{"title":"灵活的密码访问控制,通过代理在组之间重新加密","authors":"Gaurav Pareek, B. Purushothama","doi":"10.1145/3288599.3299722","DOIUrl":null,"url":null,"abstract":"A cryptographic access control scheme enforces access control policy of the data owner on his encrypted data. Most widely used cryptographic access control mechanism is hierarchical access control. Set of users for which access of data is to be managed/controlled, is divided into disjoint partitions called \"security classes\" or simply \"classes\". A hierarchical key assignment scheme (HKAS) assigns encryption keys of the data items in such a way that a class can only access data intended for class(es) lower down in the hierarchy [1]. So, we say each class has \"designated access\" to data intended for class(es) lower in the hierarchy. Suppose a class Ci, not having designated access to another class Cj, wishes to temporarily have access to data intended for Cj for a finite duration of time and Cj agrees for the same. However, consider that Cj does not wish to share its designated access with Ci. That is, Cj wishes to allow Ci to access data intended directly for Cj but not the one intended for any of the classes to which Cj has designated access and Ci does not. This flexibility requirement has various practical applications. In health-care services for instance, it may be desired that patient's data accessible directly to a doctor is securely delegated to another doctor in another service center for a finite period of time for expert consultation. However, it may be desired that the two doctors do not share information of any other patient.","PeriodicalId":346177,"journal":{"name":"Proceedings of the 20th International Conference on Distributed Computing and Networking","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Flexible cryptographic access control through proxy re-encryption between groups\",\"authors\":\"Gaurav Pareek, B. Purushothama\",\"doi\":\"10.1145/3288599.3299722\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A cryptographic access control scheme enforces access control policy of the data owner on his encrypted data. Most widely used cryptographic access control mechanism is hierarchical access control. Set of users for which access of data is to be managed/controlled, is divided into disjoint partitions called \\\"security classes\\\" or simply \\\"classes\\\". A hierarchical key assignment scheme (HKAS) assigns encryption keys of the data items in such a way that a class can only access data intended for class(es) lower down in the hierarchy [1]. So, we say each class has \\\"designated access\\\" to data intended for class(es) lower in the hierarchy. Suppose a class Ci, not having designated access to another class Cj, wishes to temporarily have access to data intended for Cj for a finite duration of time and Cj agrees for the same. However, consider that Cj does not wish to share its designated access with Ci. That is, Cj wishes to allow Ci to access data intended directly for Cj but not the one intended for any of the classes to which Cj has designated access and Ci does not. This flexibility requirement has various practical applications. In health-care services for instance, it may be desired that patient's data accessible directly to a doctor is securely delegated to another doctor in another service center for a finite period of time for expert consultation. However, it may be desired that the two doctors do not share information of any other patient.\",\"PeriodicalId\":346177,\"journal\":{\"name\":\"Proceedings of the 20th International Conference on Distributed Computing and Networking\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-01-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 20th International Conference on Distributed Computing and Networking\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3288599.3299722\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 20th International Conference on Distributed Computing and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3288599.3299722","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Flexible cryptographic access control through proxy re-encryption between groups
A cryptographic access control scheme enforces access control policy of the data owner on his encrypted data. Most widely used cryptographic access control mechanism is hierarchical access control. Set of users for which access of data is to be managed/controlled, is divided into disjoint partitions called "security classes" or simply "classes". A hierarchical key assignment scheme (HKAS) assigns encryption keys of the data items in such a way that a class can only access data intended for class(es) lower down in the hierarchy [1]. So, we say each class has "designated access" to data intended for class(es) lower in the hierarchy. Suppose a class Ci, not having designated access to another class Cj, wishes to temporarily have access to data intended for Cj for a finite duration of time and Cj agrees for the same. However, consider that Cj does not wish to share its designated access with Ci. That is, Cj wishes to allow Ci to access data intended directly for Cj but not the one intended for any of the classes to which Cj has designated access and Ci does not. This flexibility requirement has various practical applications. In health-care services for instance, it may be desired that patient's data accessible directly to a doctor is securely delegated to another doctor in another service center for a finite period of time for expert consultation. However, it may be desired that the two doctors do not share information of any other patient.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
