A method for safely distributing and using data files

Abstract

The invention discloses a method for safely distributing and using data files. By dividing user attributes into public attributes and private attributes, data access control and information flow control are realized respectively. Specifically, user identities and roles are adopted. The user's public attributes, using the public attributes to realize the access control to the ciphertext, use the user's login password, device identification code, geographical location, time, etc. The transfer is controlled so that designated users can view data files only at designated devices, designated times, and designated locations, which improves the security of encrypted information access and viewing. In addition, the method provided by the present invention can realize anti-collusion attack, and prevent users or attribute organizations from colluding with obtained keys to obtain required keys, thereby endangering information security.

Description

technical field [0001] The invention relates to the technical fields of cloud computing, electronic documents and digital content distribution security, in particular to a method for secure distribution and use of data files. Background technique [0002] With the rapid development of cloud computing technology, more and more government departments and enterprises choose cloud environment for office work, and transmit a large amount of information and data to cloud servers. Data storage has become one of the most basic services of the Internet. An important challenge of data security in cloud computing environment is to share data and protect data security. In the multi-user environment of cloud storage, if confidential files are shared by multiple users, it will bring many difficult problems such as key storage, key update and maintenance to the file owner. [0003] In order to solve the security problem of user data, many encryption schemes and signature schemes have been...

AI Technical Summary

Problems solved by technology

The main idea of ​​the existing attribute encryption scheme is: the authority in the system is represented by the attribute, the attribute authority authenticates the authority of the user attribute and distributes the corresponding key, and the resources in the system are encrypted by the attribute-based encryption algorithm and stored on the cloud server , the resource access policy can be formulated by the resource publisher according to the needs of the scheme. Anyone can access the encrypted resource at will, but only the visitors who meet the access policy can use the attribute encryption algorithm to decrypt the resource.

[0004] The existing attribute encryption schemes mainly solve the access control problem, but cannot solve the information flow control. For example, the existing attribute encryption schemes usually only use one attribute to encrypt information. When this attribute meets the data access control requirements , the user can obtain and view the data. This encryption method has relatively loose decryption conditions and low security.

Images