CN110011963A - The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD - Google Patents
The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD Download PDFInfo
- Publication number
- CN110011963A CN110011963A CN201910144478.4A CN201910144478A CN110011963A CN 110011963 A CN110011963 A CN 110011963A CN 201910144478 A CN201910144478 A CN 201910144478A CN 110011963 A CN110011963 A CN 110011963A
- Authority
- CN
- China
- Prior art keywords
- user
- attribute
- obdd
- abe
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to field of information security technology, disclose a kind of information processing method with the more authorization CP-ABE effectively cancelled based on OBDD;Establish access control system model;Cloud Server, attribute certification authority, Attribute Authority and user in network is abstracted into a connected graph;It converts access strategy to the form of Ordered Binary Decision Diagrams, private data is encrypted, and the ciphertext of return is uploaded into Cloud Server;Attribute certification authority first authenticates the id of each user;User is decrypted with the decruption key of oneself;When the revocation of user's determinant attribute occurs, Update attribute agency key pair part relevant to the attribute carries out re-encryption, again dispatch user key to ciphertext.The present invention realizes more authoring systems based on OBDD;The system effectiveness problem based on Tree and LSSS is not only solved, the attribute revocation and user's revocation function not having based on the mono- authoring system of OBDD are also achieved.
Description
Technical field
The invention belongs to field of information security technology more particularly to it is a kind of based on OBDD with the more authorizations effectively cancelled
The information processing method of CP-ABE.
Background technique
Currently, the immediate prior art: in order to ensure information security, CP-ABE (ciphertext policy
Attribute based encryption ciphertext policy ABE based encryption system) system is in many network physical systems and Internet of Things
It is widely used in net system;Also be broadly divided into several respects for CP-ABE systematic research: access structure is authorized more, is removed
Pin, hiding strategy and proxy re-encryption.
Initial CP-ABE system was suggested in 2007, and access strategy Tree, ciphertext form is not only complicated, but also number
It is directly proportional to the quantity of attribute in property set according to size, the program be based on single authorization identifying, once the certification authority is attacked
Broken, whole system will be destroyed, so, in order to mitigate such harm, propose within 2011 distributed encryption attribute system
System, without central authority, all system initializations and key, cipher text part are generated by all association attributes mechanisms, greatly
Alleviate the crisis singly authorized greatly, the system be based on linear privacy sharing matrix, however its ciphertext size and encryption, solution
Close loss is also directly proportional.
Before new access strategy does not put forward, existing research is all based on changing for above two papers progress
Into, including Encrypt and Decrypt outsourcing, after single authorization attribute encrypted access control system of the proposition based on OBDD in 2017, new generation
The gate on boundary is turned on, and in recent years, OBDD is also used in the application of Internet of Things, and OBDD is a nonmonotonic access
Structure, the attribute in access strategy can occur repeatedly, positive value and negative value can also occur, and support AND, OR and NOT, this
It is not available for Tree and LSSS, the program greatly reduces the loss of entire encryption process, because all parts are all
Only and property set relevant to access strategy is related, no matter how user property or all property sets change, as long as access plan
Slightly association attributes are constant, then ciphertext size, user key etc. would not change.This article is without reference to user, category
Property revocation, and as mentioned above, the risk of Dan Shouquan is relatively high, it is achieved that system can be revoked in more authorization based on OBDD
It is meaningful.
The prior art one introduces multiple authorizations using distributed structure based on more authorization CP-ABE systems of LSSS
Mechanism is based on this article, and there are also its many modified versions in recent years, but in its ciphertext size and algorithmic procedure plus solution
Close loss is all directly proportional to number of attributes always, that is to say, that, can be corresponding when attribute concentrates number of attributes to be increasing
To encryption and decryption algorithm increase computation burden because the algorithm of encryption and decryption be according to attribute generate component.The prior art two
A kind of single authorization CP-ABE system based on OBDD is proposed, substantially increases efficiency of algorithm and storage consumption, but list authorizes
The safety problem of certification still has, and the algorithm realization of Dan Shouquan is relatively easy, but single authorization requirement must be to the authorization machine
The absolute trust of structure, once attacker breaks through the mechanism, that all data will face a danger, and in practical application, user
Attribute should be it is variable, the prior art two be not carried out attribute revocation, enable the property set flexibility and changeability of user, be based on certainly
There are many attribute cancelling method of other access strategy, need to be extended on the basis of technology two, form more authorization identifyings
Risk is reduced, while realizing the attribute cancelling method for adapting to the algorithm.
In conclusion problem of the existing technology is:
(1) encryption and decryption in ciphertext size and algorithmic procedure of the prior art one based on more authorization CP-ABE systems of LSSS
It is lost all directly proportional to number of attributes always.
(2) safety problem of single authorization CP-ABE system list authorization identifying of the prior art two based on OBDD still has,
And in practical application, the attribute of user should be it is variable, the system be not carried out attribute revocation.
Solve the difficulty of above-mentioned technical problem:
Efficiency of algorithm is exactly the ultimate aim pursued all the time, but before the efficiency of algorithm based on LSSS anyway
Outsourcing, foundation is directly proportional with number of attributes forever, so just there is the algorithm based on OBDD, the efficiency of the algorithm
Only and property set relevant with access strategy is related, as long as the property set is constant, efficiency is fixed forever, but the skill at present
Art singly authorizes, the CP-ABE system based on LSSS have developed into authorize, and be trend of the times, and attribute
Revocation has different methods for different algorithms, so needing to realize more authorization CP- based on OBDD with effectively cancelling
ABE system.
Solve the meaning of above-mentioned technical problem:
If these problems are addressed, in the scope of encryption attribute system, efficiency of algorithm can obtain very big
Improve, many computed losses and memory headroom can be saved, realizes attribute revocation, whole system can be allowed more flexible, in Internet of Things
It is used widely in net system and actual application.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of based on OBDD with the more authorizations effectively cancelled
The information processing method of CP-ABE.
The invention is realized in this way a kind of information processing with the more authorization CP-ABE effectively cancelled based on OBDD
Method, the information processing method with the more authorization CP-ABE effectively cancelled based on OBDD include:
Cloud Server, attribute certification authority, Attribute Authority and user in network is abstracted into a company by the first step
Logical figure, establishes access control system model;
Second step, system first initialize a Bilinear Groups and a bilinear map, attribute relevant to access strategy
Mechanism reruns initialization algorithm, generates corresponding master key pair;
Third step converts access strategy to the form of Ordered Binary Decision Diagrams, encrypts to private data, and will return
The ciphertext returned uploads to Cloud Server;
4th step, attribute certification authority first authenticate the id of each user, and after certification, Attribute Authority is each use
Family generates key module, is sent to user;
5th step, user are decrypted with the decruption key of oneself, search the process whether user property collection meets OBDD
It is a recursive process, by recurrence, if the property set of user meets OBDD, private data can be calculated,
Otherwise, decryption failure;
6th step, when the revocation of user's determinant attribute occurs, Update attribute agency key pair part relevant to the attribute,
Re-encryption, again dispatch user key are carried out to ciphertext.
Further, the form for converting access strategy to Ordered Binary Decision Diagrams of the second step, to private data into
Row encryption, and the ciphertext of return is uploaded into Cloud Server and is completed by Attribute Authority, it shares N number of relevant to access strategy
Attribute mechanism, current attribute mechanism are j, and the tactful association attributes of each attribute organization management are UjIt is a, with tactful association attributes
Shared n, i.e. ∑ Uj=n;Each attribute mechanism randomly chooses yj、tj0、tj1、…、...、t′j0、t′j1、…、Meter
It calculatesN is then generated to following public private key pair:
PKjIt is sent to data owner to encrypt, MKjIt is saved as private key oneself.
Further, access strategy is first converted Boolean function by the Ordered Binary Decision Diagrams of the third step;By boolean's letter
The decision diagram that base is converted into attribute sequence π;For ciphertext, it is divided into four components, is OBDD first, then select secret
Close value s is calculatedWherein M is private data, it is then assumed that the association attributes collection in each path is combined into I, is calculated and every
Bar relevant ciphertext component of active pathFinally ciphertext is uploaded.
Further, the certification authority of the 4th step can only recognize the identity of user before generating user key
Card;If the id of user is not in user's revocation list, then selection random number calculates user key component.
Further, the recursive procedure for Ordered Binary Decision Diagrams of the 5th step specifically includes:
(a) node that ordinal number is 2, that is, root node root are found in OBDD, are labeled as present node;
(b) label of present node is obtainedFor i ∈ n, if i ∈ S ∧i=i is then jumped toward step (c), ifIt then jumps toward step (d);
(c) its 1 branch is found according to the high value of present node, if:
1) the 1 of present node branches into terminal nodeTerminate recurrence, returns to decryption failure;
2) the 1 of present node branches into terminal nodeJump to step (e);
3) the 1 of present node branches into nonterminal node, then 1 branch is defined as present node, jumps to step again
(b);
(d) its 0 branch is found according to the low value of present node, if:
The 0 of present node branches into terminal nodeTerminate recurrence, returns to decryption failure;
The 0 of present node branches into terminal nodeJump to step (e);
The 0 of present node branches into nonterminal node, then 0 branch is defined as present node, jumps to step (b) again;
(e) by this active pathWith corresponding path RtIt is stored, i.e., the property set of user, which meets, visits
It asks strategy, carries out following operation:
Finally terminate recurrence, returns to successful decryption.
Further, the attribute revocation of the 6th step refers to that some determinant attribute of some user is revoked, at this time system
Update only needs to select the corresponding stochastic variable of the attribute, and user's revocation refers to that the user of user collection removes from system
Pin, system update needs to update all relevant attribute stochastic variables with property policy at this time.
Another object of the present invention is to provide described in a kind of execution based on OBDD with the more authorization CP- effectively cancelled
The information processing method of ABE based on OBDD with the more authorization CP-ABE systems effectively cancelled, the band based on OBDD
The more authorization CP-ABE systems effectively cancelled include:
Cloud Server is connect with data consumer, for storing the ciphertext uploaded;
User identity authentication mechanism initially first distributes unique identities for each system user, is then generating the key stage
User identity is authenticated, and carries out the maintenance of attribute revocation list, is furthermore not involved in any specific algorithm;
More authorized organizations, mechanism is connect with user identity authentication, and the initialization and user key for system generate, and
The system update carried out when attribute revocation;
Access strategy and ciphertext processing module, connect with Cloud Server, for the formulation of access strategy and the generation of ciphertext
With upload;
Data consumer connect with more authorized organizations, for requesting ciphertext to CSS and being decrypted.
Another object of the present invention is to provide described in a kind of application based on OBDD with the more authorization CP- effectively cancelled
The ciphertext policy ABE based encryption system of the information processing method of ABE.
Another object of the present invention is to provide described in a kind of application based on OBDD with the more authorization CP- effectively cancelled
The information security processing system of the information processing method of ABE.
Another object of the present invention is to provide described in a kind of application based on OBDD with the more authorization CP- effectively cancelled
The information processing method information data processing terminal of ABE.
Below from storage loss, loss of communications and the computed losses of angle contrast's prior art one of data and scheme.Table
One describes two schemes in the performance comparison of storage and communication aspects, and table two describes performance of two schemes in terms of calculating
Comparison.Wherein, tpIt indicates to ask consume a maximum time to operation, tGIndicate the maximum time that a power operation is sought in group G
Consumption,It indicates in group GTIn ask the maximum time an of power operation to consume, U indicates the size of whole property sets, UCTIndicate close
The size of property set in text, i.e., the size of association attributes collection, U in access strategySIndicate user property collection size, lMIndicate privacy
The size of data M, | G |, | GT| indicate two orders of a group.
One: two kind of technology of table compares in the performance of storage and communication aspects
Performance of two: the two kinds of technologies of table in terms of calculating compares
In conclusion advantages of the present invention and good effect are as follows: system of the invention is changed from access strategy, real
More authoring systems based on OBDD are showed;The system effectiveness problem based on Tree and LSSS is not only solved, also achieves and is based on
The attribute revocation and user's revocation function that the mono- authoring system of OBDD does not have.
Detailed description of the invention
Fig. 1 is the structure with the more authorization CP-ABE systems effectively cancelled provided in an embodiment of the present invention based on OBDD
Schematic diagram;
In figure: 1, Cloud Server;2, user identity authentication mechanism;3, more authorized organizations;4, access strategy and ciphertext processing
Module;5, data consumer.
Fig. 2 is the information processing with the more authorization CP-ABE effectively cancelled provided in an embodiment of the present invention based on OBDD
Method flow diagram.
Fig. 3 is the information processing with the more authorization CP-ABE effectively cancelled provided in an embodiment of the present invention based on OBDD
Method implementation flow chart.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Present invention is mainly used for the fine-grained access control systems realized under cloud environment.The present invention is based on access strategies to be
Single authorization ABE system of OBDD, is extended system, realizes more authorization CP-ABE systems, and cancel with effective attribute
It is cancelled with user, and demonstrates safety.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in Figure 1, it is provided in an embodiment of the present invention based on OBDD with the more authorization CP-ABE systems effectively cancelled
It include: Cloud Server 1, user identity authentication mechanism 2, more authorized organizations 3, access strategy and ciphertext processing module 4, data use
Person 5.
CSS is Cloud Server 1, is connect with data consumer 5, for storing the ciphertext uploaded;
CA is user identity authentication mechanism 2, initially first distributes unique identities for each system user, is then generating key
Stage authenticates user identity, and carries out the maintenance of attribute revocation list, is furthermore not involved in any specific algorithm;
AAs is more authorized organizations 3, is connect with user identity authentication mechanism 2, and the initialization and user key for system are raw
At, and the system update carried out when attribute revocation;
DO access strategy and ciphertext processing module 4, connect with Cloud Server 1, the formulation and ciphertext for access strategy
It generates and uploads;
DU data consumer 5 connect with more authorized organizations 3, for requesting ciphertext to CSS and being decrypted.
As shown in Fig. 2, the letter with the more authorization CP-ABE effectively cancelled provided in an embodiment of the present invention based on OBDD
Cease processing method the following steps are included:
S201: access control system model is established: by Cloud Server, attribute certification authority, the attribute management machine in network
Structure and user are abstracted into a connected graph;
S202: initialization system data: system first initializes a Bilinear Groups and a bilinear map, then with visit
Ask that policy-related (noun) attribute mechanism reruns initialization algorithm, generates corresponding master key pair;
S203: encryption private data: data owner selects access strategy, and random message has converted access strategy to
The form of sequence Binary Decision Diagrams, then encrypts private data, and the ciphertext of return is uploaded to Cloud Server;
S204: generate key: attribute certification authority first authenticates the id of each user, after certification, Attribute Authority
Key module is generated for each user, is sent to user;If not executing the algorithm by certification;
S205: user's decryption: user is decrypted with the decruption key of oneself, searches whether user property collection meets OBDD
Process be a recursive process, by recurrence, if the property set of user meets OBDD, privacy can be calculated
Data, otherwise, decryption failure;
S206: user, attribute revocation: when the revocation of user's determinant attribute occurs, need to update three parts, a part
For Update attribute agency key pair part relevant to the attribute;The mechanism for managing the attribute reselects random number, and second
Part needs to carry out re-encryption to ciphertext, and Part III is again dispatch user key.When generation user integrally cancels,
It is also three steps, reruns initialization, encryption, key generation step.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in figure 3, the letter with the more authorization CP-ABE effectively cancelled provided in an embodiment of the present invention based on OBDD
Cease processing method specifically includes the following steps:
Step 1 establishes access control system model.
Data owner, cloud, authoritative institution and data consumer are abstracted as the corresponding model in Fig. 3, are linked to be connected graph.
Step 2 initializes system data.
Assuming that sharing N number of attribute relevant to access strategy mechanism, current attribute mechanism is j, each attribute organization management
Tactful association attributes be UjIt is a, it is assumed that share n with tactful association attributes, i.e. ∑ Uj=n.Each attribute mechanism random selection
yj、tj0、tj1、…、t′j0、t′j1、…、It calculatesN is then generated to following public private key pair:
Then PKjIt is sent to data owner to encrypt, MKjIt is saved as private key oneself.
Step 3 encrypts private data.
Assuming that the active path in Ordered Binary Decision Diagrams, i.e.,Collection be combined into R:{ R0,R1,...,RT-1,
User randomly chooses secret value s ∈ Zp, calculateWherein M is
Then private data calculates ciphertext component relevant to every active pathAssuming that the association attributes set in each path
For I, thenThen final ciphertext are as follows:
Then ciphertext is uploaded to Cloud Server by data owner.
Step 4 generates key.
Data consumer in system initially all can distribute one disclosed in unique identity id, by authentication mechanism
(CA) carry out, which cannot participate in any specific algorithm of a step, in key generation phase, first verify user id whether
In the list of oneself maintenance, i.e., either with or without user's revocation occurs, if directly terminating the algorithm in user's revocation list,
Key failure is generated, if not existing, relevant mechanism j selects Stochastic r with access strategyj∈Zp, computation key componentProperty set I relevant to each path is traversed and is judged, i.e. i ∈ I, if i ∈ S ∧i=i, then enableti =
ti;IfThen enableti =t 'i, computation key componentThe private key of end user
Are as follows:
Step 5, user's decryption.
Authentication mechanism first verifies the identity id of user, if id, in revocation list, server is not given any
Return value, if by certification, ciphertext is returned to user and is decrypted by Cloud Server.Specific decrypting process is exactly a needle
To a recursive process of Ordered Binary Decision Diagrams, following five steps are shared:
(a) node that ordinal number is 2, that is, root node root are found in OBDD, are labeled as present node.
(b) label of present node is obtainedFor i ∈ n, if i ∈ S ∧i=i is then jumped toward step (c), ifIt then jumps toward step (d).
(c) its 1 branch is found according to the high value of present node, if
1) the 1 of present node branches into terminal nodeTerminate recurrence, returns to decryption failure.
2) the 1 of present node branches into terminal nodeJump to step (e).
3) the 1 of present node branches into nonterminal node, then 1 branch is defined as present node, jumps to step again
(b)。
(d) its 0 branch is found according to the low value of present node, if
The 0 of present node branches into terminal nodeTerminate recurrence, returns to decryption failure.
The 0 of present node branches into terminal nodeJump to step (e).
The 0 of present node branches into nonterminal node, then 0 branch is defined as present node, jumps to step again
(b)。
(e) by this active pathWith corresponding path RtIt is stored, i.e., the property set of the user meets
Access strategy.Then following operation is carried out:
Finally terminate recurrence, returns to successful decryption.
Step 6, user, attribute revocation.
When the revocation of user's determinant attribute occurs, need to update three parts, a part is Update attribute agency key
To part relevant to the attribute, second part needs to carry out re-encryption to ciphertext, and Part III is again dispatch user key.
Specific algorithm arrangement is, as the determinant attribute a of user A1When revocation has occurred, manage the attribute attribute mechanism can select with
Machine number m1、m′1, then update key pair (t1,t′1) it is (t1·m1,t′1·m′1), thus in public keyThen Encryption Algorithm is reruned, is updated and attribute a1Ciphertext component on relevant active pathIt is uploaded to Cloud Server, is finally run again for user and generates key algorithm, updates key moduleIt is distributed to user.
When user's revocation occurs, equally it is also required to carry out three step updates, system key is to, ciphertext and key;If
User collects { id1,id2User's revocation has occurred, then Setup algorithm is reruned, all and policy-related (noun) attribute variable will
It is updated, then reruns Encrypt Encryption Algorithm, ciphertext is uploaded to server, finally reruns KeyGen key
Generating algorithm, authentication mechanism first verify the id of user whether in revocation list;Failed regeneration is directly returned to if, no
New key is generated for active user by attribute mechanism again if, is finally distributed to associated user.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (10)
1. a kind of information processing method with the more authorization CP-ABE effectively cancelled based on OBDD, which is characterized in that described
The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD includes:
Cloud Server, attribute certification authority, Attribute Authority in network is abstracted into one with user and is connected to by the first step
Figure, establishes access control system model;
Second step, system first initialize a Bilinear Groups and a bilinear map, attribute relevant to access strategy mechanism
Rerun initialization algorithm, generates corresponding master key pair;
Third step converts access strategy to the form of Ordered Binary Decision Diagrams, encrypts to private data, and by return
Ciphertext uploads to Cloud Server;
4th step, attribute certification authority first authenticate the id of each user, and after certification, Attribute Authority is raw for each user
At key module, it is sent to user;
5th step, user are decrypted with the decruption key of oneself, and searching user property collection whether to meet the process of OBDD is one
A recursive process, if the property set of user meets OBDD, can calculate private data by recurrence, otherwise,
Decryption failure;
6th step, when the revocation of user's determinant attribute occurs, Update attribute agency key pair part relevant to the attribute, to close
Text carries out re-encryption, again dispatch user key.
2. the information processing method with the more authorization CP-ABE effectively cancelled based on OBDD as described in claim 1,
It being characterized in that, the form for converting access strategy to Ordered Binary Decision Diagrams of the second step encrypts private data,
And the ciphertext of return is uploaded into Cloud Server and is completed by Attribute Authority, share N number of attribute machine relevant to access strategy
Structure, current attribute mechanism are j, and the tactful association attributes of each attribute organization management are UjIt is a, n is shared with tactful association attributes
It is a, i.e. ∑ Uj=n;Each attribute mechanism random selectionMeter
It calculatesN is then generated to following public private key pair:
PKjIt is sent to data owner to encrypt, MKjIt is saved as private key oneself.
3. the information processing method with the more authorization CP-ABE effectively cancelled based on OBDD as described in claim 1,
It is characterized in that, access strategy is first converted Boolean function by the Ordered Binary Decision Diagrams of the third step;Boolean function is based on
The decision diagram that attribute sequence π is converted into;For ciphertext, it is divided into four components, is OBDD first, then selects secret value s,
It calculatesWherein M is private data, it is then assumed that the association attributes collection in each path is combined into I, is calculated with every effectively
The relevant ciphertext component in pathFinally ciphertext is uploaded.
4. the information processing method with the more authorization CP-ABE effectively cancelled based on OBDD as described in claim 1,
It is characterized in that, the certification authority of the 4th step, the identity of user can only be authenticated before generating user key;If
The id of user is not in user's revocation list, then selection random number calculates user key component.
5. the information processing method with the more authorization CP-ABE effectively cancelled based on OBDD as described in claim 1,
It is characterized in that, the recursive procedure for Ordered Binary Decision Diagrams of the 5th step specifically includes:
(a) node that ordinal number is 2, that is, root node root are found in OBDD, are labeled as present node;
(b) label of present node is obtainedFor i ∈ n, if i ∈ S ∧i=i is then jumped toward step (c), ifIt then jumps toward step (d);
(c) its 1 branch is found according to the high value of present node, if:
1) the 1 of present node branches into terminal nodeTerminate recurrence, returns to decryption failure;
2) the 1 of present node branches into terminal nodeJump to step (e);
3) the 1 of present node branches into nonterminal node, then 1 branch is defined as present node, jumps to step (b) again;
(d) its 0 branch is found according to the low value of present node, if:
The 0 of present node branches into terminal nodeTerminate recurrence, returns to decryption failure;
The 0 of present node branches into terminal nodeJump to step (e);
The 0 of present node branches into nonterminal node, then 0 branch is defined as present node, jumps to step (b) again;
(e) by this active pathWith corresponding path RtIt is stored, i.e., the property set of user meets access plan
Slightly, following operation is carried out:
Finally terminate recurrence, returns to successful decryption.
6. the information processing method with the more authorization CP-ABE effectively cancelled based on OBDD as described in claim 1,
It is characterized in that, the attribute revocation of the 6th step refers to that some determinant attribute of some user is revoked, at this time system update
It needs to select the corresponding stochastic variable of the attribute, and user's revocation refers to that the user of user collection cancels from system, this
When system update need to update whole relevant attribute stochastic variables with property policy.
7. a kind of perform claim requires 1 information processing method with the more authorization CP-ABE effectively cancelled based on OBDD
Based on OBDD with the more authorization CP-ABE systems effectively cancelled, which is characterized in that it is described based on OBDD with effective
Revocation more authorization CP-ABE systems include:
Cloud Server is connect with data consumer, for storing the ciphertext uploaded;
User identity authentication mechanism, initially first for each system user distribute unique identities, then generate the key stage to
Family identity is authenticated, and carries out the maintenance of attribute revocation list, is furthermore not involved in any specific algorithm;
More authorized organizations, mechanism is connect with user identity authentication, and the initialization and user key for system generate, and surely belong to
Property revocation when the system update that carries out;
Access strategy and ciphertext processing module, connect with Cloud Server, for access strategy formulation and ciphertext generation with
It passes;
Data consumer connect with more authorized organizations, for requesting ciphertext to CSS and being decrypted.
8. it is a kind of using described in claim 1~6 any one based on OBDD with the more authorization CP-ABE's effectively cancelled
The ciphertext policy ABE based encryption system of information processing method.
9. it is a kind of using described in claim 1~6 any one based on OBDD with the more authorization CP-ABE's effectively cancelled
The information security processing system of information processing method.
10. it is a kind of using described in claim 1~6 any one based on OBDD with the more authorization CP-ABE's effectively cancelled
Information processing method information data processing terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910144478.4A CN110011963A (en) | 2019-02-27 | 2019-02-27 | The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910144478.4A CN110011963A (en) | 2019-02-27 | 2019-02-27 | The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110011963A true CN110011963A (en) | 2019-07-12 |
Family
ID=67166072
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910144478.4A Pending CN110011963A (en) | 2019-02-27 | 2019-02-27 | The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110011963A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917721A (en) * | 2020-06-28 | 2020-11-10 | 石家庄铁道大学 | Attribute encryption method based on block chain |
| CN112217641A (en) * | 2020-10-21 | 2021-01-12 | 桂林电子科技大学 | Ciphertext strategy attribute-based encryption method based on ADD (additive addition) supporting read-write function |
| CN113055168A (en) * | 2021-03-29 | 2021-06-29 | 陕西师范大学 | Ciphertext strategy attribute encryption method supporting strategy hiding and attribute updating |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103297227A (en) * | 2013-07-02 | 2013-09-11 | 西安电子科技大学 | Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy |
| CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
| EP2983143A1 (en) * | 2014-08-06 | 2016-02-10 | Gemalto SA | Security management system for revoking a token from at least one service provider terminal of a service provider system |
| CN106850224A (en) * | 2017-04-13 | 2017-06-13 | 桂林电子科技大学 | A kind of ciphertext policy ABE base encryption method of private key fixed length |
-
2019
- 2019-02-27 CN CN201910144478.4A patent/CN110011963A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103297227A (en) * | 2013-07-02 | 2013-09-11 | 西安电子科技大学 | Attribute-based encryption supporting flexible and direct-revocatory ciphertext policy |
| CN103618728A (en) * | 2013-12-04 | 2014-03-05 | 南京邮电大学 | Attribute-based encryption method for multiple authority centers |
| EP2983143A1 (en) * | 2014-08-06 | 2016-02-10 | Gemalto SA | Security management system for revoking a token from at least one service provider terminal of a service provider system |
| CN106850224A (en) * | 2017-04-13 | 2017-06-13 | 桂林电子科技大学 | A kind of ciphertext policy ABE base encryption method of private key fixed length |
Non-Patent Citations (3)
| Title |
|---|
| LONG LI ETC: "A Ciphertext-Policy Attribute-Based Encryption", 《IEEE ACCESS》 * |
| WEI GUAN: "Reliability Analysis of the Internet of Things Based on", 《INTERNATIONAL JOURNAL OF ONLINE ENGINEERING》 * |
| 李琦: "快速解密且私钥定长的密文策略属性基加密方案", 《电子与信息学报》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917721A (en) * | 2020-06-28 | 2020-11-10 | 石家庄铁道大学 | Attribute encryption method based on block chain |
| CN111917721B (en) * | 2020-06-28 | 2022-04-05 | 石家庄铁道大学 | Attribute encryption method based on block chain |
| CN112217641A (en) * | 2020-10-21 | 2021-01-12 | 桂林电子科技大学 | Ciphertext strategy attribute-based encryption method based on ADD (additive addition) supporting read-write function |
| CN112217641B (en) * | 2020-10-21 | 2022-09-27 | 桂林电子科技大学 | Ciphertext strategy attribute-based encryption method based on ADD (additive addition) supporting read-write function |
| CN113055168A (en) * | 2021-03-29 | 2021-06-29 | 陕西师范大学 | Ciphertext strategy attribute encryption method supporting strategy hiding and attribute updating |
| CN113055168B (en) * | 2021-03-29 | 2022-06-24 | 陕西师范大学 | Ciphertext strategy attribute encryption method supporting strategy hiding and attribute updating |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110099043B (en) | Multi-authorization-center access control method supporting policy hiding and cloud storage system | |
| CN109829326B (en) | Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain | |
| CN111130757A (en) | Multi-cloud CP-ABE access control method based on block chain | |
| CN114039790B (en) | Fine-grained cloud storage security access control method based on blockchain | |
| CN108833393A (en) | A kind of revocable data sharing method calculated based on mist | |
| CN107359986A (en) | The outsourcing encryption and decryption CP ABE methods of user revocation | |
| Namasudra et al. | Secure and efficient data access control in cloud computing environment: a survey | |
| CN107465681B (en) | Cloud computing big data privacy protection method | |
| CN115296817B (en) | Data access control method based on block chain technology and attribute encryption | |
| CN106788988B (en) | Voidable key polymerize encryption method under cloud environment | |
| CN110061983A (en) | A kind of data processing method and system | |
| CN107547530A (en) | On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment | |
| CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
| CN110011963A (en) | The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD | |
| Gao et al. | Blockchain based secure IoT data sharing framework for SDN-enabled smart communities | |
| CN113360944A (en) | Dynamic access control system and method for power internet of things | |
| Liu et al. | Dynamic attribute-based access control in cloud storage systems | |
| Sammy et al. | An Efficient Blockchain Based Data Access with Modified Hierarchical Attribute Access Structure with CP‐ABE Using ECC Scheme for Patient Health Record | |
| Nie et al. | Time‐enabled and verifiable secure search for blockchain‐empowered electronic health record sharing in IoT | |
| Chaudhari et al. | A comprehensive survey on public auditing for secure cloud storage | |
| Hahn et al. | Verifiable outsourced decryption of encrypted data from heterogeneous trust networks | |
| CN113630448A (en) | Distributed encryption storage method and system, computer device and readable storage medium | |
| Shi et al. | Secure government data sharing based on blockchain and attribute-based encryption | |
| Tian et al. | Fine‐grained assured insertion and deletion scheme based on onion encryption in cloud storage | |
| CN114039737B (en) | Attribute-based shared data storage and access method and system for resisting selective plaintext attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20220920 |