Abstract: Attribute-based encryption mechanism was a significant approach for data fine-grained access control in cloud in which the user revocation was the most crucial aspect of the access control. However, the existing user revocation schemes either encrypt the symmetric key or the original data, so keeping the balance between security and efficiency was difficult. In order to solve the security and efficiency problems that user revocation brought in the fine-grained access control, a new user revocation approach based on intermediate agency was proposed. In this approach, a intermediate agency to process original cipher text was employed, then the decryption should be finished by users. Because the user couldnot decrypt the cipher text alone, encrypting data after user revocation was required. Theoretical analysis and experimental results show that in the fine-grained access control environment proposed approach can achieve security and efficiency in user revocation compared with the existing schemes.

Key words: data confidentiality; fine-grained access; user revocation; intermediate agency