WO2024013924A1 - Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé - Google Patents

Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé Download PDF

Info

Publication number
WO2024013924A1
WO2024013924A1 PCT/JP2022/027681 JP2022027681W WO2024013924A1 WO 2024013924 A1 WO2024013924 A1 WO 2024013924A1 JP 2022027681 W JP2022027681 W JP 2022027681W WO 2024013924 A1 WO2024013924 A1 WO 2024013924A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user
decryption
storage unit
ciphertext
Prior art date
Application number
PCT/JP2022/027681
Other languages
English (en)
Japanese (ja)
Inventor
光 土田
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/027681 priority Critical patent/WO2024013924A1/fr
Publication of WO2024013924A1 publication Critical patent/WO2024013924A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to a cryptographic system, a key issuing device, a key issuing method, and a key issuing program.
  • Role-based access control is one of the access control technologies in computer security. Role-based access control grants privileges to users by their assigned roles, rather than by individual users.
  • a role represents, for example, a user's role, attribute, or affiliation in a system or organization, and the administrator assigns a role to each user based on the attribute within the organization and permissions are also granted to the role.
  • Attribute-based encryption is a cryptographic method that achieves this role-based access control.
  • attribute-based encryption rather than directly specifying the decryptor, the authority to decrypt is specified using attributes.
  • attribute-based encryption encryption is performed by incorporating not only a decryption key for decrypting ciphertext, but also an attribute of the authority that can decrypt it.
  • decryption of attribute-based encryption authentication is performed using a conditional expression that determines the attribute of the authority that can decrypt, which is incorporated into the ciphertext, and only the decryptor with the attribute of authority that can decrypt can succeed in decryption.
  • the encryption technique described in Patent Document 1 uses a process of determining the attributes of a decryption-permitted user who is permitted to decrypt encrypted data.
  • a decryptor using attribute-based encryption may have multiple attributes, and these multiple attributes may be managed independently by multiple entities.
  • the problem with the parameter size published by the key issuing authority is that as the number of attributes managed by the key issuing authority increases, the parameter size published by the key issuing authority also increases accordingly.
  • the parameters published by the key issuing authority are also used when creating the ciphertext and influence the size of the encrypted ciphertext. Therefore, a method that does not depend on the number of attributes managed by the issuing organization is preferable.
  • decryption key revocation stems from the fact that decryption keys are not necessarily reliable. If the attribute incorporated in the decryption key satisfies the conditional expression set in the ciphertext, decryption will be successful, but the decryption key may have been leaked or may have expired. For such cases, a function to revoke the decryption key is also required.
  • the above three problems are independent problems, so it is also possible to solve only some of the problems, such as one or two of the three. In fact, in the prior art, only one or two of the above three problems were often solved. However, when considering the purpose of implementing and operating an actual system, a method that solves all of the above three problems is preferable.
  • an object of the present invention is to provide a cryptographic system, a key issuing device, a key issuing method, and a key issuing program that contribute to appropriately and efficiently handling attribute-based cryptography.
  • a first aspect of the present invention includes a key issuing device, a decrypting device, and an encrypting device that are connected via a network, and each of the key issuing devices generates a public parameter that defines an index related to an attribute and a master private key.
  • a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
  • a master private key storage unit that stores the master private key, a public parameter storage unit that stores the public parameters, and a decryption key that indicates which user decryption key is valid among the issued user decryption keys.
  • the decryption device includes a valid key list storage unit that stores IDs as a valid key list, and a management attribute storage unit that stores managed attributes, and the decryption device stores an access condition expression defined in a ciphertext to be decrypted and the valid key.
  • a ciphertext decryption unit that decrypts a ciphertext using the user decryption key in which an attribute that satisfies the list, the user ID, and an ID related to the decryption key are defined; and a user decryption key storage unit that stores the user decryption key.
  • the encryption device includes: a ciphertext creation unit that creates a ciphertext using the public parameters, the valid key list, and the access condition expression; a public parameter storage unit that stores the public parameters; A cryptographic system is provided, comprising: a valid key list storage unit that stores the valid key list.
  • a setup unit that generates public parameters that define indexes related to attributes and a master private key
  • a setup unit that generates public parameters that define indexes related to attributes and a master private key
  • a set-up unit that generates public parameters that define indexes related to attributes, and attributes that are related to the master private key, a user to whom the key is issued, and a user that is used in the entire system.
  • a user decryption key generation unit that generates a user decryption key using an ID and an ID related to the decryption key; a master private key storage unit that stores the master private key; a public parameter storage unit that stores parameters; and a list of valid keys that the encryption device uses to create a ciphertext, including IDs related to decryption keys that indicate which user decryption keys are valid among the user decryption keys that have already been issued; It is equipped with a valid key list storage unit that stores the valid key list as A key issuing device is provided.
  • a public parameter that defines an index related to attributes and a master private key are generated, and the master private key, attributes related to the user to be issued, and a user ID used in the entire system are decrypted.
  • a key issuing method is provided in which a user decryption key is generated using an ID related to a key, and the user decryption key is issued to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
  • a public parameter that defines an index related to an attribute and a master private key are generated, and the master private key, an attribute related to the user to be issued, and a user ID used in the entire system are decrypted.
  • a key issuing program is provided that generates a user decryption key using an ID related to the key, and issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
  • this program can be recorded on a computer-readable storage medium.
  • the storage medium can be non-transient, such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, etc.
  • the invention can also be implemented as a computer program product.
  • each aspect of the present invention it is possible to provide a cryptographic system, a key issuing device, a key issuing method, and a key issuing program that contribute to appropriately and efficiently handling attribute-based cryptography.
  • FIG. 1 is a diagram showing an overview of role-based access control using attribute-based cryptography.
  • FIG. 2 is a configuration diagram showing an overview of a cryptographic system according to an embodiment of the present invention.
  • FIG. 3 is a diagram showing an example of a binary tree used to determine the validity of a decryption key.
  • FIG. 4 is a diagram showing an example of a hardware configuration of a key issuing device, a decrypting device, and an encrypting device.
  • FIG. 1 is a diagram showing an overview of role-based access control using attribute-based cryptography.
  • a key issuing authority issues a decryption key, and a decryptor, who is a user, decrypts a ciphertext using this decryption key.
  • the ciphertext is created by a ciphertext creator and stored in, for example, cloud storage.
  • the decryption key issued by the key issuing authority incorporates an attribute set that includes the user's attribute information, and when the decryptor (user) decrypts the ciphertext, it is used to determine the authority to decrypt. .
  • the ciphertext created by the ciphertext creator has embedded a conditional expression used to determine the authority to decrypt it, and when decrypting the ciphertext, the attributes included in the decryption key are The authority for decryption is determined by applying the attribute information to a conditional expression.
  • conditional expression used to determine the authority to decrypt is created from public parameters related to the list of valid keys (attributes) managed by the key issuing authority and embedded in the ciphertext. Therefore, a malicious administrator cannot change this conditional expression, which is highly secure.
  • FIG. 2 is a configuration diagram showing an overview of a cryptographic system according to an embodiment of the present invention.
  • the cryptographic system 10 according to the embodiment of the present invention includes a plurality of key issuing devices 100 1 to 100 n , a decrypting device 110, and an encrypting device 120.
  • Each of the plurality of key issuing apparatuses 100 1 to 100 n is operated by a different key issuing entity. That is, each of the plurality of key issuing devices 100 1 to 100 n manages different attribute information, and generates a user decryption key using the attribute information managed by each one. Further, the plurality of key issuing devices 100 1 to 100 n generate and manage a valid key list indicating which user decryption keys are valid among the generated user decryption keys. Note that the plurality of key issuing apparatuses 100 1 to 100 n can each be operated by a different key issuing entity and manage different attributes, but they can also have the same apparatus configuration, so the following will be explained below. Now, the configuration of the key issuing device 1001 will be explained as a representative.
  • the decryption device 110 decrypts the ciphertext generated by the encryption device 120 using the user decryption keys issued by the key issuing devices 100 1 to 100 n . Attribute information is embedded in the user decryption keys issued by the key issuing devices 100 1 to 100 n .
  • the ciphertext generated by the encryption device 120 has a conditional expression used to determine the authority to decrypt it, and if the attribute information incorporated in the user decryption key clears this conditional expression, , the ciphertext is successfully decrypted.
  • the encryption device 120 uses the valid key list generated by the key issuing devices 100 1 to 100 n to create a conditional expression for determining permission to decrypt a ciphertext, and creates a ciphertext incorporating this conditional expression.
  • the ciphertext created by the encryption device 120 may be held as is by the encryption device 120, and the decryption device 110 may access the ciphertext held in the encryption device 120 and decrypt the ciphertext.
  • Each key issuing device 100 1 to 100 n has a setup section 101 1 , a user decryption key generation section 102 1 , a master private key storage section 103 1 , a public parameter storage section 104 1 , a valid key list storage section 105 1 , and a management attribute storage section. 1061 .
  • the setup unit 1011 generates a public parameter and a master private key with the parameter size as a constant by defining an index related to the attribute.
  • the user decryption key generation unit 1021 generates a user decryption key using a master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key.
  • the master private key storage unit 1031 is a storage device for storing a master private key.
  • the public parameter storage unit 1041 is a storage device for storing public parameters in which the parameter size is a constant by defining an index related to an attribute.
  • the valid key list storage unit 1051 is a storage device for storing IDs related to decryption keys as a list indicating which user decryption keys are valid among issued user decryption keys.
  • the managed attribute storage unit 1061 is a storage device for storing managed attributes.
  • the setup unit 101 1 and the user decryption key generation unit 102 1 store information stored in the master private key storage unit 103 1 , the public parameter storage unit 104 1 , the valid key list storage unit 105 1 and the management attribute storage unit 106 1 . 1, generates a user decryption key, etc., and stores these in the master private key storage section 103 1 , public parameter storage section 104 1 , valid key list storage section 105 1 , and management attribute storage section 106 1
  • the decryption device 110 includes a ciphertext decryption section 111 and a user decryption key storage section 112.
  • the ciphertext decryption unit 111 decrypts the ciphertext using a decryption key in which an attribute, a user ID, and an ID related to the decryption key are defined that satisfy a conditional expression and a valid key list defined for the ciphertext to be decrypted.
  • the user decryption key storage unit 112 is a storage device for storing user decryption keys issued by the key issuing devices 100 1 to 100 n .
  • the encryption device 120 includes a ciphertext creation section 121, a public parameter storage section 122, and a valid key list storage section 123.
  • the ciphertext creation unit 121 creates a ciphertext using a public parameter with the parameter size as a constant, a valid key list, and an access condition expression by defining an index related to an attribute.
  • the public parameter storage unit 122 is a storage device for storing public parameters with the parameter size as a constant by defining an index related to an attribute.
  • the valid key list storage unit 123 is a storage device for storing a list of IDs related to decryption keys indicating which user decryption keys are valid among issued user decryption keys.
  • the configuration of the user decryption key and the authority to decrypt it are determined, for example, as follows.
  • Each key issuing device 100 1 to 100 n embeds managed attribute information in the user decryption key as an attribute vector x.
  • the encryption device 120 embeds in the ciphertext a condition vector v whose inner product is calculated to be zero with an attribute vector x that permits decryption.
  • An example of a conditional expression is, for example, whether the value of the inner product of the attribute vector x and the condition vector v is zero.
  • the decryption device 110 inputs the attribute vector x embedded in the issued user decryption key into the conditional expression embedded in the ciphertext, and succeeds in decryption when the value of the output inner product is zero.
  • conditional expression is not necessarily limited to whether or not the value of the inner product is zero; for example, the value of the inner product with the condition vector and It is also possible to use a conditional expression that allows decoding when the condition regarding the value of the inner product and the logical expression are satisfied.
  • access control is performed using the inner product value and logical formula
  • multifaceted authentication is performed, such as determining the validity of the decryption key using only the inner product value, and using a combination of the inner product value and logical formula for access control. It will also be possible to do so.
  • FIG. 3 is a diagram showing an example of a binary tree used to determine the validity of a decryption key.
  • the encryption device 120 generates a condition vector from the public parameters and valid key list received from each key issuing device 100 1 to 100 n . is created and embedded in the ciphertext as a conditional expression used to determine a valid key.
  • each key issuing device 100 1 to 100 n includes a validity vector in the user decryption key of user ID 1 as a value input to a conditional expression used to determine a valid key. Incorporate. Then, when the decryption device 110 decrypts the ciphertext, the validity vector and condition vector Since the inner product of is zero, the valid key determination is cleared and user ID1 successfully decrypts the ciphertext.
  • the parameters v 0 to v 6 assigned to each node of the binary tree shown in FIG. 3 can be configured from public parameters generated by each of the key issuing devices 100 1 to 100 n . Furthermore, it is possible to know the correspondence between valid user decryption keys and parameters v 0 to v 6 from the valid key list generated by each key issuing device 100 1 to 100 n . Therefore, the encryption device 120 can configure a conditional expression such that the inner product becomes zero when a validity vector incorporated in a valid user decryption key is input.
  • each of the plurality of key issuing authorities operates the key issuing devices 100 1 to 100 n , so that each of the plurality of key issuing authorities can issue a user decryption key for attribute-based encryption.
  • FIG. 4 is a diagram showing an example of a hardware configuration of a key issuing device, a decrypting device, and an encrypting device.
  • the information processing device (computer) employing the hardware configuration shown in FIG. 4 makes it possible to realize the functions of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 described above.
  • the hardware configuration example shown in FIG . This is not intended to limit the hardware configurations of n , decryption device 110, and encryption device 120.
  • the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 may include hardware not shown in FIG. 4.
  • a hardware configuration 40 that can be adopted by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 includes, for example, a CPU (Central Processing Unit) connected to each other by an internal bus. 41, a main storage device 42, an auxiliary storage device 43, and an IF (Interface) section 44.
  • a CPU Central Processing Unit
  • the CPU 41 executes each command included in the program executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
  • the main storage device 42 is, for example, a RAM (Random Access Memory), and temporarily stores various programs executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 for processing by the CPU 41.
  • the auxiliary storage device 43 is, for example, an HDD (Hard Disk Drive), and stores various programs executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 on a medium- to long-term basis. is possible. Various programs can be provided as program products recorded on non-transitory computer-readable storage media. The auxiliary storage device 43 can be used for medium- to long-term storage of various programs recorded on non-temporary computer-readable recording media.
  • the IF unit 44 provides an interface for communication between the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
  • An information processing device employing the above-described hardware configuration 40 can realize the functions of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
  • the key issuing device includes a setup unit that generates public parameters that define indexes related to attributes and a master private key; a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key; a master private key storage unit that stores the master private key; a public parameter storage unit that stores the public parameters; a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list; and a management attribute storage unit for storing attributes to be managed; The decryption device decrypts the ciphertext using the user decryption key in which
  • the encryption device includes a ciphertext creation unit that creates a ciphertext using the public parameter, the valid key list, and the access condition expression; a public parameter storage unit that stores the public parameters; A cryptographic system, comprising: a valid key list storage unit that stores the valid key list.
  • the access conditional expression takes as input the attribute vector incorporated in the user decryption key, calculates the inner product with the condition vector incorporated in the access conditional expression, and satisfies the condition and logical expression regarding the value of the inner product.
  • the cryptographic system described in Appendix 1 which permits decryption in cases where: [Additional note 3] The cryptographic system according to appendix 2, wherein the value of the inner product is a criterion for determining validity of a user decryption key, and the logical expression is a criterion for access control. [Additional note 4] The cryptographic system according to appendix 1, wherein the valid key list allocates parameters of attribute information to each node representing attributes managed using a binary tree. [Additional note 5] The conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree.
  • the cryptographic system comprising parameters assigned to each node.
  • a setup unit that generates public parameters that define indexes related to attributes and a master private key
  • a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used in the entire system, and an ID related to the decryption key
  • a master private key storage unit that stores the master private key
  • a public parameter storage unit that stores the public parameters used to create the ciphertext
  • a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list
  • a key issuing device that issues a user decryption key for a decryption device to decrypt a ciphertext created by an encryption device connected via a network, and a management attribute storage unit that stores managed attributes.
  • the key issuing device allocates parameters of attribute information to each node representing attributes managed using a binary tree.
  • the conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree.
  • the key issuing device according to appendix 7, which includes parameters assigned to each node.
  • [Additional note 10] Generate public parameters and master private keys that define indexes for attributes, Generating a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key; A key issuing program that issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected through a network.
  • a valid key list indicating which user decryption keys are valid among the user decryption keys that have been issued is provided in Appendix 10, which assigns attribute information parameters to each node of the attribute representation managed using a binary tree. The key issuing program described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un système de chiffrement comprenant un dispositif d'émission de clé, un dispositif de déchiffrement et un dispositif de chiffrement, qui sont connectés les uns aux autres par le biais d'un réseau, le dispositif d'émission de clé comprenant : une unité de configuration qui génère une clé secrète principale et des paramètres publics définissant des indices d'attributs ; une unité de génération de clé de déchiffrement d'utilisateur qui génère une clé de déchiffrement d'utilisateur à l'aide de la clé secrète principale, un attribut associé à un utilisateur qui reçoit une émission de la clé de déchiffrement d'utilisateur, un ID d'utilisateur utilisé par l'ensemble du système, ainsi qu'un ID de clé de déchiffrement ; une unité de stockage de clé principale qui stocke la clé secrète principale ; une unité de stockage de paramètres publics qui stocke les paramètres publics ; une unité de stockage de liste de clés efficaces qui stocke, en tant que liste de clés efficaces, des ID de clés de déchiffrement indiquant des clés de déchiffrement d'utilisateur efficaces parmi des clés de déchiffrement d'utilisateur émises ; et une unité de stockage d'attributs gérés qui stocke des attributs gérés, le dispositif de déchiffrement comprenant : une unité de déchiffrement de cryptogramme qui déchiffre un cryptogramme à l'aide de la clé de déchiffrement de l'utilisateur définissant un attribut, un identifiant d'utilisateur et un identifiant de clé de déchiffrement de manière à satisfaire la liste de clés efficaces et une expression de condition d'accès définie dans le cryptogramme à déchiffrer ; et une unité de stockage de clé de déchiffrement d'utilisateur qui stocke la clé de déchiffrement de l'utilisateur, et le dispositif de chiffrement comprenant : une unité de génération de cryptogramme qui génère un cryptogramme à l'aide des paramètres publics, de la liste de clés efficaces et de l'expression de condition d'accès ; une unité de stockage de paramètres publics qui stocke les paramètres publics ; et une unité de stockage de liste de clés efficaces qui stocke la liste de clés efficaces.
PCT/JP2022/027681 2022-07-14 2022-07-14 Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé WO2024013924A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/027681 WO2024013924A1 (fr) 2022-07-14 2022-07-14 Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/027681 WO2024013924A1 (fr) 2022-07-14 2022-07-14 Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé

Publications (1)

Publication Number Publication Date
WO2024013924A1 true WO2024013924A1 (fr) 2024-01-18

Family

ID=89536239

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/027681 WO2024013924A1 (fr) 2022-07-14 2022-07-14 Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé

Country Status (1)

Country Link
WO (1) WO2024013924A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012203182A (ja) * 2011-03-25 2012-10-22 Mitsubishi Electric Corp 暗号処理システム、鍵生成装置、暗号化装置、復号装置、暗号処理方法及び暗号処理プログラム
CN112671535A (zh) * 2020-12-28 2021-04-16 华南农业大学 多中心可撤销密钥策略属性基加密方法、装置及存储介质

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012203182A (ja) * 2011-03-25 2012-10-22 Mitsubishi Electric Corp 暗号処理システム、鍵生成装置、暗号化装置、復号装置、暗号処理方法及び暗号処理プログラム
CN112671535A (zh) * 2020-12-28 2021-04-16 华南农业大学 多中心可撤销密钥策略属性基加密方法、装置及存储介质

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WU YI; ZHANG WEI; XIONG HU; QIN ZHIGUANG; YEH KUO-HUI: "Efficient access control with traceability and user revocation in IoT", MULTIMEDIA TOOLS AND APPLICATIONS., KLUWER ACADEMIC PUBLISHERS, BOSTON., US, vol. 80, no. 20, 1 August 2021 (2021-08-01), US , pages 31487 - 31508, XP037564810, ISSN: 1380-7501, DOI: 10.1007/s11042-021-11286-0 *

Similar Documents

Publication Publication Date Title
US11664984B2 (en) Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content
US11461434B2 (en) Method and system for secure distribution of selected content to be protected
US8423764B2 (en) Method and apparatus for key revocation in an attribute-based encryption scheme
CA2623141C (fr) Systeme pare-feu cryptographique de contenu
US8064604B2 (en) Method and apparatus for facilitating role-based cryptographic key management for a database
US8619982B2 (en) Method and system for secure distribution of selected content to be protected on an appliance specific basis
CA2623137C (fr) Commande cryptographique pour moyen de stockage mobile
JP5639660B2 (ja) ラッパ複合を通じたデータのための確認可能な信頼
Sumathi et al. A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography
US20130198524A1 (en) Object with identity based encryption
WO2024013924A1 (fr) Système de chiffrement, dispositif d'émission de clé, procédé d'émission de clé et programme d'émission de clé
US10257176B2 (en) Replacing keys in a computer system
Senthilkumar et al. HB-PPAC: hierarchy-based privacy preserving access control technique in public cloud
KR20210143846A (ko) 암호화 시스템들
JP4192738B2 (ja) 電子文書編集装置、電子文書編集プログラム
JP7350220B2 (ja) 検索実行装置、検索実行方法、検索実行プログラム及び秘匿検索システム
EP2293211A1 (fr) Système de gestion des droits numériques avec plusieurs processus de protection du contenu
WO2021172050A1 (fr) Dispositif et procédé de gestion d'utilisation secondaire, et support d'enregistrement lisible par ordinateur
Vijayan et al. Review on Fuzzy Authorization for Cloud Storage
Kadam SECURE DATA FORWARDING APPROACH USING MUTUAL TRUST IN CLOUD COMPUTING
Ghiță et al. IMPLEMENTATION OF CRYPTOGRAPHICALLY ENFORCED RBAC
KR20060023086A (ko) 브로드캐스트 암호화 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22951138

Country of ref document: EP

Kind code of ref document: A1