Skip to Main Content
A key assignment scheme whose security is based on solving discrete logarithms is proposed to work out a solution on the access control problem in an arbitrary partially ordered user hierarchy. Each user is assigned a secret key used to efficiently derive his successors' secret key and assigned an encryption key at the same time used to encrypt his information items or files only. Thus, any user can freely change his own encryption key for some security reasons without caring about those security classes with lower clearances to make their information items been reenciphered. And moreover, make a security class be added into or deleted from the hierarchy without changing any issued keys.