Access control method of convertible data cloud storage with data source authentication function

Abstract

The invention belongs to the technical field of cloud computing, and discloses an access control method of convertible data cloud storage with a data source authentication function. The control methodcomprises system parameter initialization, user key generation, data encryption storage, data downloading decryption, data access control and ciphertext data conversion. By adoption of the access control method disclosed by the invention, the problems of how to ensure data source authentication in the existing cloud data access control and how to determine the responsibility of a cloud service provider and the public convertibility of the ciphertext data when the data are damaged on a cloud server are solved, the access control method disclosed by the invention is constructed based on a certificate-free public key system, thereby having no certificate management problem in PKI or key escrow problem based on an identity public key system, and the access control method of convertible data cloud storage with the data source authentication function is proposed.

Description

technical field [0001] The invention belongs to the technical field of cloud computing, and in particular relates to an access control method for convertible data cloud storage with data source authentication. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: [0003] Cloud computing (Cloud Computing) technology has brought tremendous changes to people's work and life. Cloud computing technology has penetrated into various fields and brought positive and far-reaching impacts to all walks of life. Data cloud storage is an important part of cloud computing services. Data cloud storage service not only provides users with cheap storage space, but also enables users to access the cloud server and obtain their own data through the Internet anytime and anywhere, or share the data stored on the cloud server with others. The data stored by the user on the cloud server may involve confidentiality and privacy issues, or...

AI Technical Summary

Problems solved by technology

However, there are three problems here: Question 1, when the ciphertext data is damaged on the cloud server and cannot be decrypted normally, how to determine that it is the responsibility of the cloud service provider? Question 2, how to authenticate the source of the data when the data user wants to use the data, that is, how to determine the owner of the data

Question 3: When the secret data stored in the cloud server by the data owner has passed a certain protection period, and the data owner wants to disclose the data to the outside world, how to achieve the convertibility of the secret data

[0005] (1) In the existing technology, it is considered to encrypt the data and store it on the cloud server, and then track whether the data stored on the cloud server is damaged through irregular (third-party) audit methods, but it is impossible to determine whether it is a cloud service Data corruption due to provider issues

[0006] (2) When performing data access control, the data user cannot be sure that the ciphertext data comes from the specific data owner, that is, there is no authentication of the data source

[0007] (3) The open convertibility of secret data is not considered in the prior art, that is, how to disclose the data under the premise of ensuring that the data source can be authenticated, so that the data user can decrypt and verify the data without using their own private key source

[0008] (4) There is a joint attack between the cloud service provider and the data user in the prior art, that is, their cooperation can recover the private key of the data owner

[0009] (5) Most of the existing methods are based on public key infrastructure or identity-based public key system construction, so there are key management issues and key custody issues

Images