WO2016197680A1 - Système de contrôle d'accès pour une plateforme de service de stockage en nuage et procédé de contrôle d'accès associé - Google Patents

Système de contrôle d'accès pour une plateforme de service de stockage en nuage et procédé de contrôle d'accès associé Download PDF

Info

Publication number
WO2016197680A1
WO2016197680A1 PCT/CN2016/078599 CN2016078599W WO2016197680A1 WO 2016197680 A1 WO2016197680 A1 WO 2016197680A1 CN 2016078599 W CN2016078599 W CN 2016078599W WO 2016197680 A1 WO2016197680 A1 WO 2016197680A1
Authority
WO
WIPO (PCT)
Prior art keywords
cloud storage
attribute
storage service
access control
data
Prior art date
Application number
PCT/CN2016/078599
Other languages
English (en)
Chinese (zh)
Inventor
张鹏
喻建平
刘宏伟
王平
Original Assignee
深圳大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大学 filed Critical 深圳大学
Publication of WO2016197680A1 publication Critical patent/WO2016197680A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the invention belongs to the field of cloud storage service technologies, and in particular relates to an access control system and an access control method thereof for a cloud storage service platform, in particular, an Amazon S3 cloud storage service platform.
  • the cloud storage service provider is the physical owner of the data, and is not in the same trust domain as the data owner.
  • a cloud storage service provider manages multiple users and their resources. When users access other user resources across borders, they need to adopt certain access control policies to control access to data and services.
  • the cloud storage service platform adopts the virtualized storage technology, the cloud storage service is loosely coupled with the underlying hardware environment, and the data of different users lacks a fixed security boundary, thereby increasing the cloud storage. The difficulty of the service platform to implement access control on data.
  • the data owner can set the read/write attribute of the user data uploaded by it, for example, setting the read/write attribute to public read/private write or public read/public write, to a certain extent Data read and write permissions, but because user data is still stored in clear text on the cloud storage service platform, lack of effective privacy protection mechanism, can not effectively resist the access of illegal users and make user data leak.
  • An object of the present invention is to provide an access control system for a cloud storage service platform, which aims to solve the problem that the existing cloud storage service platform stores user data in a clear text form with poor privacy and security.
  • the embodiment of the present invention is implemented in this manner, and is an access control system for a cloud storage service platform.
  • the system includes:
  • the management terminal running by the authorization center is used to generate the system common parameters and upload to the cloud storage server, generate the user private key and secretly distribute it to the data owner and the shared user, and generate the first partial secret of the data to be uploaded by using the weight attribute encryption mechanism.
  • a client running by the data owner and the shared user, generating a second partial ciphertext to be uploaded by using the weight attribute encryption mechanism, combining the first partial ciphertext, the second partial ciphertext, and the data to be uploaded Generating a final ciphertext and uploading the final ciphertext as shared data to the cloud storage service platform, and also for downloading public parameters and sharing data from the cloud storage service platform, and using the public parameters and corresponding users
  • the private key decrypts the downloaded shared data.
  • Another object of the present invention is to provide an access control method for an access control system for a cloud storage service platform as described above, the method comprising the following steps:
  • the authorization center runs the management terminal, generates public parameters and a master private key, and uploads the public parameters to the cloud storage service platform.
  • the data belongs to the main running client, requests authorization from the authorization center and sends data upload request information;
  • the authorization center runs a management end, verifies the data owner identity and generates a corresponding user private key in combination with the primary private key, and generates a first partial secret to be uploaded based on the weight attribute encryption mechanism according to the data upload request information. And sending the corresponding user private key and the first partial ciphertext to the data owner;
  • the data owner combines the first partial ciphertext, the second partial ciphertext to generate a final ciphertext, and uploads the final ciphertext as shared data to the cloud storage service platform;
  • the shared user runs the client and requests authorization from the authorization center;
  • the authorization center runs a management terminal, verifies the shared user identity, generates a corresponding user private key in combination with the primary private key, and sends a corresponding user private key to the shared user;
  • the shared user runs a client, and downloads the public parameter and the location from the cloud storage service platform
  • the shared data is described, and the downloaded shared data is decrypted using the public parameters and the corresponding user private key.
  • the authorization center and the data owner are based on the weight attribute encryption mechanism, and the user data to be uploaded is encrypted and stored on the cloud storage service platform. Therefore, effective privacy protection can be implemented for the shared data on the cloud storage service platform, and the security of the cloud storage service is improved.
  • the attributes of the user are combined with the weights, the hierarchical management of the user attributes is implemented, so that users of different levels of the same attribute have different access rights.
  • the system adopts the ciphertext segmentation method, that is, the authorization center and the data owner respectively generate partial ciphertexts, control the user access rights through the authorization center ciphertext, and formulate the access control policy through the data owner ciphertext, when the user attributes
  • the authorization center can update the ciphertext of its own part to realize the real-time revocation of the user's access rights.
  • FIG. 1 is a structural diagram of an access control system for a cloud storage service platform provided by the present invention
  • FIG. 2 is a flowchart of an access control method of an access control system for a cloud storage service platform provided by the present invention.
  • the access control system and the access control method for the cloud storage service platform proposed by the present invention are based on a weight attribute encryption mechanism, and the user data to be uploaded is encrypted and stored on the cloud storage service platform. .
  • FIG. 1 shows the structure of an access control system for a cloud storage service platform provided by the present invention, and only parts related to the present invention are shown for convenience of explanation.
  • the access control system for the cloud storage service platform comprises: a management terminal 11 operated by an authorization center, configured to generate system public parameters and upload to the cloud storage server, generate a user private key and secretly distribute to the data owner and share The user generates the first partial ciphertext to be uploaded by using the weight attribute encryption mechanism; the client 12 run by the data owner and the shared user generates the second partial ciphertext to be uploaded by using the weight attribute encryption mechanism, in combination with the first Part of the ciphertext, the second part of the ciphertext and the data to be uploaded to generate the final ciphertext and upload the final ciphertext as shared data to the cloud storage service platform, and also used to download public parameters and share data from the cloud storage service platform, and use the public The parameter and the corresponding user private key decrypt the downloaded shared data.
  • the data owner and the shared user are respectively the running main body of the client 12, and the authorization center is the running main body of the management terminal 11.
  • the data owner refers to the provider of shared data on the cloud storage service platform
  • the shared user refers to downloading the shared data from the cloud storage service platform
  • the authorization center refers to the cloud storage service in addition to the data owner and the shared user.
  • a trusted third party that interacts with the platform. It should be understood that the purpose of defining the data owner and the shared user is to distinguish that the function of the main body running the client 12 during the running of the system is to upload data or download data, so that the data owner in a certain running process of the system can It is another shared user in the running process. Similarly, the shared user in a certain running process of the system can be the data owner in another running process.
  • the management terminal 11 can also be used to maintain basic information of the user, provide functions such as adding, deleting, and searching for the user, and can modify user information such as attributes and weights.
  • the client 12 can also be used to guide the user to log in to the system based on the identity information provided by the user and the login information distributed by the authorization center.
  • the management terminal 11 and the client terminal 12 can respectively implement the aws-java-sdk interface provided by Amazon to implement the relationship with the Amazon S3 cloud storage service platform. Communication.
  • the working principle of the access control system for the cloud storage service platform of the present invention is: after the system is established, the authorization center runs the management terminal 11, generates public parameters and a master private key, and uploads the public parameters to the cloud storage service platform.
  • the authorization center According to the attribute of the data owner, the weighting attribute encryption mechanism generates a first part of the ciphertext to be uploaded, and sends the first part of the ciphertext to the data owner.
  • the data owner generates the second part of the ciphertext to be uploaded, and then combines the first part of the ciphertext and the second part of the ciphertext to generate the final ciphertext and uploads the final ciphertext as the shared data to the cloud storage service platform.
  • the shared user reads the shared data uploaded by the first user from the cloud storage service platform, the shared user runs the client 12, and the second user logs in to the client 12 from the shared user according to the identity information and the login information.
  • the shared user obtains the user private key, downloads the public parameter and the shared data from the cloud storage service platform, and decrypts the downloaded shared data by using the public parameter and the corresponding user private key, if the attribute of the shared user is not revoked by the authorization center.
  • the shared user can successfully decrypt the shared data.
  • the authorization center and the data owner are based on the weight attribute encryption mechanism, and the user data to be uploaded is encrypted and stored on the cloud storage service platform, thereby being able to store the cloud storage.
  • the shared data on the service platform implements effective privacy protection and improves the security of the cloud storage service.
  • the attributes of the user are combined with the weights, the hierarchical management of the user attributes is implemented, so that users of different levels of the same attribute have different access rights, and the attributes are used to describe the information elements of the user, such as students in the campus network.
  • the teacher has attributes such as department, title, and teaching age, thus achieving more flexible and meticulous access control while ensuring safety.
  • the system adopts the ciphertext segmentation method, that is, the authorization center and the data owner respectively generate partial ciphertexts, control the user access rights through the authorization center ciphertext, and formulate the access control policy through the data owner ciphertext, when the user attributes
  • the authorization center can update the ciphertext of its own part to realize the real-time revocation of the user's access rights.
  • FIG. 2 is a flowchart of an access control method of an access control system for a cloud storage service platform provided by the present invention, including the following steps:
  • the authorization center runs the management terminal, generates public parameters and a master private key, and uploads the public parameters to the cloud storage service platform.
  • step of generating the public parameter and the primary private key may specifically be:
  • the attribute space U ⁇ U 1 ,...,U m ⁇ is defined.
  • the minimum weight of each attribute in the attribute space U is 1.
  • the maximum weight corresponding to each attribute is L 1 ,...,L m , and is selected at the same time. random number
  • the calculation public parameter PK and the master private key MK are respectively:
  • S2 The data belongs to the main running client, requests authorization from the authorization center and sends data upload request information.
  • the authorization center runs the management end, verifies the data owner identity and generates the corresponding user private key in combination with the primary private key, and generates the first partial ciphertext to be uploaded based on the weight attribute encryption mechanism according to the data upload request information, and the corresponding user is The private key and the first part of the ciphertext are sent to the data owner.
  • the step of generating a corresponding user private key in combination with the primary private key may specifically: input a primary private key MK, and define a weight attribute set. Defining a hash function Then choose a random number for each user Then select a random number for each weight attribute j ⁇ S And set the weight ⁇ ' j , and then generate the user private key SK as:
  • the step of generating the first partial ciphertext of the data to be uploaded based on the weight attribute encryption mechanism may specifically be: constructing the first authorization tree And according to the public parameter PK and the first authorization tree Calculate the first part of the ciphertext.
  • U represents the first authorization tree Set of leaf nodes
  • L u denotes authority set attribute u of the maximum weight value
  • q u (0) indicates that the property attribute value corresponding to u (Also the output value of the polynomial when the input is 0).
  • S4 The data owner generates a second part of the ciphertext to be uploaded based on the weight attribute encryption mechanism.
  • the step may specifically be: constructing a second authorization tree And according to the public parameter PK and the second authorization tree Calculate the second part of the ciphertext.
  • Y represents the second authorization tree
  • the set of middle leaf nodes the attribute y ⁇ Y, ⁇ y represents the minimum weight value of the data owner setting attribute y, L y represents the maximum weight value of the data owner setting attribute y, and q y (0) represents the attribute y corresponding to The attribute value, ⁇ l represents the current weight of the attribute y.
  • S5 The data owner combines the first part of the ciphertext and the second part of the ciphertext to generate the final ciphertext and uploads the final ciphertext as shared data to the cloud storage service platform.
  • the final ciphertext CT generated by combining the first partial ciphertext CT 1 and the second partial ciphertext CT 2 can be expressed as:
  • S6 The shared user runs the client and requests authorization from the authorization center.
  • the authorization center runs the management terminal, verifies the shared user identity and generates a corresponding user private key in combination with the primary private key, and sends the corresponding user private key to the shared user.
  • the step of generating the corresponding user private key in combination with the primary private key is the same as the step of generating the key in step S3, and details are not described herein.
  • S8 The shared user runs the client, downloads the public parameter and the shared data from the cloud storage service platform, and decrypts the downloaded shared data by using the corresponding user private key.
  • step of decrypting the downloaded shared data by using the public parameter and the corresponding user private key may include the following steps:
  • the first decoded information A 1 corresponding to the first partial ciphertext is obtained as follows:
  • x is the input node
  • i is the attribute value corresponding to node x
  • i att(x)
  • ⁇ i is the weight value of node x that the shared user has input
  • ⁇ i ' is the node x that the authorization center has input. The minimum weight value.
  • whether the weight attribute of the shared user satisfies the first authorization tree Means: a. If the input node x is a leaf node, if i ⁇ S and ⁇ i ⁇ ⁇ i ', then the weight attribute of the shared user is considered to satisfy the first authorization tree in case Or i ⁇ S and ⁇ i ⁇ i ', it is considered that the weight attribute of the shared user does not satisfy the first authorization tree b. If the input node x is a non-leaf node, and all the node sets under the node x are ⁇ z ⁇ , then when at least one group of nodes in the ⁇ z ⁇ meets the threshold condition, the weight attribute of the shared user is considered to satisfy the first authorization. Tree When each group of nodes in ⁇ z ⁇ does not satisfy the threshold condition, it is considered that the weight attribute of the shared user does not satisfy the first authorization tree. And if the shared user's weight attribute does not satisfy the first authorization tree Then returns null.
  • the intermediate parameter K i and the intermediate parameter B i ' are calculated as:
  • the second decoding information A 2 corresponding to the second partial ciphertext is obtained as follows:
  • whether the weight attribute of the shared user satisfies the second authorization tree Means a. If the input node x is a leaf node, ⁇ i ” is the minimum weight value of the node x that the data owner owns the input, and if i ⁇ S, and ⁇ i ⁇ ⁇ i ”, the weight of the shared user is considered Attribute satisfies the second authorization tree in case Or i ⁇ S and ⁇ i ⁇ i ”, it is considered that the weight attribute of the shared user does not satisfy the second authorization tree b.
  • the weight attribute of the shared user is considered to satisfy the second authorization. Tree And when each group of nodes in ⁇ z ⁇ does not satisfy the threshold condition, it is considered that the weight attribute of the shared user does not satisfy the second authorization tree. And if the weight attribute of the shared user does not satisfy the second authorization tree Then returns null.
  • the method includes a key generation algorithm of the user.
  • C e represents a bilinear pairing operation.
  • C e represents a bilinear pairing operation.
  • n represents the number of attributes in the system
  • S' represents the attribute set that satisfies the access structure defined by the licensor.
  • It is the encryption party that sets the attribute set related to the ciphertext.
  • the licensor sets a set of attributes related to the ciphertext. Is the attribute set of user u, ⁇ i represents the maximum weight of attribute i in the system, Is the weight of the encryption attribute setting attribute i in the cipher text. Is the weight of the attribute i owned by the user u in the system.
  • Weight mechanism The invention and the CP-WABE scheme introduce the concept of weight, realize the hierarchical processing of attributes, and can complete more detailed access control.
  • the ciphertext length and the encryption and decryption time are related to the weight level, and the communication and computational consumption are increased compared with the BSW07 scheme in which the weight is not implemented.
  • Revocation mechanism CP-WABE does not have the ability to revoke, and the BSW07 scheme can be revoked by time stamping.
  • the invention adopts ciphertext segmentation to achieve revocation.
  • the authorization center only needs to update some of its own ciphertext to realize real-time revocation of user rights.
  • the present invention implements attribute grading processing, and also introduces a new revocable mechanism, at the same time, the computing performance is more prominent, and the computing power allocation is reasonable.
  • the authorization center and the data owner are based on the weight attribute encryption mechanism, and the user data to be uploaded is encrypted and stored on the cloud storage service platform. Therefore, effective privacy protection can be implemented for the shared data on the cloud storage service platform, and the security of the cloud storage service is improved.
  • the attributes of the user are combined with the weights, the hierarchical management of the user attributes is implemented, so that users of different levels of the same attribute have different access rights, and the attributes are used to describe the information elements of the user, such as students in the campus network.
  • the teacher has attributes such as department, title, and teaching age, thus achieving more flexible and meticulous access control while ensuring safety.
  • the system uses dense The text segmentation method, that is, the authorization center and the data owner respectively generate a partial ciphertext, control the user access authority through the authorization center ciphertext, and formulate an access control policy through the data owner ciphertext, and only need to authorize when the user's attribute changes.
  • the center updates its own ciphertext to achieve real-time revocation of user access rights.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention se rapporte au domaine technique des services de stockage en nuage, et concerne un système de contrôle d'accès pour une plateforme de service de stockage en nuage et un procédé de contrôle d'accès associé. Dans le procédé et le système, un centre d'autorisation et un propriétaire de données sont basés sur un mécanisme de chiffrement basé sur un attribut pondéré. Des données d'utilisateur qui ont besoin d'être téléversées sont chiffrées et stockées dans la plateforme de service de stockage en nuage, de façon à protéger de manière efficace la confidentialité de données partagées sur la plateforme de service de stockage en nuage et à améliorer la sécurité d'un service de stockage en nuage. En même temps, des attributs d'utilisateurs sont combinés avec des poids, de façon à parvenir à une gestion échelonnée des attributs des utilisateurs, et à permettre aux utilisateurs ayant le même attribut mais différents niveaux d'avoir des droits d'accès différents. En outre, le centre d'autorisation et le propriétaire de données génèrent séparément des parties d'un cryptogramme. Des droits d'accès des utilisateurs sont contrôlés au moyen de la partie de cryptogramme du centre d'autorisation, et une politique de contrôle d'accès est déterminée au moyen de la partie de cryptogramme du propriétaire de données. Lorsqu'un attribut d'un utilisateur est changé, les droits d'accès de l'utilisateur peuvent être annulés en temps réel dès que le centre d'autorisation met à jour sa partie de cryptogramme.
PCT/CN2016/078599 2015-06-12 2016-04-06 Système de contrôle d'accès pour une plateforme de service de stockage en nuage et procédé de contrôle d'accès associé WO2016197680A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510323848.2A CN105025012B (zh) 2015-06-12 2015-06-12 面向云存储服务平台的访问控制系统及其访问控制方法
CN201510323848.2 2015-06-12

Publications (1)

Publication Number Publication Date
WO2016197680A1 true WO2016197680A1 (fr) 2016-12-15

Family

ID=54414717

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/078599 WO2016197680A1 (fr) 2015-06-12 2016-04-06 Système de contrôle d'accès pour une plateforme de service de stockage en nuage et procédé de contrôle d'accès associé

Country Status (2)

Country Link
CN (1) CN105025012B (fr)
WO (1) WO2016197680A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173868A (zh) * 2018-01-05 2018-06-15 中国地质大学(武汉) 一种一对多文件分发的方法、设备及存储设备
CN109768858A (zh) * 2018-12-26 2019-05-17 西安电子科技大学 云环境下基于多授权的属性加密访问控制系统及设计方法
WO2019096086A1 (fr) * 2017-11-14 2019-05-23 钉钉控股(开曼)有限公司 Procédé d'accès à un espace partagé et procédé et appareil de gestion d'autorisation
CN111191288A (zh) * 2019-12-30 2020-05-22 中电海康集团有限公司 一种基于代理重加密的区块链数据访问权限控制方法
CN112187798A (zh) * 2020-09-28 2021-01-05 安徽大学 一种应用于云边数据共享的双向访问控制方法及系统
CN114301651A (zh) * 2021-12-22 2022-04-08 河南大学 基于cp-abe的黄河坝岸监测数据共享方法
CN114362924A (zh) * 2020-09-29 2022-04-15 湖南大学 基于cp-abe的支持灵活撤销和可验证密文授权的系统及方法
CN115242518A (zh) * 2022-07-25 2022-10-25 深圳万海思数字医疗有限公司 混合云环境下医疗健康数据保护系统与方法
CN115550605A (zh) * 2022-08-19 2022-12-30 南京邮电大学 电网多媒体调度系统的故障检测方法及其自动检测设备

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105025012B (zh) * 2015-06-12 2017-12-08 深圳大学 面向云存储服务平台的访问控制系统及其访问控制方法
CN106341236A (zh) * 2016-09-09 2017-01-18 深圳大学 一种面向云存储服务平台的访问控制方法及其系统
CN106357395B (zh) * 2016-09-13 2019-04-23 深圳大学 一种面向雾计算的外包访问控制方法及其系统
WO2018049601A1 (fr) * 2016-09-14 2018-03-22 深圳大学 Procédé de contrôle d'accès à des données externalisées pour l'informatique en brouillard et système associé
CN106529216B (zh) * 2016-10-27 2022-04-22 西安交通大学 一种基于公共存储平台的软件授权系统及软件授权方法
CN108076106B (zh) * 2016-11-15 2019-11-19 中国科学院声学研究所 一种面向云存储数据加解密的流式处理系统及方法
CN107172014A (zh) * 2017-04-21 2017-09-15 齐鲁工业大学 一种信息管理云端共享系统
CN108540444A (zh) * 2018-02-24 2018-09-14 中山大学 一种信息传输储存方法及装置
CN108390886A (zh) * 2018-03-05 2018-08-10 商丘师范学院 教育大数据安全访问控制系统
CN109583232B (zh) * 2018-11-20 2022-03-18 深圳大学 基于cp-abe的医疗档案管理方法、装置、设备及存储介质
CN109494879A (zh) * 2018-12-25 2019-03-19 湖北师范大学 一种用于电力系统的数据采集平台
CN109451067A (zh) * 2018-12-27 2019-03-08 宝鸡文理学院 云计算系统中的数据共享方法
US11228597B2 (en) 2019-02-12 2022-01-18 Nutanix, Inc. Providing control to tenants over user access of content hosted in cloud infrastructures
CN112437063B (zh) * 2020-11-11 2022-08-23 张银杏 一种数据融合与取用方法、平台以及系统
CN112835935B (zh) * 2021-02-02 2021-12-07 农夫铺子发展集团有限公司 基于区块链和移动互联网的信息流分析方法及云服务平台
CN113645206A (zh) * 2021-07-28 2021-11-12 上海纽盾网安科技有限公司 用于不同用户需求的云存储数据访问控制方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107992A (zh) * 2013-02-04 2013-05-15 杭州师范大学 面向云存储加密数据共享的多级权限管理方法
CN103179114A (zh) * 2013-03-15 2013-06-26 华中科技大学 一种云存储中的数据细粒度访问控制方法
WO2014043894A1 (fr) * 2012-09-21 2014-03-27 Nokia Corporation Procédé et appareil pour fournir un contrôle d'accès à des données partagées sur la base d'un niveau de confiance
CN105025012A (zh) * 2015-06-12 2015-11-04 深圳大学 面向云存储服务平台的访问控制系统及其访问控制方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011045723A1 (fr) * 2009-10-15 2011-04-21 Koninklijke Philips Electronics N.V. Chiffrement et rechiffrement à base d'attributs de règles de texte chiffré
CN102857338A (zh) * 2012-08-31 2013-01-02 浪潮电子信息产业股份有限公司 一种云存储系统中数据安全传输的方法
CN102916954B (zh) * 2012-10-15 2015-04-01 南京邮电大学 一种基于属性加密的云计算安全访问控制方法
CN103973451B (zh) * 2014-05-05 2017-04-12 西南交通大学 一种用于分布式网络系统的跨信任域认证方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014043894A1 (fr) * 2012-09-21 2014-03-27 Nokia Corporation Procédé et appareil pour fournir un contrôle d'accès à des données partagées sur la base d'un niveau de confiance
CN103107992A (zh) * 2013-02-04 2013-05-15 杭州师范大学 面向云存储加密数据共享的多级权限管理方法
CN103179114A (zh) * 2013-03-15 2013-06-26 华中科技大学 一种云存储中的数据细粒度访问控制方法
CN105025012A (zh) * 2015-06-12 2015-11-04 深圳大学 面向云存储服务平台的访问控制系统及其访问控制方法

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
GOVAL, VIPUL ET AL.: "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data", CCS'06 PROCEEDINGS OF 13TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 30 October 2006 (2006-10-30), pages 89 - 98, XP055334553 *
LIU, XIMENG ET AL.: "Ciphertext-policy Weighted Attribute-based Encryption Scheme in Cloud Computing", JOURNAL OF SICHUAN UNIVERSITY(ENGINEERING SCIENCE EDITION, vol. 45, no. 6, pages 30 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019096086A1 (fr) * 2017-11-14 2019-05-23 钉钉控股(开曼)有限公司 Procédé d'accès à un espace partagé et procédé et appareil de gestion d'autorisation
CN108173868A (zh) * 2018-01-05 2018-06-15 中国地质大学(武汉) 一种一对多文件分发的方法、设备及存储设备
CN109768858A (zh) * 2018-12-26 2019-05-17 西安电子科技大学 云环境下基于多授权的属性加密访问控制系统及设计方法
CN109768858B (zh) * 2018-12-26 2022-03-08 西安电子科技大学 云环境下基于多授权的属性加密访问控制系统及设计方法
CN111191288A (zh) * 2019-12-30 2020-05-22 中电海康集团有限公司 一种基于代理重加密的区块链数据访问权限控制方法
CN111191288B (zh) * 2019-12-30 2023-10-13 中电海康集团有限公司 一种基于代理重加密的区块链数据访问权限控制方法
CN112187798A (zh) * 2020-09-28 2021-01-05 安徽大学 一种应用于云边数据共享的双向访问控制方法及系统
CN114362924A (zh) * 2020-09-29 2022-04-15 湖南大学 基于cp-abe的支持灵活撤销和可验证密文授权的系统及方法
CN114301651A (zh) * 2021-12-22 2022-04-08 河南大学 基于cp-abe的黄河坝岸监测数据共享方法
CN115242518A (zh) * 2022-07-25 2022-10-25 深圳万海思数字医疗有限公司 混合云环境下医疗健康数据保护系统与方法
CN115242518B (zh) * 2022-07-25 2024-03-22 深圳万海思数字医疗有限公司 混合云环境下医疗健康数据保护系统与方法
CN115550605A (zh) * 2022-08-19 2022-12-30 南京邮电大学 电网多媒体调度系统的故障检测方法及其自动检测设备

Also Published As

Publication number Publication date
CN105025012B (zh) 2017-12-08
CN105025012A (zh) 2015-11-04

Similar Documents

Publication Publication Date Title
WO2016197680A1 (fr) Système de contrôle d'accès pour une plateforme de service de stockage en nuage et procédé de contrôle d'accès associé
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
CN110224986B (zh) 一种基于隐藏策略cp-abe的高效可搜索访问控制方法
WO2016197770A1 (fr) Système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage
Jung et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption
Wang et al. Attribute-based data sharing scheme revisited in cloud computing
Dong et al. Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing
Zhou et al. Achieving secure role-based access control on encrypted data in cloud storage
Teng et al. Attribute-based access control with constant-size ciphertext in cloud computing
WO2018045568A1 (fr) Procédé de contrôle d'accès orienté vers une plateforme de service de stockage en nuage et système associé
Zhou et al. Privacy-preserved access control for cloud computing
CN105071937B (zh) 具有高效属性撤销的密文策略属性基加密方法
CN110247767B (zh) 雾计算中可撤销的属性基外包加密方法
Huang et al. Secure data group sharing and dissemination with attribute and time conditions in public cloud
CN114065265A (zh) 基于区块链技术的细粒度云存储访问控制方法、系统及设备
Zhang et al. Feacs: A flexible and efficient access control scheme for cloud computing
Fan et al. Privacy protection based access control scheme in cloud-based services
Dong et al. SECO: Secure and scalable data collaboration services in cloud computing
Bokefode Jayant et al. Developing secure cloud storage system by applying AES and RSA cryptography algorithms with role based access control model
Han et al. Security and efficiency data sharing scheme for cloud storage
Yang et al. Secure and efficient fine-grained data access control scheme in cloud computing1
CN109327448A (zh) 一种云端文件共享方法、装置、设备及存储介质
Wang et al. A role-based access control system using attribute-based encryption
Wang et al. A group key‐policy attribute‐based encryption with partial outsourcing decryption in wireless sensor networks
Kumar et al. ASP: advanced security protocol for security and privacy in cloud computing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16806578

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30/05/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16806578

Country of ref document: EP

Kind code of ref document: A1