CN110391901B - Proxy re-encryption method supporting complex access control element description - Google Patents
Proxy re-encryption method supporting complex access control element description Download PDFInfo
- Publication number
- CN110391901B CN110391901B CN201910602175.2A CN201910602175A CN110391901B CN 110391901 B CN110391901 B CN 110391901B CN 201910602175 A CN201910602175 A CN 201910602175A CN 110391901 B CN110391901 B CN 110391901B
- Authority
- CN
- China
- Prior art keywords
- encryption
- proxy
- access control
- ciphertext
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses a proxy re-encryption method supporting complex access control element description, which comprises the following steps: establishing a system; creating data; obtaining an access control element; generating proxy re-encryption key parameters; generating described ciphertext data; acquiring ciphertext data; and the user performs re-encryption and decryption on the ciphertext. The invention introduces XML language into the proxy re-encryption scheme for uniform description, and enhances the flexibility and expansibility of the system by a more convenient and faster analysis mode; meanwhile, the consideration of the attribute weight is added in the description process, the further management of the complex access control elements is realized, and the generation efficiency of the re-encryption key is improved.
Description
Technical Field
The invention belongs to the field of access control description and authorization management, and particularly relates to a proxy re-encryption method supporting complex access control element description.
Background
With the wide application of the internet and the rapid development of cloud computing, the cloud storage technology also becomes a research hotspot. The most critical point in cloud computing is to protect the security and integrity of cloud data. A large amount of data is stored in the cloud in a ciphertext mode, and on the premise of meeting the requirements of safety and high efficiency, the method has important research value on how to complete ciphertext protection and communication by using a proper access control technology. Meanwhile, the diversified application prospects will lead to continuous innovation of the information technology industry.
Aiming at the safety and integrity problems of cloud data, a ciphertext access control technology is provided, data are encrypted through a specified cipher algorithm and a secret key, and the encrypted data are stored in a cloud server in a ciphertext mode, so that the safety of the cloud data is ensured. In the traditional method, a data owner encrypts data before using cloud service, and rights management is performed by controlling a key of a user. For example, mechanisms such as role-based encryption, identity-based encryption, attribute-based encryption, etc. (ABE) use user role, identity, and attribute as decryption key parameters, respectively. The mechanism such as ABE can ensure the effectiveness of the authorization strategy to a certain extent by combining with the access control model, and the KP-ABE mechanism and the CP-ABE mechanism can support complex strategies, have very wide application prospect in the aspects of fine-grained data sharing and access control, and are suitable for the condition that a decryption party is not fixed. The traditional access control method depends on the structure of the access control tree, and when the system is expanded transversely, each time of node addition or deletion needs to be traversed, so that the flexibility is poor. Especially, the structure of the binary tree needs to be rearranged for the insertion of the nodes, and the expansibility is low, so that the efficiency of the system is difficult to improve.
Disclosure of Invention
The invention aims to provide a proxy re-encryption method supporting complex access control element description.
The technical scheme for realizing the purpose of the invention is as follows: a proxy re-encryption method supporting complex access control element description is realized based on a system model, wherein the system model comprises a key management center, a re-encryption key server and a proxy re-encryption server; the key management center generates a public and private key pair for a user, the re-encryption key server is used for describing the complex access control elements and generating re-encryption key parameters and keys, and the agent re-encryption server is used for completing the operation of agent re-encryption; the method comprises the following steps:
(1) system set-up
Initializing a system, and calling an algorithm Setup to generate public parameter proxy re-encryption related public/private key parameters of the system based on a given parameter k;
(2) data creation
The creator submits a key pair generation request to the key management center, and simultaneously provides parameters for system establishment, the key management center calls an algorithm layer function to generate a public and private key pair for the creator, and a data creator pairThe data is encrypted for the first time, and an algorithm level function is called to generate a ciphertext CAAnd transmitting to the proxy re-encryption server;
(3) access control element acquisition
When a data sharing user accesses ciphertext data, the system acquires related access control elements, uniformly describes the access control elements into a file through an XML language, and generates proxy re-encryption key parameters after analysis;
(4) proxy re-encryption key parameter generation
The system analyzes the XML file, generates related access control elements into a List, gives weight values to the elements in a main attribute set { sub }, thereby generating an access control condition parameter con, and calls an algorithm level function ReKeyGen to generate a re-encryption key;
(5) generating described ciphertext data
Proxy re-encryption server obtaining re-encryption key and ciphertext CACalling an algorithm level function ReEnc to obtain a shared ciphertext C by operationB;
(6) Ciphertext data acquisition
The data sharer submits a re-encrypted ciphertext data acquisition request to the proxy re-encryption server, and the proxy re-encryption server acquires the request of the user and provides the user with a shared ciphertext C subjected to proxy re-encryptionB;
(7) User carries out re-encryption ciphertext decryption
The legal user uses its own private key and the described ciphertext CBAnd calling an algorithm level function Dec to decrypt the ciphertext to obtain ciphertext data.
Compared with the prior art, the invention has the following remarkable advantages: (1) the user shared data only needs to calculate a first basic ciphertext, and then data re-encryption is carried out by relying on a secret key parameter generated by the cloud server according to the access control element of the sharer, so that the cloud computing overhead of the user is reduced; (2) complex access control elements are uniformly described through an XML language, and the access control structure is more flexible and convenient by means of a uniform form, so that the efficiency of the system is not influenced no matter the system is transversely or longitudinally expanded; meanwhile, the weight is introduced into the main attribute set as a reference value, and corresponding weights are given to different main attributes, so that the process of generating the key parameter has pertinence.
Drawings
FIG. 1 is a schematic diagram of a system model of the present invention.
Fig. 2 is a flow chart of a proxy re-encryption method supporting complex access control element descriptions.
FIG. 3 is a flow chart of data creation and access.
FIG. 4 is a diagram illustrating the structure of an access control element
Fig. 5 is a schematic diagram of re-encryption key parameter generation.
Detailed Description
Aiming at the problems in the prior art, the invention introduces the idea of Proxy Re-Encryption (PRE) into the complex access control, and provides a Proxy Re-Encryption method with cloud supporting the description of complex access control elements. The user shared data only needs to calculate a first basic ciphertext, and then data re-encryption is carried out by relying on a secret key parameter generated by the cloud server according to the access control element of the sharer, so that the cloud computing overhead of the user is reduced; meanwhile, complex access control elements are uniformly described through an XML language, and the access control structure is more flexible and convenient by means of a uniform form, so that the efficiency of the system is not influenced no matter the system is transversely or longitudinally expanded; in addition, the weight is introduced into the main attribute set as a reference value, and corresponding weights are given to different main attributes, so that the process of generating the key parameter is more targeted.
The invention relates to a complex access control element description method based on proxy re-encryption, which is realized based on a system model, as shown in figure 1, wherein the system model comprises a key management center, a re-encryption key server and a proxy re-encryption server;
key Management Center (KMC): and generating a public and private key pair for a user.
Re-encryption key server (REK): the method is used for describing the complex access control element and generating the re-encryption key parameter and the key.
Proxy Re-encryption server (Re-Enc): and finishing the operation of proxy re-encryption.
Data creator a: and creating accessed data M, carrying out security processing such as basic encryption on the accessed data M, and finally sharing the data through the cloud server and managing the access control of the data.
Data sharing user B: and (4) an access application is provided for the message M, and the data is acquired and decrypted through the cloud server, so that the data or service is finally acquired.
The creation and access of data relies on the internet: the data owner A and the sharing user B can be connected to the Internet so as to interact with cloud data servers such as REK, Re-Enc and the like and a KMC trusted server to realize data creation, access and the like.
The data sharer does not transfer and privately stores the authorized data: the sharer acquires and decrypts the parameters through the network when accessing the data, and then does not perform local storage and authorization of the data.
The KMC, the data owner and the data sharing user are trusted, the KMC is responsible for generating public parameters and a public and private key pair, and the data owner is a creator of basic ciphertext; the REK and Re-Enc semi-trusted server is responsible for generating Re-encrypted keys, generating Re-encrypted ciphertexts and the like, and the part can faithfully implement data cipher text Re-encryption and has the possibility of revealing user data and mining user privacy.
As shown in fig. 2, the method of the present invention mainly comprises the following steps:
(1) system set-up
And (4) initializing the system, and calling an algorithm Setup to generate a system public parameter and proxy to re-encrypt related public/private key parameters based on a given parameter k.
(2) Data creation
The creator submits a key pair generation request to the KMC, and simultaneously provides parameters for system establishment, the KMC calls an algorithm level function to generate a public and private key pair for the creator, the data creator encrypts the data for the first time, and the algorithm level function is called to generate a ciphertext CAAnd transmitted to the Re-Enc server.
(3) Access control element acquisition
When a data sharing user accesses ciphertext data, a system acquires related access control elements and uniformly describes the access control elements into a file through an XML language, the structure is divided into a main body, an object and a behavior, the main body is used for describing basic characteristics of the user, the object is used for limiting the elements of the main body, and the behavior is used for controlling user operation; and generating proxy re-encryption key parameters after analysis.
(4) Proxy re-encryption key parameter generation
The system analyzes the XML file, generates the related access control elements into List, and endows the elements given in the main attribute set { sub } with weight values, thereby generating access control condition parameters con, and calls an algorithm level function ReKeyGen to generate a re-encryption key.
(5) Generating described ciphertext data
Re-Enc server obtains Re-encryption key and ciphertext CACalling an algorithm level function ReEnc to obtain a shared ciphertext C by operationB。
(6) Ciphertext data acquisition
The data sharer submits a Re-encrypted ciphertext data acquisition request to the Re-Enc server, and the Re-Enc provides the shared ciphertext C subjected to proxy Re-encryption for the Re-Enc after acquiring the request of the userB。
(7) User carries out re-encryption ciphertext decryption
The legal user uses its own private key and the described ciphertext CBAnd calling an algorithm level function Dec to decrypt the ciphertext to obtain ciphertext data.
The algorithm function corresponding to the steps of the method is as follows:
(1) establishing parameters: setup (k) → prama
Setup (k) → prama, selecting a prime number k of length q, and groupingAre multiplication loop groups of g, UIs generated by a hash function set H1,H2,H3,H4,H5Wherein, in the step (A), Zqis an integer cyclic group of modulo q,representing an existing set of residual coefficients modulo q, q being a natural number;andall represent multiplication loop groupsThe selected generator is raised to the power. Disclosure of parameters
(2) Generating a basic key: KeyGen (param) → (sk)A,pkA)
(3) Encryption for the first time: enc (M, pk)A)→CA
User A uses its own public key pkAEncrypting plaintext information M, selectingThen C isA=(c1,c2,c3,c4) Wherein, the step of mixing the raw materials,
c1=gr;
c2=gu;
c3=u+r·H2(c1,c2);
(4) generating a re-encryption key parameter con:
rekeyparam (xmlfile) → con, the access control elements are described in xml language after being acquired, and the file is analyzed to obtain List { { sub, obj, act } { { sub { (sub)i},{objj},{actk}};1≤i,j,k≤n;
For n elements in the subject attribute set sub in the List, each element corresponds to its weightAnd construct a functionThen
SelectingCalculating subi=H2(u,H1Sub) to generate a proxy re-encryption key parameter con f (sub)i)。
(5) Proxy re-encryption key generation:
(6) Proxy re-encryption:
encrypted proxy pair ciphertext CAPerform re-encryption to generate a skBDecrypted ciphertext CB=(c′1,c'2,c'3,c'4) If, ifCalculating as follows, otherwise, feeding back information with wrong integrity; wherein the content of the first and second substances,
c′4=c4。
(7) and (3) decryption:
Dec(skB,CBcon) → M, the user B decrypts the re-encrypted ciphertext to obtain the plaintext M.
If it isThen the following calculation is made, otherwise the feedback information integrity isAn error;
The following describes 2 embodiments of the re-encryption key parameter generation in the user data creation, data access and process to illustrate specific steps and algorithm usage.
Example 1
As shown in the left part of fig. 3, user a is the user for creating data.
(1) A, establishing a system, and calling an algorithm Setup to generate a system public parameter agent to re-encrypt related public/private key parameters;
(2) a submits a key pair generation request to the KMC and provides a parameter K for system establishment, and the KMC calls an algorithm level function KeyGen to generate a public and private key pair (sk) for AA,pkA);
(3) A, encrypting plaintext data M for the first time, and calling an algorithm level function Enc to generate a ciphertext CAAnd transmitting the data to a Re-Enc server;
(4) and the user A creates a data ciphertext and simultaneously sends a data related access control strategy (the strategy content: the user role B can perform related access on sensitive data in a Department of Department before 2019-12-31) to the REK, so that subsequent operations such as data access, proxy re-encryption and the like are facilitated, and data creation is completed.
Example 2
Data access procedure, as in the right part of fig. 3:
(1) assuming a user B data sharer, B submits a Re-encrypted ciphertext data acquisition request to Re-Enc;
(2) the REK acquires the access control element of the B, manages the access authority, and generates a re-encryption key for a legal data access user if the access control element is the legal data access user;
the specific process comprises the following steps:
after the access control elements of B are acquired, unified description, analytic extraction and weight addition are carried out.
a. Performing unified description on the complex access control elements of the B through XML to generate an XML file, wherein the structure of the XML file is divided into a subject, an object and a behavior, and the subject is used for describing basic characteristics of a user, such as a user name Bob, a Department, a role Manager and the like; the object is used for limiting the subject element and comprises an access validity period and access times, for example, before the role validity period of the user B is 2019-12-31; the behavior is used for controlling the operation of the user B, including downloading, uploading, updating, deleting and the like; referring to fig. 4, if user B accesses sensitive data of the information department, the main element of user B must be Manager of the information department, and the user B can legally access the data before 12/31/2019.
b. Subject description details see fig. 5, structure of objects and behaviors with reference to subject description, parsing the file into a List that can be used to generate proxy re-encryption key argumentsBAnd adding weight to the main element;
c. calling an algorithm level function ReKeyParam to generate a parameter conB。
(3) Re-Enc acquisition of rkA→BCalling the algorithm level function ReEnc, operation CBAnd provides B with ciphertext C after proxy re-encryptionB;
(4) Obtaining ciphertext CBThereafter, user B uses his private key skBInvoking the Dec function Dec to decrypt CBAnd plaintext data M is acquired.
Claims (6)
1. A proxy re-encryption method supporting complex access control element description is characterized in that the method is realized based on a system model, wherein the system model comprises a key management center, a re-encryption key server and a proxy re-encryption server; the key management center generates a public and private key pair for a user, the re-encryption key server is used for describing the complex access control elements and generating re-encryption key parameters and keys, and the agent re-encryption server is used for completing the operation of agent re-encryption; the method comprises the following steps:
(1) system set-up
Initializing a system, and calling an algorithm Setup to generate public parameter proxy re-encryption related public/private key parameters of the system based on a given parameter k;
(2) data creation
The creator submits a key pair generation request to a key management center, and simultaneously provides parameters for system establishment, the key management center calls an algorithm level function to generate a public and private key pair for the creator, the data creator encrypts data for the first time, and the algorithm level function is called to generate a ciphertext CAAnd transmitting to the proxy re-encryption server;
(3) access control element acquisition
When a data sharing user accesses ciphertext data, the system acquires related access control elements, uniformly describes the access control elements into a file through an XML language, and generates proxy re-encryption key parameters after analysis;
(4) proxy re-encryption key parameter generation
The system analyzes the XML file, generates related access control elements into a List, gives weight values to the elements in a main attribute set { sub }, thereby generating an access control condition parameter con, and calls an algorithm level function ReKeyGen to generate a re-encryption key;
(5) generating described ciphertext data
Proxy re-encryption server obtaining re-encryption key and ciphertext CACalling an algorithm level function ReEnc to obtain a shared secret by operationCharacter CB;
(6) Ciphertext data acquisition
The data sharer submits a re-encrypted ciphertext data acquisition request to the proxy re-encryption server, and the proxy re-encryption server acquires the request of the user and provides the user with a shared ciphertext C subjected to proxy re-encryptionB;
(7) User carries out re-encryption ciphertext decryption
The legal user uses its own private key and the described ciphertext CBAnd calling an algorithm level function Dec to decrypt the ciphertext to obtain ciphertext data.
2. The proxy re-encryption method supporting complex access control element description according to claim 1, wherein the public/private key parameter generation method is:
establishing parameters: setup (k) → prama
Setup (k) → prama, selecting a prime number k of length q, and groupingAre multiplication loop groups of g, UIs generated by a hash function set H1,H2,H3,H4,H5Wherein H is1:{0,1}*→{0,1}l,H2:H3:H4:H5:ZqIs a dieA cyclic group of integers of q is represented by,representing an existing set of residual coefficients modulo q, q being a natural number;andall represent multiplication loop groupsThe selected generation element power; disclosure of parameters
3. The proxy re-encryption method supporting complex access control element description according to claim 1, characterized in that the specific process of data creation is as follows:
generating a basic key: KeyGen (param) → (sk)A,pkA)
KeyGen(param)→(skA,pkA) Selecting the first group of the first,sk is thenA=a,pkA=gaIn the same way, there is skB=b,pkB=gb.
Encryption for the first time: enc (M, pk)A)→CA
User A uses its own public key pkAThe plaintext information M is encrypted, r is selected,then C isA=(c1,c2,c3,c4) (ii) a Wherein the content of the first and second substances,
c1=gr;
c2=gu;
c3=u+r·H2(c1,c2);
4. the proxy re-encryption method supporting complex access control element description according to claim 1, wherein the access control element obtaining and proxy re-encryption key parameter generating processes are as follows:
generating a re-encryption key parameter con:
rekeyparam (xmlfile) → con, the access control elements are described in xml language after being acquired, and the file is analyzed to obtain List { { sub, obj, act } { { sub { (sub)i},{objj},{actk}};1≤i,j,k≤n;
For n elements in the subject attribute set sub in the List, each element corresponds to its weightAnd construct a functionThen
SelectingCalculating subi=H2(u,H1Sub) to generate a proxy re-encryption key parameter con f (sub)i);
Proxy re-encryption key generation:
5. The proxy re-encryption method supporting complex access control element description according to claim 1, wherein the ciphertext data is generated by:
encrypted proxy pair ciphertext CAPerform re-encryption to generate a skBDecrypted ciphertext CB=(c′1,c′2,c′3,c′4) (ii) a If it isCalculating as follows, otherwise, feeding back information with wrong integrity; wherein the content of the first and second substances,
c′4=c4。
6. the proxy re-encryption method supporting complex access control element description according to claim 1, characterized in that the method for re-encrypting ciphertext and decrypting is as follows:
Dec(skB,CBcon) → M, the user B decrypts the re-encrypted ciphertext to obtain a plaintext M;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910602175.2A CN110391901B (en) | 2019-07-05 | 2019-07-05 | Proxy re-encryption method supporting complex access control element description |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910602175.2A CN110391901B (en) | 2019-07-05 | 2019-07-05 | Proxy re-encryption method supporting complex access control element description |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110391901A CN110391901A (en) | 2019-10-29 |
CN110391901B true CN110391901B (en) | 2021-09-21 |
Family
ID=68286252
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910602175.2A Active CN110391901B (en) | 2019-07-05 | 2019-07-05 | Proxy re-encryption method supporting complex access control element description |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110391901B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115225364B (en) * | 2022-07-15 | 2023-11-17 | 中国科学技术大学 | Efficient dynamic access control method and system for cloud encrypted data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106612175A (en) * | 2016-08-25 | 2017-05-03 | 四川用联信息技术有限公司 | Proxy re-encryption algorithm for multi-element access control in mobile cloud |
CN106789058A (en) * | 2016-12-09 | 2017-05-31 | 南京理工大学 | One kind acts on behalf of re-encryption arthmetic statement and analytic method |
CN108600217A (en) * | 2018-04-23 | 2018-09-28 | 南京理工大学 | A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption |
CN109660555A (en) * | 2019-01-09 | 2019-04-19 | 上海交通大学 | Content safety sharing method and system based on proxy re-encryption |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2645618A1 (en) * | 2012-03-30 | 2013-10-02 | British Telecommunications Public Limited Company | Method and system for network data access |
-
2019
- 2019-07-05 CN CN201910602175.2A patent/CN110391901B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106612175A (en) * | 2016-08-25 | 2017-05-03 | 四川用联信息技术有限公司 | Proxy re-encryption algorithm for multi-element access control in mobile cloud |
CN106789058A (en) * | 2016-12-09 | 2017-05-31 | 南京理工大学 | One kind acts on behalf of re-encryption arthmetic statement and analytic method |
CN108600217A (en) * | 2018-04-23 | 2018-09-28 | 南京理工大学 | A kind of data grant certainty update method of the high in the clouds based on proxy re-encryption |
CN109660555A (en) * | 2019-01-09 | 2019-04-19 | 上海交通大学 | Content safety sharing method and system based on proxy re-encryption |
Non-Patent Citations (1)
Title |
---|
基于代理重加密的云端多要素访问控制方案;苏铓等;《通信学报》;20180225;第39卷(第02期);99-101 * |
Also Published As
Publication number | Publication date |
---|---|
CN110391901A (en) | 2019-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108600217B (en) | Cloud-based data authorization certainty updating method based on proxy re-encryption | |
CN109040045B (en) | Cloud storage access control method based on ciphertext policy attribute-based encryption | |
Wang et al. | Sieve: Cryptographically enforced access control for user data in untrusted clouds | |
CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
Kumar et al. | Secure storage and access of data in cloud computing | |
CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
CN106375346B (en) | Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment | |
CN108111540B (en) | Hierarchical access control system and method supporting data sharing in cloud storage | |
CN104158880B (en) | User-end cloud data sharing solution | |
CN102655508A (en) | Method for protecting privacy data of users in cloud environment | |
Jin et al. | A secure and lightweight data access control scheme for mobile cloud computing | |
Xu et al. | Multi-authority proxy re-encryption based on CPABE for cloud storage systems | |
CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
Ming et al. | Efficient revocable multi-authority attribute-based encryption for cloud storage | |
Shen et al. | Keyword search with access control over encrypted cloud data | |
CN107181584A (en) | Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method | |
CN105915333B (en) | A kind of efficient key distribution method based on encryption attribute | |
CN114513327B (en) | Block chain-based Internet of things private data rapid sharing method | |
CN104468496A (en) | Method, information service system and program for information encryption/decryption | |
CN106612175A (en) | Proxy re-encryption algorithm for multi-element access control in mobile cloud | |
CN114697042A (en) | Block chain-based Internet of things security data sharing proxy re-encryption method | |
Sun et al. | Webcloud: web-based cloud storage for secure data sharing across platforms | |
CN114095171A (en) | Identity-based wearable proxy re-encryption method | |
CN111953487B (en) | Key management system | |
CN110391901B (en) | Proxy re-encryption method supporting complex access control element description |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |