WO2016197770A1 - Système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage - Google Patents

Système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage Download PDF

Info

Publication number
WO2016197770A1
WO2016197770A1 PCT/CN2016/081388 CN2016081388W WO2016197770A1 WO 2016197770 A1 WO2016197770 A1 WO 2016197770A1 CN 2016081388 W CN2016081388 W CN 2016081388W WO 2016197770 A1 WO2016197770 A1 WO 2016197770A1
Authority
WO
WIPO (PCT)
Prior art keywords
attribute
user
public key
key
access control
Prior art date
Application number
PCT/CN2016/081388
Other languages
English (en)
Chinese (zh)
Inventor
喻建平
张鹏
连景钗
王廷
Original Assignee
深圳大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大学 filed Critical 深圳大学
Publication of WO2016197770A1 publication Critical patent/WO2016197770A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the invention belongs to the field of cloud service information security, and in particular relates to an access control system of a cloud storage service platform and an access control method thereof.
  • the cloud service provider is the physical owner of the data, but not in the same trust domain as the data owner.
  • a cloud storage service provider manages multiple users and their resources. When users access other user resources across borders, they need to adopt certain access control policies to control access to data and services.
  • the cloud storage service platform adopts the virtualized storage technology, the cloud storage service is loosely coupled with the underlying hardware environment, and the data of different users lacks a fixed security boundary, thereby increasing the cloud storage. The difficulty of the service platform to implement access control on data.
  • the data owner can set the read/write attribute of the user data uploaded by it, for example, setting the read/write attribute to public read/private write or public read/public write, to a certain extent Data read and write permissions, but because user data is still stored in clear text on the cloud storage service platform, lack of effective privacy protection mechanism, can not effectively resist the access of illegal users and make user data leak.
  • An object of the present invention is to provide an access control system for a cloud storage service platform, which aims to solve the problem that the existing cloud storage service platform stores user data in a clear text form with poor privacy and security.
  • the embodiment of the present invention is implemented as an access control system of a cloud storage service platform,
  • the system includes:
  • the authentication center is configured to generate a global public key, a global master key, and a user public key, and then upload the global public key to the cloud;
  • At least one attribute authority for managing respective attribute sets, and generating an organization public key and an organization key, and then uploading the organization public key to the cloud, and also for utilizing the attribute list submitted by each user Generating, by the global public key, the user public key, and the institution key, a user private key corresponding to the user;
  • a user terminal configured to download the organization public key and the global public key from the cloud, and combine the user private key generated by the attribute authorization mechanism to implement encrypted upload of user data or decryption of shared data. download.
  • Another object of the present invention is to provide an access control method for an access control system of a cloud storage service platform as described above, the method comprising the following steps:
  • the authentication center registers each user terminal and each attribute authorization authority, and generates a global public key, a global master key, and a user public key, and then uploads the global public key to the cloud, and sends the user public key to the corresponding attribute authority.
  • the global master key is saved by the certification center;
  • the attribute authority manages the respective attribute sets, and generates an organization public key and an organization key, and then uploads the institution public key to the cloud, and the institution key is saved by the attribute authorization authority;
  • the corresponding attribute authority After receiving the user private key obtaining request, the corresponding attribute authority generates a user private key corresponding to the user by using the global public key, the user public key, and the institution key according to the attribute list. And sent to the corresponding user terminal;
  • the user terminal implements encrypted uploading of user data or decryption downloading of shared data according to the organization public key, the global public key, and the user private key.
  • the access control system and the access control method of the cloud storage service platform proposed by the embodiment of the present invention are based on a weight attribute encryption mechanism, and adopt multi-institution attribute-based encryption technology to add user data to be uploaded.
  • the security is stored on the cloud storage service platform, thereby realizing effective privacy protection for the shared data on the cloud storage service platform and improving the security of the cloud storage service.
  • the attributes of the user are combined with the weights, the hierarchical management of the user attributes is realized, so that users of different levels of the same attribute have different access rights, thereby achieving more flexible and detailed access control while ensuring security. .
  • system and method adopt multi-institution attribute-based encryption technology, which avoids the problem that the power of a single authentication center is too concentrated, and further improves the security of data storage.
  • the system and method are particularly suitable for deployment on the OSS platform, which can ensure the confidentiality of data stored by the user on the OSS platform, and implement fine-grained access control for the data sharing range.
  • FIG. 1 is a structural diagram of an access control system of a cloud storage service platform provided by the present invention
  • FIG. 2 is a flowchart of an access control method of an access control system of a cloud storage service platform provided by the present invention.
  • the access control system and the access control method of the cloud storage service platform proposed by the present invention are based on a weight attribute encryption mechanism, and use multi-institution attribute-based encryption technology to encrypt and store user data to be uploaded. Go to the cloud storage service platform.
  • FIG. 1 is a diagram showing the structure of an access control system of a cloud storage service platform provided by the present invention. For the convenience of description, only parts related to the present invention are shown.
  • the access control system of the cloud storage service platform includes: an authentication center 1 for generating a global public key, a global master key, and a user public key, and then uploading the global public key to the cloud, the global master key Saved by the Certification Authority 1 itself; at least one attribute authority 2 for managing each Attribute collection, and generate the organization public key and organization key, and then upload the organization public key to the cloud, the organization key is saved by the attribute authority 2, and is also used to use the global public key according to the attribute list submitted by each user.
  • the user public key and the organization key generate a user private key corresponding to the user;
  • the user terminal 3 is configured to download the organization public key and the global public key from the cloud, and combine the corresponding user private key generated by the attribute authority 2 to implement the user data. Encrypted upload or decrypted download of shared data.
  • the user terminal 3 can be further divided into a data owner and a shared user.
  • the data owner is the owner of the data file, can create, update, delete data, and at the same time want to encrypt the user data and upload it to the cloud to achieve data sharing;
  • the shared user is the party who wants to download the shared data from the cloud.
  • the purpose of defining the data owner and the shared user is to distinguish that the function of the user terminal 3 during a certain running process of the system is to upload data or download data, so that the data owner in a certain running process of the system may be another time.
  • the shared user in the running process similarly, the shared user in a certain running process of the system may be the data owner in another running process.
  • both the authentication center 1 and the attribute authorization authority 2 belong to an authorization authority, and the authorization authority refers to another party that interacts with the cloud in addition to the user terminal 3, and mainly completes distribution of the end user private key, user registration, information and The management of the end user's private key is also responsible for the dynamic management of the user's attribute information, for example, dynamic update, addition or deletion of the user or its attributes.
  • a cloud is a cloud service provider or a data sharing center, which is always online and provides a user data storage service.
  • the cloud is an Open Storage Service (OSS) platform provided by Facebook Cloud Computing Co., Ltd.
  • OSS Open Storage Service
  • the cloud and the user terminal 3 the attribute authority 2, and the authentication center 1 are limited by Facebook Cloud Computing.
  • the development interface of the OSS platform provided by the company communicates with aliyun-sdk-oss-2.0.0.jar.
  • the authentication center 1 is also used to accept registration of each user terminal 3 and each attribute authority 2, and the user terminal 3 and the attribute authority 2 log in to the system based on the login information obtained by registration.
  • the working principle of the access control system of the cloud storage service platform of the present invention is:
  • the authentication center 1 registers each user terminal 3 and each attribute authority 2, and generates a global public key, a global master key, and a user public key, and then uploads the global public key to the cloud, and sends the user public key to the corresponding Attribute Authorization Agency 2.
  • each attribute authority 2 manages the respective attribute sets, that is, sets the attribute values and their weight values in the respective managed attribute sets, and generates the institution public key and the institution key, and then uploads the organization public key to the cloud.
  • the attribute set may be, for example, a student department, a student category, a grade, a professional, and the like in the campus network, and the teacher has a collection of attributes such as a department, a title, and a teaching age.
  • the user terminal 3 logs in to the system according to the login information obtained by the registration, and then downloads the organization public key and the global public key from the cloud, and issues a user private key acquisition request and an attribute list to the corresponding attribute authority 2.
  • the corresponding attribute authority 2 After receiving the user private key acquisition request, the corresponding attribute authority 2 generates a user private key corresponding to the user by using the global public key, the user public key, and the organization key according to the attribute list, and sends the file to the corresponding file by FTP.
  • User terminal 3. After obtaining the organization public key, the global public key, and the user private key, the user terminal 2 can perform an operation of encrypting uploading or decrypting the download according to requirements.
  • the user terminal 2 When the user terminal 2 uploads user data to the cloud as a data owner, the user terminal 2 inputs the input according to the global public key, the set of all attribute authorization mechanisms 2 participating in the encryption, the corresponding set of the organization public key, and the access control policy.
  • the plaintext is encrypted, and the encrypted ciphertext is uploaded to the cloud for other users to download.
  • the user terminal 2 When the user terminal 2 shares the data stored in the cloud as the shared user, the user terminal 2 downloads the shared data from the cloud, and then decrypts the downloaded shared data according to the global public key and the user private key, if the attribute of the user terminal 2 is not Undoing and conforming to the access control policy established by the data owner can successfully decrypt the shared data.
  • FIG. 2 is a flowchart of an access control method of an access control system of a cloud storage service platform provided by the present invention, including the following steps:
  • the authentication center registers each user terminal and each attribute authorization authority, and generates a global public key, a global master key, and a user public key, and then uploads the global public key to the cloud, and sends the user public key to the corresponding attribute authority.
  • the global master key is saved by the certificate authority.
  • the global master key is the master of the entire system. Key
  • step S1 may further include:
  • Step S11 The authentication center selects a multiplicative group whose order is prime p with g is a multiplicative group Generator, defining a bilinear map Select random number For the integer group ⁇ 0,...,p-1 ⁇ , select a hash function at the same time
  • Step S12 the certification center according to the formula
  • Step S13 The authentication center receives the registration information sent by each user terminal and each attribute authorization authority. After the verification is passed, each attribute authority is assigned a unique identifier aid, and each user terminal is assigned a unique identifier uid, and then the authentication center is Each user terminal selects a corresponding random number According to the formula The corresponding user public key PK uid is calculated, and the user public key PK uid is sent to the corresponding attribute authority, and the global public key GPK is uploaded to the cloud.
  • the attribute authority manages the respective attribute sets, and generates the organization public key and the organization key, and then uploads the organization public key to the cloud, and the organization key is saved by the attribute authorization authority.
  • step S2 may further include:
  • Step S21 The attribute authority AA aid manages the attribute set S aid and assigns a weight to the weight attribute in the attribute set S aid .
  • Step S22 The attribute authority AA aid selects a random number According to the formula Calculate the organization key SK aid and according to the formula Calculate the organization public key PK aid , and then upload the organization public key PK aid to the cloud.
  • the attribute list is a set of attributes.
  • the attribute set may be a student faculty, a student category, a grade, a professional, and the like in the campus network, and the teacher has a set of attributes such as a department, a title, and a teaching age.
  • the corresponding attribute authority after receiving the user private key acquisition request, the corresponding attribute authority receives the attribute list,
  • the user private key corresponding to the user is generated by using the global public key, the user public key, and the organization key, and sent to the corresponding user terminal.
  • step S4 It can also include:
  • Step S41 The attribute authority AA aid selects a random number And select a random number for any attribute x ⁇ S uid, aid If the attribute x is a weight attribute, the attribute authority AA aid sets the weight w x ⁇ [1,n] corresponding to the attribute x.
  • Step S42 The attribute authority AA aid is expressed according to the calculated user private key SK uid, aid , as:
  • K uid, aid , K' uid, aid , K x, uid , and K' x, uid are all the multiplicative groups
  • the upper element, r x is the integer group Random number on.
  • Step S43 The attribute authority AA aid sends the user private key SK uid, aid to the user terminal uid.
  • S5 The user terminal implements encrypted uploading of user data or decryption and downloading of shared data according to the organization public key, the global public key, and the user private key.
  • the step S5 is to perform the step of encrypting and uploading the user data, which may specifically include:
  • Step S51 input plaintext M (ie, user data to be uploaded by the data owner), global public key GPK, set I AA of all attribute authorization institutions participating in encryption, and a set of corresponding public keys of the institution And access control strategies.
  • the leaf node corresponds to the weight of the attribute
  • the root node corresponds to the threshold
  • the threshold of the node x in the tree structure of the access control policy is k x
  • select the polynomial q x for each node, and the degree of the polynomial d x k x -1.
  • This polynomial selection is in a top-down manner, and the access control strategy is constructed by selecting a random number from the root node.
  • Set q r (0) s.
  • Step S52 The user terminal utilizes the global public key GPK, the set of all attribute authorization mechanisms participating in the encryption, I AA , and the corresponding set of institutional public keys. And the access control policy, encrypting the ciphertext M, calculating the ciphertext CT, and then uploading the ciphertext CT to the cloud.
  • GPK global public key
  • I AA the set of all attribute authorization mechanisms participating in the encryption
  • I AA the set of institutional public keys.
  • the access control policy encrypting the ciphertext M, calculating the ciphertext CT, and then uploading the ciphertext CT to the cloud.
  • Y is defined as the set of leaf nodes of the access control policy
  • the attribute of the leaf node y ⁇ Y is defined as att(y)
  • the weight of the weight attribute att(y)(y ⁇ Y) is w y
  • the ciphertext is M performs encryption
  • the step of calculating the ciphertext CT can be expressed as:
  • C is the calculation of the message
  • I A is the attribute set of the attribute authority A
  • C' and C" are the calculations of the root node
  • C y and C' y are the calculations of the corresponding attribute values
  • C y,j For the calculation of the attribute corresponding weight
  • q y (0) is the attribute value corresponding to the attribute y
  • w j is the weight value of the attribute.
  • the step S5 is to perform the step of decrypting and downloading the shared data, which may include:
  • Step S53 The user terminal downloads the ciphertext CT (that is, the shared data that the shared user wants to read) from the cloud, and inputs the global public key GPK and the corresponding user key.
  • Access control policy ⁇ , and a node x in the access control policy ⁇ , and define n A
  • Step S54 The user terminal invokes a predefined recursive function DecryptNode (CT, SK, x), if the attribute set of the user terminal After satisfying the access control policy, the decryption information A is calculated as:
  • q x (0) is the attribute value corresponding to the attribute x.
  • DecryptNode(CT, SK, x) the recursive function DecryptNode(CT, SK, x) is defined as follows:
  • C x and C' x are from ciphertext
  • K i, uid and K' i, and uid is derived from the user key r i being a random number identifying the user i.
  • C x, j comes from the information in the ciphertext.
  • Step S55 Obtained by the polynomial interpolation theorem After calculation And combined with the following formula to obtain
  • Step S56 The user terminal calculates the plaintext M, which is expressed as:
  • the user needs to register with the authentication center, and the authentication center assigns a global unique identifier uid to each user, and generates a random number u uid , which is calculated.
  • the authentication center assigns a global unique identifier uid to each user, and generates a random number u uid , which is calculated.
  • the user's public key As the user's public key.
  • Each user uid to request attributes key before AA aid requires authentication authority attribute its legitimacy, users submit a certificate, AA aid validity of the user certificate, if they issue the relevant legal property keys.
  • K x, aid and K' x, aid are both embedded with the random number u uid and the random number r x .
  • different users in the decryption algorithm cannot collude to recover messages, and have good anti-collusion attack security.
  • the decryption algorithm if the user wants to decrypt the ciphertext, the attribute key SK uid, aid from each AA aid is required. If the authentication center is attacked by the attacker, it only leaks the system's global master key, and only the global master key cannot decrypt any ciphertext. Similarly, if the attribute authority is attacked by the attacker, the attacker can only obtain the attribute key managed by the attribute organization, and cannot decrypt the attribute privilege of multiple attribute authorization agencies. The system can resist n A -1 attribute authorization. Institutional complicity. Therefore, compared with the weight attribute-based access control scheme of a single authority, the scheme does not require the certification center to be completely trusted, and the risk of the single authorization center is distributed to multiple attribute authorization agencies to share the security of the system.
  • Table 1 shows a comparative analysis of the encryption mechanism and access structure flexibility between the solution of the present invention and other existing typical attribute-based encryption schemes:
  • the M.Chase and M.Chase and Chow schemes do not support complex ciphertext rules and are not suitable for cloud storage environments.
  • the K.Yang solution and the solution of the present invention are based on CP-ABE, at the cost of increasing the complexity of a certain system, in exchange for supporting a more flexible access control strategy, and at the same time, the security is enhanced, and the N-1 attribute authority can be resisted. Collusion.
  • the solution of the present invention supports attribute weights, and can formulate more complicated ciphertext rules; the authority key is shortened by a certain length, and if the attributes in the policy do not contain weights, the ciphertext length is shortened by nearly half. When the four-level weight is supported, the ciphertext length is equivalent; the decryption phase only requires two bilinear pairing operations, and the efficiency is doubled.
  • the access control system and the access control method of the cloud storage service platform proposed by the present invention are based on a weight attribute encryption mechanism, and the user data to be uploaded is encrypted and stored in the cloud storage service by using a multi-institution attribute-based encryption technology.
  • effective privacy protection can be realized for the shared data on the cloud storage service platform, and the security of the cloud storage service is improved.
  • the attributes of the user are combined with the weights, the hierarchical management of the user attributes is implemented, so that users of different levels of the same attribute have different access rights, and the attributes are used to describe the information elements of the user, such as students in the campus network.
  • the teacher has attributes such as department, title, and teaching age, thus achieving more flexible and meticulous access control while ensuring safety.
  • the system and method adopt multi-institution attribute-based encryption technology, which avoids the problem that the power of a single authentication center is too concentrated, and further improves the security of data storage.
  • the system and method are particularly suitable for deployment on the OSS platform, and are implemented in the Java language under the Windows platform, and have universality, and can download, upload, encrypt and decrypt the cloud files of the OSS platform, and can effectively ensure the user is stored in the OSS platform.
  • the confidentiality of the data while implementing fine-grained access control for the data sharing scope.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention se rapporte au domaine de la sécurité des informations dans les services en nuage. L'invention concerne un système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage. Le système et le procédé sont basés sur une méthode de chiffrement d'attributs pondérés, et adoptent un chiffrement par attributs à autorités multiples pour chiffrer des données et stocker les données chiffrées dans une plate-forme de service de stockage en nuage de façon à accroître la sécurité d'un service de stockage en nuage. L'invention combine un attribut avec un poids pour réaliser une gestion de classement d'un attribut d'utilisateur, de telle sorte que des utilisateurs possédant un même attribut mais des classements différents disposent d'autorités d'accès différentes, réalisant ainsi un contrôle d'accès plus souple et plus précis. En outre, le système et le procédé adoptent un chiffrement par attributs à autorités multiples pour empêcher un unique centre d'authentification de disposer d'une autorité excessivement centralisée, accroissant ainsi la sécurité du service de stockage en nuage. Le système et le procédé sont particulièrement aptes à être déployés dans une plate-forme d'OSS, assurant ainsi la confidentialité de données stockées dans celle-ci par un utilisateur, et mettant en œuvre un contrôle d'accès plus précis sur le partage de données.
PCT/CN2016/081388 2015-06-12 2016-05-09 Système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage WO2016197770A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510326044.8A CN104917772B (zh) 2015-06-12 2015-06-12 一种云存储服务平台的访问控制系统的访问控制方法
CN201510326044.8 2015-06-12

Publications (1)

Publication Number Publication Date
WO2016197770A1 true WO2016197770A1 (fr) 2016-12-15

Family

ID=54086478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/081388 WO2016197770A1 (fr) 2015-06-12 2016-05-09 Système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage

Country Status (2)

Country Link
CN (1) CN104917772B (fr)
WO (1) WO2016197770A1 (fr)

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110719176A (zh) * 2019-10-22 2020-01-21 黑龙江工业学院 基于区块链的物流隐私保护方法、系统和可读存储介质
CN111310245A (zh) * 2020-03-05 2020-06-19 之江实验室 一种面向拟态防御系统的数据加密存储方法
CN111619475A (zh) * 2019-02-28 2020-09-04 上海新微技术研发中心有限公司 一种用于汽车can总线安全访问的方法
CN111786786A (zh) * 2020-07-27 2020-10-16 国网河南省电力公司郑州供电公司 云计算环境下支持等式判定的代理重加密方法及系统
CN111953483A (zh) * 2020-07-29 2020-11-17 哈尔滨工程大学 一种基于准则的多授权机构访问控制方法
CN112035853A (zh) * 2020-08-13 2020-12-04 潘显富 一种基于企业云盘的存储数据访问控制系统
CN112104619A (zh) * 2020-08-27 2020-12-18 西南大学 基于外包密文属性加密的数据访问控制系统和方法
CN112118101A (zh) * 2020-09-23 2020-12-22 山东建筑大学 一种后量子安全动态数据分享方法
CN112257112A (zh) * 2020-11-16 2021-01-22 国网河南省电力公司信息通信公司 一种基于区块链的数据访问控制方法
CN112383391A (zh) * 2020-11-12 2021-02-19 北京安御道合科技有限公司 基于数据属性授权的数据安全保护方法、存储介质及终端
CN112380553A (zh) * 2020-11-25 2021-02-19 华南理工大学 基于属性访问控制结构的多密钥可搜索加密方法及系统
CN112784230A (zh) * 2021-01-21 2021-05-11 北京启明星辰信息安全技术有限公司 网络安全数据共享与管控方法及系统
CN112926066A (zh) * 2021-02-23 2021-06-08 华能(浙江)能源开发有限公司玉环分公司 一种用于访问控制的代理重加密方法
CN113098849A (zh) * 2021-03-23 2021-07-09 鹏城实验室 基于属性及身份加密的访问控制方法、终端及存储介质
CN113489732A (zh) * 2021-07-13 2021-10-08 郑州轻工业大学 一种抵御串谋攻击的内容共享隐私保护方法
CN113708917A (zh) * 2021-08-18 2021-11-26 上海应用技术大学 基于属性加密的app用户数据访问控制系统及方法
CN114065265A (zh) * 2021-11-29 2022-02-18 重庆邮电大学 基于区块链技术的细粒度云存储访问控制方法、系统及设备
CN114143094A (zh) * 2021-12-02 2022-03-04 兰州理工大学 基于区块链的多授权属性基可验证加密方法
CN114172696A (zh) * 2021-11-23 2022-03-11 国网江西省电力有限公司电力科学研究院 一种电力物联网中云边端协同双重认证的终端认证方法
CN114567500A (zh) * 2022-03-04 2022-05-31 南京联成科技发展股份有限公司 一种集中管控中心传输数据的加密方法
CN114598535A (zh) * 2022-03-14 2022-06-07 太原科技大学 基于云计算多授权中心的cp-abe代理重加密方法
CN114978578A (zh) * 2022-04-06 2022-08-30 中债金科信息技术有限公司 基于属性密钥派生的数据越权访问控制方法及装置
CN115174580A (zh) * 2022-09-05 2022-10-11 睿至科技集团有限公司 一种基于大数据的数据处理方法及系统
CN115250205A (zh) * 2022-09-22 2022-10-28 湖北省楚天云有限公司 基于联盟链的数据共享方法、系统、电子设备及存储介质
CN115695035A (zh) * 2022-11-10 2023-02-03 山东云科汉威软件有限公司 基于云存储的油气田业务数据授权方法、装置、电子设备及可读介质
CN116405929A (zh) * 2023-06-09 2023-07-07 贵州联广科技股份有限公司 适用于集群通讯的安全访问处理方法及系统
CN117278216A (zh) * 2023-11-23 2023-12-22 三亚学院 一种基于云计算虚拟化与网络存储文件的加密系统
CN112926066B (zh) * 2021-02-23 2024-06-07 华能(浙江)能源开发有限公司玉环分公司 一种用于访问控制的代理重加密方法

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917772B (zh) * 2015-06-12 2017-12-08 深圳大学 一种云存储服务平台的访问控制系统的访问控制方法
CN105812388B (zh) * 2016-05-13 2018-12-07 中国农业银行股份有限公司 一种用户证书和私钥的管理方法和系统
CN106055931B (zh) * 2016-05-18 2017-06-16 北京芯盾时代科技有限公司 移动终端软件安全元器件系统及用于该系统的密钥系统
CN106612321B (zh) * 2016-07-05 2019-12-17 趣增信息科技(上海)有限公司 云存储中一种访问权限管理方法
CN106059763B (zh) * 2016-07-29 2019-05-03 南京邮电大学 云环境下属性基多机构层次化密文策略权重加密方法
CN106487792A (zh) * 2016-10-19 2017-03-08 云南电网有限责任公司电力科学研究院 一种电力营销云存储加密方法及系统
CN108540444A (zh) * 2018-02-24 2018-09-14 中山大学 一种信息传输储存方法及装置
CN109121269B (zh) * 2018-09-13 2020-02-21 江苏科技大学 一种港口智能照明管理系统及其访问控制方法
CN111163036B (zh) * 2018-11-07 2022-03-29 中移(苏州)软件技术有限公司 一种数据共享方法、装置、客户端、存储介质及系统
CN109743292A (zh) * 2018-12-12 2019-05-10 杭州安恒信息技术股份有限公司 一种共享数据分级保护的方法和系统
CN111953482B (zh) * 2020-07-29 2022-06-17 哈尔滨工程大学 一种面向云存储的多机构加权准则加密方法
CN115712660B (zh) * 2022-01-29 2023-05-30 杭州宇信数字科技有限公司 数据存储方法、装置、服务器及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101807991A (zh) * 2009-02-18 2010-08-18 上海交通大学 密文政策属性基加密系统和方法
CN103618729A (zh) * 2013-09-03 2014-03-05 南京邮电大学 一种应用于云存储的多机构层次化属性基加密方法
US20140289513A1 (en) * 2013-03-15 2014-09-25 Arizona Board Of Regents On Behalf Of Arizona State University Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds
CN104917772A (zh) * 2015-06-12 2015-09-16 深圳大学 一种云存储服务平台的访问控制系统及其访问控制方法

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468615B (zh) * 2014-12-25 2018-03-20 西安电子科技大学 基于数据共享的文件访问和修改权限控制方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101807991A (zh) * 2009-02-18 2010-08-18 上海交通大学 密文政策属性基加密系统和方法
US20140289513A1 (en) * 2013-03-15 2014-09-25 Arizona Board Of Regents On Behalf Of Arizona State University Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds
CN103618729A (zh) * 2013-09-03 2014-03-05 南京邮电大学 一种应用于云存储的多机构层次化属性基加密方法
CN104917772A (zh) * 2015-06-12 2015-09-16 深圳大学 一种云存储服务平台的访问控制系统及其访问控制方法

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
LIU, XIMENG ET AL.: "Ciphertext-policy Weighted Attribute-based Encryption Scheme in Cloud Computing", JOURNAL OF SICHUAN UNIVERSITY (ENGINEERING SCIENCE EDITION, vol. 45, no. 6, 30 November 2013 (2013-11-30), pages 21 - 26 *
MA, DANDAN ET AL.: "Ciphertext Policy Encryption Mechanism Based on Multi-attribute Authority", COMPUTER ENGINEERING, vol. 38, no. 10, 31 May 2012 (2012-05-31), pages 114 - 116 *
WANG, YUN ET AL.: "Multi-authority Based Weighted Attribute Encryption Scheme in Cloud Computing", 10TH INTERNATIONAL CONFERENCE ON NATURAL COMPUTATION, 31 December 2014 (2014-12-31), pages 1033 - 1038, XP032697520 *

Cited By (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111619475A (zh) * 2019-02-28 2020-09-04 上海新微技术研发中心有限公司 一种用于汽车can总线安全访问的方法
CN110719176A (zh) * 2019-10-22 2020-01-21 黑龙江工业学院 基于区块链的物流隐私保护方法、系统和可读存储介质
CN111310245A (zh) * 2020-03-05 2020-06-19 之江实验室 一种面向拟态防御系统的数据加密存储方法
CN111310245B (zh) * 2020-03-05 2022-07-15 之江实验室 一种面向拟态防御系统的数据加密存储方法
CN111786786A (zh) * 2020-07-27 2020-10-16 国网河南省电力公司郑州供电公司 云计算环境下支持等式判定的代理重加密方法及系统
CN111953483A (zh) * 2020-07-29 2020-11-17 哈尔滨工程大学 一种基于准则的多授权机构访问控制方法
CN111953483B (zh) * 2020-07-29 2022-07-15 哈尔滨工程大学 一种基于准则的多授权机构访问控制方法
CN112035853A (zh) * 2020-08-13 2020-12-04 潘显富 一种基于企业云盘的存储数据访问控制系统
CN112104619A (zh) * 2020-08-27 2020-12-18 西南大学 基于外包密文属性加密的数据访问控制系统和方法
CN112118101B (zh) * 2020-09-23 2023-07-28 山东建筑大学 一种后量子安全动态数据分享方法
CN112118101A (zh) * 2020-09-23 2020-12-22 山东建筑大学 一种后量子安全动态数据分享方法
CN112383391A (zh) * 2020-11-12 2021-02-19 北京安御道合科技有限公司 基于数据属性授权的数据安全保护方法、存储介质及终端
CN112383391B (zh) * 2020-11-12 2024-03-19 北京安御道合科技有限公司 基于数据属性授权的数据安全保护方法、存储介质及终端
CN112257112A (zh) * 2020-11-16 2021-01-22 国网河南省电力公司信息通信公司 一种基于区块链的数据访问控制方法
CN112257112B (zh) * 2020-11-16 2022-10-14 国网河南省电力公司信息通信公司 一种基于区块链的数据访问控制方法
CN112380553A (zh) * 2020-11-25 2021-02-19 华南理工大学 基于属性访问控制结构的多密钥可搜索加密方法及系统
CN112784230B (zh) * 2021-01-21 2024-02-09 北京启明星辰信息安全技术有限公司 网络安全数据共享与管控方法及系统
CN112784230A (zh) * 2021-01-21 2021-05-11 北京启明星辰信息安全技术有限公司 网络安全数据共享与管控方法及系统
CN112926066A (zh) * 2021-02-23 2021-06-08 华能(浙江)能源开发有限公司玉环分公司 一种用于访问控制的代理重加密方法
CN112926066B (zh) * 2021-02-23 2024-06-07 华能(浙江)能源开发有限公司玉环分公司 一种用于访问控制的代理重加密方法
CN113098849A (zh) * 2021-03-23 2021-07-09 鹏城实验室 基于属性及身份加密的访问控制方法、终端及存储介质
CN113489732A (zh) * 2021-07-13 2021-10-08 郑州轻工业大学 一种抵御串谋攻击的内容共享隐私保护方法
CN113708917A (zh) * 2021-08-18 2021-11-26 上海应用技术大学 基于属性加密的app用户数据访问控制系统及方法
CN113708917B (zh) * 2021-08-18 2022-12-09 上海应用技术大学 基于属性加密的app用户数据访问控制系统及方法
CN114172696A (zh) * 2021-11-23 2022-03-11 国网江西省电力有限公司电力科学研究院 一种电力物联网中云边端协同双重认证的终端认证方法
CN114172696B (zh) * 2021-11-23 2023-09-12 国网江西省电力有限公司电力科学研究院 一种电力物联网中云边端协同双重认证的终端认证方法
CN114065265B (zh) * 2021-11-29 2024-04-16 重庆邮电大学 基于区块链技术的细粒度云存储访问控制方法、系统及设备
CN114065265A (zh) * 2021-11-29 2022-02-18 重庆邮电大学 基于区块链技术的细粒度云存储访问控制方法、系统及设备
CN114143094A (zh) * 2021-12-02 2022-03-04 兰州理工大学 基于区块链的多授权属性基可验证加密方法
CN114567500A (zh) * 2022-03-04 2022-05-31 南京联成科技发展股份有限公司 一种集中管控中心传输数据的加密方法
CN114598535B (zh) * 2022-03-14 2023-12-15 太原科技大学 基于云计算多授权中心的cp-abe代理重加密方法
CN114598535A (zh) * 2022-03-14 2022-06-07 太原科技大学 基于云计算多授权中心的cp-abe代理重加密方法
CN114978578B (zh) * 2022-04-06 2023-09-19 中债金科信息技术有限公司 基于属性密钥派生的数据越权访问控制方法及装置
CN114978578A (zh) * 2022-04-06 2022-08-30 中债金科信息技术有限公司 基于属性密钥派生的数据越权访问控制方法及装置
CN115174580A (zh) * 2022-09-05 2022-10-11 睿至科技集团有限公司 一种基于大数据的数据处理方法及系统
CN115250205A (zh) * 2022-09-22 2022-10-28 湖北省楚天云有限公司 基于联盟链的数据共享方法、系统、电子设备及存储介质
CN115695035A (zh) * 2022-11-10 2023-02-03 山东云科汉威软件有限公司 基于云存储的油气田业务数据授权方法、装置、电子设备及可读介质
CN115695035B (zh) * 2022-11-10 2024-04-19 山东云科汉威软件有限公司 基于云存储的油气田业务数据授权方法、装置、电子设备及可读介质
CN116405929B (zh) * 2023-06-09 2023-08-15 贵州联广科技股份有限公司 适用于集群通讯的安全访问处理方法及系统
CN116405929A (zh) * 2023-06-09 2023-07-07 贵州联广科技股份有限公司 适用于集群通讯的安全访问处理方法及系统
CN117278216A (zh) * 2023-11-23 2023-12-22 三亚学院 一种基于云计算虚拟化与网络存储文件的加密系统
CN117278216B (zh) * 2023-11-23 2024-02-13 三亚学院 一种基于云计算虚拟化与网络存储文件的加密系统

Also Published As

Publication number Publication date
CN104917772B (zh) 2017-12-08
CN104917772A (zh) 2015-09-16

Similar Documents

Publication Publication Date Title
WO2016197770A1 (fr) Système de contrôle d'accès et son procédé de contrôle d'accès pour une plate-forme de service de stockage en nuage
Fu et al. NPP: A new privacy-aware public auditing scheme for cloud data sharing with group users
WO2016197680A1 (fr) Système de contrôle d'accès pour une plateforme de service de stockage en nuage et procédé de contrôle d'accès associé
Zhu et al. A secure anti-collusion data sharing scheme for dynamic groups in the cloud
Zuo et al. Fine-grained two-factor protection mechanism for data sharing in cloud storage
WO2018045568A1 (fr) Procédé de contrôle d'accès orienté vers une plateforme de service de stockage en nuage et système associé
US9646168B2 (en) Data access control method in cloud
CN108600171B (zh) 一种支持细粒度访问的云数据确定性删除方法
Pu et al. R²PEDS: a recoverable and revocable privacy-preserving edge data sharing scheme
Li et al. Two-factor data access control with efficient revocation for multi-authority cloud storage systems
Premkamal et al. Enhanced attribute based access control with secure deduplication for big data storage in cloud
CN107465681B (zh) 云计算大数据隐私保护方法
CN107332858B (zh) 云数据存储方法
Guo et al. Accountable attribute-based data-sharing scheme based on blockchain for vehicular ad hoc network
Chaudhary et al. RMA-CPABE: A multi-authority CPABE scheme with reduced ciphertext size for IoT devices
Zhang et al. Efficient hierarchical and time-sensitive data sharing with user revocation in mobile crowdsensing
CN107395609B (zh) 数据加密方法
Wang et al. A role-based access control system using attribute-based encryption
Wang et al. Revocable, dynamic and decentralized data access control in cloud storage
CN106790100B (zh) 一种基于非对称密码算法的数据存储和访问控制方法
Yang et al. Public auditing scheme for cloud data with user revocation and data dynamics
CN114124392A (zh) 支持访问控制的数据可控流通方法、系统、设备和介质
Wang et al. Public key based searchable encryption with fine-grained sender permission control
Reddy et al. Access control and data security in online document verification system
Patil et al. Survey Paper On Modoc: Multi Owner Data Sharing Over Cloud

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16806668

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30/05/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16806668

Country of ref document: EP

Kind code of ref document: A1