and cloud storage system | |
Zuo et al. | BCAS: A blockchain-based ciphertext-policy attribute-based encryption scheme for cloud data security sharing | |
CN103227789B (en) | The fine-grained access control method of lightweight under a kind of cloud environment | |
CN104935590A (en) | HDFS access control method based on role and user trust value | |
CN103179114A (en) | Fine-grained access control method for data in cloud storage | |
CN108111540A (en) | The hierarchical access control system and method for data sharing are supported in a kind of cloud storage | |
Shen et al. | Multi-security-level cloud storage system based on improved proxy re-encryption | |
Fan et al. | A secure and efficient outsourced computation on data sharing scheme for privacy computing | |
CN106487506A (en) | A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering | |
Susilo et al. | EACSIP: Extendable access control system with integrity protection for enhancing collaboration in the cloud | |
CN106656997A (en) | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method | |
CN107040374A (en) | The attribute base data encryption method of user's Dynamic Revocation is supported under a kind of cloud storage environment | |
Zhang et al. | Efficient and privacy-aware attribute-based data sharing in mobile cloud computing | |
CN109617855B (en) | File sharing method, device, equipment and medium based on CP-ABE layered access control | |
CN108880801A (en) | The distributed nature base encryption method of fine granularity attribute revocation is supported on a kind of lattice | |
Sethia et al. | CP-ABE for selective access with scalable revocation: A case study for mobile-based healthfolder. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |