CN104901942A - Distributed access control method for attribute-based encryption - Google Patents

Abstract

The invention provides a distributed access control method for attribute-based encryption, and mainly aims to solve the problems of security and privacy protection of massive data in a cloud environment. A multi-authority ciphertext-policy attribute-based encryption (CP-ABE) mechanism is provided on the basis of CP-ABE. According to the mechanism, the workload of a single authority is shared with a plurality of authorities, and efficient outsourcing decryption, user revocation and dynamic join and exit supporting attribute authority (AA) can be realized. Through adoption of an access control mechanism provided by the invention, efficient, distributed, extensible and fine-granularity access control can be realized while the security and privacy of the massive data are protected.

Description

A kind of distributed access control method based on encryption attribute

Technical field

The present invention relates to the data security arts in Computer Subject, Information security discipline, the data security particularly under cloud computing environment and secret protection.

Background technology

Along with the fast development of computer technology, the Internet and wireless network, the mass data that every day produces stores on computers with digitized form.Cloud computing technology is that the Storage and Processing of mass data provides an effective solution.But, when user is stored into third party cloud server their data, consider that third party cloud server is not exclusively believable and user's generally their data of Accessor Access that permission is authorized, therefore, the safety of user's sensitive data and privacy face great challenge, individual mail such as, on social network sites in the individual preference of user and friend circle and mailbox server etc.When these servers are by assault, the sensitive data of user can be revealed, and even some cloud service provider can obtain interests by the data of selling user.

Access control and data encryption technology can meet the demand of above-mentioned user to data secret protection.The fail safe of traditional access control system and performance are usually based on a complete believable server, and the authority of user and data are all distributed by system manager and manage, but when number of users is huge, this will have a strong impact on the efficiency of system.If when this server is captured, the data of user will be revealed.Data encryption technology can protect secure user data effectively, as the encryption mechanism that uses public-key (as RSA), then encipherer needs the PKI knowing recipient in advance, when using asymmetric encryption mechanisms (as AES (Advanced Encryption Standard)), encipherer needs online to recipient's distributed key, that is traditional encryption mechanism is man-to-man, for different recipients, encipherer needs to use different keys, file identical so encryptedly repeatedly can generate different ciphertexts and store on the server, when the data in system and number of users huge time, huge expense can be brought to key management.And in many applied environments, especially cloud environment, data owner only needs to encrypt according to encryption policy the data shared, and does not need to know that the identity of recipient and which user can access these data in advance.And be difficult based on the encryption mechanism that traditional encryption mechanism builds based on strategy, because when data owner's enciphered data, it still needs to know all users with its data permission of access in advance, then enciphered data is carried out based on this user collection, but when newly to add access customer and possess access rights, data then need re-encrypted.And traditional encryption mechanism can not support that the fine granularity of user data is accessed well, so traditional access control system and encryption mechanism can not be applied in distributed cloud environment efficiently.

Therefore, incomplete believable Cloud Server realizes the safety of mass data and secret protection need badly one fine-grained, extendible, distributed and the access control mechanisms system of one-to-many encryption can be realized.At present, be considered to be best suited for data security and one of secret protection and the technology realizing the control of fine-grained data access in solution cloud environment based on encryption attribute (Attribute-Based Encryption, ABE).ABE has two kinds of structures, is respectively the ABE (Key-PolicyABE, KP-ABE) of key strategy and the ABE (CP-ABE) of Ciphertext policy.In KP-ABE mechanism, the key of each user is relevant to access structure, and each ciphertext is relevant to one group of property set; Then contrary in CP-ABE mechanism, each user key is relevant to one group of property set, and ciphertext is relevant to access structure.When ABE is applied in cloud environment, consider that the data of data owner are stored on Cloud Server, in order to enable data owner's control and management data, CP-ABE has more advantage.

But when CP-ABE mechanism is applied in cloud environment, inevitably need to consider some practical problems.Such as, in systems in practice, user's position can change, and then the authority of user can change.In CP-ABE mechanism, the authority of user and attribute one_to_one corresponding, so the change of user right can regard the change of user property as, namely user property cancels problem.Consider that the computing capability of user terminal is limited, and in CP-ABE, number of attributes linear correlation in decryption time and access structure, when number of attributes is more, can bring heavy computation burden to user simultaneously.Therefore, when designing CP-ABE mechanism for cloud environment, efficient user cancels with efficient decryption problems urgently to be resolved hurrily.At present, more existing CP-ABE mechanism are applied to the method in cloud environment, but all there is certain defect.

Current existing method can be divided into the CP-ABE of single authority, as Chinese patent literature CN201210389845.5, CN201310132586.2, CN201410055341.9, CN201410330696.4, with the CP-ABE of many authority, as CN201310647570.5, in the CP-ABE method of single authority, attribute management in system and key distribution are all by single complete believable attribute authority (aa) (AttributeAuthority, AA) perform, this AA possesses the ability of deciphering all ciphertexts, when this AA is attacked or delay machine, whole system will be affected and user key may be revealed, so single AA will be performance bottleneck and the security vulnerabilities of system.Therefore, the CP-ABE of many authority is more suitable for cloud environment.

Document CN201210389845.5, CN201310132586.2, CN201410330696.4 consider user and cancel problem, but but do not consider efficient deciphering, and CN201410055341.9 proposes the method for a kind of outsourcing deciphering on the basis of CP-ABE, achieve efficient deciphering, but do not consider that user cancels problem.CN201310647570.5 proposes a kind of CP-ABE method being applied to many authoritys of cloud environment, the method can realize efficient deciphering and user cancels, but when carrying out user and cancelling, the method not only needs to carry out private key renewal to containing the user cancelling attribute, also need to upgrade containing the ciphertext cancelling attribute in access structure, and when considering the mass data stored in cloud environment, this user's cancelling method can bring huge expense.

Summary of the invention

In view of this, in order to solve the problem, the present invention proposes a kind of safety and secret protection demand of the mass data that can meet on Cloud Server, fine granularity and extendible Distributed access control mechanism can be realized again.

In order to realize Distributed access control mechanism, the present invention devises a kind of CP-ABE supporting many authoritys that outsourcing is deciphered and efficient user cancels.In this encryption mechanism, an access structure (access structure is based on descriptive property set) can be defined during enciphered data, make ciphertext relevant to access structure; Then descriptive to the one group property set of decruption key generated is relevant, and when the property set in and if only if decruption key meets the access structure in ciphertext, decruption key could correct decrypting ciphertext.When the authority of user changes, then can carry out key revocation renewal to user.In order to alleviate the expense of user, the major part work of decrypting ciphertext is on commission gives Cloud Server.And this encryption mechanism uses multiple AA to distribute attribute key, which reduces the workload of single AA, improve fail safe and the robustness of system simultaneously.

CP-ABE is based upon on two-wire group, meets the character of bilinear map.Provide the definition of bilinear map below: establish G ₁and G ₂the multiplication loop group of prime number p that to be two rank be.G is G ₁generator, bilinear map e:G ₁× G ₁→ G ₂, this is mapped with following characteristic:

(1) bilinearity: for any u, v ∈ G ₁, a, b ∈ Z _p, e (u ^a, v ^b)=e (u, v) ^ab;

(2) non degenerate: e (g, g) ≠ 1;

(3) computability: for any u, v ∈ G ₁, can effectively calculate e (u, v).

Further, as shown in Figure 1, this model is made up of five entities system model of the present invention, is respectively believable Third Party Authentication server (TP), attribute authority (aa) (AA), data owner's Cloud Server and user.Wherein TP is responsible for certification and the registration of user, and distributes overall identify label (GID), certificate and user's overall situation private key to validated user; Each AA is independent operation and is in charge of the attribute in own domain, and they are also responsible for the validated user of registration distribution attribute key simultaneously, and the attribute key of user is stored on Cloud Server; Data owner carrys out enciphered data based on the access structure of definition, and the data of encryption are stored on Cloud Server; Cloud Server then provides storage and access services, when the data of a validated user access authorization, the attribute key of Cloud Server first retrieval user, then utilize this attribute key decrypting ciphertext and generate a decrypted token (TK) and this TK and ciphertext are issued user, then user utilizes overall private key and TK to carry out decrypting ciphertext, the final data obtaining needs access.

Distributed access control based on encryption attribute mechanism provided by the invention, comprises following step:

S1: system initialization, the public/private key of generation system common parameter, TP to and the public/private key pair of each attribute;

S2: data encryption, data owner's enciphered data, and data are stored on Cloud Server in an encrypted form;

S3: user key generates, TP distribute a GID to validated user and to this user's distributing certificates and overall private key, AA then distributes attribute private key based on the authority of user to it;

S4: visit data, user accesses to server request data, and the property set of and if only if user meets the access structure in ciphertext, and user could utilize overall private key and attribute private key to carry out decrypting ciphertext;

S5: user cancels, when the authority of user changes, then upgrades the private key of user, makes it rejoin system with a new identity.

Further, described step S1 comprises the steps:

S11:TP initialization, input security parameter, the public/private key pair of generation system common parameter and TP;

S12:AA initialization.

Wherein S12 comprises the steps:

S121: each AA receives the PKI of system common parameter and TP from TP;

S122: each AA is that each attribute that it manages generates public/private key pair.

Further, described step S2 comprises the steps:

S21: data owner receives the PKI of system common parameter and each attribute respectively from TP and AA;

S22: data owner is based on global property collection U, and define an access structure A to data, A is represented by access matrix (M, ρ), the mapping wherein between the every a line of function ρ representing matrix M and attribute x;

S23: from Z _pin choose random number s as encryption exponent, make s be vector first element;

S24: calculate wherein M _iit is the i-th row of matrix M;

S25: choose random number r _i∈ Z _p;

S26: export ciphertext CT;

S27: data owner uploads to ciphertext CT on Cloud Server.

Further, described step S3 comprises the steps:

S31: user adds system, submits to identity information to register to TP;

The legitimacy of S32:TP authenticated user;

S33: if user is legal, then distribute a GID to user, and distribute a certificate and overall private key to user, and wherein certificate comprises the overall PKI of the GID of user, the attribute list of user and user; If this user is illegal, then refusal adds system;

S34: when user receives certificate and overall private key that TP sends, just certificate is issued its each AA be subordinate to;

S35: after AA receives certificate, AA use the public key decryptions certificate of TP, and whether authentication of users GID belongs to user's revocation list (UL);

S36: if then AA generates attribute private key based on the attribute list of user to user; If GID ∈ is UL, AA terminating operation;

S37: then AA sends to Cloud Server the attribute private key of user, and is stored on Cloud Server.

Further, described step S4 comprises the steps:

S41: user GID sends data access request to Cloud Server, and certificate is issued Cloud Server;

S42: Cloud Server uses the public key decryptions certificate of TP, and whether authentication of users GID belongs to user's revocation list (UL);

S43: if then continue following operation; If GID ∈ is UL, Cloud Server terminating operation;

S44: the attribute private key of Cloud Server retrieval user;

S45: the attribute private key decrypting ciphertext then using user, and generate decrypted token TK;

Wherein S45 comprises the steps:

S451: order and I={i: ρ (i) ∈ R _a, if according to access matrix M, { λ _i} _{i ∈ I}be effectively sharing of encryption exponent s, then there is recovery coefficient { w _i∈ Z _p} _{i ∈ I}can reconstruct encryption exponent is first Cloud Server chooses { w _i∈ Z _p} _{i ∈ I};

S452: then Cloud Server secure processing device encrypts token TK;

S46: then Cloud Server sends to user TK and ciphertext;

S47: end user uses overall private key and TK decrypting ciphertext, if the attribute of user meets the access structure in ciphertext, then user's successful decryption; If do not meet, then decipher failure.

Further, described step S5 comprises the steps:

S51: when the authority of user changes, user sends to TP its identity information changed, and re-registers at TP place;

S52:TP writes GID original for user in UL, and announces UL;

S53:TP is that user distributes a new overall identify label GID ', and distribute a new certificate and overall private key for user, wherein new certificate comprises GID ', new Customer attribute row form and new overall PKI, and then TP issues user overall private key new for user and certificate simultaneously;

S54: after user receives the new certificate and overall private key that TP sends, each AA using new certificate to be again subordinate to it carries out alternately.

S55: when AA receives certificate ACert _{gID '}after, AA uses the public key decryptions certificate of TP, and whether authentication of users GID ' belongs to UL;

S56: if aA continues following operation; If GID ' ∈ is UL, AA terminating operation;

S57: this step is the same with S37, AA generate new attribute private key based on the attribute list of user to cancelling user;

S58: then AA sends to Cloud Server each attribute private key of user, Cloud Server receives the attribute private key of user from the AA participating in key distribution and stores, and Cloud Server deletes newly-increased attribute private key of cancelling user in UL simultaneously.

The invention has the advantages that: the present invention proposes the machine-processed based on encryption attribute of authority more than one, each AA is that independent operating is independent of each other, and do not need a center authority (Central Authority, CA), and this CA be equivalent to single authority based on the single AA in encryption attribute mechanism, possess the ability of deciphering all system ciphertexts, therefore CA must be completely credible.The present invention utilizes multiple AA to share the workload of single AA, and can effectively avoid CA to become bottleneck and the security vulnerabilities of system, improves the robustness of system, also supports dynamically adding and exiting of AA simultaneously.And the present invention utilizes the method for distributing an overall identify label GID to user to conspire to prevent user.

In the present invention, utilize cipher key separation that the private key of user is divided into user's overall situation private key and user property private key, wherein user property private key is stored by Cloud Server, and user only need preserve overall private key.Therefore, four entities except data owner all have part decryption capabilities, but these four entity each party do not possess the ability of fully decrypting ciphertext, when user wants decrypting ciphertext, user need the assistance of Cloud Server and the attribute of and if only if user meets the access structure in ciphertext time, the correct decrypting ciphertext of user's ability, the method strengthens the fail safe of system to a certain extent.The present invention can not only realize safety and the secret protection of mass data in cloud environment; but also take full advantage of the feature of cloud computing; most of workload in decrypting ciphertext process is all entrusted and gives Cloud Server; and due to the attribute key having user of Cloud Server; Cloud Server can only part decrypting ciphertext; both improve decryption efficiency like this, also ensure that the fail safe of system.

The present invention devises novel user's cancelling method, and user cancels the identity being equivalent to upgrade user.When user right changes, TP can re-register to user, and distribute a new overall identify label, then this is cancelled user and obtains new certificate, new overall private key and new attribute private key, cancels user and is equivalent to rejoin in system with a new identity.This cancelling method is only relevant to the attribute of cancelling user, and in actual applications, cancelling of user is not very frequent.Therefore this cancelling method can be applied in cloud environment efficiently, and forward secrecy (cancelling user can not decipher in access structure containing the ciphertext cancelling attribute) and backward security (if newly add access customer to have enough attributes, then can decipher the ciphertext generated before it adds) can be realized.

Other advantage of the present invention, target and feature will be set forth to a certain extent in the following description, and to a certain extent, based on will be apparent to those skilled in the art to investigating hereafter, or can be instructed from the practice of the present invention.The objects and other advantages of the present invention can by specification below, claims, and in accompanying drawing, specifically noted structure realizes and obtains.

Accompanying drawing explanation

In order to make the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail, wherein:

Fig. 1 is system model;

In figure: (1) announces attribute PKI; (2) enciphered data is uploaded; (3) user's registration; (4) overall private key and certificate is distributed to user; (5) attribute key request is sent; (6) attribute key is distributed; (7) access request is sent; (8) decrypted token is provided.

Fig. 2 is FB(flow block) of the present invention;

Fig. 3 is system initialization;

Fig. 4 is data encryption;

Fig. 5 is that user key generates;

Fig. 6 is visit data;

Fig. 7 cancels for user.

Embodiment

With will by reference to the accompanying drawings, the preferred embodiments of the present invention be described in detail; Should be appreciated that preferred embodiment only in order to the present invention is described, instead of in order to limit the scope of the invention.

Distributed access control based on encryption attribute mechanism provided by the invention, comprises the following steps, see Fig. 2:

S1: system initialization, the public/private key of generation system common parameter, TP to and the public/private key pair of each attribute, see Fig. 3;

Further, described step S1 comprises the steps:

S11:TP initialization, input security parameter λ, the public/private key pair of generation system common parameter and TP, wherein system common parameter comprises the Bilinear Groups G that two rank are p ₁, G ₂, G ₁in generator g and bilinear map e:G ₁× G ₁→ G ₂, the public/private key of TP is to being (sk _tP, pk _tP), make x represent attribute;

S12:AA initialization;

Wherein S12 comprises the steps:

S121: each AA receives system common parameter { g, G from TP ₁, G ₂, e (g, g) } and the PKI pk of TP _tP;

S122: each AA chooses three random number α _x, β _x, γ _x∈ Z _pas the private key of attribute x, be { α _x, β _x, γ _x, then for attribute x generates PKI

S2: data encryption, data owner's enciphered data, and data are stored on Cloud Server, in an encrypted form see Fig. 4;

Further, described step S2 comprises the steps:

S21: data owner receives system common parameter { g, G from TP and AA respectively ₁, G ₂, e (g, g) } and the PKI of each attribute

S22: data owner is based on global property collection U, and for data m defines an access structure A, A is represented by access matrix (M, ρ), the mapping wherein between the every a line of function ρ representing matrix M and attribute x;

S23: from Z _pin choose random number s as encryption exponent, make s be vector first element;

S24: calculate wherein M _iit is the i-th row of matrix M;

S25: choose random number r _i∈ Z _p;

S26: exporting ciphertext CT is

$(A,C_0=\mathrm{me}{(g,g)}^s,C_{1,i}=e{(g,g)}^{{\mathrm{\λ}}_i}e{(g,g)}^{{\mathrm{\α}}_{\mathrm{\ρ}\left(i\right)}{r}_i},C_{2,i}=g^{r_i/{\mathrm{\β}}_{\mathrm{\ρ}\left(i\right)}},C_{3,i}=g^{{\mathrm{\γ}}_{\mathrm{\ρ}\left(i\right)}{r}_i}{g}^{{\mathrm{\λ}}_i},\∀\mathrm{\ρ}\left(i\right)\∈R_A),$

Wherein R _arepresent the property set in access structure A;

S27: data owner uploads to ciphertext CT on Cloud Server.

S3: user key generates, TP distribute a GID to validated user and to this user's distributing certificates and overall private key, AA then distributes attribute private key, see Fig. 5 based on the authority of user to it;

Further, described step S3 comprises the steps:

S31: user adds system, submits to identity information to register to TP;

The legitimacy of S32:TP authenticated user;

S33: if user is legal, then distribute a GID to user, and select a random number u _gID∈ Z _pas user's overall situation private key UGSK _gID, then generate user's overall situation PKI then TP uses private key sk _tPgenerate Certificate ACert _gID=Sign _skTP(GID, AL _gID, UGPK _gID), wherein AL _gIDrepresent the attribute list of user; If this user is illegal, then refusal adds system; TP is UGSK _gIDwith certificate ACert _gIDissue user simultaneously;

S34: when user receives certificate and overall private key that TP sends, just certificate is issued its each AA be subordinate to;

S35: when AA receives certificate ACert _gIDafter, AA uses the PKI pk of TP _tPdeciphering certificate ACert _gID, and whether authentication of users GID belongs to user's revocation list (UL);

S36: if then AA continues following operation; If GID ∈ is UL, AA terminating operation;

S37:AA generates attribute private key based on the attribute list of user to user

S38: then AA sends to Cloud Server each attribute private key of user, Cloud Server receives the attribute key of user from the AA participated in and store.Note, even if Cloud Server has the attribute key of user, it can not correct decrypting ciphertext.

S4: visit data, user accesses to server request data, and the property set of and if only if user meets the access structure in ciphertext, and user could utilize overall private key and attribute private key to carry out decrypting ciphertext, see Fig. 6;

Further, described step S4 comprises the steps:

S41: user GID sends data access request to Cloud Server, and its certificate ACert _gIDissue Cloud Server;

S42: Cloud Server uses the PKI pk of TP _tPdeciphering certificate ACert _gID, and whether authentication of users GID belongs to user's revocation list (UL);

S43: if then continue following operation; If GID ∈ is UL, Cloud Server terminating operation;

S44: the attribute private key UASK of Cloud Server retrieval user _gID;

S45: the attribute private key UASK then using user _gIDdecrypting ciphertext, and generate decrypted token TK;

Wherein, S45 comprises the steps:

S451: order and I={i: ρ (i) ∈ R _a, if according to access matrix M, { λ _i} _{i ∈ I}be effectively sharing of encryption exponent s, then there is recovery coefficient { w _i∈ Z _p} _{i ∈ I}can reconstruct encryption exponent is first Cloud Server chooses { w _i∈ Z _p} _{i ∈ I};

S452: then Cloud Server secure processing device encrypts token

$\begin{array}{c}\mathrm{TK}=\underset{i\∈I}{\mathrm{\Π}}{\left(\frac{C_{1,i}\·e(g^{u_{\mathrm{GID}}},C_{3,i})}{e(K_{\mathrm{\ρ}\left(i\right)},C_{2,i})}\right)}^{w_i}\\ =\underset{i\∈I}{\mathrm{\Π}}{\left(\frac{e{(g,g)}^{{\mathrm{\λ}}_i}e{(g,g)}^{{\mathrm{\α}}_{\mathrm{\ρ}\left(i\right)}{r}_i}e(g^{u_{\mathrm{GID}}},g^{{\mathrm{\γ}}_{\mathrm{\ρ}\left(i\right)}{r}_i}{g}^{{\mathrm{\λ}}_i})}{e\left(g^{{\mathrm{\α}}_{\mathrm{\ρ}\left(i\right)}{\mathrm{\β}}_{\mathrm{\ρ}\left(i\right)}{g}^{u_{\mathrm{GID}}{\mathrm{\β}}_{\mathrm{\ρ}\left(i\right)}{\mathrm{\γ}}_{\mathrm{\ρ}\left(i\right)}},g^{r_i/{\mathrm{\β}}_{\mathrm{\ρ}\left(i\right)}}}\right)}\right)}^{w_i}\\ =\underset{i\∈I}{\mathrm{\Π}}e{(g,g)}^{(u_{\mathrm{GID}}+1){\mathrm{\λ}}_i{w}_i}\\ =e{(g,g)}^{(u_{\mathrm{GID}}+1)\underset{i\∈I}{\mathrm{\Σ}}{\mathrm{\λ}}_i{w}_i}\\ =e{(g,g)}^{(u_{\mathrm{GID}}+1)s};\end{array}$

S46: then Cloud Server sends to user TK and ciphertext;

S47: end user uses overall private key UGSK _gIDwith TK decrypting ciphertext, if the attribute of user meets the access structure in ciphertext, then user's successful decryption, end user obtains data if do not meet, then decipher failure.

S5: user cancels, when the authority of user changes, then upgrades the private key of user, makes it rejoin system, see Fig. 7 with a new identity.

Further, described step S5 comprises the steps:

S51: when the authority of user changes, user sends to TP its identity information changed, and re-registers at TP place;

S52:TP writes GID original for user in UL, and announces UL;

S53:TP is that user distributes a new overall identify label GID ', reselects a random number u _{gID '}∈ Z _pas the overall private key UGSK that user is new _{gID '}, and generate new user's overall situation PKI then TP is that user distributes a new attribute list AL _{gID '}, then TP uses private key sk _tPgenerate new certificate tP is UGSK _{gID '}with certificate ACert _{gID '}issue user simultaneously;

S54: when user receives the new certificate ACert that TP sends _{gID '}and UGSK _{gID '}after, each AA using new certificate to be again subordinate to it carries out alternately.

S55: when AA receives certificate ACert _{gID '}after, AA uses the PKI pk of TP _tPdeciphering ACert _{gID '}, and whether authentication of users GID ' belongs to user's revocation list (UL);

S56: if aA continues following operation; If GID ' ∈ is UL, AA terminating operation;

S57: this step is the same with S37, AA generate new attribute private key based on the attribute list of user to cancelling user ${\mathrm{UASK}}_{{\mathrm{GID}}^{\′},x}=g^{{\mathrm{\α}}_x{\mathrm{\β}}_x}{g}^{u_{\mathrm{GID}}{\mathrm{\β}}_x{\mathrm{\γ}}_x};$

S58: then AA sends to Cloud Server each attribute private key of user, Cloud Server receives the attribute private key of user from the AA participating in key distribution and store, Cloud Server deletes the attribute private key of cancelling user in UL simultaneously.

Claims (6)

1. based on a distributed access control method for encryption attribute, it is characterized in that: comprise the following steps

S1: system initialization, the public/private key of generation system common parameter, trusted third party (Trusted Third Party, TP) to and the public/private key pair of each attribute;

S2: data encryption, data owner's enciphered data, and data are stored on Cloud Server in an encrypted form;

S3: user key generates, TP distributes an overall identification presentation (Global Identifier to validated user, GID), and give this user's distributing certificates and overall private key, attribute authority (aa) (Attribute Authority, AA) then distributes attribute private key based on the authority of user to it;

S4: visit data, user accesses to server request data, and the property set of and if only if user meets the access structure in ciphertext, and user could utilize overall private key and attribute private key to carry out decrypting ciphertext;

S5: user cancels, when the authority of user changes, then upgrades the private key of user, makes it rejoin system with a new identity.

2. the distributed access control method based on encryption attribute according to claim 1, is characterized in that: described step S1 comprises the steps:

S11:TP initialization, input security parameter, the public/private key pair of generation system common parameter and trusted third party;

S12:AA initialization;

Wherein S12 comprises the steps:

S121: each AA receives the PKI of system common parameter and TP from TP;

S122: each AA is that each attribute that it manages generates public/private key pair.

3. the distributed access control method based on encryption attribute according to claim 1, is characterized in that: described step S2 comprises the steps:

S21: data owner receives the PKI of system common parameter and each attribute respectively from TP and AA;

S22: data owner is based on global property collection U, and define an access structure A to data, A is represented by access matrix (M, ρ), the mapping wherein between the every a line of function ρ representing matrix M and attribute x;

S23: from Z _pin choose random number s as encryption exponent, make s be vector first element;

S24: calculate wherein M _iit is the i-th row of matrix M;

S25: choose random number r _i∈ Z _p;

S26: export ciphertext CT;

S27: data owner uploads to ciphertext CT on Cloud Server.

4. the distributed access control method based on encryption attribute according to claim 1, is characterized in that: described step S3 comprises the steps:

S31: user adds system, submits to identity information to register to TP;

The legitimacy of S32:TP authenticated user;

S33: if user is legal, then distribute a GID to user, and distribute a certificate and overall private key to user, and wherein certificate comprises the overall PKI of the GID of user, the attribute list of user and user; If this user is illegal, then refusal adds system;

S34: when user receives certificate and overall private key that TP sends, just certificate is issued its each AA be subordinate to;

S35: after AA receives certificate, AA use the public key decryptions certificate of TP, and whether authentication of users GID belongs to user's revocation list (UL);

S36: if then AA generates attribute private key based on the attribute list of user to user; If GID ∈ is UL, AA terminating operation;

S37: then AA sends to Cloud Server the attribute private key of user, and is stored on Cloud Server.

5. the distributed access control method based on encryption attribute according to claim 1, is characterized in that: described step S4 comprises the steps:

S41: user GID sends data access request to Cloud Server, and certificate is issued Cloud Server;

S42: Cloud Server uses the public key decryptions certificate of TP, and whether authentication of users GID belongs to user's revocation list (UL);

S43: if then continue following operation; If GID ∈ is UL, Cloud Server terminating operation;

S44: the attribute private key of Cloud Server retrieval user;

S45: the attribute private key decrypting ciphertext then using user, and generate decrypted token TK;

Wherein S45 comprises the steps:

S451: order and I={i: ρ (i) ∈ R _a, if according to access matrix M, { λ _i} _{i ∈ I}be effectively sharing of encryption exponent s, then there is recovery coefficient { w _i∈ Z _p} _{i ∈ I}can reconstruct encryption exponent is first Cloud Server chooses { w _i∈ Z _p} _{i ∈ I};

S452: then Cloud Server secure processing device encrypts token TK;

S46: then Cloud Server sends to user TK and ciphertext;

S47: end user uses overall private key and TK decrypting ciphertext, if the attribute of user meets the access structure in ciphertext, then user's successful decryption; If do not meet, then decipher failure.

6. the distributed access control method based on encryption attribute according to claim 1, is characterized in that: described step S5 comprises the steps:

S51: when the authority of user changes, user sends to TP its identity information changed, and re-registers at TP place;

S52:TP writes GID original for user in UL, and announces UL;

S53:TP is that user distributes a new overall identify label GID ', and distribute a new certificate and overall private key for user, wherein new certificate comprises GID ', new Customer attribute row form and new overall PKI, and then TP issues user overall private key new for user and certificate simultaneously;

S54: after user receives the new certificate and overall private key that TP sends, each AA using new certificate to be again subordinate to it carries out alternately.

S55: when AA receives certificate ACert _{gID '}after, AA uses the public key decryptions certificate of TP, and whether authentication of users GID ' belongs to UL;

S56: if aA continues following operation; If GID ' ∈ is UL, AA terminating operation;

S57: this step is the same with S37, AA generate new attribute private key based on the attribute list of user to cancelling user;

S58: then AA sends to Cloud Server each attribute private key of user, Cloud Server receives the attribute private key of user from the AA participating in key distribution and stores, and Cloud Server deletes newly-increased attribute private key of cancelling user in UL simultaneously.