Both cryptography and access-control subsystems that allow access of data objects and other computational resources only to authorized accessing entities are mature fields of research and development that have produced a plethora of useful techniques, methods, and systems widely employed in computational systems, including communications systems, database management systems, most general-purpose computer systems, mobile phones, information-display devices, and in many other types of systems, devices, and fields of human endeavor.
Cryptography provides various types of encryption/decryption technologies that form a computational foundation for secure information exchange. Many types of computational encryption and decryption methods have been developed, including public/private-key-pair-based encryption/decryption methods, symmetrical encryption/decryption methods, and many other types of encryption and decryption technologies. Encryption methods transform a digitally encoded sequence of symbol, including text and numerical data, into a corresponding encrypted symbol sequence that cannot be straightforwardly read or interpreted, in general, but that contains the same information that is contained in the original symbol sequence that was encrypted to produce the encrypted symbol sequence. A party possessing a decryption key or other decryption-facilitating information can carry out an inverse transformation to regenerate the original symbol sequence.
The term “attribute” refers to information-containing symbol sequences, numbers, data structures, or other digitally encoded information that can be associated with real-world or computational entities. Often, the collection of attributes associated with an entity defines or describes the entity within some real-world or computational context. As one example, an employee within a corporation may be described by a collection of attributes, such as “works for the personnel department,” “salaried employee,” “female,” “electrical engineer,” and other such attributes. Access-control subsystems have been devised to control access by users to stored data objects, system-provided services, and other computational resources based on the attributes associated with a person or computational entity seeking to access the access-controlled computational resources. Access-control subsystems are found in many different computational systems and environments. Attribute-based access control provides numerous computational and design advantages. As one example, attributes provide a medium of access-rights exchange similar to the role played by currency in financial transactions, which allows a simple and clean separation between the many different types of activities that generate value and the many different types of activities that consume value.
In certain types of data-storage and data-retrieval systems, attribute-based encryption is employed to securely store information in encrypted form and to allow only parties with attributes that satisfy access policies associated with the stored data to access the stored data. While these attribute-based-encryption systems provide useful functionality, current implementations are associated with relatively onerous computational overheads, as a result of which attribute-based encryption is currently unsuitable for many types of high-volume and high-transaction-rate data-storage applications. Researchers and developers, recognizing advantages provided by attribute-based encryption, seek new technologies that provide desired functionality with acceptable computational overhead.