CN107846397A - A kind of cloud storage access control method based on the encryption of attribute base - Google Patents

A kind of cloud storage access control method based on the encryption of attribute base Download PDF

Info

Publication number
CN107846397A
CN107846397A CN201710913633.5A CN201710913633A CN107846397A CN 107846397 A CN107846397 A CN 107846397A CN 201710913633 A CN201710913633 A CN 201710913633A CN 107846397 A CN107846397 A CN 107846397A
Authority
CN
China
Prior art keywords
attribute
file
encryption
user
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710913633.5A
Other languages
Chinese (zh)
Inventor
王勇
薛静锋
杨亚峰
张继
刘振岩
孙青煜
向柯宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201710913633.5A priority Critical patent/CN107846397A/en
Publication of CN107846397A publication Critical patent/CN107846397A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of cloud storage access control method based on the encryption of attribute base, and detailed process is:First, conducted interviews the definition of control strategy to the file, and the access strategy information of the file is stored in wherein;Secondly, file is encrypted first using symmetric encipherment algorithm;Again, the attributes extraction in standard strategy is come out, and according to the character string forms required for semantic conversion into CP ABE, CP ABE receive character string as property set;Finally, using the property set, secondary encryption is carried out to symmetric key used in symmetric cryptography using attribute base AES, ciphertext corresponding to key is preserved;When user needs to access the file for being encrypted storage, the ciphertext of symmetric key used in encryption file is decrypted according to the attribute information of user first, obtains symmetric key, access then is decrypted to encrypted file using the symmetric key.This method provides a kind of dynamic scalable and efficient access control mechanisms for user data.

Description

A kind of cloud storage access control method based on the encryption of attribute base
Technical field
The invention belongs to cloud storage technical field, and in particular to a kind of cloud storage access control side based on the encryption of attribute base Method.
Background technology
With the development of cloud storage technology, the characteristics of researchers are directed to cloud storage, is accordingly in access control, cryptography Studied etc. many aspects.Three aspects are broadly divided into currently for the research in terms of cloud storage access control:Access control Research in terms of model, the research in terms of cryptography, the research in terms of safe cloud storage.
Access control model:
Access control refers to the limit for accessing the authority that is conducted interviews according to the demand of itself to target object of main body or ability System, so as to ensure that data resource is effectively managed and used in legal scope.According to the difference of application scenarios, people Propose a variety of access control models.Role-based access control model (RBAC Model, Role-based Access Control Model), the basic thought of RBAC model is that access permission power is distributed into certain role, and user is by playing Different roles obtains the access permission power that role is possessed.RBAC is from the angle for controlling main body, according to relative in management Access rights are associated by stable powers and responsibilities to divide role with role.Beam-based alignment model (ABAC Model, Attribute-Based Access Control Model) be by the use of the attribute of related entities as authorization come Conduct interviews a kind of method of control.Its access decision is the attribute being had based on requestor and resource, requestor and resource Identified, avoided using single user role to do decision-making by characteristic in ABAC so that access control has enough Flexibility and scalability.
Cryptography research:
Cipher mode have it is a variety of, can be according to the sensitivity of data generally when to data encryption, system is to response speed Requirement and network environment the different types of AES of safe Sexual behavior mode, according to encryption and decryption key it is whether identical Can by AES it is non-be two classes:Symmetric cryptography and asymmetric encryption.Shamir proposed IBE (Identity in 1984 Based Encryption), it is a kind of asymmet-ric encryption method, encryption side need not obtain stored in public key certificate it is public Key, but the character string of mark encryption side's identity is used directly as public key, and store the private key of oneself.Although this mode It is suitable for many application scenarios, but its security but cannot be guaranteed, there may exist in the case of a large number of users multiple User, which combines, carries out collusion attack (collusion-attack).Sahai and Benthencourt proposes a kind of new encryption Mode --- Fuzzy IBE, it is by user identity as one group of describable attribute set.Sahai and Benthencourt exist Attribute base AES (ABE) is proposed within 2006, the algorithm is associated using one group of describable attribute with data ciphertext, solution Key is constrained by the way of decision tree, and the core of ABE algorithms is to replace uniquely may be used using one group of describable attribute To identify the identity of user or role so that access control has thinner granularity and more preferable flexibility.Sahai and Benthencourt proposed Ciphertext policy-attribute basis, encryption (Cipher Policy-Attribute in 2007 Based Encryption, CP-ABE) concept, its basic thought is that data ciphertext is associated with control strategy tree, solution Key enters row constraint with one group of describable attribute;Only when attribute possessed by user being capable of more match control Policy Tree Shi Caineng obtains decruption key and obtains access rights.
Safe cloud storage:
In the existing research in terms of safe cloud storage, Ma Jianfeng, Niu Dehua, Wang Lei in 2013 et al. achievement in research carry Go out XACML access control frameworks with being combined based on encryption attribute algorithm CP-ABE, rule are shared by XACML and CP-ABE Obtained general-purpose attribute collection is formatted, ABE is integrated into XACML frameworks, i.e., adds logarithm after XACML access control processes According to encryption.Ensure the confidentiality of the relatively not high nonsensitive data of safety requirements by XACML licensing schemes, and safety requirements compared with The confidentiality of high sensitive data is by XACML licensing schemes and CP-ABE encryption mechanism common guarantees.Certification uses the side of token Formula.Because XACML and CP-ABE are serially performed, access control decision process twice is substantially performed, certainly will be influenceed The efficiency of access control.
The research both at home and abroad to this respect is still in the stage of initial development at present, does not have more ripe mode to belong to yet Property base encryption with access control carry out rationally, efficiently, safety connected applications.Many problems be present in existing technology:The One, existing cloud storage access control places one's entire reliance upon the central decision mechanism in access control framework, and central decision mechanism Credibility it is not high, and the mode of centralized decision-making be easier attacked, secure user data cannot ensure.Second, When number of users becomes huge, the constraint rule quantity required for user data also becomes uncontrollable, access control framework Policy resolution procedure complexity increases severely, and very big pressure is caused to access control engine, has a strong impact on running efficiency of system, this It will be a point of attack of central decision mechanism.
The content of the invention
The present invention provides a kind of cloud storage access control method based on the encryption of attribute base, and this method provides for user data A kind of dynamic scalable and efficient access control mechanisms.
Realize that technical scheme is as follows:
A kind of cloud storage access control method based on the encryption of attribute base, detailed process are:
Storage file is encrypted using attribute base AES according to user-defined access control policy:
First, conduct interviews the definition of control strategy to the file, standard strategy is formed, by the access plan of the file Slightly information is stored in wherein;
Secondly, file is encrypted first using symmetric encipherment algorithm, preserves symmetrical ciphertext;
Again, the attributes extraction in standard strategy is come out, and according to semantic conversion into Ciphertext policy-attribute underlying cryptographic (CP-ABE) character string forms needed, CP-ABE is using the character string as the strategy with attribute set representations;
Finally, using the strategy of the attribute set representations, using attribute base AES to right used in symmetric cryptography Claim key to carry out secondary encryption, ciphertext corresponding to key is preserved;
Access file is decrypted according to the attribute information of operation user:
First, there is provided operation customer attribute information, the attribute information is digital certificate format, is encrypted and calculated using attribute base Ciphertext corresponding to symmetric key is decrypted the decryption method of method, if decryption failure, returns to denied access this document;If decryption Success, then obtain the symmetric key of user file;
Secondly, the symmetrical ciphertext of the file of preservation is decrypted using the symmetric key, file is reduced, handed over It is downloaded by browser front end.
Further, standard strategy of the present invention is OASIS XACML standard strategies.
Further, digital certificate format of the present invention is the X.509 certificate format after extension, is constructed by system Every kind of customer attribute information assigns unique id information, and labeled as the critical extension field of certificate, is used for extended field addition Family<Attribute-name ID, property value>Information, while user identity is verified the identity attribute of system user can be supplied to believe Breath.
Beneficial effect
First, the AES dynamic bind access control framework based on attribute in cryptography is made the two by the present invention The advantages of effectively combine, by using the policy specification of access control framework, strategy is formulated and parsed, and by plan Slightly it is converted into property set user data is encrypted with the AES based on attribute so that access control passes through cryptography Mode is implemented, this avoid the shortcomings that the susceptibility of central decision mechanism, easy high load capacity, realize have it is thinner The control of the attribute access based on cryptography of Control granularity, higher security, higher reliability, one is provided for user data Kind dynamic scalable and efficient access control mechanisms.
Second, the access control policy of user is blended among encryption attribute process by the present invention, is realized using base The personal secrets of user data have been ensured while attribute access controls.
3rd, the present invention utilizes the property set extracted from OASIS XACML standard strategies using property set AES It is encrypted, does access control decision using decrypting process, realize beam-based alignment.
Embodiment
With reference to instantiation, the present invention is described in detail.
A kind of cloud storage access control method based on property set encryption of the present invention, it is specially:
● the formulation of standardized access control strategy and the mutual conversion with CP-ABE strategies:
Formulate access control policy.The access control of user file is by formulating the access of this document by file owners Strategy is come what is be defined, and existing more general way is to represent access strategy using a kind of markup language, when in use The access strategy of this document is parsed come the control decision that conducts interviews.Beam-based alignment method uses standardized access control Policing rule processed defines subscriber policy, and this example takes the policy definition rule in OASIS XACML standards, this definition rule In identify main body (Subject), accessed resource (Resource) and the category of performed operation (Action) and condition Property value (AttributeValue) etc. information, when user, which performs, accesses operation, center access control server can be according to these Attribute information carries out authorization decision.Control strategy file shown in this example is as follows:
, it is necessary to extract attribute information therein when using strategy file, and be converted to the word required for CP-ABE encryptions Accord with the property policy of string form.For above-mentioned XACML policy, the property set of extraction wherein main body, and it is converted into character string forms Property set logical operation combination, be named as policy, it is as follows:
Policy='((role_manager) or (role_employee and name_zhangsan)) '
● the formulation based on above-mentioned standard access control policy and the mutual conversion with CP-ABE strategies, utilize successively Storage is encrypted to file (accessed resource) in symmetric encipherment algorithm and attribute base AES.
Because the complexity based on encryption attribute algorithm is high, corresponding efficiency of algorithm is relatively low, is carrying out adding for big file Encryption efficiency can be very influenceed when close, and symmetric cryptography is the encryption that a kind of security is of a relatively high, efficiency of algorithm is relatively stable Algorithm, and symmetric key size is controllable so that and the expense of encryption attribute algorithm is in controlled range.Therefore added using symmetrical Close algorithm is encrypted first to user file, and symmetrical ciphertext is preserved.
Again, the property set in XACML policy is converted into the CP-ABE strategies of character string forms;
Finally, using CP-ABE strategies, using attribute base AES to symmetric key used in symmetric cryptography Secondary encryption is carried out, ciphertext corresponding to key is preserved.These operations are completed when user is to transmitting file on high in the clouds.
● the checking of customer attribute information
User needs to provide the attribute information of itself when accessing a certain file, is represented with the X.509v3 form after extension, User property is expressed as<Attribute-name ID, property value>Key-value pair, and it is added to the Extension parts of X.509v3 certificate.
In logging in system by user, authentication is carried out according to X.509 certificate first, after being verified, from certificate The attribute information of user is extracted in Extension parts.
● access file is decrypted according to the attribute information of user
First, the key schedule that user is run in attribute base AES, which to be generated according to the attribute information of oneself, to be belonged to Property base key, it is then close to the symmetric cryptography that access file downloaded from high in the clouds using the decryption method of attribute base AES Ciphertext is decrypted corresponding to key, if decryption failure, illustrates that user does not meet the access strategy of this document, server is returned and refused This document is accessed absolutely;If successful decryption, the symmetric key of user file is obtained.
Secondly, the symmetrical ciphertext of preservation is decrypted using symmetric key obtained in the previous step, user file is carried out Reduction, transfers to browser front end to be downloaded.
The access control policy of user is blended among attribute base ciphering process, realizes and is accessing control using attribute base The personal secrets of user data have been ensured while processed.
Digital certificate format of the present invention is the X.509v3 certificate format after extension.The present invention proposes one kind and will used Family attribute information is added to the method in extension (Extension) field of X.509v3 digital certificate, taking out constructed by system As the attribute in attribute set imparts unique ID, and labeled as the critical extension field of certificate, used for extended field addition Family<Attribute-name ID, property value>Information, while user identity is verified the identity attribute of system user can be supplied to believe Breath.
Extension parts with the addition of all attribute set information of user, and be issued by trusted third party certificate mechanism Issue system user.When user is carrying out identity attribute checking, there is provided the X.509 digital certificate of system accreditation, system analysis And extract attribute information therein and fill to the user profile of system.Digital certificate is saved in local disk by user, section More server end memory spaces are saved to be used to store user data.Being issued by believable third party's certificate authority machine can comprising system The digital certificate of identification extension information, strengthen the security and confidentiality of user.
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention. Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., it should be included in the present invention's Within protection domain.

Claims (3)

1. a kind of cloud storage access control method based on the encryption of attribute base, it is characterised in that detailed process is:
Storage file is encrypted using attribute base AES according to user-defined access control policy:
First, conduct interviews the definition of control strategy to the file, forms standard strategy, and the access strategy of the file is believed Breath is stored in wherein;
Secondly, file is encrypted first using symmetric encipherment algorithm, preserves symmetrical ciphertext;
Again, the attributes extraction in standard strategy is come out, and according to semantic conversion into Ciphertext policy-attribute underlying cryptographic (CP- ABE) the character string forms needed, CP-ABE is using the character string as the strategy with attribute set representations;
Finally, using the property set strategy, symmetric key used in symmetric cryptography is carried out using attribute base AES Secondary encryption, ciphertext corresponding to key is preserved;
Access file is decrypted according to the attribute information of operation user:
First, there is provided operation customer attribute information, the attribute information is digital certificate format, uses attribute base AES Ciphertext corresponding to symmetric key is decrypted decryption method, if decryption failure, returns to denied access this document;If it is decrypted into Work(, then obtain the symmetric key of user file;
Secondly, the symmetrical ciphertext of the file of preservation is decrypted using the symmetric key, file is reduced, transferred to clear Looking at device front end is downloaded.
2. the cloud storage access control method according to claim 1 based on the encryption of attribute base, it is characterised in that detailed process For:The standard strategy is OASIS XACML standard strategies.
3. the cloud storage access control method according to claim 1 based on the encryption of attribute base, it is characterised in that detailed process For:The digital certificate format is the X.509 certificate format after extension, is that every kind of customer attribute information constructed by system assigns Unique id information, and labeled as the critical extension field of certificate, add user's for extended field<Attribute-name ID, property value> Information, the identity attribute information of system user can be supplied to while user identity is verified.
CN201710913633.5A 2017-09-30 2017-09-30 A kind of cloud storage access control method based on the encryption of attribute base Pending CN107846397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710913633.5A CN107846397A (en) 2017-09-30 2017-09-30 A kind of cloud storage access control method based on the encryption of attribute base

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710913633.5A CN107846397A (en) 2017-09-30 2017-09-30 A kind of cloud storage access control method based on the encryption of attribute base

Publications (1)

Publication Number Publication Date
CN107846397A true CN107846397A (en) 2018-03-27

Family

ID=61661605

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710913633.5A Pending CN107846397A (en) 2017-09-30 2017-09-30 A kind of cloud storage access control method based on the encryption of attribute base

Country Status (1)

Country Link
CN (1) CN107846397A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040045A (en) * 2018-07-25 2018-12-18 广东工业大学 A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN110874479A (en) * 2018-08-29 2020-03-10 阿里巴巴集团控股有限公司 Method and system for safely processing decision tree model, data terminal and processing terminal
CN111431843A (en) * 2019-01-10 2020-07-17 中国科学院电子学研究所 Access control method based on trust and attribute in cloud computing environment
CN111902809A (en) * 2020-05-18 2020-11-06 深圳技术大学 Ciphertext searching method, device and equipment based on CP-ABE under fog calculation and storage medium
CN113378230A (en) * 2021-07-05 2021-09-10 东南大学 Data access control method of DDS (direct digital synthesizer) distributed system
CN113411323A (en) * 2021-06-16 2021-09-17 上海应用技术大学 Medical record data access control system and method based on attribute encryption
WO2021244046A1 (en) * 2020-06-02 2021-12-09 Huawei Technologies Co., Ltd. Methods and systems for secure data sharing with granular access control
CN114244838A (en) * 2021-12-17 2022-03-25 东软集团股份有限公司 Encryption method and system, decryption method, device and equipment for block chain data
CN114666079A (en) * 2020-12-22 2022-06-24 中国科学院沈阳自动化研究所 Industrial control system access control method based on attribute certificate

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107992A (en) * 2013-02-04 2013-05-15 杭州师范大学 Multistage authority management method for cloud storage enciphered data sharing
CN103327002A (en) * 2013-03-06 2013-09-25 西安电子科技大学 Cloud storage access control system based on attribute
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107992A (en) * 2013-02-04 2013-05-15 杭州师范大学 Multistage authority management method for cloud storage enciphered data sharing
CN103327002A (en) * 2013-03-06 2013-09-25 西安电子科技大学 Cloud storage access control system based on attribute
CN105991278A (en) * 2016-07-11 2016-10-05 河北省科学院应用数学研究所 Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘晓建等: "基于CP-ABE和XACML多权限安全云存储访问控制方案", 《计算机科学》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040045B (en) * 2018-07-25 2021-04-06 广东工业大学 Cloud storage access control method based on ciphertext policy attribute-based encryption
CN109040045A (en) * 2018-07-25 2018-12-18 广东工业大学 A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base
CN110874479A (en) * 2018-08-29 2020-03-10 阿里巴巴集团控股有限公司 Method and system for safely processing decision tree model, data terminal and processing terminal
CN110874479B (en) * 2018-08-29 2023-05-16 创新先进技术有限公司 Method, system, data terminal and processing terminal for safely processing decision tree model
CN111431843B (en) * 2019-01-10 2022-12-27 中国科学院电子学研究所 Access control method based on trust and attribute in cloud computing environment
CN111431843A (en) * 2019-01-10 2020-07-17 中国科学院电子学研究所 Access control method based on trust and attribute in cloud computing environment
CN111902809A (en) * 2020-05-18 2020-11-06 深圳技术大学 Ciphertext searching method, device and equipment based on CP-ABE under fog calculation and storage medium
CN111902809B (en) * 2020-05-18 2024-01-09 深圳技术大学 Ciphertext searching method, device, equipment and storage medium based on CP-ABE under fog calculation
WO2021232193A1 (en) * 2020-05-18 2021-11-25 深圳技术大学 Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium
WO2021244046A1 (en) * 2020-06-02 2021-12-09 Huawei Technologies Co., Ltd. Methods and systems for secure data sharing with granular access control
US11347882B2 (en) 2020-06-02 2022-05-31 Huawei Technologies Co., Ltd. Methods and systems for secure data sharing with granular access control
CN114666079A (en) * 2020-12-22 2022-06-24 中国科学院沈阳自动化研究所 Industrial control system access control method based on attribute certificate
CN114666079B (en) * 2020-12-22 2023-03-24 中国科学院沈阳自动化研究所 Industrial control system access control method based on attribute certificate
CN113411323B (en) * 2021-06-16 2022-09-30 上海应用技术大学 Medical record data access control system and method based on attribute encryption
CN113411323A (en) * 2021-06-16 2021-09-17 上海应用技术大学 Medical record data access control system and method based on attribute encryption
CN113378230A (en) * 2021-07-05 2021-09-10 东南大学 Data access control method of DDS (direct digital synthesizer) distributed system
CN114244838A (en) * 2021-12-17 2022-03-25 东软集团股份有限公司 Encryption method and system, decryption method, device and equipment for block chain data
CN114244838B (en) * 2021-12-17 2024-06-04 东软集团股份有限公司 Encryption method and system, decryption method, device and equipment for block chain data

Similar Documents

Publication Publication Date Title
CN107846397A (en) A kind of cloud storage access control method based on the encryption of attribute base
CN104079574B (en) User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment
US8625802B2 (en) Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management
CN105991278A (en) Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption)
Helil et al. CP‐ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy
Aluvalu et al. A survey on access control models in cloud computing
CN104219077A (en) Information management system for middle and small-sized enterprises
Khan et al. SSM: Secure-Split-Merge data distribution in cloud infrastructure
Niu et al. An effective and secure access control system scheme in the cloud
Gajmal et al. Blockchain-based access control and data sharing mechanism in cloud decentralized storage system
Kumar Cryptography during data sharing and accessing over cloud
Vignesh et al. Secured Data Access and Control Abilities Management over Cloud Environment using Novel Cryptographic Principles
Mahalakshmi et al. Effectuation of secure authorized deduplication in hybrid cloud
Tian et al. DSP Re-encryption Based Access Control Enforcement Management Mechanism in DaaS.
Luo et al. Accountable data sharing scheme based on blockchain and SGX
CN111538973A (en) Personal authorization access control system based on state cryptographic algorithm
Agarwal et al. A hybrid cryptographic system for dynamic cloud groups with secure sharing of data and proficient revocation of users
Xu et al. NC-MACPABE: Non-centered multi-authority proxy re-encryption based on CP-ABE for cloud storage systems
Hammami et al. Security issues in cloud computing and associated alleviation approaches
Sirisha et al. ’Protection of encroachment on bigdata aspects’
Naik et al. A Research on Various Security Aware Mechanisms in Multi-Cloud Environment for Improving Data Security
Nagamunthala et al. Implementation of a Hybrid Triple-Data Encryption Standard and Blowfish Algorithms for Enhancing Image Security in Cloud Environment
Madhushree et al. Analysis of Key Policy-Attribute Based Encryption Scheme
Liu et al. A Review of Research on Security of Cloud Service Platform in Medical Environment
Zhao et al. Blockchain-Based Digital Asset Management Scheme with Ciphertext-policy Attribute-based Encryption and Proxy Re-encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180327