Enabling comparable data access control for lightweight mobile devices in clouds
First Claim
Patent Images
1. A method for encrypting data in a computer based processing system using a trust authority with a public key PK and a master key MK, the method comprising:
- sending a request for a partially encrypted header {tilde over (H)} to the trust authority with a specified access control policy Ps;
receiving a partially encrypted header computed by the trust authority, wherein the partially encrypted header {tilde over (H)} is based on the public key PK, the master key MK, and the specified access control policy Ps;
encrypting data using the partially encrypted header {tilde over (H)};
wherein the data is encrypted according to the following algorithm;
Encrypt(Ĥ
)→
(H, Ks);
Given the partially encrypted header, the algorithm produces the session key Ks and ciphertext H={S, C, ES, ES, Ê
S, Ê
S} to cloud storage; and
further wherein each part of H is generated as follows;
1) randomly choosing two secrets s1, s2 ∈n,2) computing the main secret s=s1+s2 ∈
n and deriving
C=sW∈, 3) producing the session key Ks=e(G, W)α
s and using Ks to encrypt the data,4) computing ES=s1T and ES=s2T, and5) computing each of Ê
S=s1{right arrow over (ψ
)}ST·
s1W=s1{right arrow over (ψ
)}Sλ
W·
s1W=s1(λ
{right arrow over (ψ
)}S+1)W and Ê
S=s2ST·
s2W=s2Sλ
W·
s2W=s2(λS+1)W.
2 Assignments
0 Petitions
Accused Products
Abstract
A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities.
11 Citations
12 Claims
-
1. A method for encrypting data in a computer based processing system using a trust authority with a public key PK and a master key MK, the method comprising:
-
sending a request for a partially encrypted header {tilde over (H)} to the trust authority with a specified access control policy Ps; receiving a partially encrypted header computed by the trust authority, wherein the partially encrypted header {tilde over (H)} is based on the public key PK, the master key MK, and the specified access control policy Ps; encrypting data using the partially encrypted header {tilde over (H)}; wherein the data is encrypted according to the following algorithm; Encrypt(Ĥ
)→
(H, Ks);
Given the partially encrypted header, the algorithm produces the session key Ks and ciphertext H={S, C, E
S , ES, ÊS , Ê
S} to cloud storage; andfurther wherein each part of H is generated as follows; 1) randomly choosing two secrets s1, s2 ∈ n,
2) computing the main secret s=s1+s2 ∈ n and deriving
C=sW∈,
3) producing the session key Ks=e(G, W)α
s and using Ks to encrypt the data,4) computing E S =s1T and ES=s2T, and5) computing each of Ê S =s1{right arrow over (ψ
)}S T·
s1W=s1{right arrow over (ψ
)}S λ
W·
s1W=s1(λ
{right arrow over (ψ
)}S +1)W and Ê
S=s2ST·
s2W=s2Sλ
W·
s2W=s2(λS+1)W.
- View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of decrypting data, wherein the method comprises:
-
storing the data in a computer based processing system, wherein the data includes an encrypted header H and encrypted target data; receiving a request for access to the data, wherein the request includes a user identity; partially decrypting an encrypted header H when the user is entitled to access the data based on the user'"'"'s public key PKLU, privilege LU and access control policy Ps; sending the partially decrypted header {tilde over (H)} to the user; wherein partially decrypting the header H is performed according to the following algorithm; DecDelegate(H, PK u ,u,
S)→
Ĥ
;
Given the user'"'"'s public key PKu and privilegeu along with the access control policy
s, the algorithm outputs {right arrow over (ψ
)}S andSwhen [ν
i,j, ν
i,k]∩
[ν
i,a, ν
i,b]≠
Ø
for all Ai∈;
({right arrow over (ψ
)}U)=({right arrow over (ψ
)}U)w U, =({right arrow over (πs
)}Π1≤ {right arrow over (w)}
i≤
mi,a )Π1≤ (
i≤
mw i,(a,k) )={right arrow over (ψ
)}S (mod n)(
Ū
)=(Ū
)w s,Ū =(Π
1≤
i≤
mi,b )Π1≤ (
i≤
mw i,(j,b) )=s(mod n);
where {right arrow over (w)}U, s =Π
1≤
i≤
m(w i,(a,k)) andw S,Ū
=Π
1≤
i≤
m(w i,(j,b));and further wherein the algorithm outputs {tilde over (H)}={H,{right arrow over (ψ
)}U−
{right arrow over (ψ
)}S ,Ū
−S} as the partially decrypted header.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeArizona Board of Regents (University of Arizona)
-
Original AssigneeArizona Board of Regents (University of Arizona)
-
InventorsHuang, Dijiang, Wang, Zhijie
-
Primary Examiner(s)Choudhury, Azizul
-
Application NumberUS15/617,035Publication NumberTime in Patent Office831 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/6218 to a system of files or obj...H04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0428 wherein the data content is...H04L 63/06 for supporting key manageme...H04L 63/102 Entity profilesH04L 9/3073 involving pairings, e.g. id...
