CN111680306A - Attribute-based collaborative access control revocation method - Google Patents

Attribute-based collaborative access control revocation method Download PDF

Info

Publication number
CN111680306A
CN111680306A CN202010241824.3A CN202010241824A CN111680306A CN 111680306 A CN111680306 A CN 111680306A CN 202010241824 A CN202010241824 A CN 202010241824A CN 111680306 A CN111680306 A CN 111680306A
Authority
CN
China
Prior art keywords
attribute
user
group
key
revocation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010241824.3A
Other languages
Chinese (zh)
Other versions
CN111680306B (en
Inventor
彭长根
彭宗凤
丁红发
田有亮
刘荣飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou University
Original Assignee
Guizhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou University filed Critical Guizhou University
Priority to CN202010241824.3A priority Critical patent/CN111680306B/en
Publication of CN111680306A publication Critical patent/CN111680306A/en
Priority to AU2020104358A priority patent/AU2020104358A4/en
Application granted granted Critical
Publication of CN111680306B publication Critical patent/CN111680306B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9027Trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention discloses a collaborative access control revocation method based on attributes. The invention realizes fine-grained user revocation, attribute revocation and revocation of a cooperative function by using a revocation method based on a tree structure so as to ensure the security of an attribute cooperative access control system. When revocation operation occurs, the authority mechanism groups users in the user group according to user attributes to form an attribute group, a k-1 layer binary tree is constructed by using the user group and the attribute group, the degree of a root node of the binary tree is the group number of all the user groups, and the purpose is to reduce the operation overhead in the attribute collaborative mode. Each attribute group is independent of the other and has a unique attribute group key, and after the attribute group information is updated, the attribute group key and the user private key component used for encrypting the attribute group key are correspondingly updated. And the updated key components are utilized, and the idea of double encryption is combined, so that ciphertext updating work related to the revocation operation is realized, and the purpose of performing fine-grained dynamic updating on the user authority in the revocation system is finally achieved.

Description

Attribute-based collaborative access control revocation method
Technical Field
The invention relates to the technical field of information encryption, in particular to a collaborative access control revocation method based on attributes.
Background
Access Control is one of the acknowledged important means for ensuring data security sharing, cloud storage provides a storage platform convenient to Access and brings security problems for large-scale data sharing, and Attribute-based Access Control (ABAC for short) can provide fine-grained Access Control in a cloud storage environment. The access right of the user to the data in the ABAC is closely related to the attribute, and the change of the attribute of the user can cause the corresponding change of the access right owned by the user. Therefore, a complete access control system should have the ability to revoke decryption by unauthorized users.
In a collaborative scenario, the access control technology is also used as an important means for ensuring data security. For example, inside a hospital, there is a joint diagnosis situation for pregnant women with mental illness, often such patients cannot completely cooperate with the gynecologist during the delivery process due to the mental illness, the physiological AND case clinical data of such patients are stored in different data tables, the data owners are naturally from different departments, different access rights are set for the psychiatric AND gynecologists, i.e. the psychiatric doctor 1, which owns the attribute { "psychiatric department" AND "main doctor" }, can access the clinical data of the psychiatric department, AND the gynecologist 2, which owns the attribute { "gynecology" AND "main doctor" }, can access the clinical data of the gynecology department. From the perspective of practical requirements AND data safety, the main doctors 1 AND 2 must cooperate with the authority of the two doctors to access data, so as to realize joint diagnosis AND treatment, AND the access strategy is { { "psychiatric department" AND main doctor 1} AND { "obstetrics AND gynecology department" AND "main doctor 2" } }, namely the cooperation of the psychiatric department doctors is needed for the delivery operation related diagnosis AND treatment. On one hand, the effective access right of the data should be held in the hands of the users who are not revoked in the system; on the other hand, after the diagnosis and treatment is finished, the cooperative function of the policy should be invalid for the patient, and if the treating doctor 1 or 2 cannot participate in the diagnosis and treatment in case of emergency, the corresponding access policy needs to flexibly adjust the access authority of the data. However, in the conventional attribute cooperative access control system, the problems of revocation of unauthorized users and revocation of cooperative functions have not been solved yet, and therefore, security measures are lacking. Therefore, according to the revocation problem under attribute collaborative access control, a double encryption mechanism is introduced to achieve a revocable function, so that the data security is guaranteed, and the revocation efficiency is improved in a cloud storage data collaborative access mode.
At present, some technologies are used for solving the existing problems, such as the name: a user revocation access control method based on proxy re-encryption is disclosed, and the application number is as follows: CN 201610456710.4.
The invention has the following disadvantages:
1. the related parameters of the private key are updated by using the version key, and when revocation occurs, the version of the private key of a user is not updated timely, so that the safety problem is easily caused.
2. Only user revocation can be realized, and fine-grained attribute revocation cannot be realized.
Disclosure of Invention
Aiming at the defects of the existing invention materials, the invention provides a collaborative access control revocation method based on attributes, which groups users in a user group according to user attributes to form an attribute group, constructs a k-1 layer binary tree based on the user group and the attribute group, introduces a double encryption idea, dynamically updates the user authority in a revocation system, realizes user revocation and user attribute revocation, and ensures data confidentiality under a collaborative access mode.
In order to achieve the purpose, the invention is realized by the following technical scheme: the attribute-based collaborative access control revocation method is characterized by comprising the following steps: firstly, an authority classifies users in the same user group according to user attributes to generate an attribute group as a user withdrawal,The method comprises the following steps of according to attribute revocation and collaborative function revocation, and sending attribute group information to a cloud server; after the cloud server side receives the attribute group information, the data management server generates a random attribute group key for the attribute group, and doubly encrypts a ciphertext stored on the cloud server by the data owner through the attribute group key to obtain Re-Enc (CT, Gr) → CT' and Hdr; if the user's cooperative function is revoked, Key is in the Key updating stage
Figure RE-GDA0002611198460000021
The revoked collaborative attribute no longer has the function of transferring the decryption result; if the user attribute is revoked or the user attributes are all revoked, in the key updating stage, the ciphertext corresponding to the renewed attribute is updated, and the attribute group key is updated at the same time, namely a new attribute group key is randomly selected; therefore, the dynamic update of the user authority is realized by utilizing the attribute group information.
The users in the same user group refer to a set of users responsible for a project, i.e. a user group.
The data management server refers to cloud service related to cloud storage ciphertext data provided by a cloud service provider, and the data re-encryption operation is executed at an honest and curious cloud service side.
The double encryption means that the first encryption is that a data owner encrypts plaintext data by using a symmetric encryption algorithm, then encrypts a symmetric encryption key by using a ciphertext strategy attribute encryption method, and stores a ciphertext result to a cloud server; and the second encryption is that the data management server uses the randomly generated attribute group key to encrypt the ciphertext on the cloud for the second time.
The attribute group information refers to that the authority classifies users in the same user group according to user attributes, the users with the same attributes are classified into one class, and the user attribute set comprises all the users with the same attributes, so that an attribute group is generated.
The key updating stage is that the authority updates the user information from the attribute group information.
The Re-encryption algorithm refers to Re-Enc (CT, Gr) → CT', Hdr, ciphertext CT and an attribute group Gr are input, and the ciphertext contains an access structure; if the attribute group appears in the access structure, the random attribute group key is used for re-encrypting the ciphertext CT; otherwise, returning to T; finally, outputting the re-encrypted ciphertext CT' and the header information Hdr; and when the user attribute meets the access policy, the un-revoked user can obtain the decryption right.
The key updating algorithm refers to
Figure RE-GDA0002611198460000031
An algorithm for inputting updated property groups in response to undo operations
Figure RE-GDA0002611198460000032
Information, output update attribute group key K'λAnd then re-encrypting the ciphertext with the updated key to execute a re-encryption algorithm, wherein the algorithm updates the branch value to ⊥ only when the cooperative function is revoked.
Compared with the prior art, the invention realizes fine-grained user revocation, attribute revocation and revocation of a cooperative function by using a revocation method based on a tree structure so as to ensure the safety of an attribute cooperative access control system. When revocation operation occurs, the authority mechanism groups users in the user group according to user attributes to form an attribute group, a k-1 layer binary tree is constructed by using the user group and the attribute group, the degree of a root node of the binary tree is the group number of all the user groups, and the purpose is to reduce the operation overhead in the attribute collaborative mode. Each attribute group is independent of the other and has a unique attribute group key, and after the attribute group information is updated, the attribute group key and the user private key component used for encrypting the attribute group key are correspondingly updated. And the updated key components are utilized, and the idea of double encryption is combined, so that ciphertext updating work related to the revocation operation is realized, and the purpose of performing fine-grained dynamic updating on the user authority in the revocation system is finally achieved.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention.
Detailed Description
Example 1 of the invention: a collaborative access control revocation method based on attributes comprises the following steps:
step S1, when the user UiOr when the user cooperation function needs to be withdrawn from the system, the user cooperation function is connected with the user UiAttribute SijThe related authority receives the related updating request and updates the user UiThe associated attribute group information Gr. The attribute group information comprises a user set corresponding to each different user attribute in each user group and an attribute set with cancelled cooperative functions.
Further, in the step S1, the method includes the steps of:
step S11, the user submits 'add attribute' or 'delete attribute' request to the system;
at step S12, the authority receives a "add property" or "delete property" request submitted by the user, i.e., "join" or "leave" the property group. Meanwhile, the CA will update the attribute group member information according to the attribute information affected by the update operation, assuming that the attribute group information list is
Figure RE-GDA0002611198460000041
I.e. the data management server receives the information from the user group theta1And (4) the attribute group list after the member information is changed is assumed that the changed attribute is lambdaj
Step S13, if the user cooperation function is cancelled, marking the corresponding cooperation attribute, the set of the mark is marked as m, and the attribute marking the cancellation cooperation function is marked as λm
Step S2, the authority sends the attribute group information to the cloud server, and after receiving the attribute group information, the data management server on the cloud regenerates a random number for each updated attribute group as an attribute group key, updates the re-encrypted ciphertext, and updates the header information corresponding to the attribute group key.
Further, in the step S2, the method includes the steps of:
step S21, the authority sends the updated attribute group list to the cloud server;
step S22, the data management server on the cloud receives the attribute group information update list, and further, the data management server selects a random number for each update attribute group information list
Figure RE-GDA0002611198460000042
And
Figure RE-GDA0002611198460000043
Figure RE-GDA0002611198460000044
further updating the ciphertext to
Figure RE-GDA0002611198460000045
Figure RE-GDA0002611198460000046
Figure RE-GDA0002611198460000047
Step S23, for the possession attribute λjBut does not need to change the attribute group of the related information, and the key of the attribute group does not need to be updated, namely, the random numbers do not need to be selected again, and all the random numbers come from the p-order integer domain;
step S24, further, after the Data Management Server (DMS) receives the attribute group information sent by the CA, the DMS generates KEKs for the user U through kekgen (U) algorithm. The KEKGen (U) algorithm inputs parameters as the user index U, and outputs parameters as key encryption keys KEKs;
step S25, the data service manager updates the data service manager according to the updated data service
Figure RE-GDA0002611198460000048
Selecting a new minimal coverage set comprising an owning attribute lambdajNew user, delete attribute lambda ofjTo the user. By updated
Figure RE-GDA0002611198460000049
Generation of newThe header message of
Figure RE-GDA00026111984600000410
And the minimum coverage set is the minimum set of the users contained in the user attribute group in the k-1 layer binary tree.
In step S3, the user private key is updated with the update of the attribute group key, so that the revoked user or attribute cooperative function becomes invalid.
Further, in the step S3, the method includes the steps of:
in step S31, first, the KEK is used to obtain the attribute group key from HdrtHaving a valid attribute λjThen the KEK can be used to decrypt the Attribute group Key
Figure RE-GDA0002611198460000051
Wherein KEK ∈ (KEK (G)j)I PKt);
Step S32, further, updating user UiThe private key is
Figure RE-GDA0002611198460000052
Step S4, deleting the user U in the attribute group information for the revoked user partial attribute or user (all attributes corresponding to one user)iAnd its associated data; for the revoked attribute cooperative function, the attribute is marked as the attribute set which can not realize the cooperative function. So that after the revocation of the above two situations occurs, the relevant user or attribute no longer has the previous access right.
The first embodiment is as follows: the embodiment provides an attribute cooperative access control revocation method for a clinical data cooperative access mode in a medical scene. The cloud storage service in this embodiment refers to a hospital storing medical data thereof in a cloud database, wherein a server for realizing medical cloud storage is provided with a medical core service system HIS database, a PACS database, an LIS database, other service processing servers, and the like. And the medical cloud server has functions of managing and storing data.
The data administrator described in this embodiment refers to a user who owns the encryption operation on the original medical data or a terminal device owned by the user. Including medical data administrators of hospitals; for ambulatory medical APPs (applications), each smartphone end-user acts as the data owner of its ambulatory medical data.
In this embodiment, the attribute authority corresponds to an authoritative safety management organization in a medical scene. Responsible for managing user attributes and distributing keys.
The method comprises the following specific implementation steps:
cloud storage data: the method refers to a ciphertext result obtained by encrypting original medical data M by a data administrator by adopting a ciphertext policy encryption (CP-ABE) algorithm. In order to improve the encryption efficiency, the original medical data M may be encrypted by using a symmetric encryption algorithm, and then the symmetric encryption key may be encrypted by using a ciphertext policy encryption algorithm. Symmetric encryption algorithms such as AES.
A hospital data administrator encrypts original medical data M by adopting an AES (advanced encryption Standard) symmetric encryption algorithm, wherein a symmetric key is kappa, then encrypts the kappa by using a CP-ABE (content encryption and decryption) encryption algorithm, and stores a result ciphertext CT to a cloud server;
and the attribute authority classifies the users according to the user attribute set S to generate a user attribute group Gr. When doctor UiAfter leaving the office or after completing the operation of a combined diagnosis and treatment, the psychiatrist UjProperty λ ofmThe information in the Gr is updated by the attribute authority to be Gr' without a cooperative function;
the attribute authority sends the user attribute group information Gr' to a medical cloud server;
the attribute for revoking the cooperative function is marked as set m, and the attribute for marking revoking the cooperative function is marked as lambdam
The medical cloud server receives the attribute group information Gr 'and takes the attribute group key for updating Gr' as Kλ', reselecting random number
Figure RE-GDA0002611198460000061
Further calculation ofThe updated ciphertext is
Figure RE-GDA0002611198460000062
Figure RE-GDA0002611198460000063
Figure RE-GDA0002611198460000064
For possession attribute λjBut does not need to change the attribute group of the related information, and the attribute group key does not need to be updated
The medical data management server generates KEKs for the user U through a KEKGen (U) algorithm. KEKGen (U) algorithm inputs parameters as the user index U, and outputs parameters as key encryption keys KEKs;
the medical data service manager is updated according to the data
Figure RE-GDA0002611198460000065
Selecting a new minimal coverage set comprising an owning attribute lambdajNew user, delete attribute lambda ofjThe user of (1);
by updated
Figure RE-GDA0002611198460000066
Generate a new header message of
Figure RE-GDA0002611198460000067
Figure RE-GDA0002611198460000068
Further, user U is updatediThe private key is
Figure RE-GDA0002611198460000069
The users who do not have the revocation coordination function and the access right or the partial attribute of the users have the decryption capability, and the following calculation is carried out:
Figure RE-GDA00026111984600000610
when effective cooperative function exists, secret value conversion and calculation are realized
Figure RE-GDA00026111984600000611
Reconstructing the secret of the root node, computing
Figure RE-GDA00026111984600000612
Computing
Figure RE-GDA00026111984600000613
By the formula
Figure RE-GDA00026111984600000614
A symmetric key k is calculated. Because the plaintext message M is encrypted using the symmetric encryption algorithm EK(M) encrypted so that the plaintext message M can be decrypted when the user obtains the symmetric key K.
Example 2 of the invention: in the embodiment, when a financial document needs to be accessed cooperatively inside a company, a financial data holder specifies that a senior management accountant can access the financial document, or the senior accountant and an auditor can access the financial document, so that the latter two access modes are a cooperative access mode, but if a designated auditor leaves the company, the cooperative access right and the validity of the attribute of the auditor need to be revoked simultaneously, the cooperative function and the attribute of a user need to be revoked by using the similar method, so that a legally authorized user can access the financial document inside the company, and the data security is guaranteed.

Claims (8)

1. An attribute-based collaborative access control revocation method is characterized in that: first authority is based onClassifying users in the same user group according to the user attributes to generate an attribute group which is used as a basis for user revocation, attribute revocation and collaborative function revocation, and sending attribute group information to a cloud server; after the cloud server side receives the attribute group information, the data management server generates a random attribute group key for the attribute group, and doubly encrypts a ciphertext stored on the cloud server by the data owner through the attribute group key to obtain Re-Enc (CT, Gr) → CT' and Hdr; if the user's cooperative function is revoked, in the key renewal phase
Figure FDA0002432807310000011
Then, the cancelled collaborative attribute does not have the function of transferring the decryption result any more; if the user partial attribute is cancelled or the user attribute is cancelled completely, in the key updating stage, the ciphertext corresponding to the updated attribute is updated, and the attribute group key is updated at the same time, namely a new attribute group key is selected randomly; therefore, the dynamic update of the user authority is realized by utilizing the attribute group information.
2. The attribute-based collaborative access control revocation method according to claim 1, wherein: the users in the same user group refer to a set of users responsible for a project, i.e. a user group.
3. The attribute-based collaborative access control revocation method according to claim 1, wherein: the data management server refers to a related cloud service provided by a cloud service provider and related to cloud storage ciphertext data.
4. The attribute-based collaborative access control revocation method according to claim 1, wherein: the double encryption means that the first encryption is that a data owner encrypts plaintext data by using a symmetric encryption algorithm, then encrypts a symmetric encryption key by using a ciphertext strategy attribute encryption method, and stores a ciphertext result to a cloud server; and the second encryption is that the data management server uses the randomly generated attribute group key to encrypt the ciphertext on the cloud for the second time.
5. The attribute-based collaborative access control revocation method according to claim 1, wherein: the attribute group information refers to that the authority classifies users in the same user group according to user attributes, the users with the same attributes are classified into one class, and the user attribute set comprises all the users with the same attributes, so that an attribute group is generated.
6. The attribute-based collaborative access control revocation method according to claim 1, wherein: the key updating stage is that the authority updates the user information from the attribute group information.
7. The attribute-based collaborative access control revocation method according to claim 1, wherein: the Re-encryption algorithm refers to Re-Enc (CT, Gr) → CT', Hdr, ciphertext CT and an attribute group Gr are input, and the ciphertext contains an access structure; if the attribute group appears in the access structure, the random attribute group key is used for re-encrypting the ciphertext CT; otherwise, returning to T; finally, outputting the re-encrypted ciphertext CT' and the header information Hdr; and when the user attribute meets the access policy, the un-revoked user can obtain the decryption right.
8. The attribute-based collaborative access control revocation method according to claim 1, wherein: the key updating algorithm refers to
Figure FDA0002432807310000021
An algorithm for inputting updated property groups in response to undo operations
Figure FDA0002432807310000022
Information, output update attribute group key K'λAnd then re-encrypting the ciphertext with the updated key to execute a re-encryption algorithm, wherein the algorithm updates the branch value to ⊥ only when the cooperative function is revoked.
CN202010241824.3A 2020-03-31 2020-03-31 Cooperative access control revocation method based on attribute Active CN111680306B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010241824.3A CN111680306B (en) 2020-03-31 2020-03-31 Cooperative access control revocation method based on attribute
AU2020104358A AU2020104358A4 (en) 2020-03-31 2020-12-28 Revocation method of attribute-based collaborative access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010241824.3A CN111680306B (en) 2020-03-31 2020-03-31 Cooperative access control revocation method based on attribute

Publications (2)

Publication Number Publication Date
CN111680306A true CN111680306A (en) 2020-09-18
CN111680306B CN111680306B (en) 2023-04-25

Family

ID=72451384

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010241824.3A Active CN111680306B (en) 2020-03-31 2020-03-31 Cooperative access control revocation method based on attribute

Country Status (2)

Country Link
CN (1) CN111680306B (en)
AU (1) AU2020104358A4 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113486384A (en) * 2021-07-28 2021-10-08 北京字节跳动网络技术有限公司 Key updating method, device, multi-attribute authority management system, equipment and medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001011843A1 (en) * 1999-08-06 2001-02-15 Sudia Frank W Blocked tree authorization and status systems
CN103220291A (en) * 2013-04-09 2013-07-24 电子科技大学 Access control method base on attribute encryption algorithm
CN103618609A (en) * 2013-09-09 2014-03-05 南京邮电大学 User timely revocation method based on attribute-based encryption in cloud environment
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN105100083A (en) * 2015-07-06 2015-11-25 河海大学 Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo
CN107426162A (en) * 2017-05-10 2017-12-01 北京理工大学 A kind of method based on attribute base encryption Implement Core mutual role help
WO2018121445A1 (en) * 2016-12-29 2018-07-05 中兴通讯股份有限公司 Multi-tenant access control method and apparatus
CN110098926A (en) * 2019-05-06 2019-08-06 西安交通大学 One attribute cancelling method
CN110457930A (en) * 2019-08-16 2019-11-15 上海海事大学 The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy
CN110830259A (en) * 2019-08-06 2020-02-21 贵州大学 Method and system for providing originality and integrity certification for multimedia data

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001011843A1 (en) * 1999-08-06 2001-02-15 Sudia Frank W Blocked tree authorization and status systems
CN103220291A (en) * 2013-04-09 2013-07-24 电子科技大学 Access control method base on attribute encryption algorithm
CN103618609A (en) * 2013-09-09 2014-03-05 南京邮电大学 User timely revocation method based on attribute-based encryption in cloud environment
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN105100083A (en) * 2015-07-06 2015-11-25 河海大学 Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo
WO2018121445A1 (en) * 2016-12-29 2018-07-05 中兴通讯股份有限公司 Multi-tenant access control method and apparatus
CN107426162A (en) * 2017-05-10 2017-12-01 北京理工大学 A kind of method based on attribute base encryption Implement Core mutual role help
CN110098926A (en) * 2019-05-06 2019-08-06 西安交通大学 One attribute cancelling method
CN110830259A (en) * 2019-08-06 2020-02-21 贵州大学 Method and system for providing originality and integrity certification for multimedia data
CN110457930A (en) * 2019-08-16 2019-11-15 上海海事大学 The attribute base encryption method and system of the hiding traceable revocation malicious user of strategy

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
GOYAL V ET AL: "Attribute-based encryption for fine-grained access control of encrypted data", 《PROCEEDINGS OF THE 13TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 *
尹龙潇等: "密文策略属性加密中的撤销控制方案", 《计算机工程与应用》 *
蒋松泉: "可撤销存储的基于属性的加密方案研究", 《中国优秀硕士学位论文全文数据库》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113486384A (en) * 2021-07-28 2021-10-08 北京字节跳动网络技术有限公司 Key updating method, device, multi-attribute authority management system, equipment and medium

Also Published As

Publication number Publication date
CN111680306B (en) 2023-04-25
AU2020104358A4 (en) 2021-03-18

Similar Documents

Publication Publication Date Title
CN110099043B (en) Multi-authorization-center access control method supporting policy hiding and cloud storage system
Au et al. A general framework for secure sharing of personal health records in cloud system
Pussewalage et al. Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions
CN113067857B (en) Electronic medical record cross-hospital sharing method based on double-chain structure
Rezaeibagha et al. Distributed clinical data sharing via dynamic access-control policy transformation
Yu et al. Achieving secure, scalable, and fine-grained data access control in cloud computing
Huang et al. A hierarchical framework for secure and scalable EHR sharing and access control in multi-cloud
Edemacu et al. Collaborative ehealth privacy and security: An access control with attribute revocation based on OBDD access structure
Tembhare et al. Role-based policy to maintain privacy of patient health records in cloud
KR101220160B1 (en) Secure data management method based on proxy re-encryption in mobile cloud environment
CN113645195B (en) Cloud medical record ciphertext access control system and method based on CP-ABE and SM4
Ramu et al. Fine-grained access control of EHRs in cloud using CP-ABE with user revocation
Barua et al. SPS: Secure personal health information sharing with patient-centric access control in cloud computing
WO2012161417A1 (en) Method and device for managing the distribution of access rights in a cloud computing environment
Saidi et al. SHARE-ABE: an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing
Gao et al. Blockchain based secure IoT data sharing framework for SDN-enabled smart communities
Sangeetha et al. A secure cloud based Personal Health Record framework for a multi owner environment
Ragesh et al. Cryptographically enforced data access control in personal health record systems
Fugkeaw A lightweight policy update scheme for outsourced personal health records sharing
Ma et al. Attribute revocable data sharing scheme based on blockchain and CP-ABE
Chaudhary et al. RMA-CPABE: A multi-authority CPABE scheme with reduced ciphertext size for IoT devices
Yan et al. Traceable and weighted attribute-based encryption scheme in the cloud environment
Fugkeaw et al. Secure and Lightweight Blockchain-enabled Access Control for Fog-Assisted IoT Cloud based Electronic Medical Records Sharing
CN111680306B (en) Cooperative access control revocation method based on attribute
Panda et al. Towards achieving efficient access control of medical data with both forward and backward secrecy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant