CN112307508B - Revocable data sharing system based on SGX, CP-ABE and block chain - Google Patents

Revocable data sharing system based on SGX, CP-ABE and block chain Download PDF

Info

Publication number
CN112307508B
CN112307508B CN202011066565.1A CN202011066565A CN112307508B CN 112307508 B CN112307508 B CN 112307508B CN 202011066565 A CN202011066565 A CN 202011066565A CN 112307508 B CN112307508 B CN 112307508B
Authority
CN
China
Prior art keywords
user
sgx
abe
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011066565.1A
Other languages
Chinese (zh)
Other versions
CN112307508A (en
Inventor
阚海斌
冉津豪
张亮
戴雨浓
李雪峰
吴小川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN202011066565.1A priority Critical patent/CN112307508B/en
Publication of CN112307508A publication Critical patent/CN112307508A/en
Application granted granted Critical
Publication of CN112307508B publication Critical patent/CN112307508B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The invention belongs to the technical field of block chains, and particularly relates to a revocable data sharing system. The system comprises a block chain, a CP-ABE toolkit module, an SGX module and nodes/users; a user encrypts and stores the data in a block chain by specifying the accessible attribute of the data; the user acquires encrypted data from the block chain, performs security verification in the SGX, and decrypts the data after the data conforms to the data attribute; because the verification process is executed in the SGX, the user takes effect immediately after the attribute of the user is cancelled, and the access control structure in the SGX is updated, so that the user cannot access the data again; the attribute structure capable of being immediately taken into effect and being revoked enables users to immediately lose the right of data access after the attributes are revoked, improves the security of data sharing, and avoids the users losing the attributes from using the old key to access the data again, which is the main characteristic of the invention.

Description

Revocable data sharing system based on SGX, CP-ABE and block chain
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a revocable data sharing system based on SGX, CP-ABE and a block chain.
Background
cipher-Policy Attribute-Based Encryption (CP-ABE) refers to an Encryption technique Based on cipher-Policy attributes, where a cipher corresponds to an access structure (access control), and a key corresponds to an Attribute set, and a cipher can be decrypted only when the attributes in the Attribute set can satisfy the access structure. For example, each user may obtain a key from an attribute authority based on its condition or attribute, and the encrypter may then exercise access control over the message.
The CP-ABE technology is an important branch of the attribute encryption (ABE) technology, where an attribute set is associated with a key and a ciphertext corresponds to an Access Control Policy (ACP).
Access structure (access control) is a term of security system research, and refers to the structure of an authorized set of access structures for a system. While ACP has a number of implementations, here we implement access control policies in the form of access trees. The non-leaf nodes of the access tree represent threshold gates, each threshold gate being represented by an "AND" OR an "OR"; leaf nodes represent attribute values. A set of attributes that satisfies the condition is a set of attributes that enables the expression formed by the access tree to be true. If the attribute value set of the user does not satisfy the expression, the user cannot decrypt the ciphertext generated by the ACP; if so, the user is a legitimate user, and the ciphertext can be decrypted to obtain the information.
In the CP-ABE scheme, the key corresponds to a set of attributes, the ciphertext corresponds to access control, and decryption can only be performed if and only if the attributes the user has satisfy the condition. The encryptor only needs to consider the structure of the ACP and not who will decrypt and use a pairing-based cryptographic technique to randomize the ciphertext and hide the ciphertext from collusion.
The block chain is a new technology with the characteristics of distribution, non-tampering, traceability and the like, is formed by a point-to-point network, provides a data path for nodes and maintains a decentralized distributed account book. Data on the blockchain is shared and synchronous, information is transmitted through a point-to-point network, and all nodes need to be agreed through a consensus algorithm. Block chains have an excellent role in preserving user data.
SGX (software Guard extensions) is an instruction set extension built into newer CPU products in Intel. The method aims to provide a trusted execution environment of a user space by taking hardware safety as mandatory guarantee and not depending on the safety states of firmware and software, realize isolated operation among different programs by a group of new instruction set extension and access control mechanisms, and guarantee that confidentiality and integrity of user key codes and data are not damaged by malicious software.
The Trusted Computing Base (TCB) of the SGX only comprises hardware, the defect that the TCB based on the software has software security loopholes and threats is overcome, the system security guarantee is greatly improved, in addition, the SGX can guarantee a trusted execution environment during operation, malicious codes cannot access and tamper the protection content during operation of other programs, the security of the system is further enhanced, and the application program can flexibly call the security function and verify the security function based on the extension of an instruction set and an independent authentication mode. The key of the user is stored in the SGX and is updated in real time along with the granting and the revocation of the authority, so that the further guarantee of the data security can be realized.
Disclosure of Invention
The invention aims to provide a revocable data sharing system based on SGX, CP-ABE and a block chain by combining SGX, CP-ABE and block chain technologies, which is used for carrying out encryption sharing on data and realizing revocable of data sharing by managing user rights in real time.
The architecture of the revocable data sharing system based on the SGX, the CP-ABE and the block chain is mainly divided into four parts: block chains (Blockchain), CP-ABE toolkit modules, SGX modules, nodes/users (nodes/users); the main relationship is shown in fig. 1. Wherein:
(1) block chains: as a platform for managing and storing information, for distributed storage of data;
the block chain is used as a platform for managing and storing information, and common consensus algorithms comprise workload certification (POW), byzantine fault tolerance (PBFT) and the like; the information of each node is stored in a Merkle tree structure, the Merkle tree is a binary tree and a multi-branch tree, the information stored in the nodes of the tree is all hash values, the information can also be called as Merkle hash tree, the leaf nodes of the tree store the hash values of the data blocks, and the hash values of the non-leaf nodes are the hash values obtained by combining all child node data of the node; the whole design can ensure the integrity of data in the block chain;
(2) CP-ABE toolkit Module: namely the CP-ABE toolkit; the data will be encrypted and decrypted using the tool package CP-ABE toolkit; the module has the characteristics of low coupling and high cohesion, and well meets the engineering requirements; the algorithm can be divided into four parts: initial setting, an encryption algorithm, a key generation algorithm and a decryption algorithm; wherein:
1) the initial setting is that a bilinear group related to prime numbers is generated by a generator;
2) the encryption algorithm is to encrypt the information M under the access control tree strategy T to obtain a ciphertext C;
3) the key generation algorithm is to take the attribute set S as input and output a key K;
4) a decryption algorithm, namely inputting a secret key K and a ciphertext C, and when an attribute set S for generating the secret key K meets a control tree strategy T when encrypting information, completing decryption to obtain a plaintext M, otherwise, failing to complete decryption;
(3) an SGX module: the key of the invention is; based on the safe environment, updating and ciphertext decryption interfaces of keys face users through the SGX, the SGX sends requests to CP-ABE toolkit to update and decrypt the keys, authority updating of any user can return to the SGX immediately, the keys held by the corresponding users are changed, the keys take effect immediately, and the users cannot acquire the keys; by utilizing the characteristic, after the user authority is revoked, the authority and the key owned by the user are immediately updated, so that the authority revocation is timely and effective;
(4) node/user: each user has a corresponding authority and a key generated by the corresponding authority, and the key is stored in the SGX; the user has two actions:
information is uploaded: a user can encrypt data by using a CP-ABE toolkit module and then upload the data to a block chain;
obtaining information: a user can acquire any encrypted data block from the block chain, request SGX decryption, and use a stored key to request a CP-ABE toolkit module to reveal the data if the SGX passes the verification; the user can not directly obtain the key, and the possibility of decrypting the information is immediately lost after the authority is revoked, so that the purpose of revoking is achieved.
The system of the invention firstly assumes a permission granting center for setting the permission, and the permission granting center is authoritative and is trustworthy. The workflow of the system of the invention is specifically as follows (see fig. 2):
(1) initializing a system, executing an initial setting algorithm by the CP-ABE toolkit, and initializing an authority granting center Au and a user A, B (A, B have no authority);
(2) a user A specifies an access control strategy T by using a CP-ABE toolkit, encrypts data information M needing to be uploaded by using an encryption algorithm of the CP-ABE toolkit to obtain a ciphertext C, meets the requirement of the user of the access control strategy T, and can decrypt the ciphertext through an SGX;
(3) the user A uploads the ciphertext C to a block chain, a node is automatically created through a mechanism of the block chain, the hash value of the node is calculated and stored in a Merkle tree, and the integrity of uploaded data is guaranteed;
(4) the authority granting center Au grants the authority to the user B through the CP-ABE toolkit, so that the authority of the user B accesses the control strategy T, and a key generation algorithm of the CP-ABE toolkit is used for generating a key K1 according to the latest authority; the authority updating of any user is immediately sent to the SGX, and a key held by the corresponding user is changed to be K1, so that the authority updating takes effect immediately;
(5) the user B can obtain a ciphertext C from the block chain and request the SGX to decrypt, if the SGX verifies that the identity of the user B really has the authority required by the ciphertext decryption, the SGX decrypts the ciphertext C by using the key of the B through a decryption algorithm of a CP-ABE toolkit to obtain plaintext information M, otherwise, the user B cannot complete decryption;
(6) the authority granting center Au can change the authority of the user B at any time; the detailed process is as follows: au generates a new key K2 by the key generation algorithm of CP-ABE toolkit with a new authority (assuming null, meaning all authorities of B are revoked); the authority updating of any user is immediately sent to the SGX, and a key held by the corresponding user is changed to be K2, so that the authority updating takes effect immediately;
(7) and the user B applies for the decrypted ciphertext C from the SGX again, the access control strategy T is not met, and the decryption fails.
The system realizes the function of safe file sharing by the CP-ABE and the block chain, and has the most characteristic of the safety revocable characteristic realized by the SGX. If the SGX module is not used, and the user only applies for generating a key to the CP-ABE toolkit and saves the key by the user, it will be possible that the user applies for the key and saves the key when having the associated rights, and after the rights granting center revokes the rights of the user, the user can still decrypt the ciphertext with the previously saved key. Our invention avoids this problem by keeping the keys in isolation with SGX. Meanwhile, the security of the SGX only depends on the characteristics of CPU hardware, so that the risks from software bugs and operating system bugs are avoided, and the security of the system is further improved.
Significance and beneficial effects of the invention
Data sharing is a necessary requirement of the current society. The purpose of data sharing is to enable different people to read data shared by other people and perform required operations by using different devices in different places. The data sharing is realized, and more people can use the existing data resources more fully and conveniently. In an ecosystem, if all shared information is stored in a system or a large-scale server, data sharing will face the problems of large leakage of access information, complex structure and the like.
The invention provides a revocable data sharing system based on SGX, CP-ABE and a block chain, wherein a user encrypts and stores an accessible attribute of data in the block chain; the user can obtain the encrypted data from the block chain, and the data is decrypted after security verification in the SGX and data attribute conformity. Meanwhile, since the authentication process is executed in the SGX, the user will take effect immediately after the attribute of the user is revoked, and the access control structure in the SGX is updated, so that the user cannot access the data again. The attribute structure capable of being immediately taken into effect can enable the user to immediately lose the right to access the data after the attribute is revoked, improve the security of data sharing, and avoid the user losing the attribute from using the old key to access the data again. The encrypted information is stored and transmitted by the block chain technology, so that the information can be shared in the whole network, and the data safety can be fully ensured, thereby ensuring the safety of a shared data system.
Drawings
FIG. 1 is a diagram of the system architecture of the present invention.
Fig. 2 is a schematic representation of the system workflow of the present invention.
Detailed Description
The revocable data sharing system based on the SGX, the CP-ABE and the block chain, provided by the invention, realizes permission revocable and ensures data security by utilizing the characteristics of distributed block chain, non-tampering, traceability and the like, the CP-ABE scheme and the isolation of the SGX. The system of the present invention is further described below by way of specific examples:
it is necessary to first assume that a rights granting center is used to set rights, and that the rights granting center is authoritative and trustworthy. The system requires two servers, one CP-ABE toolkit server and one SGX server.
A server: an encryption interface is directly provided for users, and a key generation and decryption interface is provided for the SGX module.
A server: and providing the authority and the key updating interface for the authority granting center and providing a decryption interface for the user.
Storing data: the user firstly sends the data to be shared and the user attribute which hopes to obtain the data to the CP-ABE toolkit server, and stores the encrypted data in the block chain.
Acquiring data: the user sends the encrypted data acquired from the block chain to the SGX server, the SGX server matches the authority requirement of the encrypted data with the authority attribute of the user, and if the authority attribute of the user meets the authority requirement of the data, the SGX server decrypts the data through a CP-ABE toolkit server interface.
And (3) permission updating: when the authority granting center updates the user authority, a request is sent to the SGX server authority and a key updating interface, a user is modified to be a certain authority, then the SGX server immediately applies a new authority to a CP-ABE toolkit server, the key corresponds to the user identity, and the key is stored in the SGX server. When the authority granting center sets a certain user as empty, the user does not have any decryption capability after the authority updating process, and the purpose of authority revocation is achieved. Likewise, partial rights revocation may be implemented, such as setting the user rights "M AND N" to "M", the user no longer has N rights.

Claims (2)

1. A revocable data sharing system based on SGX, CP-ABE and a block chain is characterized by being divided into four parts: a block chain, a CP-ABE toolkit module, an SGX module, a node/user; wherein:
the block chain is used as a platform for managing and storing information and is used for storing data in a distributed mode; the consensus algorithm comprises workload certification and Byzantine fault tolerance; the information of each node is stored in a Merkle tree structure, the Merkle tree is a binary tree and a multi-branch tree, and the information stored in the nodes of the tree is all hash values; the whole design ensures the integrity of data, namely the data cannot be tampered;
the CP-ABE toolkit module, namely a CP-ABE toolkit, is the specific implementation of the CP-ABE; the confidential data will be encrypted using the CP-ABE encryption algorithm module; when using CP-ABE toolkit, firstly, when initializing the system, selecting an authorized node to execute the steps of initialization and key generation; each node is assigned an attribute set, and a key is generated for the node with the attribute set; during encryption, the node encrypts data by using the ACP and generates a ciphertext; when decrypting, any other node with the attribute set meeting the ACP can decrypt the ciphertext to obtain the original information; in this toolkit, all communications are performed by RPC;
the CP-ABE toolkit server is provided with three interfaces, namely a key generation interface, an encryption interface and a decryption interface; the encryption interface is directly oriented to the user, namely the user directly transmits a ciphertext, namely an ACP structure, to finish encryption; the key generation and decryption interface is hermetically oriented to the SGX;
the SGX module is used for providing a trusted execution environment of a user space by taking hardware safety as mandatory guarantee and not depending on the safety states of firmware and software, realizing isolated operation among different programs through a group of new instruction set extension and access control mechanisms and guaranteeing that the confidentiality and the integrity of user key codes and data are not damaged by malicious software;
based on the trusted execution environment, the updating and ciphertext decryption interfaces of the key face the user through the SGX, and the SGX sends a request to the CP-ABE toolkit to update and decrypt the key; the authority updating of any user can be immediately returned to the SGX, the key held by the corresponding user is changed and immediately takes effect, and the user cannot acquire the key; by utilizing the characteristic, after the user authority is revoked, the authority and the key owned by the user are immediately updated, so that the authority revocation is timely and effective;
each user of the node/user has a corresponding authority and a key generated by the corresponding authority, and the key is stored in the SGX; the user has two actions:
(1) uploading information: after encrypting data by using a CP-ABE toolkit module, a user uploads the data to a block chain;
(2) acquiring information: a user acquires any encrypted data block from the block chain, requests the SGX to decrypt, and if the SGX passes the verification, uses a stored key to request the CP-ABE toolkit module to reveal the data; the user can not directly obtain the key, and the possibility of decrypting the information is immediately lost after the authority is revoked, so that the purpose of revoking is achieved;
the system work flow is as follows:
(1) initializing a system, executing an initial setting algorithm by the CP-ABE toolkit, and initializing an authority granting center Au and a user A, B;
(2) a user A specifies an access control strategy T by using a CP-ABE toolkit, encrypts data information M needing to be uploaded by using an encryption algorithm of the CP-ABE toolkit to obtain a ciphertext C, and decrypts the ciphertext by using an SGX (serving gateway) of the user meeting the access control strategy T;
(3) the user A uploads the ciphertext C to a block chain, a node is automatically created through a mechanism of the block chain, the hash value of the node is calculated and stored in a Merkle tree, and the integrity of uploaded data is guaranteed;
(4) the authority granting center Au grants the authority to the user B through the CP-ABE toolkit, so that the authority attribute is S, S meets the access control strategy T, and a key is generated according to the latest authority by using a key generation algorithm of the CP-ABE toolkit; the authority updating of any user is immediately sent to the SGX, and a key held by the corresponding user is changed to take effect immediately;
(5) the user B acquires a ciphertext C from the block chain, requests the SGX to decrypt, if the SGX verifies that the attribute authority S of the user B really has an access control strategy T required by ciphertext decryption, the SGX decrypts the ciphertext C by using the key of the user B through a decryption algorithm of a CP-ABE toolkit to obtain plaintext information M, otherwise, the user B cannot complete decryption;
(6) the authority granting center Au changes the authority of the user B at any time; the process is as follows: au means revoking all permissions of B with a new permission, i.e. assumed to be null; generating a new key through a key generation algorithm of the CP-ABE toolkit; the authority updating of any user is immediately sent to the SGX, and a key held by the corresponding user is changed to take effect immediately;
(7) and the user B applies for decrypting the ciphertext C to the SGX again, the null attribute does not meet the access control strategy T, and the decryption fails.
2. The system of claim 1, wherein the CP-ABE cryptographic algorithm module in the CP-ABE toolkit is divided into four parts: initial setting, an encryption algorithm, a key generation algorithm and a decryption algorithm; wherein:
(1) the initial setting is that a bilinear group related to prime numbers is generated by a generator;
(2) the encryption algorithm is to encrypt the information M under the access control tree strategy T to obtain a ciphertext C;
(3) the key generation algorithm is to take the attribute set S as input and output a key K;
(4) and the decryption algorithm is to input a secret key K and a ciphertext C, and when the attribute set S for generating the secret key K meets the control tree strategy T when the encryption information is generated, the decryption is completed to obtain a plaintext M, otherwise, the decryption cannot be completed.
CN202011066565.1A 2020-10-01 2020-10-01 Revocable data sharing system based on SGX, CP-ABE and block chain Active CN112307508B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011066565.1A CN112307508B (en) 2020-10-01 2020-10-01 Revocable data sharing system based on SGX, CP-ABE and block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011066565.1A CN112307508B (en) 2020-10-01 2020-10-01 Revocable data sharing system based on SGX, CP-ABE and block chain

Publications (2)

Publication Number Publication Date
CN112307508A CN112307508A (en) 2021-02-02
CN112307508B true CN112307508B (en) 2022-04-12

Family

ID=74488691

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011066565.1A Active CN112307508B (en) 2020-10-01 2020-10-01 Revocable data sharing system based on SGX, CP-ABE and block chain

Country Status (1)

Country Link
CN (1) CN112307508B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726520A (en) * 2021-08-19 2021-11-30 广东工业大学 Multi-authority revocable encrypted two-dimensional code electronic medical record based on block chain
CN115174235B (en) * 2022-07-08 2023-06-02 慧之安信息技术股份有限公司 Encryption method for revocable attribute of Internet of things based on blockchain

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101880175B1 (en) * 2018-02-13 2018-07-19 주식회사 마크로젠 Bio-information data providing method, bio-information data storing method and bio-information data transferring system based on multiple block-chain
CN108833393A (en) * 2018-06-07 2018-11-16 西安电子科技大学 A kind of revocable data sharing method calculated based on mist
CN110808958A (en) * 2019-10-07 2020-02-18 复旦大学 Medicine separation management system based on CP-ABE and block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101880175B1 (en) * 2018-02-13 2018-07-19 주식회사 마크로젠 Bio-information data providing method, bio-information data storing method and bio-information data transferring system based on multiple block-chain
CN108833393A (en) * 2018-06-07 2018-11-16 西安电子科技大学 A kind of revocable data sharing method calculated based on mist
CN110808958A (en) * 2019-10-07 2020-02-18 复旦大学 Medicine separation management system based on CP-ABE and block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云计算下可撤销的全外包CP-ABE方案;江泽涛;《计算机科学》;20190731;第114-119页 *
基于多分数阶混沌系数的彩色图像加密算法;武相军;《计算机与现代化》;20131231(第11期);第1-7页 *

Also Published As

Publication number Publication date
CN112307508A (en) 2021-02-02

Similar Documents

Publication Publication Date Title
CN109559124B (en) Cloud data security sharing method based on block chain
WO2021179449A1 (en) Mimic defense system based on certificate identity authentication, and certificate issuing method
WO2021073170A1 (en) Method and apparatus for data provision and fusion
US8971535B2 (en) Multi-level key management
CN102014133B (en) Method for implementing safe storage system in cloud storage environment
CN109120639A (en) A kind of data cloud storage encryption method and system based on block chain
US20070003064A1 (en) Apparatus and method for group session key and establishment using a certified migration key
CN104717297A (en) Safety cloud storage method and system
CN103534976A (en) Data security protection method, server, host, and system
CN103220291A (en) Access control method base on attribute encryption algorithm
US7266705B2 (en) Secure transmission of data within a distributed computer system
CN111010430B (en) Cloud computing security data sharing method based on double-chain structure
CN111079191A (en) CP-ABE access control scheme based on block chain
CN112307508B (en) Revocable data sharing system based on SGX, CP-ABE and block chain
WO2012161417A1 (en) Method and device for managing the distribution of access rights in a cloud computing environment
CN107426162A (en) A kind of method based on attribute base encryption Implement Core mutual role help
Gao et al. Blockchain based secure IoT data sharing framework for SDN-enabled smart communities
Seitz et al. Key management for encrypted data storage in distributed systems
CN112906032B (en) File secure transmission method, system and medium based on CP-ABE and block chain
CN114091058A (en) Method and system for secure sharing of data between a first area and a second area
Priya et al. A survey: attribute based encryption for secure cloud
Ahmed Using secure-image mechanism to protect mobile agent against malicious hosts
JP2008197998A (en) Enciphered data storage method in distributed network storage system
Tian et al. Fine‐grained assured insertion and deletion scheme based on onion encryption in cloud storage
Li et al. A Blockchain-Based Privacy-Preserving Data Sharing Scheme with Security-Enhanced Access Control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant