Abstract
Decryption control is an essential task for cloud computing services where data stored in the cloud are encrypted for strong privacy protection. This paper presents a method for decryption control The method is discretionary in the sense that authorizations for decrypting a record in cipher can be granted or revoked at the discretion of its owner. For a decryption authorization, the decryption key for the decryption computation is split into two parts, where die first part is called a right-to-decrypt code and is like a password chosen by the authorized person while the second part is called a partial substitute key and is stored in the cloud. Deleting a partial substitute key from the cloud storage revokes the corresponding audiorization. The method provides flexibility in authorization management; furthermore, it strengthens privacy protection by replacing a single decryption key with two split parts. A recovery computation is performed to reclaim the decryption key, followed by validation against a hash value of the decryption key.
Original language | English |
---|---|
Pages (from-to) | 5537-5551 |
Number of pages | 15 |
Journal | Information (Japan) |
Volume | 16 |
Issue number | 8 A |
State | Published - 08 2013 |
Keywords
- Authorization management
- Cryptographic-key splitting
- Decryption authorization
- Discretionary access control
- Galois finite field
- Personal health record