WO2018113563A1 - 一种具有访问控制功能的数据库查询方法和系统 - Google Patents
一种具有访问控制功能的数据库查询方法和系统 Download PDFInfo
- Publication number
- WO2018113563A1 WO2018113563A1 PCT/CN2017/115845 CN2017115845W WO2018113563A1 WO 2018113563 A1 WO2018113563 A1 WO 2018113563A1 CN 2017115845 W CN2017115845 W CN 2017115845W WO 2018113563 A1 WO2018113563 A1 WO 2018113563A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- query
- data
- user
- ciphertext
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
Definitions
- the present invention relates to the field of database query, and in particular to a database query method with access control function, and to a system for implementing the above method.
- the data stored in the cloud server in the form of ciphertext also brings a new problem: how to query the ciphertext data according to the user access authority, and the existing algorithm cannot support the query with the access control function under the ciphertext database.
- a patient can only query his or her own medical records; a doctor can only query the medical records of the patients he or she diagnoses; the dean can record the medical records of all patients diagnosed in the hospital. Inquire.
- the present invention provides a database query method with an access control function, and a system for implementing the above method.
- the database query method with access control function of the invention comprises the following steps:
- Initialization step the data uploader generates an inquiry key
- Data encryption step The data uploader establishes an attribute index for each record uploaded to the server database, encrypts each record and attribute index, obtains the recorded ciphertext and the index ciphertext, and then encrypts the query key and The encrypted query key is sent to the data query user;
- Key generation step the data query user generates a corresponding key according to its own user attribute
- Trapdoor generation step the data query user decrypts the obtained query key by using the key and the encrypted query key, and then generates a predicate trapdoor by querying the key and the query condition, and sends the result to the server;
- Query step the server queries the data of the database, and returns the ciphertext data that meets the conditions to the data query user;
- Decryption step The data query user uses the key to decrypt the recorded ciphertext data returned by the server, and obtains the query result. .
- the present invention is further improved, in the initialization step, the data uploader inputs the security parameter ⁇ and the attribute full Set U, through the ABE algorithm and the POE algorithm, the key generation center generates the public parameter pp and the master key msk; the data uploader generates the public key pk and the query key sk.
- the data uploader establishes an attribute index for each record m. And use the public parameter pp, the public key pk, and the access control structure (M, ⁇ ) to locally index each record m and attributes. Encrypted, the index is recorded and the ciphertext ciphertext (C ', C p); pp parameters in the public access and control structures (M, ⁇ ) on the query obtained by encrypting key sk sk C, and sends it to the system The data is queried by the user.
- the present invention is further improved.
- the data query user sends the user attribute I to the key generation center, and the key generation center generates the corresponding key sk I using the master key msk and sends it back to the user.
- the present invention is further improved.
- the user attribute I satisfies the data of the access control structure (M, ⁇ ).
- the query user decrypts C sk with the key sk I to obtain the query key sk, and then uses sk and the query condition.
- Predicate Generating predicate trap And send it to the server.
- the server traps the ciphertext C p and the predicate according to the index Query ciphertext data one by one, when query conditions And attribute index
- the record ciphertext C' is returned, otherwise it returns ⁇ .
- the present invention is further improved.
- the data query user whose user attribute I satisfies the access control structure (M, ⁇ ) uses the key sk I to decrypt the recorded ciphertext C' returned by the server, and obtains the query result m.
- the present invention is further improved.
- the data encryption method uses a ciphertext-policy attribute encryption method and a predicate encryption method.
- the present invention is further improved.
- the algorithm used by the ciphertext-policy attribute encryption method includes:
- ABE.pk (g, g a , e(g,g) ⁇ , h 1 ,..., h U );
- ABE.msk g ⁇ ;
- the present invention is further improved, and the algorithm used by the predicate encryption method includes:
- Predicate encryption algorithm Input x i ⁇ Z n and public key POE.pk, the encryption algorithm randomly selects s, ⁇ , ⁇ ⁇ Z n , R 3, i , R 4, i ⁇ G r , where 1 ⁇ i ⁇ n, predicate encryption algorithm output secret Text:
- Predicate trapdoor generation algorithm Enter the key POE.sk and predicate
- the key generation algorithm randomly selects r 1,i ,r 2,i ⁇ Z n ,R 5 ⁇ G r ,f 1 ,f 2 ⁇ Z n ,Q 6 ⁇ G q , and the key generation algorithm outputs the predicate trap:
- the present invention also provides a system for implementing the above method, including
- Key generation center used to generate a master key, query a key, and send the generated query key to the data uploader, generate a key according to the user attribute provided by the data query user, and send the key to the data query user;
- Data uploader establish an attribute index for each record uploaded to the server database, encrypt each record and attribute index, obtain the recorded ciphertext and index ciphertext, then encrypt the query key, and encrypt the encrypted The query key is sent to the data query user;
- the data query user decrypts the obtained query key by using the key and the encrypted query key, and then generates a predicate trapdoor by querying the key and the query condition, sends it to the server, and uses the key to decrypt the recorded ciphertext data returned by the server. Get the query result;
- Server used to query the data of the database, and return the ciphertext data of the qualified records to the data query. user.
- the invention has the beneficial effects that: the invention uses the ciphertext-policy attribute encryption to control the query permission of the user; and uses the predicate encryption to establish an index to implement the query function, wherein the ciphertext-policy attribute Encryption guarantees the confidentiality of data; predicate encryption has the property of hiding attributes, which guarantees the confidentiality of the query conditions. Therefore, the present invention can not only control the access of the data query user to the database, but also ensure the confidentiality of the data and the query conditions.
- FIG. 1 is a schematic structural view of a system of the present invention
- FIG. 2 is a schematic flow chart of the method of the present invention.
- this example provides a database query system, including:
- Key generation center used to generate a master key msk, a query key sk, and send the generated query key sk to the data uploader, and generate a key sk I according to the user attribute I provided by the data query user. Send to the data query user;
- the server employed in the present invention is preferably a cloud server having a large amount of information storage.
- the invention also provides a database query method based on the above system, and the database query method of the example adopts a ciphertext-policy attribute encryption method and a predicate encryption method.
- the policy in the ciphertext-policy attribute encryption method of this example refers to an access control policy based on the access control structure (M, ⁇ ) adopted by the present invention. It will be described in detail below.
- This example ciphertext-policy attribute encryption method includes the following four algorithms:
- ABE.pk (g, g a , e(g,g) ⁇ , h 1 ,..., h U );
- ABE.msk g ⁇ ;
- the predicate encryption method in this example includes the following four algorithms:
- Predicate encryption algorithm Input x i ⁇ Z n and public key POE.pk, the encryption algorithm randomly selects s, ⁇ , ⁇ Z n , R 3,i , R 4,i ⁇ G r , where 1 ⁇ i ⁇ n, predicate encryption algorithm output secret Text:
- Predicate trapdoor generation algorithm Enter the key POE.sk and predicate
- the key generation algorithm randomly selects r 1,i ,r 2,i ⁇ Z n ,R 5 ⁇ G r ,f 1 ,f 2 ⁇ Z n ,Q 6 ⁇ G q , and the key generation algorithm outputs the predicate trap:
- the data uploader inputs the security parameter ⁇ and the attribute set U.
- the key generation center generates the public parameter pp and the master key msk; the data uploader generates the public key pk and the query key sk.
- the data uploader creates an attribute index for each record m And use the public parameter pp, the public key pk, and the access control structure (M, ⁇ ) to locally index each record m and attributes. Encrypted, the index is recorded and the ciphertext ciphertext (C ', C p); pp parameters in the public access and control structures (M, ⁇ ) on the query obtained by encrypting key sk sk C, and sends it to the system The data is queried by the user.
- the data owner uses ABE.pk to encrypt each record m in the database to generate C' ⁇ ABE.Encrypt(pp,m,(M, ⁇ )), and uses the public key pk to establish a ciphertext index for this record m.
- (M, ⁇ ) is the access control strategy
- (C', C p ) is sent to the cloud server together, and then the query key sk is encrypted by using the public parameter pp to obtain the ciphertext C sk ⁇ ABE.
- Encrypt (pp, sk, M, ⁇ ) send C sk to all query users.
- the ciphertext (C', C p , C sk ) is obtained.
- the algorithm is as follows:
- the data query user sends the user attribute I to the key generation center, and the key generation center generates the corresponding key sk I using the master key msk and sends it back to the user.
- the user attribute I satisfies the data of the access control structure (M, ⁇ ).
- the user decrypts C sk with the key sk I to obtain the query key sk, and then uses sk and the query condition is also the predicate. Generating predicate trap And send it to the server.
- the access control policy used to encrypt the query key sk is that only the user attribute can be decrypted by the hospital dean, and only the dean can obtain the inquiry key sk.
- the data query user uses the query key sk and the query condition (predicate) to generate the predicate trap.
- the last user will Sent to the cloud server, where
- the server is based on the index ciphertext C p and the predicate trap
- the ciphertext data is queried one by one, and the result is If the result is 1, the query condition is specified.
- attribute index Matches returns all the recorded ciphertexts C' corresponding to the trapdoor, otherwise returns ⁇ , where
- the database When the user attribute I of the data query user satisfies the access control structure (M, ⁇ ), the database returns the record ciphertext C', the data query user uses the key sk I , decrypts the record ciphertext C′ returned by the server, and obtains the plaintext query.
- the result m ABE.Decrypt(sk I , C'), where
- Verification of the correctness of the method The above six steps are performed in sequence, requiring ( ⁇ , msk, pk, sk), all I and bes for all security parameters ⁇ , attribute set U and Setup( ⁇ , U) Sk I generated by KeyGen(msk,I), all And being produced As well as arbitrary And (M, ⁇ ), when the data attribute set And predicates Satisfy
- the user attribute set I satisfies the access control structure (M, ⁇ )
- M, ⁇ access control structure
- the user can obtain all the plaintext data that satisfies the query condition; when the above two conditions cannot be satisfied at the same time, the user cannot obtain the plaintext data that satisfies the query condition; correct.
- the invention uses the ciphertext-policy attribute encryption to control the query permission of the user; the predicate encryption is used to establish an index to realize the function of the query, wherein the ciphertext-policy attribute encryption can ensure the confidentiality of the data; the predicate encryption has the attribute hidden Features to ensure the confidentiality of the query conditions. Therefore, the present invention can not only control the access of the data query user to the database, but also ensure the confidentiality of the data and the query conditions.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (10)
- 一种具有访问控制功能的数据库查询方法,其特征在于包括如下步骤:初始化步骤:数据上传者生成查询密钥;数据加密步骤:数据上传者对上传至服务器数据库中的每一条记录建立属性索引,并对每一条记录及属性索引加密,得到记录密文和索引密文,然后将查询密钥进行加密,并把加密后的查询密钥发送给数据查询用户;密钥产生步骤:数据查询用户根据自身的用户属性生成对应的密钥;陷门生成步骤:数据查询用户采用密钥和加密后的查询密钥解密得到查询密钥,然后通过查询密钥和查询条件生成谓词陷门,发送给服务器;查询步骤:服务器对数据库的数据进行查询,将符合条件的记录密文数据返回给数据查询用户;解密步骤:数据查询用户采用密钥解密服务器返回的记录密文数据,得到查询结果。
- 根据权利要求1所述的数据库查询方法,其特征在于:在初始化步骤中,所述数据上传者输入安全参数λ以及属性全集U,通过ABE算法和POE算法,密钥产生中心生成公共参数pp和主密钥msk;数据上传者生成公钥pk和查询密钥sk。
- 根据权利要求3所述的数据库查询方法,其特征在于:在密钥产生步骤中,数据查询用户将用户属性I发送给密钥产生中心,密钥产生中心使用主密钥msk生成对应的密钥skI并发回给用户。
- 根据权利要求1-6任一项所述的数据库查询方法,其特征在于:所述数据加密方法采用密文-策略属性加密法和谓词加密法。
- 根据权利要求7所述的数据库查询方法,其特征在于:所述密文-策略属性加密法采用的算法包括:(1)初始化算法:(ABE.pk,ABE.msk)←ABE.Setup(U),输入属性全集U,产生阶为素数p的循环群G0,生成元为g,随机选取元素h1,…,hU∈G0与系统属性集合U相关联,另外随机选择α,a∈Zp,初始化算法输出系统公钥和主密钥:ABE.pk=(g,ga,e(g,g)α,h1,…,hU);ABE.msk=gα;(2)密钥产生算法:ABE.sk←ABE.KeyGen(ABE.msk,I),输入主密钥ABE.msk以及某个用户的用户属性集I,随机选择t∈Zp,密钥产生算法输出:(3)加密算法:CT←ABE.Encrypt(ABE.pk,m,M,ρ),输入消息记录m、系统公钥ABE.pk以及访问控制结构(M,ρ),其中,设M为l×n矩阵,随机选择向量 则有随机选择r1,…,rl∈Zp,加密算法输出密文:(4)解密算法:m←ABE.Decrypt(ABE.sk,CT),输入访问控制结构为(M,ρ)的密文CT,属性集合为I的用户密钥,如果属性集合满足访问控制结构,设定义S={i:ρ(i)∈I},其中则可以找到属性集合{ωi∈Zp}i∈S使得∑i∈Sωiλi=s,通过以下解密算法得到记录m:C/e(g,g)αs=m·e(g,g)αs/e(g,g)αs=m。
- 根据权利要求8所述的数据库查询方法,其特征在于:所述谓词加密法采用的算法包括:(1)初始化算法:(POE.pk,POE.sk)←POE.Setup(λ),输入安全参数λ,得到(p,q,r,G,GT),其中G=Gp·Gq·Gr且p,q,r都为素数,Gp,Gq,Gr的生成元分别为gp,gq,gr,对于1≤i≤n,随机选择R1,i,R2,i∈Gr、h1,i,h2,i∈Gp和R0∈Gr,初始化算法输出:
- 一种实现权利要求1-9任一项所述数据库查询方法的系统,其特征在于包括:密钥产生中心:用于生成主密钥、查询密钥,并将生成的查询密钥发送给数据上传者,根据数据查询用户提供的用户属性生成密钥并发送给数据查询用户;数据上传者:对上传至服务器数据库中的每一条记录建立属性索引,并对每一条记录及属性索引加密,得到记录密文和索引密文,然后将查询密钥进行加密,并把加密后的查询密钥发送给数据查询用户;数据查询用户:采用密钥和加密后的查询密钥解密得到查询密钥,然后通过查询密钥和查询条件生成谓词陷门,发送给服务器,并采用密钥解密服务器返回的记录密文数据,得到查询结果;服务器:用于对数据库的数据进行查询,将符合条件的记录密文数据返回给数据查询用户。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611189991.8 | 2016-12-21 | ||
CN201611189991.8A CN106657059B (zh) | 2016-12-21 | 2016-12-21 | 一种具有访问控制功能的数据库查询方法和系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018113563A1 true WO2018113563A1 (zh) | 2018-06-28 |
Family
ID=58834442
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/115845 WO2018113563A1 (zh) | 2016-12-21 | 2017-12-13 | 一种具有访问控制功能的数据库查询方法和系统 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106657059B (zh) |
WO (1) | WO2018113563A1 (zh) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111556048A (zh) * | 2020-04-26 | 2020-08-18 | 山东师范大学 | 一种支持密文模式匹配的属性基安全通信方法及系统 |
CN112733111A (zh) * | 2020-12-31 | 2021-04-30 | 暨南大学 | 一种基于片段分割的阈值谓词加密生物特征认证方法 |
CN112751670A (zh) * | 2020-12-30 | 2021-05-04 | 西安邮电大学 | 一种多中心密文策略的属性基可搜索加密及相应的搜索获取数据的方法 |
CN112800445A (zh) * | 2021-01-21 | 2021-05-14 | 西安电子科技大学 | 一种用于密文数据的前后向安全和可验证的布尔查询方法 |
CN113836447A (zh) * | 2021-09-29 | 2021-12-24 | 安徽大学 | 一种云平台下的安全轨迹相似性查询方法及系统 |
CN114417068A (zh) * | 2022-01-20 | 2022-04-29 | 三未信安科技股份有限公司 | 一种具有隐私性保护的大规模图数据匹配方法 |
CN115102733A (zh) * | 2022-06-13 | 2022-09-23 | 西安电子科技大学 | 一种高效打包的图像加密检索方法 |
CN115174072A (zh) * | 2022-07-15 | 2022-10-11 | 杭州师范大学 | 一种保护隐私的医疗信息相似范围查询方法 |
CN117220897A (zh) * | 2023-03-17 | 2023-12-12 | 山西大学 | 一种具有完全策略隐藏的可追踪可撤销属性基加密方法 |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106657059B (zh) * | 2016-12-21 | 2020-04-21 | 哈尔滨工业大学深圳研究生院 | 一种具有访问控制功能的数据库查询方法和系统 |
CN110263570B (zh) * | 2019-05-10 | 2020-09-25 | 电子科技大学 | 一种实现高效相似性查询和访问控制的基因数据脱敏方法 |
CN110730167B (zh) * | 2019-09-26 | 2022-02-22 | 支付宝(杭州)信息技术有限公司 | 数据发送方法、数据查询方法、装置、电子设备和系统 |
CN111931214A (zh) * | 2020-08-31 | 2020-11-13 | 平安国际智慧城市科技股份有限公司 | 数据处理方法、装置、服务器及存储介质 |
CN116881947A (zh) * | 2023-08-01 | 2023-10-13 | 江苏恒为信息科技有限公司 | 一种基于区块链的企业数据库安全访问控制方法及装置 |
CN117235796B (zh) * | 2023-09-27 | 2024-05-07 | 宁远县大麦电子商务有限公司 | 一种电子商务数据的处理方法 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002078238A2 (en) * | 2001-03-27 | 2002-10-03 | Microsoft Corporation | Distributed, scalable cryptographic acces control |
CN104584509A (zh) * | 2014-12-31 | 2015-04-29 | 深圳大学 | 一种共享数据的访问控制方法、装置及系统 |
CN104899517A (zh) * | 2015-05-15 | 2015-09-09 | 陕西师范大学 | 基于短语的可搜索对称加密方法 |
US9258122B1 (en) * | 2014-01-13 | 2016-02-09 | Symantec Corporation | Systems and methods for securing data at third-party storage services |
CN105871543A (zh) * | 2016-03-29 | 2016-08-17 | 西安电子科技大学 | 多数据拥有者背景下基于属性的多关键字密文检索方法 |
CN106131029A (zh) * | 2016-07-19 | 2016-11-16 | 南京邮电大学 | 一种抵抗属性密钥滥用的高效密文搜索方法 |
CN106657059A (zh) * | 2016-12-21 | 2017-05-10 | 哈尔滨工业大学深圳研究生院 | 一种具有访问控制功能的数据库查询方法和系统 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102938767B (zh) * | 2012-11-13 | 2016-08-10 | 西安电子科技大学 | 基于云数据外包系统的高效可验证的模糊关键词搜索方法 |
CN103095733B (zh) * | 2013-03-04 | 2017-02-01 | 淮阴工学院 | 一种面向云存储的关键字密文检索方法 |
-
2016
- 2016-12-21 CN CN201611189991.8A patent/CN106657059B/zh active Active
-
2017
- 2017-12-13 WO PCT/CN2017/115845 patent/WO2018113563A1/zh active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002078238A2 (en) * | 2001-03-27 | 2002-10-03 | Microsoft Corporation | Distributed, scalable cryptographic acces control |
US9258122B1 (en) * | 2014-01-13 | 2016-02-09 | Symantec Corporation | Systems and methods for securing data at third-party storage services |
CN104584509A (zh) * | 2014-12-31 | 2015-04-29 | 深圳大学 | 一种共享数据的访问控制方法、装置及系统 |
CN104899517A (zh) * | 2015-05-15 | 2015-09-09 | 陕西师范大学 | 基于短语的可搜索对称加密方法 |
CN105871543A (zh) * | 2016-03-29 | 2016-08-17 | 西安电子科技大学 | 多数据拥有者背景下基于属性的多关键字密文检索方法 |
CN106131029A (zh) * | 2016-07-19 | 2016-11-16 | 南京邮电大学 | 一种抵抗属性密钥滥用的高效密文搜索方法 |
CN106657059A (zh) * | 2016-12-21 | 2017-05-10 | 哈尔滨工业大学深圳研究生院 | 一种具有访问控制功能的数据库查询方法和系统 |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111556048B (zh) * | 2020-04-26 | 2022-04-01 | 山东师范大学 | 一种支持密文模式匹配的属性基安全通信方法及系统 |
CN111556048A (zh) * | 2020-04-26 | 2020-08-18 | 山东师范大学 | 一种支持密文模式匹配的属性基安全通信方法及系统 |
CN112751670A (zh) * | 2020-12-30 | 2021-05-04 | 西安邮电大学 | 一种多中心密文策略的属性基可搜索加密及相应的搜索获取数据的方法 |
CN112751670B (zh) * | 2020-12-30 | 2022-11-11 | 西安邮电大学 | 一种多中心密文策略的属性基可搜索加密及相应的搜索获取数据的方法 |
CN112733111A (zh) * | 2020-12-31 | 2021-04-30 | 暨南大学 | 一种基于片段分割的阈值谓词加密生物特征认证方法 |
CN112800445A (zh) * | 2021-01-21 | 2021-05-14 | 西安电子科技大学 | 一种用于密文数据的前后向安全和可验证的布尔查询方法 |
CN112800445B (zh) * | 2021-01-21 | 2022-12-09 | 西安电子科技大学 | 一种用于密文数据的前后向安全和可验证的布尔查询方法 |
CN113836447A (zh) * | 2021-09-29 | 2021-12-24 | 安徽大学 | 一种云平台下的安全轨迹相似性查询方法及系统 |
CN113836447B (zh) * | 2021-09-29 | 2024-04-09 | 安徽大学 | 一种云平台下的安全轨迹相似性查询方法及系统 |
CN114417068A (zh) * | 2022-01-20 | 2022-04-29 | 三未信安科技股份有限公司 | 一种具有隐私性保护的大规模图数据匹配方法 |
CN115102733A (zh) * | 2022-06-13 | 2022-09-23 | 西安电子科技大学 | 一种高效打包的图像加密检索方法 |
CN115102733B (zh) * | 2022-06-13 | 2023-11-21 | 西安电子科技大学 | 一种高效打包的图像加密检索方法 |
CN115174072A (zh) * | 2022-07-15 | 2022-10-11 | 杭州师范大学 | 一种保护隐私的医疗信息相似范围查询方法 |
CN115174072B (zh) * | 2022-07-15 | 2024-05-14 | 杭州师范大学 | 一种保护隐私的医疗信息相似范围查询方法 |
CN117220897A (zh) * | 2023-03-17 | 2023-12-12 | 山西大学 | 一种具有完全策略隐藏的可追踪可撤销属性基加密方法 |
Also Published As
Publication number | Publication date |
---|---|
CN106657059B (zh) | 2020-04-21 |
CN106657059A (zh) | 2017-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018113563A1 (zh) | 一种具有访问控制功能的数据库查询方法和系统 | |
Deng et al. | Flexible attribute-based proxy re-encryption for efficient data sharing | |
US11425171B2 (en) | Method and system for cryptographic attribute-based access control supporting dynamic rules | |
Li et al. | Full verifiability for outsourced decryption in attribute based encryption | |
Yang et al. | Conjunctive keyword search with designated tester and timing enabled proxy re-encryption function for e-health clouds | |
Wang et al. | Cost-effective secure E-health cloud system using identity based cryptographic techniques | |
Jung et al. | Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption | |
Zhou et al. | TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems | |
JP5562687B2 (ja) | 第1のユーザによって第2のユーザに送信される通信の安全化 | |
Chaudhari et al. | Privacy preserving searchable encryption with fine-grained access control | |
WO2017181911A1 (zh) | 基于公钥可搜索加密的文件存储、搜索方法及存储系统 | |
CN110099043A (zh) | 支持策略隐藏的多授权中心访问控制方法、云存储系统 | |
WO2016106752A1 (zh) | 一种共享数据的访问控制方法、装置及系统 | |
Belguith et al. | Pabac: a privacy preserving attribute based framework for fine grained access control in clouds | |
CN108632385B (zh) | 基于时间序列的多叉树数据索引结构云存储隐私保护方法 | |
Xu et al. | Enabling authorized encrypted search for multi-authority medical databases | |
Xu et al. | A CP-ABE scheme with hidden policy and its application in cloud computing | |
CN113411323B (zh) | 基于属性加密的医疗病历数据访问控制系统及方法 | |
CN109617855B (zh) | 基于cp-abe分层访问控制的文件共享方法、装置、设备及介质 | |
Deng et al. | Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data | |
Liu et al. | Black-box accountable authority cp-abe scheme for cloud-assisted e-health system | |
Li et al. | Multiauthority attribute-based encryption for assuring data deletion | |
Han et al. | Identity-based secure distributeddata storage schemes | |
Bera et al. | Designing attribute-based verifiable data storage and retrieval scheme in cloud computing environment | |
Wang et al. | Attribute-based encryption with efficient keyword search and user revocation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17882779 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17882779 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 24.01.2020. |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17882779 Country of ref document: EP Kind code of ref document: A1 |