CN107846397A - A kind of cloud storage access control method based on the encryption of attribute base - Google Patents
A kind of cloud storage access control method based on the encryption of attribute base Download PDFInfo
- Publication number
- CN107846397A CN107846397A CN201710913633.5A CN201710913633A CN107846397A CN 107846397 A CN107846397 A CN 107846397A CN 201710913633 A CN201710913633 A CN 201710913633A CN 107846397 A CN107846397 A CN 107846397A
- Authority
- CN
- China
- Prior art keywords
- attribute
- file
- encryption
- user
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of cloud storage access control method based on the encryption of attribute base, and detailed process is:First, conducted interviews the definition of control strategy to the file, and the access strategy information of the file is stored in wherein;Secondly, file is encrypted first using symmetric encipherment algorithm;Again, the attributes extraction in standard strategy is come out, and according to the character string forms required for semantic conversion into CP ABE, CP ABE receive character string as property set;Finally, using the property set, secondary encryption is carried out to symmetric key used in symmetric cryptography using attribute base AES, ciphertext corresponding to key is preserved;When user needs to access the file for being encrypted storage, the ciphertext of symmetric key used in encryption file is decrypted according to the attribute information of user first, obtains symmetric key, access then is decrypted to encrypted file using the symmetric key.This method provides a kind of dynamic scalable and efficient access control mechanisms for user data.
Description
Technical field
The invention belongs to cloud storage technical field, and in particular to a kind of cloud storage access control side based on the encryption of attribute base
Method.
Background technology
With the development of cloud storage technology, the characteristics of researchers are directed to cloud storage, is accordingly in access control, cryptography
Studied etc. many aspects.Three aspects are broadly divided into currently for the research in terms of cloud storage access control:Access control
Research in terms of model, the research in terms of cryptography, the research in terms of safe cloud storage.
Access control model:
Access control refers to the limit for accessing the authority that is conducted interviews according to the demand of itself to target object of main body or ability
System, so as to ensure that data resource is effectively managed and used in legal scope.According to the difference of application scenarios, people
Propose a variety of access control models.Role-based access control model (RBAC Model, Role-based Access
Control Model), the basic thought of RBAC model is that access permission power is distributed into certain role, and user is by playing
Different roles obtains the access permission power that role is possessed.RBAC is from the angle for controlling main body, according to relative in management
Access rights are associated by stable powers and responsibilities to divide role with role.Beam-based alignment model (ABAC
Model, Attribute-Based Access Control Model) be by the use of the attribute of related entities as authorization come
Conduct interviews a kind of method of control.Its access decision is the attribute being had based on requestor and resource, requestor and resource
Identified, avoided using single user role to do decision-making by characteristic in ABAC so that access control has enough
Flexibility and scalability.
Cryptography research:
Cipher mode have it is a variety of, can be according to the sensitivity of data generally when to data encryption, system is to response speed
Requirement and network environment the different types of AES of safe Sexual behavior mode, according to encryption and decryption key it is whether identical
Can by AES it is non-be two classes:Symmetric cryptography and asymmetric encryption.Shamir proposed IBE (Identity in 1984
Based Encryption), it is a kind of asymmet-ric encryption method, encryption side need not obtain stored in public key certificate it is public
Key, but the character string of mark encryption side's identity is used directly as public key, and store the private key of oneself.Although this mode
It is suitable for many application scenarios, but its security but cannot be guaranteed, there may exist in the case of a large number of users multiple
User, which combines, carries out collusion attack (collusion-attack).Sahai and Benthencourt proposes a kind of new encryption
Mode --- Fuzzy IBE, it is by user identity as one group of describable attribute set.Sahai and Benthencourt exist
Attribute base AES (ABE) is proposed within 2006, the algorithm is associated using one group of describable attribute with data ciphertext, solution
Key is constrained by the way of decision tree, and the core of ABE algorithms is to replace uniquely may be used using one group of describable attribute
To identify the identity of user or role so that access control has thinner granularity and more preferable flexibility.Sahai and
Benthencourt proposed Ciphertext policy-attribute basis, encryption (Cipher Policy-Attribute in 2007
Based Encryption, CP-ABE) concept, its basic thought is that data ciphertext is associated with control strategy tree, solution
Key enters row constraint with one group of describable attribute;Only when attribute possessed by user being capable of more match control Policy Tree
Shi Caineng obtains decruption key and obtains access rights.
Safe cloud storage:
In the existing research in terms of safe cloud storage, Ma Jianfeng, Niu Dehua, Wang Lei in 2013 et al. achievement in research carry
Go out XACML access control frameworks with being combined based on encryption attribute algorithm CP-ABE, rule are shared by XACML and CP-ABE
Obtained general-purpose attribute collection is formatted, ABE is integrated into XACML frameworks, i.e., adds logarithm after XACML access control processes
According to encryption.Ensure the confidentiality of the relatively not high nonsensitive data of safety requirements by XACML licensing schemes, and safety requirements compared with
The confidentiality of high sensitive data is by XACML licensing schemes and CP-ABE encryption mechanism common guarantees.Certification uses the side of token
Formula.Because XACML and CP-ABE are serially performed, access control decision process twice is substantially performed, certainly will be influenceed
The efficiency of access control.
The research both at home and abroad to this respect is still in the stage of initial development at present, does not have more ripe mode to belong to yet
Property base encryption with access control carry out rationally, efficiently, safety connected applications.Many problems be present in existing technology:The
One, existing cloud storage access control places one's entire reliance upon the central decision mechanism in access control framework, and central decision mechanism
Credibility it is not high, and the mode of centralized decision-making be easier attacked, secure user data cannot ensure.Second,
When number of users becomes huge, the constraint rule quantity required for user data also becomes uncontrollable, access control framework
Policy resolution procedure complexity increases severely, and very big pressure is caused to access control engine, has a strong impact on running efficiency of system, this
It will be a point of attack of central decision mechanism.
The content of the invention
The present invention provides a kind of cloud storage access control method based on the encryption of attribute base, and this method provides for user data
A kind of dynamic scalable and efficient access control mechanisms.
Realize that technical scheme is as follows:
A kind of cloud storage access control method based on the encryption of attribute base, detailed process are:
Storage file is encrypted using attribute base AES according to user-defined access control policy:
First, conduct interviews the definition of control strategy to the file, standard strategy is formed, by the access plan of the file
Slightly information is stored in wherein;
Secondly, file is encrypted first using symmetric encipherment algorithm, preserves symmetrical ciphertext;
Again, the attributes extraction in standard strategy is come out, and according to semantic conversion into Ciphertext policy-attribute underlying cryptographic
(CP-ABE) character string forms needed, CP-ABE is using the character string as the strategy with attribute set representations;
Finally, using the strategy of the attribute set representations, using attribute base AES to right used in symmetric cryptography
Claim key to carry out secondary encryption, ciphertext corresponding to key is preserved;
Access file is decrypted according to the attribute information of operation user:
First, there is provided operation customer attribute information, the attribute information is digital certificate format, is encrypted and calculated using attribute base
Ciphertext corresponding to symmetric key is decrypted the decryption method of method, if decryption failure, returns to denied access this document;If decryption
Success, then obtain the symmetric key of user file;
Secondly, the symmetrical ciphertext of the file of preservation is decrypted using the symmetric key, file is reduced, handed over
It is downloaded by browser front end.
Further, standard strategy of the present invention is OASIS XACML standard strategies.
Further, digital certificate format of the present invention is the X.509 certificate format after extension, is constructed by system
Every kind of customer attribute information assigns unique id information, and labeled as the critical extension field of certificate, is used for extended field addition
Family<Attribute-name ID, property value>Information, while user identity is verified the identity attribute of system user can be supplied to believe
Breath.
Beneficial effect
First, the AES dynamic bind access control framework based on attribute in cryptography is made the two by the present invention
The advantages of effectively combine, by using the policy specification of access control framework, strategy is formulated and parsed, and by plan
Slightly it is converted into property set user data is encrypted with the AES based on attribute so that access control passes through cryptography
Mode is implemented, this avoid the shortcomings that the susceptibility of central decision mechanism, easy high load capacity, realize have it is thinner
The control of the attribute access based on cryptography of Control granularity, higher security, higher reliability, one is provided for user data
Kind dynamic scalable and efficient access control mechanisms.
Second, the access control policy of user is blended among encryption attribute process by the present invention, is realized using base
The personal secrets of user data have been ensured while attribute access controls.
3rd, the present invention utilizes the property set extracted from OASIS XACML standard strategies using property set AES
It is encrypted, does access control decision using decrypting process, realize beam-based alignment.
Embodiment
With reference to instantiation, the present invention is described in detail.
A kind of cloud storage access control method based on property set encryption of the present invention, it is specially:
● the formulation of standardized access control strategy and the mutual conversion with CP-ABE strategies:
Formulate access control policy.The access control of user file is by formulating the access of this document by file owners
Strategy is come what is be defined, and existing more general way is to represent access strategy using a kind of markup language, when in use
The access strategy of this document is parsed come the control decision that conducts interviews.Beam-based alignment method uses standardized access control
Policing rule processed defines subscriber policy, and this example takes the policy definition rule in OASIS XACML standards, this definition rule
In identify main body (Subject), accessed resource (Resource) and the category of performed operation (Action) and condition
Property value (AttributeValue) etc. information, when user, which performs, accesses operation, center access control server can be according to these
Attribute information carries out authorization decision.Control strategy file shown in this example is as follows:
, it is necessary to extract attribute information therein when using strategy file, and be converted to the word required for CP-ABE encryptions
Accord with the property policy of string form.For above-mentioned XACML policy, the property set of extraction wherein main body, and it is converted into character string forms
Property set logical operation combination, be named as policy, it is as follows:
Policy='((role_manager) or (role_employee and name_zhangsan)) '
● the formulation based on above-mentioned standard access control policy and the mutual conversion with CP-ABE strategies, utilize successively
Storage is encrypted to file (accessed resource) in symmetric encipherment algorithm and attribute base AES.
Because the complexity based on encryption attribute algorithm is high, corresponding efficiency of algorithm is relatively low, is carrying out adding for big file
Encryption efficiency can be very influenceed when close, and symmetric cryptography is the encryption that a kind of security is of a relatively high, efficiency of algorithm is relatively stable
Algorithm, and symmetric key size is controllable so that and the expense of encryption attribute algorithm is in controlled range.Therefore added using symmetrical
Close algorithm is encrypted first to user file, and symmetrical ciphertext is preserved.
Again, the property set in XACML policy is converted into the CP-ABE strategies of character string forms;
Finally, using CP-ABE strategies, using attribute base AES to symmetric key used in symmetric cryptography
Secondary encryption is carried out, ciphertext corresponding to key is preserved.These operations are completed when user is to transmitting file on high in the clouds.
● the checking of customer attribute information
User needs to provide the attribute information of itself when accessing a certain file, is represented with the X.509v3 form after extension,
User property is expressed as<Attribute-name ID, property value>Key-value pair, and it is added to the Extension parts of X.509v3 certificate.
In logging in system by user, authentication is carried out according to X.509 certificate first, after being verified, from certificate
The attribute information of user is extracted in Extension parts.
● access file is decrypted according to the attribute information of user
First, the key schedule that user is run in attribute base AES, which to be generated according to the attribute information of oneself, to be belonged to
Property base key, it is then close to the symmetric cryptography that access file downloaded from high in the clouds using the decryption method of attribute base AES
Ciphertext is decrypted corresponding to key, if decryption failure, illustrates that user does not meet the access strategy of this document, server is returned and refused
This document is accessed absolutely;If successful decryption, the symmetric key of user file is obtained.
Secondly, the symmetrical ciphertext of preservation is decrypted using symmetric key obtained in the previous step, user file is carried out
Reduction, transfers to browser front end to be downloaded.
The access control policy of user is blended among attribute base ciphering process, realizes and is accessing control using attribute base
The personal secrets of user data have been ensured while processed.
Digital certificate format of the present invention is the X.509v3 certificate format after extension.The present invention proposes one kind and will used
Family attribute information is added to the method in extension (Extension) field of X.509v3 digital certificate, taking out constructed by system
As the attribute in attribute set imparts unique ID, and labeled as the critical extension field of certificate, used for extended field addition
Family<Attribute-name ID, property value>Information, while user identity is verified the identity attribute of system user can be supplied to believe
Breath.
Extension parts with the addition of all attribute set information of user, and be issued by trusted third party certificate mechanism
Issue system user.When user is carrying out identity attribute checking, there is provided the X.509 digital certificate of system accreditation, system analysis
And extract attribute information therein and fill to the user profile of system.Digital certificate is saved in local disk by user, section
More server end memory spaces are saved to be used to store user data.Being issued by believable third party's certificate authority machine can comprising system
The digital certificate of identification extension information, strengthen the security and confidentiality of user.
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention.
Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., it should be included in the present invention's
Within protection domain.
Claims (3)
1. a kind of cloud storage access control method based on the encryption of attribute base, it is characterised in that detailed process is:
Storage file is encrypted using attribute base AES according to user-defined access control policy:
First, conduct interviews the definition of control strategy to the file, forms standard strategy, and the access strategy of the file is believed
Breath is stored in wherein;
Secondly, file is encrypted first using symmetric encipherment algorithm, preserves symmetrical ciphertext;
Again, the attributes extraction in standard strategy is come out, and according to semantic conversion into Ciphertext policy-attribute underlying cryptographic (CP-
ABE) the character string forms needed, CP-ABE is using the character string as the strategy with attribute set representations;
Finally, using the property set strategy, symmetric key used in symmetric cryptography is carried out using attribute base AES
Secondary encryption, ciphertext corresponding to key is preserved;
Access file is decrypted according to the attribute information of operation user:
First, there is provided operation customer attribute information, the attribute information is digital certificate format, uses attribute base AES
Ciphertext corresponding to symmetric key is decrypted decryption method, if decryption failure, returns to denied access this document;If it is decrypted into
Work(, then obtain the symmetric key of user file;
Secondly, the symmetrical ciphertext of the file of preservation is decrypted using the symmetric key, file is reduced, transferred to clear
Looking at device front end is downloaded.
2. the cloud storage access control method according to claim 1 based on the encryption of attribute base, it is characterised in that detailed process
For:The standard strategy is OASIS XACML standard strategies.
3. the cloud storage access control method according to claim 1 based on the encryption of attribute base, it is characterised in that detailed process
For:The digital certificate format is the X.509 certificate format after extension, is that every kind of customer attribute information constructed by system assigns
Unique id information, and labeled as the critical extension field of certificate, add user's for extended field<Attribute-name ID, property value>
Information, the identity attribute information of system user can be supplied to while user identity is verified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710913633.5A CN107846397A (en) | 2017-09-30 | 2017-09-30 | A kind of cloud storage access control method based on the encryption of attribute base |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710913633.5A CN107846397A (en) | 2017-09-30 | 2017-09-30 | A kind of cloud storage access control method based on the encryption of attribute base |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107846397A true CN107846397A (en) | 2018-03-27 |
Family
ID=61661605
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710913633.5A Pending CN107846397A (en) | 2017-09-30 | 2017-09-30 | A kind of cloud storage access control method based on the encryption of attribute base |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107846397A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040045A (en) * | 2018-07-25 | 2018-12-18 | 广东工业大学 | A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base |
CN110874479A (en) * | 2018-08-29 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method and system for safely processing decision tree model, data terminal and processing terminal |
CN111431843A (en) * | 2019-01-10 | 2020-07-17 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
CN111902809A (en) * | 2020-05-18 | 2020-11-06 | 深圳技术大学 | Ciphertext searching method, device and equipment based on CP-ABE under fog calculation and storage medium |
CN113378230A (en) * | 2021-07-05 | 2021-09-10 | 东南大学 | Data access control method of DDS (direct digital synthesizer) distributed system |
CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
WO2021244046A1 (en) * | 2020-06-02 | 2021-12-09 | Huawei Technologies Co., Ltd. | Methods and systems for secure data sharing with granular access control |
CN114244838A (en) * | 2021-12-17 | 2022-03-25 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
CN114666079A (en) * | 2020-12-22 | 2022-06-24 | 中国科学院沈阳自动化研究所 | Industrial control system access control method based on attribute certificate |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107992A (en) * | 2013-02-04 | 2013-05-15 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
CN103327002A (en) * | 2013-03-06 | 2013-09-25 | 西安电子科技大学 | Cloud storage access control system based on attribute |
CN105991278A (en) * | 2016-07-11 | 2016-10-05 | 河北省科学院应用数学研究所 | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) |
-
2017
- 2017-09-30 CN CN201710913633.5A patent/CN107846397A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107992A (en) * | 2013-02-04 | 2013-05-15 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
CN103327002A (en) * | 2013-03-06 | 2013-09-25 | 西安电子科技大学 | Cloud storage access control system based on attribute |
CN105991278A (en) * | 2016-07-11 | 2016-10-05 | 河北省科学院应用数学研究所 | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) |
Non-Patent Citations (1)
Title |
---|
刘晓建等: "基于CP-ABE和XACML多权限安全云存储访问控制方案", 《计算机科学》 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109040045B (en) * | 2018-07-25 | 2021-04-06 | 广东工业大学 | Cloud storage access control method based on ciphertext policy attribute-based encryption |
CN109040045A (en) * | 2018-07-25 | 2018-12-18 | 广东工业大学 | A kind of cloud storage access control method based on the encryption of ciphertext policy ABE base |
CN110874479A (en) * | 2018-08-29 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Method and system for safely processing decision tree model, data terminal and processing terminal |
CN110874479B (en) * | 2018-08-29 | 2023-05-16 | 创新先进技术有限公司 | Method, system, data terminal and processing terminal for safely processing decision tree model |
CN111431843B (en) * | 2019-01-10 | 2022-12-27 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
CN111431843A (en) * | 2019-01-10 | 2020-07-17 | 中国科学院电子学研究所 | Access control method based on trust and attribute in cloud computing environment |
CN111902809A (en) * | 2020-05-18 | 2020-11-06 | 深圳技术大学 | Ciphertext searching method, device and equipment based on CP-ABE under fog calculation and storage medium |
CN111902809B (en) * | 2020-05-18 | 2024-01-09 | 深圳技术大学 | Ciphertext searching method, device, equipment and storage medium based on CP-ABE under fog calculation |
WO2021232193A1 (en) * | 2020-05-18 | 2021-11-25 | 深圳技术大学 | Cp-abe-based ciphertext search method, apparatus and device in fog computing, and storage medium |
WO2021244046A1 (en) * | 2020-06-02 | 2021-12-09 | Huawei Technologies Co., Ltd. | Methods and systems for secure data sharing with granular access control |
US11347882B2 (en) | 2020-06-02 | 2022-05-31 | Huawei Technologies Co., Ltd. | Methods and systems for secure data sharing with granular access control |
CN114666079A (en) * | 2020-12-22 | 2022-06-24 | 中国科学院沈阳自动化研究所 | Industrial control system access control method based on attribute certificate |
CN114666079B (en) * | 2020-12-22 | 2023-03-24 | 中国科学院沈阳自动化研究所 | Industrial control system access control method based on attribute certificate |
CN113411323B (en) * | 2021-06-16 | 2022-09-30 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
CN113411323A (en) * | 2021-06-16 | 2021-09-17 | 上海应用技术大学 | Medical record data access control system and method based on attribute encryption |
CN113378230A (en) * | 2021-07-05 | 2021-09-10 | 东南大学 | Data access control method of DDS (direct digital synthesizer) distributed system |
CN114244838A (en) * | 2021-12-17 | 2022-03-25 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
CN114244838B (en) * | 2021-12-17 | 2024-06-04 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107846397A (en) | A kind of cloud storage access control method based on the encryption of attribute base | |
CN104079574B (en) | User privacy protection method based on attribute and homomorphism mixed encryption under cloud environment | |
US8625802B2 (en) | Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management | |
CN105991278A (en) | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) | |
Helil et al. | CP‐ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy | |
Aluvalu et al. | A survey on access control models in cloud computing | |
CN104219077A (en) | Information management system for middle and small-sized enterprises | |
Khan et al. | SSM: Secure-Split-Merge data distribution in cloud infrastructure | |
Niu et al. | An effective and secure access control system scheme in the cloud | |
Gajmal et al. | Blockchain-based access control and data sharing mechanism in cloud decentralized storage system | |
Kumar | Cryptography during data sharing and accessing over cloud | |
Vignesh et al. | Secured Data Access and Control Abilities Management over Cloud Environment using Novel Cryptographic Principles | |
Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
Tian et al. | DSP Re-encryption Based Access Control Enforcement Management Mechanism in DaaS. | |
Luo et al. | Accountable data sharing scheme based on blockchain and SGX | |
CN111538973A (en) | Personal authorization access control system based on state cryptographic algorithm | |
Agarwal et al. | A hybrid cryptographic system for dynamic cloud groups with secure sharing of data and proficient revocation of users | |
Xu et al. | NC-MACPABE: Non-centered multi-authority proxy re-encryption based on CP-ABE for cloud storage systems | |
Hammami et al. | Security issues in cloud computing and associated alleviation approaches | |
Sirisha et al. | ’Protection of encroachment on bigdata aspects’ | |
Naik et al. | A Research on Various Security Aware Mechanisms in Multi-Cloud Environment for Improving Data Security | |
Nagamunthala et al. | Implementation of a Hybrid Triple-Data Encryption Standard and Blowfish Algorithms for Enhancing Image Security in Cloud Environment | |
Madhushree et al. | Analysis of Key Policy-Attribute Based Encryption Scheme | |
Liu et al. | A Review of Research on Security of Cloud Service Platform in Medical Environment | |
Zhao et al. | Blockchain-Based Digital Asset Management Scheme with Ciphertext-policy Attribute-based Encryption and Proxy Re-encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180327 |