Enabling comparable data access control for lightweight mobile devices in clouds
First Claim
1. A method of storing encrypted data in a computer based processing system, comprising:
- generating a public key PK and a master key MK;
publishing said public key PK;
issuing private keys SKLU and public keys PKLU to each data user, said public and private keys based on the data user'"'"'s ID and an attribute set LU, the attribute set LU including one or more attributes Ai, wherein each attribute corresponds to an attribute range;
receiving a request for a partially encrypted header from a data owner, said request including a specified access control policy Ps;
generating a partially encrypted header {tilde over (H)} based on the public key PK, the master key MK, and the specified access control policy Ps;
transmitting said partially encrypted header {tilde over (H)} to said data owner; and
receiving a header H and encrypted data from said data owner, said header H and encrypted data being based at least on part on said partially encrypted header {tilde over (H)}.
2 Assignments
0 Petitions
Accused Products
Abstract
A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities.
9 Citations
15 Claims
-
1. A method of storing encrypted data in a computer based processing system, comprising:
-
generating a public key PK and a master key MK; publishing said public key PK; issuing private keys SKLU and public keys PKLU to each data user, said public and private keys based on the data user'"'"'s ID and an attribute set LU, the attribute set LU including one or more attributes Ai, wherein each attribute corresponds to an attribute range; receiving a request for a partially encrypted header from a data owner, said request including a specified access control policy Ps; generating a partially encrypted header {tilde over (H)} based on the public key PK, the master key MK, and the specified access control policy Ps; transmitting said partially encrypted header {tilde over (H)} to said data owner; and receiving a header H and encrypted data from said data owner, said header H and encrypted data being based at least on part on said partially encrypted header {tilde over (H)}. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification