群組會將資料用群組私密金鑰SK所導出的加密金鑰，加密該文件，並將其上傳至雲端中。當被授權的群組(即上級群組們)，則透過對直屬結構表中公開數值，遞迴路徑運算出該群組私密金鑰SK進而解密該資料。本論文所提機制亦與AKL、Lo-Hwang-Liu、Chu-Hsing Lin三位所提機制在多個面向(運作成員、效率、新成員加入及離開等)做比較，本論文具不用CA(Certificate Authority，憑證授權中心)、運算簡單、具當階層式結構擴大較少公開參數改變的優點。
This study proposes a simple and fast data authorization in hierarchical structure between groups for cloud computing. Within this method, each group in hierarchical organization gets a pair key, naming the public key ’PK’and the private key ‘SK’. The group use its direct ancestor groups’ public keys ’PK’ to encrypt its own private key ’SK’ to generate the open parameters R. All these parameters(public keys PK, open parameters R) and their relationship are to open public by using an open table called RAP (Relation-And-Parameter) table.
When comes to data encryption, groups derive the encryption key from its private key ‘SK’ by using a open function called F function, encrypt the files and upload them to the cloud. When the group is authorized (groups that are the ancestor groups’ ), they look the RAP table and find the path between his group and the authorized group, recursively computed the group’s private key ‘SK’ in the path, and finally use the F function to derive the decrypt encryption key. We also compared the proposed mechanisms with those by AKL, Lo-Hwang-Liu, and Chu-Hsing Lin in multiple faces like operation of member, efficiency, new members join and leave, etc.. As a result, the proposed one provides little CA (Certificate Authority), simple operation, fewer public parameters changes when come to a hierarchical structure expansion.