WO2018082008A1 - Traitement de données distribué sécurisé - Google Patents

Traitement de données distribué sécurisé Download PDF

Info

Publication number
WO2018082008A1
WO2018082008A1 PCT/CN2016/104553 CN2016104553W WO2018082008A1 WO 2018082008 A1 WO2018082008 A1 WO 2018082008A1 CN 2016104553 W CN2016104553 W CN 2016104553W WO 2018082008 A1 WO2018082008 A1 WO 2018082008A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
data
underlying
access
plaintext
Prior art date
Application number
PCT/CN2016/104553
Other languages
English (en)
Inventor
Wenxiu DING
Zheng Yan
Original Assignee
Nokia Technologies Oy
Nokia Technologies (Beijing) Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy, Nokia Technologies (Beijing) Co., Ltd. filed Critical Nokia Technologies Oy
Priority to EP16920471.6A priority Critical patent/EP3535924A4/fr
Priority to CN201680091521.XA priority patent/CN110089071B/zh
Priority to PCT/CN2016/104553 priority patent/WO2018082008A1/fr
Publication of WO2018082008A1 publication Critical patent/WO2018082008A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Definitions

  • the present invention pertains to the field of secure data processing and/or controlling access to data.
  • Cloud computing services provide off-site opportunities for individuals and corporations.
  • cloud storage service enables off-site storage of data sets in a flexible manner in a data center, reducing the need for users of the cloud service to obtain their own storage hardware, for example for archiving purposes.
  • Data centers may be protected against natural events, such as earthquakes, increasing reliability of data storage therein.
  • a further example of a cloud service is a cloud processing service, wherein a user is given access to processor resources at a computer or computing grid.
  • This may be useful, for example where a user needs access to high-capacity computing intermittently, and obtaining actual high-capacity computing hardware would be wasteful as the hardware would mostly be unused, since the need is only intermittent.
  • so-called “big data” may be collected from internet-of-things, IoT, applications and processed in a cloud service. Such data may be encrypted while communicated to the cloud and/or when stored in the cloud.
  • Cloud services may be used to back up their data, for example during operating system updates of their devices, such as computers, smartphones and laptops.
  • Some smart devices are configured to automatically upload images captured by users to a cloud storage service.
  • cloud services While useful, cloud services present high risk to users. Personal information may accidentally, or purposefully, be stored on a cloud storage service. Such personal information may become vulnerable to theft, unauthorised modification or eavesdropping either during transit to or from the cloud storage service, or while in the cloud storage service.
  • the cloud service provider may be untrusted or only partially trusted.
  • the cloud service may be distributed between several data centers, and customer data may be communicated between such data centers to balance load between the centers. Such communication presents additional risk of eavesdropping.
  • Symmetric encryption for example, requires for each data user to have a copy of the key used to encrypt the data, in order to be able to successfully decrypt it.
  • an apparatus comprising at least one processing core, at least one memory including computer program codes, the at least one memory and the computer program codes being configured to, with the at least one processing core, cause the apparatus at least to receive, from at least one data provider, at least one ciphertext, the at least one ciphertext comprising a first ciphertext, perform a mathematical manipulation of the first ciphertext to modify the first ciphertext without decrypting the first ciphertext, the mathematical manipulation being selected in the apparatus in dependence of a mathematical operation to be performed on plaintext underlying the first ciphertext, obtain a second ciphertext from the modified first ciphertext by performing a cryptographic operation, wherein at least one number is randomly generated and used in masking plaintext underlying the second ciphertext, and provide the second ciphertext to an access control node.
  • Various embodiments of the first aspect comprise at least one feature from the following bulleted list:
  • the apparatus is further configured to receive, from the access control node, a third ciphertext, the third ciphertext being derived from the second ciphertext, and to perform a second mathematical manipulation, on the third ciphertext, to reverse the masking and to obtain a fourth ciphertext
  • the apparatus is further configured to provide the fourth ciphertext to a data requesting party
  • the apparatus is configured to, by performing the mathematical manipulation and the second mathematical manipulation, modify plaintext underlying the first ciphertext to thereby perform the mathematical operation selected from the following list: an addition operation, a subtraction operation, a multiplication operation, a sign acquisition operation, a comparison operation, an equivalence test operation and a variance operation on the plaintext underlying the first ciphertext
  • the apparatus is configured to store a public key-private key pair of a public key cryptosystem, and to employ the public key of the apparatus in the cryptographic operation
  • the apparatus is configured to provide the fourth ciphertext to the data requesting party using a secured connection
  • the apparatus is configured to perform mathematical manipulations on more than one of the at least one ciphertext
  • the apparatus is configured to operate in a cloud service data center.
  • an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to receive, from a data service provider, a first ciphertext, partially decrypt the first ciphertext to obtain a second ciphertext, using a secret key of the apparatus from a public key-secret key pair of the apparatus, generate a variable, encrypt the second ciphertext using the variable as key and provide the encrypted second ciphertext to the data service provider, encrypt the variable using an attribute-based encryption mechanism, and process a request received from a data requesting party for access to information underlying the first ciphertext and the second ciphertext.
  • Various embodiments of the second aspect comprise at least one feature from the following bulleted list:
  • the apparatus is, responsive to a decision to grant access to the data requesting party, configured to instruct the data service provider to provide the data requesting party with the requested data in encrypted form
  • the apparatus is configured to process a plurality of requests for access to the information underlying the first ciphertext and the second ciphertext, the plurality of requests being received in the apparatus from a plurality of data requesting parties, and to simultaneously perform access control concerning the information underlying the first ciphertext and the second ciphertext relating to the plurality of data requesting parties
  • the apparatus is configured to perform the simultaneous access control based on attribute-based access policies
  • the apparatus is further configured to, responsive to the decision to grant access to the data requesting party, configured to provide the data requesting party a decryption key enabling the data requesting party to decrypt the variable
  • the apparatus is not configured to directly provide the data requesting party with an encrypted version of the variable
  • the apparatus is configured to act as an access controlling server in a distributed data processing system.
  • a method comprising receiving, in an apparatus, from at least one data provider, at least one ciphertext, the at least one ciphertext comprising a first ciphertext, performing a mathematical manipulation of the first ciphertext to modify the first ciphertext without decrypting the first ciphertext, the mathematical manipulation being selected in the apparatus in dependence of a mathematical operation to be performed on plaintext underlying the first ciphertext, obtaining a second ciphertext from the modified first ciphertext by performing a cryptographic operation, wherein at least one number is randomly generated and used in masking plaintext underlying the second ciphertext, and providing the second ciphertext to an access control node.
  • Various embodiments of the third aspect comprise at least one feature from the preceding bulleted list laid out in connection with the first aspect.
  • a method comprising receiving, in an apparatus from a data service provider, a first ciphertext, partially decrypting the first ciphertext to obtain a second ciphertext, using a secret key of the apparatus from a public key-secret key pair of the apparatus, generating a variable, encrypting the second ciphertext using the variable as a key and providing the encrypted second ciphertext to the data service provider, encrypting the variable using an attribute-based encryption mechanism, and processing a request, received from a data requesting party, for access to information underlying the first ciphertext and second ciphertext.
  • Various embodiments of the fourth aspect comprise at least one feature from the preceding bulleted list laid out in connection with the second aspect.
  • an apparatus comprising means for receiving, in an apparatus, from at least one data provider, at least one ciphertext, the at least one ciphertext comprising a first ciphertext, means for performing a mathematical manipulation of the first ciphertext to modify the first ciphertext without decrypting the first ciphertext, the mathematical manipulation being selected in the apparatus in dependence of a mathematical operation to be performed on plaintext underlying the first ciphertext, means for obtaining a second ciphertext from the modified first ciphertext by performing a cryptographic operation, wherein at least one number is randomly generated and used in masking plaintext underlying the second ciphertext, and means for providing the second ciphertext to an access control node.
  • an apparatus comprising means for receiving, in an apparatus from a data service provider, a first ciphertext, means for partially decrypting the first ciphertext to obtain a second ciphertext, using a secret key of the apparatus from a public key-secret key pair of the apparatus, means for generating a variable, encrypting the second ciphertext using the variable as a key and providing the encrypted second ciphertext to the data service provider, means for encrypting the variable using an attribute-based encryption mechanism, and means for processing a request, received from a data requesting party, for access to information underlying the first ciphertext and second ciphertext.
  • a non-transitory computer readable medium having stored thereon a set of computer readable instructions that, when executed by at least one processor, cause an apparatus to at least receive, in an apparatus, from at least one data provider, at least one ciphertext the at least one ciphertext comprising a first ciphertext, perform a mathematical manipulation of the first ciphertext to modify the first ciphertext without decrypting the first ciphertext, the mathematical manipulation being selected in the apparatus in dependence of a mathematical operation to be performed on plaintext underlying the first ciphertext, obtain a second ciphertext from the modified first ciphertext by performing a cryptographic operation, wherein at least one number is randomly generated and used in masking plaintext underlying the second ciphertext, and provide the second ciphertext to an access control node.
  • a non-transitory computer readable medium having stored thereon a set of computer readable instructions that, when executed by at least one processor, cause an apparatus to at least receive, in an apparatus from a data service provider, a first ciphertext, partially decrypting the first ciphertext to obtain a second ciphertext, using a secret key of the apparatus from a public key-secret key pair of the apparatus, generate a variable, encrypt the second ciphertext using the variable as a key and provide the encrypted second ciphertext to the data service provider, encrypt the variable using an attribute-based encryption mechanism, and process a request, received from a data requesting party for access to information underlying the first ciphertext and second ciphertext.
  • a computer program configured to cause a method in accordance with at least one of the third and fourth aspects to be performed.
  • FIGURE 1 illustrates an example system in accordance with at least some embodiments of the present invention
  • FIGURE 2 illustrates signalling in accordance with at least some embodiments of the present invention
  • FIGURE 3 illustrates an example apparatus capable of supporting at least some embodiments of the present invenuon
  • FIGURE 4 illustrates signalling in accordance with at least some embodiments of the present invention
  • FIGURE 5 is a flow graph of a method in accordance with at least some embodiments of the present invention.
  • FIGURE 6 is a second flow graph of a method in accordance with at least some embodiments of the present invention.
  • At least some embodiments of the present invention enable secured and distributed processing and dissemination of data stored in a server, such as a cloud server, which may comprise a data service provider.
  • a data service provider and access control server may co-operate in performing a computation on encrypted data and providing a result of the computation to a data requesting party that meets at least one criterion of an attribute-based encryption, ABE, scheme.
  • ABE attribute-based encryption
  • FIGURE 1 illustrates an example system in accordance with at least some embodiments of the present invention.
  • the system comprises data service provider 120, which may comprise a cloud data storage data center or cloud data center system, for example.
  • Data service provider 120 may also comprise a cloud processing service provider.
  • a cloud data center system may comprise a plurality of data centers, with load balancing arranged in a suitable manner between individual data centers comprised in the plurality.
  • data service provider 120 may be configured to store data and provide some computation services.
  • Data service provider 120 may be seen as curious-but-honest in a trust model of the present invention, in other words, this entity may be curious about user data but nonetheless follow design of system protocols strictly. Further, since a trust and reputation mechanism may be used with at least some embodiments of the present invention the data service provider 120, as well as other nodes, will in these cases have an incentive to behave dependably.
  • Access control server 130 may comprise a processing-enabled computing entity, such as, for example, a data center, data center system, server, server farm or indeed an individual networked computer such as a desktop or a laptop.
  • access control server 130 may be configured to provide data computation services and/or data access control to users.
  • ACS access control servers
  • the ACS may be seen as a trusted entity in the trust model of the present invention.
  • the system of FIGURE 1 further comprises at least one data provider 110.
  • Data provider, DP, 110 may comprise a data owner, such as, for example, a consumer, corporation or government entity, for example.
  • data provider 110 may generate the data.
  • Data may be provided by an X-ray device or body scanner where data provider 110 is a medical entity, such as a clinic or hospital.
  • Data may be generated in an industrial process or a design tool where data provider 110 is a corporate entity, such as a manufacturer or engineering company.
  • Data may be generated in a radar or flight control facility where data provider 110 is a government entity, such as a military or aviation authority.
  • Data provider 110 may be configured to provide data in encrypted form to data service provider 120.
  • DP 110 may be a user and the data may comprise digital photographs taken with the user’s mobile device.
  • the system of FIGURE 1 further comprises data requester, DR, 140.
  • Data requester 140 may comprise an entity authorised by data provider 110 to access, at least partly, data owned and/or generated by data provider 110. Data requester 140 may need the data of data provider 110 in a processed form. Data requester 140 may be the same entity as data provider 110, or it may be another entity. There may be plural data requesters, not all of which are known beforehand. Data or computation results may be provided to data requesters, also known as data requesting parties, in encrypted format.
  • data provider 110, data service provider 120, access control server 130 and data requester 140 may be seen as roles or functions that may be assumed and performed by different kinds of entities. As indicated above, data provider 110 and data requester 140 may be one and the same. On the other hand, at least in some embodiments data service provider 120 and access control server 130 are not physically the same entity. In detail, data service provider 120 need not be explicitly trusted by data provider 110, while access control server 130 may be trusted by data provider 110.
  • connection 112 enables data provider 110 to transmit ciphertext to data service provider 120.
  • Connection 142 enables communication between data requester 140 and data service provider 120.
  • Connection 123 enables communication between access control server 130 and data service provider 120.
  • connection 143 enables communication between data requester 140 and access control server 130.
  • the connections may be wired or, at least partly, wireless, connections, where applicable.
  • FIGURE 2 illustrates signalling in accordance with at least some embodiments of the present invention.
  • Like numbering denotes like structure as in FIGURE 1. The following notation may be employed:
  • the system may initially call a key generation algorithm to complete setup of the encryption keys.
  • An example key generation algorithm is KeyGen, described below. If multiple ACSs are employed in the system, each ACS may negotiate a Diffie-Hellman key PK with the DSP and publish this key to its customers.
  • the ACS that is responsible for access control may call Setup ABE ( ⁇ , U) to generate the public parameters PK′and master secret key MSK′of the ABE algorithm. Then it may also publish PK′to its service consumers.
  • data provider 110 provides his data to DSP 120, in encrypted format, which is known as ciphertext.
  • DSP 120 responsively stores the ciphertext.
  • DSP 120 may determine a mathematical operation to be performed securely on the encrypted data, without completely decrypting it.
  • DSP 120 may select a mathematical manipulation to be performed on the ciphertext, and perform the selected mathematical manipulation. For example, where the operation to be performed on the encrypted data, that is, on the plaintext, is addition, the mathematical manipulation to be performed on the ciphertext may comprise multiplication, due to additive homomorphism.
  • the mathematical manipulation performed on the ciphertext may have an effect on the plaintext underlying the ciphertext without reversing the encryption, in other words, DSP 120 does not thereby gain access to the plaintext by performing the mathematical manipulation.
  • DP 110 may encrypt their personal data before uploading it to DSP. It may directly recall EncTK to encrypt data m i (Unless otherwise specified,
  • DSP 120 may randomly generate at least one number and use it to mask the plaintext underlying the ciphertext. Randomly generating may comprise randomly and/or pseudo-randomly generating, for example. Masking the plaintext may comprise, for example, performing a second mathematical manipulation of the ciphertext, which does not reverse the encryption, but modifies the underlying plaintext in a way DSP 120 knows. For example, a value in the plaintext may be multiplied by a first number and incremented with a second number, such that even on case the encryption is reversed, the party reversing the encryption will only gain access to the masked plaintext and not the actual plaintext. Terminologically, the masked plaintext may be referred to as ciphertext. DSP 120 may perform a re-encryption operation, for example a proxy re-encryption operation, to enable ACS 130 to reverse the encryption of the ciphertext.
  • DSP 120 may perform a re-encryption operation, for example a proxy re
  • DSP 120 provides the ciphertext, as modified by DSP 120, to ACS 130.
  • ACS 130 may be enabled to reverse the encryption of the ciphertext, to obtain the masked plaintext.
  • ACS 130 may reverse the encryption, for example, using a secret key of a public key-secret key pair of ACS 130.
  • ACS 130 may participate in performing access controlling relating to the data by generating an encryption key ck, encrypting the masked plaintext with the generated encryption key and ciphering the generated encryption key ck using, for example, an attribute-based encryption, ABE, mechanism.
  • ACS 130 may encrypt ck using ABE to get CK′.
  • ACS 130 provides the ciphered masked plaintext or to DSP 120 in phase 132.
  • DSP 120 may responsively remove the masking of the plaintext, without reversing the ciphering, resulting in a ciphertext that is an encrypted version of plaintext, the plaintext being a result of the mathematical operation performed on the original plaintext. This may be signified by the notation or Removing the masking of the ciphered plaintext may comprise performing a mathematical manipulation on the ciphered masked plaintext. Examples of such mathematical manipulations are known from homomorphic encryption schemes.
  • Data requester, DR, 140 may request the result of the mathematical operation from ACS 130 in phase 143.
  • DR 140 may provide its attribute information, enabling ACS 130 to control access to the data using the attribute-based mechanism, which may leverage, for example, a trust value of DR 140.
  • the trust value may take an integer value, for example, and/or be acquired from a reputation server.
  • ACS 130 may provide, in phase 133, to DR 140 the encryption key used in phase 123 by ACS 130 in encrypting the generated encryption key ck.
  • ACS 130 may also signal to DSP 120 to provide the data to DR 140.
  • DSP 120 may responsively provide the ciphertext of the unmasked plaintext to DR 140, for example using a secured connection.
  • DSP 120 may also provide to DR 140 the encrypted version of generated encryption key ck.
  • DR 140 may then use key ck to obtain the unmasked plaintext.
  • the process of FIGURE 2 results in the unmasked plaintext to be made available to DR 140, such that DSP 120 or ACS 130 do not gain access to it in the process. Further, the mathematical operation is performed on the plaintext in the process. Details of possible mathematical operations will be given herein below.
  • FIGURE 3 illustrates an example apparatus capable of supporting at least some embodiments of the present invention.
  • device 300 which may comprise, or be comprised in, for example, a DP 110, DSP 120, ACS 130 and/or DR 140 of FIGURE 1 or FIGURE 2.
  • processor 310 which may comprise, for example, a single-or multi-core processor wherein a single-core processor comprises one processing core and a multi-core processor comprises more than one processing core.
  • Processor 310 may comprise more than one processor.
  • a processing core may comprise, for example, a Cortex-A8 processing core manufactured by ARM Holdings or a Steamroller processing core produced by Advanced Micro Devices Corporation.
  • Processor 310 may comprise at least one Qualcomm Snapdragon and/or Intel Xeon processor.
  • Processor 310 may comprise at least one application-specific integrated circuit, ASIC.
  • Processor 310 may comprise at least one field-programmable gate array, FPGA.
  • Processor 310 may be means for performing method steps in device 300.
  • Processor 310 may be configured, at least in part by computer instructions, to perform actions.
  • Device 300 may comprise memory 320.
  • Memory 320 may comprise random-access memory and/or permanent memory.
  • Memory 320 may comprise at least one RAM chip.
  • Memory 320 may comprise solid-state, magnetic, optical and/or holographic memory, for example.
  • Memory 320 may be at least in part accessible to processor 310.
  • Memory 320 may be at least in part comprised in processor 310.
  • Memory 320 may be means for storing information.
  • Memory 320 may comprise computer instructions that processor 310 is configured to execute. When computer instructions configured to cause processor 310 to perform certain actions are stored in memory 320, and device 300 overall is configured to run under the direction of processor 310 using computer instructions from memory 320, processor 310 and/or its at least one processing core may be considered to be configured to perform said certain actions.
  • Memory 320 may be at least in part comprised in processor 310.
  • Memory 320 may be at least in part external to device 300 but accessible to device 300.
  • Device 300 may comprise a transmitter 330.
  • Device 300 may comprise a receiver 340.
  • Transmitter 330 and receiver 340 may be configured to transmit and receive, respectively, information in accordance with at least one cellular or non-cellular standard.
  • Transmitter 330 may comprise more than one transmitter.
  • Receiver 340 may comprise more than one receiver.
  • Transmitter 330 and/or receiver 340 may be configured to operate in accordance with global system for mobile communication, GSM, wideband code division multiple access, WCDMA, 5G, long term evolution, LTE, IS-95, wireless local area network, WLAN, Ethernet and/or worldwide interoperability for microwave access, WiMAX, standards, for example.
  • Device 300 may comprise a near-field communication, NFC, transceiver 350.
  • NFC transceiver 350 may support at least one NFC technology, such as NFC, Bluetooth, Wibree or similar technologies.
  • Device 300 may comprise user interface, UI, 360.
  • UI 360 may comprise at least one of a display, a keyboard, a touchscreen, a vibrator arranged to signal to a user by causing device 300 to vibrate, a speaker and a microphone.
  • a user may be able to operate device 300 via UI 360, for example to manage or request data.
  • Device 300 may comprise or be arranged to accept a user identity module 370.
  • User identity module 370 may comprise, for example, a subscriber identity module, SIM, card installable in device 300.
  • a user identity module 370 may comprise information identifying a subscription of a user of device 300.
  • a user identity module 370 may comprise cryptographic information usable to verify the identity of a user of device 300 and/or to facilitate encryption of communicated information and billing of the user of device 300 for communication effected via device 300.
  • Processor 310 may be furnished with a transmitter arranged to output information from processor 310, via electrical leads internal to device 300, to other devices comprised in device 300.
  • a transmitter may comprise a serial bus transmitter arranged to, for example, output information via at least one electrical lead to memory 320 for storage therein.
  • the transmitter may comprise a parallel bus transmitter.
  • processor 310 may comprise a receiver arranged to receive information in processor 310, via electrical leads internal to device 300, from other devices comprised in device 300.
  • Such a receiver may comprise a serial bus receiver arranged to, for example, receive information via at least one electrical lead from receiver 340 for processing in processor 310.
  • the receiver may comprise a parallel bus receiver.
  • Device 300 may comprise further devices not illustrated in FIGURE 3.
  • device 300 may comprise at least one digital camera.
  • Some devices 300 may comprise a back-facing camera and a front-facing camera, wherein the back-facing camera may be intended for digital photography and the front- facing camera for video telephony.
  • Device 300 may comprise a fingerprint sensor arranged to authenticate, at least in part, a user of device 300.
  • device 300 lacks at least one device described above.
  • some devices 300 may lack a NFC transceiver 350 and/or user identity module 370.
  • Processor 310, memory 320, transmitter 330, receiver 340, NFC transceiver 350, UI 360 and/or user identity module 370 may be interconnected by electrical leads internal to device 300 in a multitude of different ways.
  • each of the aforementioned devices may be separately connected to a master bus internal to device 300, to allow for the devices to exchange information.
  • this is only one example and depending on the embodiment various ways of interconnecting at least two of the aforementioned devices may be selected without departing from the scope of the present invention.
  • Literature has a number of studies on privacy-preserving data aggregation, mainly in the area of Wireless Sensor Networks (WSNs) and smart metering [5-8, 10-12] .
  • Some previous work [5, 6] on data aggregation assumed a trusted aggregator, and hence cannot protect user privacy from a distrusted or semi-trusted aggregator.
  • Castelluccia et al. proposed a simple and provably secure encryption scheme that allows efficient additive aggregation of encrypted data [5] , in which an aggregator holds the sum of secret shares of all data providers for final decryption. Based on this work, Li et al. employed a novel key management scheme to obtain data sum [6] .
  • Low aggregation error can further be achieved by leveraging a ring-based interleaved grouping technology [11] .
  • Shi et al. [ 7 , 8 ] also studied encrypted data aggregation in the presence of a distrusted aggregator.
  • the aggregator can only obtain the sum of user data but nothing else through decryption with s 0 .
  • Joye and Libert [ 12 ] proposed a practical scheme that can overcome this weakness to accommodate large plaintext spaces.
  • the above schemes have a major drawback that they are not tolerant of user absence or failure. Thus, they are not applicable for data aggregation where the number of data providers is not fixed or the provider is absent sometime
  • SMC Secure Multi-party Computation
  • Privacy-preserving data aggregation and SMC schemes described above do not take, in general, into consideration the scenario where there are multiple requesters that are unpredictable or unspecified before data collection and processing.
  • a requester can be any number of authorized parties, rather than an evaluating server or a designated requester. None of the existing work above solves the problem of distributing the data processing or analyzing results to arbitrary number of unspecified authorized requesters at the same time while preserving the privacy of data providers and protecting the data processing or analyzing results.
  • the existing schemes mentioned above only work for encrypted data aggregation, and do not support other fundamental computing operations.
  • Ayday et al. [10] proposed a privacy-preserving data aggregation scheme based on homomorphic encryption to obtain the sum of a number of collected encrypted data through a two-level decryption in which a decryption key is divided into two parts and shared by a proxy and a medical center. But this scheme cannot support multiparty access to the data processing results.
  • Peter et al. [2] proposed an efficient outsourcing multiparty computation framework under multiple keys based on additive homomorphic encryption. However, this scheme can only support addition and multiplication, but not other operations.
  • a server can only access the final data processing result with the approval of data owners, which makes this scheme very complicated with regard to communication cost.
  • the scheme proposed in the present document aims to realize, in at least some embodiments, more operations than addition and multiplication without data owner approval.
  • the scheme in [15] can support multiparty access to evidence aggregation, but it is only applicable for addition operation and cannot support other computing operations.
  • Liu et al. [3] proposed a framework for efficient outsourced data calculations with privacy preservation, which can deal with several types of operations, such as addition, multiplication, and division. But their framework cannot flexibly issue the access rights of data processing results to any number of eligible parties. Meanwhile, it cannot support multiplication of large amounts of data.
  • At least some embodiments of the present invention support seven basic computing operations and realize fine-grained and flexible data access control on the data processing result for multiple authorized parties.
  • Cloud storage enables cloud users to upload their personal data to cloud for storage and further sharing.
  • cloud users lose full control over their own data, which makes access control on cloud data significant.
  • a number of solutions have been proposed to protect outsourced data stored in cloud servers.
  • Access Control List is one of the most basic solutions, but its computation complexity grows linearly with the number of data groups or users [16, 17] .
  • Symmetric Key Cryptography, SKC is a typical way to protect the data, but it has high computation complexity in key management with bad flexibility.
  • Public Key Cryptography, PKC can be used by combining with SKC [17] . The data owner encrypts the original data with a symmetric key and then encrypts the key using PKC for each authorized data consumer. However, the cost for encrypting symmetric key is proportional to the number of consumers. Proxy Re-Encryption can also be adopted to manage data sharing in cloud [18, 19] . But it cannot support fine-grained access control.
  • Role-Based Access Control, RBAC can provide partial flexibility based on one level policy, which ensures that only the consumer with specified role can access the data. But these constructions [20, 21] cannot support multiple access policies based on various attribute structures.
  • ABE Attribute-Based Encryption
  • cloud storage management for achieving flexibility, scalability and fine-grained access control [22-25] .
  • ABE enables these schemes to introduce multiple attributes for access judgement, which enhances cloud data security.
  • trust evaluation can also be applied to support access control with high efficiency.
  • the combination of trust evaluation and ABE is presented in [26] , but it neglects other attributes, such as, for example, role and department, only considering trust values. More attributes might be needed to guarantee data privacy and security in many application scenarios.
  • At least some embodiments of the present invention target to realize multiple operations over ciphertext processing in a privacy-preserving way and propose to further improve the security and flexibility of access control by integrating ABE based access control with homomorphic encryption, HE, based data processing.
  • FIGURE 4 illustrates signalling in accordance with at least some embodiments of the present invention.
  • DP 110/DR 140 110 of FIGURE 1 and FIGURE 2 On the vertical axes are disposed, on the left, DP 110/DR 140 110 of FIGURE 1 and FIGURE 2, and on the right, DSP 120 and ACS 130 of FIGURE 1 and FIGURE 2. Time advances from the top toward the bottom.
  • FIGURE 4 embodiments are directed to the case where, unlike in FIGURE 2, the DP 110 and DR 140 are the same entity, that is, the owner requests her own data.
  • DP 110 provides her data, in encrypted form, to DSP 120.
  • DSP 120 performs the processing described above in connection with FIGURE 2 on the ciphertext received in DSP 120. This may comprise, for example, performing the mathematical manipulation selected in dependence of the mathematical operation that it is desired to perform on the plaintext underlying the ciphertext. Further, DSP 120 may, in phase 420, mask the plaintext, without reversing the encryption. In other words, DSP 120 may perform, at least partly, the mathematical operation on the plaintext and mask the plaintext, both without reversing the encryption.
  • DSP 120 may provide the processed ciphertext to ACS 130.
  • ACS 130 may then, in phase 440, reverse the encryption, to obtain the masked plaintext.
  • ACS 130 may further encrypt the masked plaintext using a randomly generated encryption key, and provide the thus encrypted ciphertext to DSP 120, in phase 450.
  • ACS 130 may also provide a ciphered version of the randomly generated encryption key to DSP 120 in phase 450.
  • DSP 120 may reverse the masking, again without reversing the encryption, to obtain a ciphered un-masked plaintext.
  • DR 140 being in this embodiment the DP 110, may request the data from ACS 130, applying an attribute-based mechanism.
  • ACS 130 may provide to DR 140 the encryption key used in phase 440 to encrypt the masked plaintext, in ciphered form. This is indicated in FIGURE 4 as phase 480.
  • ACS 130 may prompt, phase 490, DSP 120 to provide the ciphered version of the un-masked plaintext to DR 140. DSP complies and provides this to DR 140 in phase 4100.
  • ACS 130 may provide a ciphered version of the randomly generated encryption key to DSP 120 in phase 450, which may provide it further to DR 140 in phase 4100. ACS 130 may then simply provide the key used to encrypt the randomly generated encryption key to DR 140 in phase 480, to enable DR 140 to decipher the randomly generated encryption key, and to use the randomly generated encryption key to decrypt the ciphertext DR 140 receives from DSP 120, to thereby obtain the un-masked plaintext.
  • Paillier s cryptosystem [27] is one of the most important additive homomorphic encryption systems.
  • the additive homomorphic encryption satisfies the following equation:
  • D sk () is the corresponding homomorphic decryption algorithm with secret key sk.
  • KP-ABE Key-Policy Attribute-Based Encryption
  • KP-ABE consists of four algorithms: Setup, Encrypt, KeyGen, and Decrypt.
  • This key generation algorithm takes in an access structure and the master secret key MSK′. It outputs a private key SK′.
  • Ciphertext-Policy Attribute-Based Encryption may also be applied in implementing at least some embodiments of the present invention. Adopting CP-ABE saves efforts of key management, while applying KP-ABE may save computation cost of data encryption.
  • HRES Homomorphic Re-Encryption System
  • HRES supports privacy-preserving data processing.
  • At least some embodiments of the present invention adopt HRES for data encryption, which is described in previous application [9] .
  • a detailed introduction to HRES is provided.
  • PK is public to all involved parties.
  • Cloud user i generates its key pair
  • the public system parameters include ⁇ g, n, PK ⁇ .
  • Encryption (Enc) Any user can encrypt its data with pk i and random r ⁇ [1, n/4] , and send it to user i:
  • Decryption (Dec) : Upon receiving the encrypted data, user i can directly decrypt it to obtain the original data:
  • the two-level decryption can change its decryption order. In the process above, no entity alone can perform decryption to obtain the raw data.
  • Data preparation at DSP refers to phase 420 of FIGURE 4 and the processing following phase 112 in FIGURE 2.
  • Data process at ACS refers to phase 440 of FIGURE 4 and the processing following phase 123 of FIGURE 2.
  • Additional process at DSP refers to phase 460 of FIGURE 4 and the processing following phase 132 of FIGURE 2.
  • Addition this scheme aims to obtain the sum of all raw data: Note that the number of the data in Addition affects the length of the provided data. If we want to get the sum result of N pieces of data, it should guarantee that m i ⁇ n/N.
  • DSP Data Preparation at DSP : Due to additive homomorphism, the DSP can directly multiply encrypted data one by one as following:
  • the ACS calls the algorithm PDec2 with SK ACS to finally decrypt the encrypted data to obtain c 1 (m + c 2 ) . And then the ACS chooses two random numbers ck and r to encrypt data as follows:
  • Data Access at DR The DR that satisfies the access policy in ABE can decrypt CK′to obtain ck.
  • the DSP sends the data packet to the DR in a secure way. Then the DR can decrypt to obtain m.
  • the DSP first computes and It further calculates and multiply them to obtain: Then the subsequent process is the same as that in Addition. Due to length and simplicity reasons, the details are not repeated here.
  • Multiplication This function aims to obtain the product of all non-zero raw data For ease of presentation, we describe the details with two pieces of data ( [m 1 ] , [m 2 ] ) .
  • the available number of the data in multiplication influences the length of raw data. If we need to get the product of N pieces of data, it must be guaranteed that the length of each raw data which is different from Addition.
  • the DSP chooses two random numbers c 1 , c 2 (the number of random numbers may be equal to that of provided data) .
  • the DSP does one exponentiation and one decryption with its own secret key by calling PDec1:
  • the data packet sent to the ACS is
  • the ACS Upon receiving the data packet from the CSP, the ACS uses the algorithm PDec2 to decrypt the data:
  • CK′ Enc ABE (ck, ⁇ , PK′) .
  • the DR that satisfies the access policy in ABE can decrypt CK′to obtain ck.
  • the DSP sends the data packet to the DR in a secure way. Then the DR can decrypt to obtain m.
  • the DSP chooses a random number c 1 where It first encrypts “1” and then computes as follows:
  • [1] ⁇ (1+n) *PK r ′, g r ′ ⁇
  • the data packet sent to the ACS is ⁇ (T 1 (1) , T 1 ′ (1) ) , s′ ⁇ .
  • the DSP further process the data packet as following:
  • the DR that satisfies the access policy in ABE can decrypt CK′to obtain ck.
  • DR wants to compare the raw data (m 1 , m 2 ) based on their encrypted data.
  • m 1 -m 2 is denoted as m 1-2 .
  • DSP DSP first computes to get the subtraction of encrypted data:
  • the DR can obtain the comparison result. If m 1-2 ⁇ 0, m 1 ⁇ m 2 ; otherwise, m 1 ⁇ m 2 .
  • DR wants to know if m 1 is equal to m 2 with encrypted data ( [m 1 ] , [m 2 ] ) .
  • the DSP and the ACS directly interact with each other in two parallel computations of Comparison.
  • the DR that satisfies the access policy in ABE can decrypt CK′to obtain ck.
  • DR j may want to get the variance of some data according to provided encrypted data.
  • [-m + ] (T n-1 , (T′) n-1 ) ;
  • the DSP partially decrypts the data with its secret key by calling PDec1 to obtain:
  • the DSP chooses three random numbers c 1 , c 2 , c 3 , and computes to obtain:
  • the DSP send the three ciphertexts to the ACS.
  • DSP may be configured to store c 1 2 , c 2 2 , c 3 2 .
  • CK′ Enc ABE (ck, ⁇ , PK′) . Then the ACS sends them back to the DSP.
  • Data Access at DR The DR that satisfies the access policy in ABE can decrypt CK′to obtain ck.
  • the DSP sends the data packet to the DR in a secure way. Then the DR can decrypt it to obtain and finally get the variance of data:
  • the decryption key ck chosen by ACS is encrypted using ABE, which helps achieve secure access to the data processing results.
  • it is proposed to adopt trust level as a concrete example attribute.
  • medical data management Some case reports of patients can be used for further research and even be used to judge the potential disease. However, it is highly sensitive information, especially those infectious diseases. The user privacy and data security can be guaranteed through the schemes above. But how to further control the access to the final data processing results is still a significant open issue.
  • the processed result of cases may be used by doctors for diagnosis, or by a medical expert for disease study.
  • organization i.e., hospital, research institution, etc.
  • medical specialty i.e., internal medicine, general, neurology, etc.
  • profession physician, researcher, nurse, etc.
  • trust level can be decided by the feedback of patients and the research impact, as described, for example, in papers [15] .
  • KP-ABE or CP-ABE can be easily applied to realize an access structure. More attributes can be added to achieve higher security and more fine-grained access control.
  • the computation complexity is highly related to the number of attributes. Thus, it should be decided according to practical requirements.
  • trust value As the number of trust values is not infinite, but some fixed numbers, thus the adoption of trust value would not incur much computation overhead. However, it can help improve the system performance, as it is a value dynamically generated based on the historical performance of a system entity. The higher the trust value is, the more information the user can obtain.
  • some embodiments of the invention may be used in Pervasive Social Networking, PSN.
  • Trust management is widely used in PSN to build trust relationship for data access control. It is easy to obtain a secure and motivated access control scheme for privacy-preserving data processing by integrating trust evaluation result with other attributes.
  • FIGURE 5 is a flow graph of a method in accordance with at least some embodiments of the present invention.
  • the phases of the illustrated method may be performed in DSP 120, or in a control device configured to control the functioning thereof, when installed therein.
  • Phase 510 comprises receiving, in an apparatus, from at least one data provider, at least one ciphertext, the at least one ciphertext comprising a first ciphertext.
  • Phase 520 comprises performing a mathematical manipulation of the first ciphertext to modify the first ciphertext without decrypting the first ciphertext, the mathematical manipulation being selected in the apparatus in dependence of a mathematical operation to be performed on plaintext underlying the first ciphertext.
  • the mathematical operation may comprise addition or multiplication, for example, as laid out above.
  • Phase 540 comprises obtaining a second ciphertext from the modified first ciphertext by performing a cryptographic operation, wherein at least one number is randomly generated and used in masking plaintext underlying the second ciphertext.
  • the method may further comprise providing the second ciphertext to an access control node.
  • FIGURE 6 is a flow graph of a method in accordance with at least some embodiments of the present invention.
  • the phases of the illustrated method may be performed in DSP 120, or in a control device configured to control the functioning thereof, when installed therein.
  • Phase 610 comprises receiving, in an apparatus from a data service provider, a first ciphertext.
  • Phase 620 comprises partially decrypting the first ciphertext to obtain a second ciphertext, using a secret key of the apparatus from a public key-secret key pair of the apparatus. Partially decrypting to obtain a second ciphertext may comprise decrypting to obtain a masked plaintext.
  • Phase 630 comprises generating a variable, encrypting the second ciphertext using the variable as key and providing the encrypted second ciphertext to the data service provider.
  • Phase 640 comprises encrypting the variable using an attribute-based encryption mechanism.
  • phase 650 comprises processing a request, received from a data requesting party, for access to information underlying the first ciphertext and second ciphertext.
  • the variable may comprise any kind of bit or character sequence usable as encryption key.
  • the variable may comprise a 128 or 256 bit long binary value.
  • At least some embodiments of the present invention find industrial application in facilitating secure data processing and distribution.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Selon un aspect donné à titre d'exemple, la présente invention concerne un appareil comprenant au moins un cœur de traitement, au moins une mémoire comprenant des codes de programme informatique, la ou les mémoires et les codes de programme informatique étant configurés pour, avec le ou les cœurs de traitement, amener l'appareil au moins à recevoir, en provenance d'au moins un fournisseur de données, au moins un texte chiffré, ledit au moins un texte chiffré comprenant un premier cryptogramme, effectuer une manipulation mathématique du premier cryptogramme pour modifier le premier cryptogramme sans déchiffrer le premier cryptogramme, la manipulation mathématique étant sélectionnée dans l'appareil en fonction d'une opération mathématique à effectuer sur le texte en clair sous-jacent au premier cryptogramme, obtenir un second cryptogramme à partir du premier cryptogramme modifié par réalisation d'une opération cryptographique, au moins un nombre étant généré de manière aléatoire et utilisé dans le masquage d'un texte en clair sous-jacent au second cryptogramme, et fournir le second cryptogramme à un nœud de commande d'accès.
PCT/CN2016/104553 2016-11-04 2016-11-04 Traitement de données distribué sécurisé WO2018082008A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP16920471.6A EP3535924A4 (fr) 2016-11-04 2016-11-04 Traitement de données distribué sécurisé
CN201680091521.XA CN110089071B (zh) 2016-11-04 2016-11-04 安全的分布式数据处理
PCT/CN2016/104553 WO2018082008A1 (fr) 2016-11-04 2016-11-04 Traitement de données distribué sécurisé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/104553 WO2018082008A1 (fr) 2016-11-04 2016-11-04 Traitement de données distribué sécurisé

Publications (1)

Publication Number Publication Date
WO2018082008A1 true WO2018082008A1 (fr) 2018-05-11

Family

ID=62075493

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/104553 WO2018082008A1 (fr) 2016-11-04 2016-11-04 Traitement de données distribué sécurisé

Country Status (3)

Country Link
EP (1) EP3535924A4 (fr)
CN (1) CN110089071B (fr)
WO (1) WO2018082008A1 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109088720A (zh) * 2018-08-14 2018-12-25 广东工业大学 一种基于混合云存储的加密文件去重方法及装置
CN110113331A (zh) * 2019-04-30 2019-08-09 福建师范大学 一种隐藏访问结构的分布式密文策略属性基加密方法
CN110147681A (zh) * 2019-04-02 2019-08-20 西安电子科技大学 一种支持灵活访问控制的隐私保护大数据处理方法及系统
CN111159727A (zh) * 2019-12-11 2020-05-15 西安交通大学医学院第一附属医院 一种面向多方协同的贝叶斯分类器安全生成系统及方法
CN111614680A (zh) * 2020-05-25 2020-09-01 华中科技大学 一种基于cp-abe的可追溯云存储访问控制方法和系统
CN111967050A (zh) * 2020-08-24 2020-11-20 支付宝(杭州)信息技术有限公司 两方数据分组统计方法、装置及系统
CN112231561A (zh) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 数据处理方法、装置、设备及存储介质
CN112463332A (zh) * 2020-12-01 2021-03-09 华控清交信息科技(北京)有限公司 一种数据处理方法、密文计算系统和用于数据处理的装置
CN113841356A (zh) * 2019-02-22 2021-12-24 因福尔公司 使用模整数进行安全多方计算的算法
CN115801397A (zh) * 2022-11-15 2023-03-14 成都理工大学 一种抗合谋攻击的代理可搜索加密方法
CN116707798A (zh) * 2023-07-11 2023-09-05 西华大学 一种基于等值测试的密文审查方法、装置和系统

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584285B (zh) * 2022-05-05 2022-07-29 深圳市洞见智慧科技有限公司 安全多方处理方法及相关设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2120227A1 (fr) * 2007-01-19 2009-11-18 Mitsubishi Electric Corporation Dispositif de génération de cryptogramme, système de communication de cryptogramme et dispositif de génération de paramètre de groupe
CN102063601A (zh) * 2009-11-12 2011-05-18 中兴通讯股份有限公司 射频识别系统、阅读器和射频识别方法
EP3001401A1 (fr) * 2013-07-18 2016-03-30 Nippon Telegraph And Telephone Corporation Dispositif de décodage, dispositif de fourniture de capacité de décodage, procédé associé, et programme
CN105871550A (zh) * 2016-06-13 2016-08-17 四川特伦特科技股份有限公司 一种实现数字信号加密传输的系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2778951B1 (fr) * 2011-11-11 2017-04-26 NEC Corporation Système, procédé et programme de chiffrement de base de données
US10027486B2 (en) * 2012-06-22 2018-07-17 Commonwealth Scientific And Industrial Research Organisation Homomorphic encryption for database querying

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2120227A1 (fr) * 2007-01-19 2009-11-18 Mitsubishi Electric Corporation Dispositif de génération de cryptogramme, système de communication de cryptogramme et dispositif de génération de paramètre de groupe
CN102063601A (zh) * 2009-11-12 2011-05-18 中兴通讯股份有限公司 射频识别系统、阅读器和射频识别方法
EP3001401A1 (fr) * 2013-07-18 2016-03-30 Nippon Telegraph And Telephone Corporation Dispositif de décodage, dispositif de fourniture de capacité de décodage, procédé associé, et programme
CN105871550A (zh) * 2016-06-13 2016-08-17 四川特伦特科技股份有限公司 一种实现数字信号加密传输的系统

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MING LI ET AL.: "Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption", IEEE TRANSACTIONS ON PARALLAL AND DISTRIBUTED SYSTEMS, vol. 24, no. 1, 1 January 2013 (2013-01-01), XP055378272, DOI: 10.1109/TPDS.2012.97
See also references of EP3535924A4
XIMENG LIU ET AL.: "Efficient and Privacy-Preserving Outsources Calculation of Rational Numbers", IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, vol. 15, no. 1, 1 March 2016 (2016-03-01), pages 27 - 39, XP055686573, DOI: 10.1109/TDSC.2016.2536601

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109088720A (zh) * 2018-08-14 2018-12-25 广东工业大学 一种基于混合云存储的加密文件去重方法及装置
CN113841356A (zh) * 2019-02-22 2021-12-24 因福尔公司 使用模整数进行安全多方计算的算法
CN110147681A (zh) * 2019-04-02 2019-08-20 西安电子科技大学 一种支持灵活访问控制的隐私保护大数据处理方法及系统
CN110113331A (zh) * 2019-04-30 2019-08-09 福建师范大学 一种隐藏访问结构的分布式密文策略属性基加密方法
CN110113331B (zh) * 2019-04-30 2021-11-05 福建师范大学 一种隐藏访问结构的分布式密文策略属性基加密方法
CN111159727A (zh) * 2019-12-11 2020-05-15 西安交通大学医学院第一附属医院 一种面向多方协同的贝叶斯分类器安全生成系统及方法
CN111614680B (zh) * 2020-05-25 2021-04-02 华中科技大学 一种基于cp-abe的可追溯云存储访问控制方法和系统
CN111614680A (zh) * 2020-05-25 2020-09-01 华中科技大学 一种基于cp-abe的可追溯云存储访问控制方法和系统
CN111967050A (zh) * 2020-08-24 2020-11-20 支付宝(杭州)信息技术有限公司 两方数据分组统计方法、装置及系统
CN111967050B (zh) * 2020-08-24 2023-11-21 支付宝(杭州)信息技术有限公司 两方数据分组统计方法、装置及系统
CN112231561A (zh) * 2020-10-14 2021-01-15 深圳前海微众银行股份有限公司 数据处理方法、装置、设备及存储介质
CN112463332A (zh) * 2020-12-01 2021-03-09 华控清交信息科技(北京)有限公司 一种数据处理方法、密文计算系统和用于数据处理的装置
CN115801397A (zh) * 2022-11-15 2023-03-14 成都理工大学 一种抗合谋攻击的代理可搜索加密方法
CN115801397B (zh) * 2022-11-15 2024-04-09 成都理工大学 一种抗合谋攻击的代理可搜索加密方法
CN116707798A (zh) * 2023-07-11 2023-09-05 西华大学 一种基于等值测试的密文审查方法、装置和系统
CN116707798B (zh) * 2023-07-11 2024-05-17 西华大学 一种基于等值测试的密文审查方法、装置和系统

Also Published As

Publication number Publication date
EP3535924A1 (fr) 2019-09-11
EP3535924A4 (fr) 2020-06-17
CN110089071A (zh) 2019-08-02
CN110089071B (zh) 2023-02-17

Similar Documents

Publication Publication Date Title
WO2018082008A1 (fr) Traitement de données distribué sécurisé
Jayaraman et al. Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation
Nepal et al. Trustworthy processing of healthcare big data in hybrid clouds
WO2018000317A1 (fr) Traitement sécurisé de données
Xhafa et al. Privacy-aware attribute-based PHR sharing with user accountability in cloud computing
Zhang et al. Block-based access control for blockchain-based electronic medical records (EMRs) query in eHealth
EP3642999A1 (fr) Calcul informatisé sécurisé
Murugesan et al. Analysis on homomorphic technique for data security in fog computing
Zhang et al. Consent‐based access control for secure and privacy‐preserving health information exchange
Asad et al. CEEP-FL: A comprehensive approach for communication efficiency and enhanced privacy in federated learning
Ramu et al. Secure architecture to manage EHR’s in cloud using SSE and ABE
Alam et al. Garbled role-based access control in the cloud
Guo et al. A hybrid blockchain-edge architecture for electronic health record management with attribute-based cryptographic mechanisms
WO2019148335A1 (fr) Traitement de données sécurisé
Mythili et al. An attribute-based lightweight cloud data access control using hypergraph structure
He et al. A fine-grained and lightweight data access control scheme for WSN-integrated cloud computing
Wang et al. Improved publicly verifiable group sum evaluation over outsourced data streams in IoT setting
Elmogazy et al. Towards healthcare data security in cloud computing
Huang et al. Efficient anonymous attribute-based encryption with access policy hidden for cloud computing
Sun et al. MedRSS: A blockchain-based scheme for secure storage and sharing of medical records
Xu et al. Outsourced privacy-aware task allocation with flexible expressions in crowdsourcing
Zaghloul et al. d-EMR: Secure and distributed Electronic Medical Record management
Babu et al. An effective block-chain based authentication technique for cloud based IoT
Alabi et al. Privacy and Trust Models for Cloud-Based EHRs Using Multilevel Cryptography and Artificial Intelligence
Mahato et al. Securing edge computing using cryptographic schemes: a review

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16920471

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2016920471

Country of ref document: EP

Effective date: 20190604