Partial strategy hiding access control method and system and wireless communication system

Abstract

The invention belongs to the technical field of wireless communication, and discloses a partial strategy hiding access control method and system and a wireless communication system. A central authorization center generates global public parameters, a system master key and a user global unique identity identifier; the attribute authorization center generates an attribute authorization center publicand private key pair, and generates a user agent key and a decryption key; the data owner formulates an access control strategy according to a sharing demand, embeds the access control strategy intothe ciphertext, and uploads the partially hidden access control strategy and the ciphertext to the cloud together; the cloud service provider judges whether the data requester meets the partially hidden access control strategy or not; the data user uses the decryption key to complete final authentication; when user revocation occurs, the cloud service provider deletes the proxy key corresponding to the revoked user; and when attribute revocation occurs, the cloud service provider updates the corresponding proxy key and ciphertext. According to the invention, the authentication efficiency is high under the same security strength.

Description

technical field [0001] The invention belongs to the technical field of wireless communication, and in particular relates to a partial policy concealment access control method, system and wireless communication system. Background technique [0002] At present, in the traditional CP-ABE access control scheme, the access control policy is an access structure, which is represented by the attribute of the authorized person, clearly stipulates the user group with data access rights, and is in the form of plain text together with the cipher text Upload to the cloud. Any user who obtains the ciphertext can know the relevant access control policy, but the access control policy usually contains certain sensitive information, which may leak user privacy. For example, in a medical cloud scenario, a hospital that manages electronic medical records on behalf of patients stores data on the cloud, and patients or medical staff can access the cloud to obtain data. In order to achieve acces...

AI Technical Summary

Problems solved by technology

[0004]However, the existing policy-hidden CP-ABE access control scheme still does not fully solve how to improve the efficiency of user authentication and the safe and efficient user revocation and attribute revocation; (1) The authentication phase and the decryption phase are independent of each other, which makes authorized users perform repeated calculations, resulting in an increase in the user's computing burden. How to improve computing efficiency is a technical problem

(2) In the user authentication stage, due to the use of a large number of bilinear pairing operations, the authentication efficiency is low. How to improve the authentication efficiency is a technical problem

(3) The existing user revocation and attribute revocation schemes do not involve policy hiding scenarios. How to perform safe and efficient revocation under the policy hiding situation is a technical problem

[0006](1) The authentication phase and the decryption phase are independent of each other, which makes authorized users perform repeated calculations and increases the user's computing burden. How to improve computing efficiency is a technical problem

[0007](2) In the user authentication stage, due to the use of a large number of bilinear pairing operations, the authentication efficiency is low. How to use cloud service providers with abundant computing resources It is a technical problem to complete part of the certification

[0008](3) Existing user revocation and attribute revocation schemes do not involve the scenario of policy hiding. How to perform safe and efficient revocation under the condition of policy hiding is a technical problem

[0009] Difficulties in solving the above problems and defects are as follows: (1) The technical difficulty of fast authentication mainly lies in the fact that the authentication stage and the decryption stage are independent of each other, which is difficult to achieve with fast authentication technology an important reason

(2) How to perform user revocation and attribute revocation in the case of policy hiding is also an important reason why revocation cannot be used safely and efficiently

(3) Due to the use of bilinear pairing in the user authentication process, the efficiency of user authentication is extremely low, which is an important reason why it is difficult to authenticate efficiently

Images