A Secure and Efficient Digital-Data-Sharing System for Cloud Environments

“Education Cloud” is a cloud-computing application used in educational contexts to facilitate the use of comprehensive digital technologies and establish data-based learning environments. The immense amount of digital resources, data, and teaching materials involved in these environments must be stored in robust data-access systems. These systems must be equipped with effective security mechanisms to guarantee confidentiality and ensure the integrity of the cloud-computing environment. To minimize the potential risk of privacy exposure, digital sharing service providers must encrypt their digital resources, data, and teaching materials, and digital-resource owners must have complete control over what data or materials they share. In addition, the data in these systems must be accessible to e-learners. In other words, data-access systems should not only encrypt data, but also provide access control mechanisms by which users may access the data. In cloud environments, digital sharing systems no longer target single users, and the access control by numerous users may overload a system and increase management burden and complexity. This study addressed these challenges to create a system that preserves the benefits of combining digital sharing systems and cloud computing. A cloud-based and learner-centered access control mechanism suitable for multi-user digital sharing was developed. The proposed mechanism resolves the problems concerning multi-user access requests in cloud environments and dynamic updating in digital-sharing systems, thereby reducing the complexity of security management.


Introduction
As the name suggests, e-learning involves learning through digital media [1]. E-learning can be traced back to the Programmed Logic for Automatic Teaching Operations (PLATO) introduced by Prof. Patrick Suppes of Stanford University and Prof. Don Bitzer of the University of Illinois in 1960 [2]. The PLATO system was capable of teaching students reading and writing skills through courses involving computer-assisted instruction (CAI). E-learning has gradually evolved from standalone CAI to online learning platforms that cater to mass users [3]. For example, the online courses offered through the University of Phoenix's online platform and through OpenCourseWare, operated by the Massachusetts Institution of Technology, provide learning opportunities for people all over the world through digital sharing.
Amidst advancements of network technologies, the prevalence of digital-multimedia-information use has accelerated. For example, application of digital multimedia information has become a mainstream in teaching. This approach not only overcomes the spatial and temporal constraints of learning but also contributes to more engaging, interactive, and immediate learning experiences, which motivate learners and stimulate their interests. These features support users' comprehension of new content, and reinforce previously learned concepts [3][4][5][6]. E-learning achieved steady development

Access Control Mechanisms
Access control has been extensively studied, and scholars have proposed a variety of access control mechanisms, such as access control matrices, access control lists, capability lists, and role-based access control (RBAC). Access control matrices are the simplest of these mechanisms to use in management of system resource-access [16]. When a user submits a request to access system resources, the system uses the user's position relative to the requested object in an access control matrix to determine the legitimacy of the request.
The concepts behind access control lists and capability lists are similar. Both mechanisms compile authorization logs into lists. In an access control list, authorization logs are compiled into columns in the access control matrix, where system resources constitute the base matrix and users are represented in a linked list. In a capability list, permission logs are compiled into rows in the access control matrix, where users constitute the base matrix, and system resources are represented in a linked list. Access control lists facilitate the management of system resource requests. However, searching for a specific user in an access control list is time intensive. By comparison, the advantages of capability lists correspond with the disadvantages of access control lists.
In addition to the aforementioned access control mechanisms, several access control models have been proposed. For example, task-based access controls (TBACs) authenticate access requests and periods based on task requirements [17], temporal RBACs (TRBAC) authenticate role permissions based on the changes in time intervals [18], rule set-based access controls authenticate permissions based on the system's security strategy [19], and spatial RBAC (SRBAC) authenticates role permissions based on changes in spatial locations [20]. These access control models can be employed independently or combined with other control models. For instance, TBACs can be used simultaneously with RBACs in access systems [17], or a hybrid RBAC can be adopted as the access control mechanism in large and complex organizations [21]. Furthermore, access control mechanisms can be incorporated into other system structures, such as RBAC online-payment systems [22].
At present, commonly applied access controls can be categorized into three types: discretionary access control (DAC), mandatory access control (MAC), and RBAC.
In DAC mechanisms, access is granted based on user identity and the specific action related to the access request. Users are able to manage the access permission of the objects they own without intervention from system administrators. In sum, DAC enable the transfer of object authorities and is suitable for developing environments for data sharing and autonomous application of authority [23].
Although DAC models provide flexible access control mechanisms, they cannot guarantee the integrity of data after authorization [24]. For example, users that are authorized to access a particular Sensors 2019, 19, 2817 4 of 23 document may download the document onto a storage device and then transfer the document to others without the authorization of the owner. Thus, in DAC systems, document owners are unable to track the authorized users' transfer of their documents, and document receivers cannot determine whether the rights of the document belong to the document provider or whether the document was merely transferred from another source.
MACs prohibit users from freely allocating access permissions, and permission allocation rights belong exclusively to a system administrator [25]. MACs assign security levels and category labels to all subjects and objects in a system. When a user requests access to an object, the system compares the labels of the user and the object. If the users' access permissions correspond with or exceed the confidentiality level of the object, the request of the user is authorized; otherwise, the request is rejected [24]. For example, assume the system sets the security clearance of User A at 2 and that of User B at 4, and that the security levels of Documents A, B, and C are 1, 3, and 6, respectively. User A is able to view Document A, which is categorized under a security level lower than his or her clearance, whereas User B is authorized to view Documents A and B. The security level of Document C is higher than the clearance of both users; therefore, they cannot access Document C. The application of MAC is more complicated than that of DAC, making MAC-based systems suitable for environments with stringent security requirements, such as national defense departments.
The RBAC was introduced by Sandhu et al. in 1996 [13] It was subsequently incorporated and standardized by the NIST in 2011, and was renamed as NIST RBAC [26]. RBACs create "role" elements between the "user" and "access permission" elements in a system, enabling users to access documents through the "role" element.
As awareness of digital data confidentiality rose in 2004, Chen et al. proposed an access control mechanism that combined encryption and key management, and applied the mechanism in a mobile agent environment [27][28][29]. Before a mobile agent is approved for work on the Internet, the transmitting host decides which hosts will be visited by and what data is accessible to the agent. In addition, the owner of the mobile agent must first determine pathways and access strategy. The owner of the agent then encrypts his or her confidential files with separate keys using a symmetric encryption system, such as the Advanced Encryption Standard (AES), Data Encryption Standard (DES), or International Data Encryption Algorithm [30]. Finally, various access permissions are established based on the access control strategy, and a hierarchical structure is created based on the level of the access permissions. The owner of the agent provides a superkey to each host and publishes specific public parameters of the agent. The hosts then use their superkeys to access data from hosts with security levels below their clearance.
Thereafter, access mechanisms based on an elliptic curve, bilinear pairing, and ID authentication, and mechanisms with migration and time constraints were sequentially introduced [31][32][33][34]. Cloud environments matured by 2012 and Liu et al. proposed a dynamic access framework that achieved accurate access control of cloud data and logs in a multi-user setup. The framework was incorporated into a medical environment to maximize patients' control of their medical records. The system ensured privacy by only granting access to doctors, pharmacists, nurses, and researchers [14,15,35].
Recently, context-aware access control (CAAC) models have been developed, extending the basic RBAC authorization model, which determine whether users' requests to limit the access permissions for privacy data and information based on the dynamically changing contextual conditions, such as related resources, environments, user properties, software services [36,37]. For example, Schefer-Wenzl and Strembeck proposed the fuzzy model with an ontology-based approach that captures contextual conditions for mobile business processes [38]. Hosseinzadeh et al. used ontological techniques and Web Ontology Language (OWL) of modeling context-aware role-based access control scheme for smart spaces [39]. Trnka and Cerny proposed a CAAC scheme based on using security levels, which are granted to user based on his/her context [40]. Colombo and Ferrari proposed a roadmap to enhance the data protection functionalities of NoSQL datastore and then design a CAAC mechanism for MongoDB [41,42]. Kayes et al. developed several CAAC systems by considering a wide variety of contextual conditions, the relationship context information utilizing the process of inferring implicit knowledge, and the purpose-oriented situation information based on the currently available context information [43][44][45].

Lagrange Interpolation Polynomial
Following, is a brief introduction to Lagrange interpolation polynomial [30], which we have adopted for encryption and decryption processes. In numerical analysis or other applications, many practical problems are represented through functions to express intrinsic relationships or regularity. However, the precise relationship between variable x and variable y of many functions are extremely complex, and cannot be determined through experiments. The method of Lagrange interpolation enables us to obtain a polynomial which passes through a finite set of points in the x-y plane. The polynomial obtained by this method is called the Lagrange polynomial. Mathematically, the Lagrange interpolation polynomial can obtain a polynomial function, which passes through known points of a two-dimensional plane. For example, in a x-y plane, given n + 1 are known points, (x 0 , y 0 ), (x 1 , y 1 ), . . . , (x n , y n ). The method of Lagrange interpolation provides a formula for constructing a unique polynomial of degree n which passes through these n + 1 points. Among them, the Lagrange fundamental polynomial, or interpolation basis function is expressed as follows: The specific point of l j (x) is the derived value 1 from x j . Values from other points x i (i j) equals 0, the expression of which is as follows: That is the unique polynomial of degree n which passes through the points (x 0 , y 0 ), (x 1 , y 1 ), . . . , (x n , y n ). For example, the binomial that passes through (4, 1), (5,5), and (6, 10) when expressed in Lagrange basic polynomial is as follows By applying Lagrange interpolation polynomial, a single polynomial L(x) can be obtained as expressed below: It can be inferred that f (4) = 1, f (5) = 5, f (6) = 10. By applying this formula, predicted values can be derived, for example: to derive f (18), substitute x = 18 in L(x), and L(18) = f (18) = 148 is derived.

The Proposed Mechanism
The foremost challenges when creating digital-sharing systems for cloud environments are managing large user bases and complex access relationships. Ensuring the confidentiality and integrity of users' cloud data represents an additional concern. In response to these challenges, we developed a dynamic multi-user access mechanism that can accurately access and control the digital resources and teaching materials stored in the cloud, as shown in Figure 1. The proposed systems indexes Lagrange interpolating polynomials to provide different users maximum control over their data and logs. The system also comprises an encryption technique to protect users' privacy, with unique keys generated by Central Authority that can be freely used to share their digital data. The steps involved in developing the proposed access control system are explained in the following section. The definitions of the symbols used in the creation of the proposed system are tabulated in Table 1.

Create a System User
In this study, we adopt the access relationships of a partially ordered set. A Central Authority (CA) (or a multiple number of CAs that are distributed by a single CA) builds the partially ordered set, which is a pair (S, ≼), where ≼ is a reflexive, antisymmetric, transitive binary relation in set S. In this paper, users are divided into disjoint sets labeled Si, where Si is a subset that corresponds with security classes, and each class is assigned clearance to access specific files. Therefore, the decryption key with permission to obtain the encrypted file can be expressed as Si = {u: u is the file id that Si is permitted to access} for i = 1, 2, …, n, where n   and '≼' is a binary partial order relation over the User-authorized file set The indicate function of set J i To determine whether the user has authorized the file set

Create a System User
In this study, we adopt the access relationships of a partially ordered set. A Central Authority (CA) (or a multiple number of CAs that are distributed by a single CA) builds the partially ordered set, which is a pair (S, ), where is a reflexive, antisymmetric, transitive binary relation in set S. In this paper, users are divided into disjoint sets labeled S i , where S i is a subset that corresponds with security classes, and each class is assigned clearance to access specific files. Therefore, the decryption key with permission to obtain the encrypted file can be expressed as S i = {u: u is the file id that S i is permitted to access} for i = 1, 2, . . . , n, where n ∈ N and ' ' is a binary partial order relation over the set S = {S 1 , S 2 , . . . , S n }. For the set (S, ), S j S i (i, j ∈ N), indicating that a user in security class S i can read or store data held by a user in security class S j , but the opposite is not allowed. Each class possesses its S i . In S j S i , S i corresponds with the security class required to obtain the decryption key for S j to retrieve file 1 and file 2 .
The system may be accessed by users of a variety of identities, such as teaching material authors, partner vendors, authorities affiliated with the Ministry of Education, class teachers, students, and students' parents. In the proposed system, the security class of each user is expressed as S i , and each user possesses a superkey (H i ), where i = 1, 2, ..., n. The CA creates a framework for these users. The system structure comprises n users in two sets, S = {S 1 , S 2 , ..., S n } and H = {H 1 , H 2 , ..., H n }, which can be expressed in Table 2: Table 2. Sets of security class and superkey.

Establish an Associative Array and Function for System Users and Data Files
The digital-data-sharing system proposed in this study was developed specifically for teachingmaterial-related use. The proposed system stores data provided by publishers (partner vendors), the Ministry of Education, teaching material authors, and teachers. The system applies encryption keys to the data uploaded by the various users to generate encrypted files, which are then stored in the cloud server. The CA builds a structure in which m files form a set file = {file 1 , file 2 , ..., file m }. Additionally, the CA creates decryption keys corresponding to file u , where u = 1, 2, ..., m, protecting the encrypted files from random access. The decryption keys are expressed as DK u , where u = 1, 2, ..., m. The relationship between the files and keys can be shown in Table 3. The following adjacency matrix illustrates the access relationships. Assume the system structure comprises six security classes and four files; {security classes} × {files} data may be arranged in a two-dimensional array as follows: possesses its own cryptographic key; thus, if Sj = {1, 2}, Si = {1, 2, 3}, {1, 2} ≼ {1, 2, 3}, then Sj ≼ Si. In Sj ≼ Si, Si corresponds with the security class required to obtain the decryption key for Sj to retrieve file1 and file2.
The system may be accessed by users of a variety of identities, such as teaching material authors, partner vendors, authorities affiliated with the Ministry of Education, class teachers, students, and students' parents. In the proposed system, the security class of each user is expressed as Si, and each user possesses a superkey (Hi), where i = 1, 2, ..., n. The CA creates a framework for these users. The system structure comprises n users in two sets, S = {S1, S2, ..., Sn} and H = {H1, H2, ..., Hn}, which can be expressed in Table 2: Table 2. Sets of security class and superkey.

Establish an Associative Array and Function for System Users and Data Files
The digital-data-sharing system proposed in this study was developed specifically for teachingmaterial-related use. The proposed system stores data provided by publishers (partner vendors), the Ministry of Education, teaching material authors, and teachers. The system applies encryption keys to the data uploaded by the various users to generate encrypted files, which are then stored in the cloud server. The CA builds a structure in which m files form a set file = {file1, file2, ..., filem}. Additionally, the CA creates decryption keys corresponding to fileu, where u = 1, 2, ..., m, protecting the encrypted files from random access. The decryption keys are expressed as DKu, where u = 1, 2, ..., m. The relationship between the files and keys can be shown in Table 3. Table 3. Decryption keys for corresponding encrypted files.
The following adjacency matrix illustrates the access relationships. Assume the system structure comprises six security classes and four files; {security classes} × {files} data may be arranged in a twodimensional array as follows: We define the indicate function as I(x, y). This function expresses that user i is permitted to obtain fileu using DKu. Variable x represents user's id i, and the variable y represents file's id u. User i uses his or her secret superkey Hi to access row i. According to the construction, row i contains the set of fileu that user i is authorized to access. For example, I(3, 2) = 1 because user 3 is authorized to access file2. I(6, 1) = 0 because user 6 is not authorized to access file1.
( , ) = 1 , if user has access to file 0 , otherwise For a flexible specification of access control policy, we combine the dynamically changing context by using the particular context database. It is mainly formed with 3w queries (who, what, possesses its own cryptographic key; thus, if Sj = {1, 2}, Si = {1, 2, 3}, {1, 2} ≼ {1, 2, 3}, then Sj ≼ Si. In Sj ≼ Si, Si corresponds with the security class required to obtain the decryption key for Sj to retrieve file1 and file2. The system may be accessed by users of a variety of identities, such as teaching material authors, partner vendors, authorities affiliated with the Ministry of Education, class teachers, students, and students' parents. In the proposed system, the security class of each user is expressed as Si, and each user possesses a superkey (Hi), where i = 1, 2, ..., n. The CA creates a framework for these users. The system structure comprises n users in two sets, S = {S1, S2, ..., Sn} and H = {H1, H2, ..., Hn}, which can be expressed in Table 2: Table 2. Sets of security class and superkey.

Establish an Associative Array and Function for System Users and Data Files
The digital-data-sharing system proposed in this study was developed specifically for teachingmaterial-related use. The proposed system stores data provided by publishers (partner vendors), the Ministry of Education, teaching material authors, and teachers. The system applies encryption keys to the data uploaded by the various users to generate encrypted files, which are then stored in the cloud server. The CA builds a structure in which m files form a set file = {file1, file2, ..., filem}. Additionally, the CA creates decryption keys corresponding to fileu, where u = 1, 2, ..., m, protecting the encrypted files from random access. The decryption keys are expressed as DKu, where u = 1, 2, ..., m. The relationship between the files and keys can be shown in Table 3.
The following adjacency matrix illustrates the access relationships. Assume the system structure comprises six security classes and four files; {security classes} × {files} data may be arranged in a twodimensional array as follows: We define the indicate function as I(x, y). This function expresses that user i is permitted to obtain fileu using DKu. Variable x represents user's id i, and the variable y represents file's id u. User i uses his or her secret superkey Hi to access row i. According to the construction, row i contains the set of fileu that user i is authorized to access. For example, I(3, 2) = 1 because user 3 is authorized to access file2. I(6, 1) = 0 because user 6 is not authorized to access file1.
( , ) = 1 , if user has access to file 0 , otherwise For a flexible specification of access control policy, we combine the dynamically changing context by using the particular context database. It is mainly formed with 3w queries (who, what, We define the indicate function as I(x, y). This function expresses that user i is permitted to obtain file u using DK u . Variable x represents user's id i, and the variable y represents file's id u. User i uses his or her secret superkey H i to access row i. According to the construction, row i contains the set of file u that user i is authorized to access. For example, I(3, 2) = 1 because user 3 is authorized to access file 2 . I(6, 1) = 0 because user 6 is not authorized to access file 1 .
I(x, y) = 1 , if user x has access to file y 0 , otherwise For a flexible specification of access control policy, we combine the dynamically changing context by using the particular context database. It is mainly formed with 3w queries (who, what, and where), i.e., the sets of questions for judgement the specific people (1) whether he/she comes from the security class {S}; (2) what conditions that he/she needs to handle (specific information and resources to be obtained); and (3) what locations that he/she may exist (the determination of environments). Figure 2 shows the detailed structure of the database. Here, we require that before people, who have authority (i.e., I(x, y) = 1), access the file, he/she must firstly pass the queries from the context database. and where), i.e., the sets of questions for judgement the specific people (1) whether he/she comes from the security class {S}; (2) what conditions that he/she needs to handle (specific information and resources to be obtained); and (3) what locations that he/she may exist (the determination of environments). Figure 2 shows the detailed structure of the database. Here, we require that before people, who have authority (i.e. I(x, y) = 1), access the file, he/she must firstly pass the queries from the context database. Each query may equally come from different sets and the requested users need to send the right answers for the response queries, making the sum of value of identification factors be greater than, or equal to, one, i.e., { | 0 ≤ ≤ 1, for = 1,2, … , } , where 1 + 2 + ⋯ + ≥ 1. The system can determine that the user has indeed been authorized and owned the right to get secure key and access the file contents by the sum of the factor value reaching to one.

Figure 2.
Context database and query set for the proposed digital sharing system.

Establish the Correlation Functions to Derive Keys of System Users
To accurately derive DKs to access the desired file, numerous auxiliary polynomials and functions are stored in the system to assist in the processing of access control. First, the authenticity of users' keys must be defined. Therefore, the indicator function is defined as , where an output result of 1 represents an authentic key. For other outputs, the key is rejected. Second, the clearance of the user must be determined for file access to be granted. Therefore, the function is defined as Ji = {u: 1  u  m, u is the file id that Si has permission to access} (assuming that the system contains n users and m files for access). The preceding two auxiliary functions form the function ( ), which expresses that the user's Si is authorized to access the DK. The function can be expressed as follows: Third, several correlation functions can be generated by applying the Lagrange interpolation polynomial as below steps: Step 1: the CA establishes a unique superkey Hi, where i = 1, 2, ..., n, for user i in the S = {S1, S2, ..., Sn} set. The Hi is confidential to the user i. Step 4: the CA selects nonrepeated random integers {DK1, DK2, …, DKm} (supposing m confidential files exist) as the decryption key for encrypting and decrypting confidential files. The CA maintains the confidentiality of the DKu and publishes the public parameter u.
Step 5: the CA defines Ji = {u: 1  u  m, u is the file id that Si has permission to access} when n users Each query may equally come from different sets and the requested users need to send the right answers for the response queries, making the sum of value of identification factors be greater than, or equal to, one, i.e., { f actor Q n | 0 ≤ f actor Q n ≤ 1, for i = 1, 2, . . . , n , where f actor Q 1 + f actor Q 2 + . . . + f actor Q n ≥ 1. The system can determine that the user has indeed been authorized and owned the right to get secure key and access the file contents by the sum of the factor value reaching to one.

Establish the Correlation Functions to Derive Keys of System Users
To accurately derive DKs to access the desired file, numerous auxiliary polynomials and functions are stored in the system to assist in the processing of access control. First, the authenticity of users' keys must be defined. Therefore, the indicator function is defined as , where an output result of 1 represents an authentic key.
For other outputs, the key is rejected. Second, the clearance of the user must be determined for file access to be granted. Therefore, the function is defined as J i = {u: 1 ≤ u ≤ m, u is the file id that S i has permission to access} (assuming that the system contains n users and m files for access). The preceding two auxiliary functions form the function I J i (y), which expresses that the user's S i is authorized to access the DK. The function can be expressed as follows: Third, several correlation functions can be generated by applying the Lagrange interpolation polynomial as below steps: Step 1: the CA establishes a unique superkey H i , where i = 1, 2, ..., n, for user i in the S = {S 1 , S 2 , ..., S n } set. The H i is confidential to the user i. Step 3: the CA establishes the function A i (x) applying Lagrange interpolation polynomial for user i, Step 4: the CA selects nonrepeated random integers {DK 1 , DK 2 , . . . , DK m } (supposing m confidential files exist) as the decryption key for encrypting and decrypting confidential files. The CA maintains the confidentiality of the DK u and publishes the public parameter u.
Step 5: the CA defines J i = {u: 1 ≤ u ≤ m, u is the file id that S i has permission to access} when n users exist for i = 1, 2, ..., n and m files for u = 1, 2, ..., m. J i is the set of file id's that user i is authorized to visit.
Step 6: the CA defines . This indication function expresses that user i is authorized to access the DK u . The function B i (y) is established by applying Lagrange Step 7: the CA establishes the key-deriving function for (x, y) ∈ R × R, and the CA declares it publicly.
Continually, user i can incorporate the owned superkey H i and the file id u to G(x, y) for deriving the DK u , which is then used to decrypt file u . The derivation process is described in the following steps: Step 1: user i incorporates the superkey H i into I Step 2: user i incorporates the superkey Step 3: user i incorporates the id u of the desired file u into I J i (y) = 1 , i f y ∈ J i 0 , o.w. , where J i = {u: 1 ≤ u ≤ m; u is the file id that S i has permission to access }. If user i is authorized to access DK u , then y ∈ J i and I J i (y) = 1.
Step 4: user i incorporates the id u of the desired file u into B i (y) = If user i is authorized to access DK u , then B i (y) = DK y if y ∈ J i or B i (y) = 0 if y J i .
In this instance, the user can derive the decryption key; otherwise, G(x, y) = 0.

Change the Access Permissions of Users
The system users' membership system may be added or removed due to different events, or as time changes. Additionally, users' access permissions may change, and data may be added, modified, or deleted according to different access requirement. In this study, we developed an approach to resolve management problems related to system access security without sacrificing computing power and storage space.
The proposed system calculates the public function G(x, y). The following goals may be achieved by updating the function and modifying the parameters: (1) add user; (2) remove user, and (3) update user permissions.
Further decomposition of G(x, y) yields A 1 (x)B 1 (y) + A 2 (x)B 2 (y) + . . . + A n (x)B n (y) where (x, y) ∈ R×R and the subfunction A i (x) is correlated to the authentication of user data. The subfunction verifies whether H i is present in a legitimate list in the system and whether the user can acquire a personal key for authentication. Additionally, subfunction B i (y) is correlated to data authentication. These subfunctions verify whether users can acquire DK u to decrypt encrypted data files. A i (x) and B i (y) can be expressed as follows: (1) Add user: to add a user, the system merely update the indication functions I {H 1 ,...,H n+1 } (x) and I J v (y) and creates A v (x), B v (y), and J v for the new user S v , after which the data are updated to G(x, y). In other words, G'(x, y) = G(x, y) + A v (x)B v (y). Only simple additive operation is involved in the computation. (2) Remove user: similar to the process for adding a user, the system removes the A v (x) and B v (y) parameters associated with member S v from G(x, y) to remove a user. Therefore, G'(x, y) = G(x, y) − A v (x)B v (y). A subtraction algorithm is used in the computation. (3) Update user access permissions: when a system user wishes to modify their access permissions, the system redefines J i ' = {u: 1 ≤ u ≤ m, u is the file id that S i has permission to access }, where J i ' represents the updated S i permissions. B i (y) is then updated to B i '(y); that is, the function J i related to B i (y) is replaced by J i ' to obtain G'(x, y) = G(x, y) − A i (x)B i (y) + A i (x)B i '(y), reflecting the new permissions for the user. Addition and subtraction algorithms are used in the computation.

Adding a New Security Class
In case that S v is a new security to be inserted into the user hierarchy; CA executes the procedure below for inserting the new security class S v .
Step 1: CA distributes the secret parameter superkey H v to a new security class S v .
Step 2: CA establishes A v (x). A v (x) is identical to that of A i (x) except that n is replaced by n is updated.
Step 3: CA establishes the parameter J i = {u: 1 ≤ u ≤ m, u is the file ID of authorized S i } for S v Step 5: is updated.
Step 6: CA updates formula G(x, y) in the original scheme that the new formula appears G'(x, y) = G(x, y) In the above process to append a user, CA simply updates the indices I {H 1 ,...,H n+1 } (x) and I J v (y) and establishes A v (x), B v (y), J v for the new security class S v . The information is updated to formula G(x, y). Few costs are required for computing the new security class S v , and merely addition is required for updating the entire scheme.

The Example of Adding a New Security Class
In this example, we assume that the digital-sharing mechanism contained the security classes S 1 through S 6 and the digital resources file 1 to file 5 . A downstream bookstore joins the sharing mechanism as S 7 and the owner receives authorization to access Junior High School Year 1 English, Senior High School Year 2 Physics, and Senior High School Year 3 Chemistry (Table 4).
First, the CA assigns the superkey H 7 to the downstream bookstore and updates the indication functions to I {H 1 ,...,H n+1 } (x) and I J v (y) according to the digital-resource permissions of the bookstore. The CA defines J 7 = {1, 3, 4} for S 7 and creates the following equation: Finally, all parameters are updated into a new formula G'(x, y) = G(x, y) + A 7 (x)B 7 (y)

Removing an Existing Security Class
Assuming that an existing security class S v is to be removed from the digital-sharing mechanism, CA could precede the following Step 1 or Step 2.
Step 1: CA removes the relevant parameter Step 2: J v is defined as the set of file ID's, which the user v is authorized to visit. Instinctively, CA updates J v and deletes the authorization of the user: J v ' = φ = empty set

The Example of Removing an Existing Security Class
Assuming that S 7 downstream bookstore in the original scheme is no longer authorized, CA tends to remove S 7 from the scheme, as below (Table 5): CA could choose one of the following methods to remove S 7 ; one is to update formula G'(x, y) = G(x, y) − A 7 (x)B 7 (y) to remove the relevant parameters in S 7 and the other is to update J 7 ' = φ so that S 7 could not pass the authorization verification.

Updating a User Authorized
In the initial phase of the proposed scheme, CA would establish the access authority for the security class S i . When a user is updated by the system authorization, CA would proceed the following steps.
Step 1: CA resets J i ' = {u: 1 ≤ u ≤ m, u is the file ID of authorized S i }. J i ' presents the new authorization of S i after update. When the authorization to the digital-sharing mechanism is changed, CA would re-calculate the adjacency matrix to generate a new set J i .
Step 2: CA updates B i (y) to B i '(y), as J i is replaced by J i ' and the information of J i is relevant with B i (y).
Assuming that a new authorization of set J i ' is given to user According to the above steps, the establishment of J i could easily update the authorization of user i to access to digital data. When the user i does not present any authorization, B i (y) does not need to be updated, but just take J i ' = φ = empty set.

The Example of Updating a User Authorized
Assuming that S 4 student could access to file 4 Chemistry in the original scheme, but no longer could after the research project being changed, a new authorization allows to access to file 2 mathematics, as below (Table 6): In this dynamic access section, the construction and updating of G(x, y) involve only simple arithmetic calculations. These can be done on a fly for a system consisting of millions of servers and millions of files. This scheme is easy to operate as the user i just enters a pair of valid (H i , u) to get the correct DK u . The system administrator calculates and updates G(x, y) in the background in real time. Every server follows exactly the same operational steps to retrieve the correct decryption key.

Analysis of Security
In this section, a security analysis is performed to examine whether the proposed scheme is secure in practical applications. The analysis focuses on four types of attack that may affect the system's security.

Equation Attack
Equation attack: attackers attempt to use a public formula G(·) to crack polynomials using mathematical algorithms and obtain the DK u .
Equation attacks occur during updates of users' permissions. When one user is being removed while the other users remain unchanged, attackers can subtract old public data G(·) with new public data G'(·), or G'(·) − G(·) = 0, to derive DK u . The mechanism designed in this study can withstand equation attacks. In Section 3, we propose the following three dynamic update methods: Addition of a new security class: Deletion of a security class: Update of a user's authorization G'(x, y) In all three dynamic update methods, the public parameters G(x, y) from before the update are subtracted from the updated public parameters G'(x, y). Therefore, attackers can only derive In the proposed methods, both A v (x) and B v (y) are polynomials created through Lagrange interpolation. Therefore, a multiplication algorithm must be applied to convert A v (x) and B v (y) into an (n − 1)(m − 1) th order polynomial with two unknowns.
..,H n } (x) = a 0 + a 1 x + . . . + a n−1 x n−1 (7) If the attacker incorporates x = 0 or y = 0 into the deduction, the returned polynomial messages of A v (x)B v (y) would comprise a string of unstructured data. Therefore, our methods are not vulnerable to compromising attacks.

External Attack
External attack: external users attempt to use public parameters to gain access. They attempt to obtain DK u or decrypt documents to acquire a digital resource stored in the cloud.
Digital teaching materials, data, and data sources acquired from the cloud can be sold at a low price, which not only infringes upon the authors' intellectual property rights, but also causes immense losses for publishers. For an unauthorized external user to access digital resources in the proposed digital sharing mechanism, the user must use public parameters to derive the decryption key and decrypt the files to acquire meaningful data.
The most critical known public parameter for external attackers is the public function G(x, y), because this function contains the DK u . Therefore, the equations based on this function must be protected. In the proposed method, each security class S i can be incorporated into private superkeys H i using the public function G(x, y) to derive the DK u . If an external attacker attempts to obtain the DK u , he or she must decrypt the Lagrange interpolating polynomials to obtain a secret key. For external attackers that can only obtain the public function G(x, y) and file id u, the large number of unknown variables hinders them from reverse deriving the DK u through mathematical computation. Therefore, attackers cannot unlawfully acquire digital teaching materials, data, or data sources through external attacks on the proposed system.
In the proposed method, the CA can choose any encryption method to generate the DK u . For example, symmetrical key systems such as DES, Triple DES, or AES use diffusion and confusion to block hackers from cracking encryptions through statistical calculations. At present, these password systems remain challenging to crack. Therefore, attackers cannot directly extract meaningful content from encrypted documents in the proposed system.

Collaborative Attack
Collaborative attack: two or more authorized users collaborate and share superkeys H i with each other in an attempt to derive a DK j outside their authorization or other users' superkeys H i .
The security class S i adopted in the proposed method involves partially ordered relationships. When S i is authorized to access S j , the following formula G(x, y) can be used: Therefore, we define a collaborative attack as a situation in which two or more authorized users target another authorized user. Two example scenarios are presented subsequently. In the first scenario, the collaborating attackers are in a partially ordered relationship with their target. In the second scenario, the collaborating attackers are not in a partially ordered relationship with their target. Scenario 1: the collaborative attackers attempt to collect each other's privacy parameters superkey H i and obtain the DK u of another user in the system that the attackers do not have permission to access. Based on the above Section 3.4.2, the clearance of the collaborating attackers are S 3 = {1, 4} and S 4 = {4} and that of the target is S 7 = {1, 3, 4}. In contrast to S 3 and S 4 , S 7 is authorized to access file 3 . Therefore, in this example, S 3 and S 4 collaboratively launch an attack to acquire S 7 and DK 3 . The data related to DK 3 is hidden in A 7 (x)B 7 (y).
However, S 3 and S 4 only possess H 3 and H 4 , and these superkeys are unable to pass the A 7 (x) test. Lagrange interpolation calculations using these superkeys yield empty values. Therefore, A 7 (x)B 7 (y) = 0 × B 7 (y) = 0. In this instance, a collaborative attack is similar to an independent attack, and the attackers are not able to obtain additional data.
Scenario 2: the collaborating attackers are not in a partially ordered relationship with their target. The attackers collect each other's parameters to increase the probability of deriving DK u . According to Section 4.1, the clearances of the collaborating attackers are S 3 = {1, 4} and S 4 = {4}, and that of the target is S 5 = {5}. As described, no partially ordered relationship exists between S 5 and S 3 or S 4 . To obtain S 5 and gain access to file 5 , S 3 and S 4 must collaboratively launch an attack on S 5 to obtain DK 5 . As in Scenario 1, S 3 and S 4 only possess the superkeys H 3 and H 4 , which cannot be used to pass the A 5 (x) test, and calculations only yield empty values. Thus, private superkeys H i cannot be collected to derive a DK u without authorization, regardless of the number of attackers or whether a partially ordered relationship exists between the attacker(s) and the target.
In addition to DK u , attackers may also target superkeys H i . In Scenario 1, the A 7 (x) results indicate that S 3 and S 4 only possess H 3 and H 4 . Thus, these users lack sufficient data to obtain H 7 from the A 7 (x) results produced through Lagrange interpolation. Therefore, collaborative attacks are ineffective against the proposed system.

Reverse Attack
Reverse attack: an authorized user (attacker) uses a known public formula G(x, y) and his or her private parameters to obtain the superkeys H i ' of other users.
Based on Section 3.4.2, users with S 6 and S 7 are generally able to derive DK 1 by applying G(x, y). S 6 is in a partially ordered relationship with S 7 . Specifically, S 6 S 7 , where S 6 = {1} and S 7 = {1, 3, 4}. In this scenario, the user that corresponds with S 6 is the attacker that attempts to use H 6 and G(x, y) to derive the H 7 of S 7 and then use S 7 to obtain file 3 and file 4 .
The proposed method only involves one public formula: G(x, y) = A 1 (x)B 1 (y) + . . . + A 6 (x)B 6 (y) + A 7 (x)B 7 (y). To use S 6 in the deduction process, point (H 6 , 1) is incorporated into the aforementioned polynomials for calculation. Subsequently, S 7 can be used to incorporate points (H 7 , 1), (H 7 , 3), and (H 7 , 4) into the calculations and thereby derive the key allocated by the CA. However, DK 3 and DK 4 of file 3 and file 4 cannot be obtained through incorporating S 6 to point (H 6 , 3) or point (H 6 , 4).
The user corresponding with S 6 attempts to acquire the DK 3 and DK 4 of S 7 . Therefore, the target is H 7 or DK 3 and DK 4 related to A 7 (x)B 7 (y) 7 . Because S 6 can be used to incorporate point (H 6 , 1) into G(H 6 , 1) = DK 1 , the user corresponding with S 6 may attempt the following calculations: G H 7 data are hidden in A 7 (x), which is generated through Lagrange interpolation, expressed as follows: ..,H7} (x), A 7 (x) verifies whether the H i inputted by the user is present in the verification list approved by the CA. If the user is not approved by the CA, then the H i is rejected from I {H 1 ,...,H n } (x). If the user uses a superkey other than H 7 , Lagrange interpolation calculation yields a value of 0. DK 3 and DK 4 data are hidden in B 7 (y), which is generated through Lagrange interpolation.
Users' file access clearance must be approved by the CA to pass authentication of I J i (y), where J i = {j: 1 ≤ j ≤ m}. Otherwise, the function yields an empty value.
Resources outside of individuals' authorization cannot be retrieved by reversing polynomials. In sum, the proposed method blocks equation attacks.

Proof of Lagrange Interpolation Theorem
In this subsection, we prove the used Lagrange interpolating polynomial is secure so that the above-mentioned malicious attacks, including equation attack, external attack, collaborative attack, and reverse attack are meaningless for our scheme. The proof is shown as follows: Theorem 1 (Lagrange interpolation): given t distinct points (x i , y i ) of the form (x i , f (x i )), where f (x) is a polynomial of degree less that t, then f (x) is determined by: The scheme of Shamir [30] is defined for a secret s Z/pZ with p prime, by setting a 0 = s, and selecting a 1 , ..., a t−1 randomly in Z/pZ. The trusted party computes f (i), where: For all 1 ≤ i ≤ n. The shares (i, f (i)) are distributed to the n distinct parties. Due to the fact that the secret is the constant term s = a 0 = f (0), the secret is regained from any t shares (i, f (i)), for I ⊂ {1, ..., n} by s = i∈I Exercise: prove the formula for the secret to be accurate by replacing into the formula of Lagrange's interpolation theorem.
Properties: rhe features of Shamir's secret sharing scheme are as follows: (1) all hypotheses are under proof, (2) perfect -all information is well-protected by the shares, and (3) ideal -every share is of the same size p as the secret. Comparatively, almost all public key cryptosystems depend on some familiar problems (discrete logarithm problems, integer factorization) for hardness so that the safety can be assured.
Proof of Lagrange interpolation theorem: suppose g(x) is the right-hand side of equation (11). For each x i in we verify directly that f (x i ) = g(x i ), so as we can get f (x) -g(x) is divisible by xx i . It follows that: However, because deg(f (x) − g(x)) ≤ t, the only polynomial of this degree satisfying Equation (13) is f (x) − g(x) = 0.

Problems with Multi-User Access Requests
The proposed digital-data-sharing system is a user-centered structure that integrates all kinds of teaching materials from different users. The collected data are stored in cloud servers to achieve the purpose of digital information integration and resources share and exchange.
Cloud computing environments show the characteristics of easy expansion and resource share in which it presents several advantages to satisfy the integration, share and exchange of digital materials. In such digital-data-sharing system, the requirements of users to rapidly propose access request and receive permission from cloud service providers should be satisfied.
For this reason, dynamic access schemes need to be established completely to ensure providing instant and entire services of digital data. The key is the services provided by the sharing system being able to support distinct dynamic access demands so as to correspond to the data and user change in cloud computing environments.
The proposed scheme and method are flexible and could deal with all the security management problems of dynamic keys, such as adding a new security class, removing an existing security class, and updating a user authorized. The involved solutions are simple, mainly addition and deduction, that it does not require enormous computation and storage space for parameter update. Regarding the key-deriving formula G(x, y) in Section 3: Function A i (x) is related to information verification for verifying the existence of H i in the legal verification list of CA and the use of personal superkey for verification. Function B i (y) relates to the data verification for verifying the authorization of a user to obtain the decryption key DK u to further decrypt the encrypted digital materials.
The dynamic access requirements of sharing system in cloud are considered from two aspects: users and material data. First, users are changeable. Unlike static access model, which could establish all user parameters in the beginning of access scheme, the constant increase or removal of material authors, students, parents, publishers, and various teachers could propose new requests to the user-centered sharing system. User parameters need to be continuous updated to the initial access scheme to correspond to the dynamic users.
Second, material files require appending and revision. The integration of digital data comes from the different users, units, and information sources. In addition to the author, authorized users with requests should be able to update the material records and revise the documents in the sharing system. For this reason, the data of the materials could be appended and removed with dynamic requests after the establishment of access scheme.
In regard to the above considerations, the established formula G(x, y) is nimble and flexible, which could be easily updated and revise the parameters instantaneously.

Discussion
In this subsection, we discuss the computational overheads and storage required for use of the proposed system. Definitions of notations used in performance evaluation of the proposed scheme are presented in Table 7. Knuth demonstrated that the process of interpolating at (n + 1) points requires (n 2 + n)/2 divisions and (n 2 + n) subtractions by Newton's formula, where n is the degree of the interpolating polynomial [46].
With regard to the evaluation of the polynomial for the derivation of the successor's secret parameters, Knuth demonstrated that this scheme requires (2n − 1) multiplications and (2n) additions in addition to one modular operation performed by applying Horner's rule.
Therefore, as Table 8 shows, the proposed scheme requires 2nT l() + nT mul to create G(x, y) in the process of key generation, where T l() is the computation time for the interpolating polynomial. As described, the required computations are as follows: T l() = (2n − 1) multiplications + (2n) v i + n T l() + nT mul . Thus, in total, this process spends 1≤i≤n v i + 3n T l() + 2nT mul . In terms of storage, the public parameters G(x, y), u in this study require (m + 1)|p|, and the storage for each security class of a private key H i is |p|.

Comparison
With the advent of the era of cloud computing, the values of access mechanisms lie in their compatibility with various Internet applications as well as their security and efficiency. In this subsection, we compare confidentiality, data integrity, correctness and completeness, time complexity, and whether the key encryption scheme is possessed with other presented schemes. As showed in Table 9, four schemes proposed by Chung et al. [31], Liu et al. [15], Hsiao et al. [47], and ours achieve privacy protection (using notation O to express) due to their owning the key mechanism for encryption data. Specially, Hsiao et al.'s [47] and our schemes also provide access control function and are thus suitable for cloud environments. In respect of time complexity, Chung et al.'s method [31] is based on an elliptic curve cryptosystem, Liu et al.'s scheme [15] is based on the bilinear pairing, and Hsiao et al.'s model [47] is based on the discrete logarithm problem, time taken is exponential time and the time complexity is O(2 N ). The proposed scheme is based on the lagrange interpolation polynomial, time complexity is only O(N). Due to no key generation and derivation process for the control systems of Trnka and Cerny [40] and A. S. M. Kayes et al. [37], no discussion occurred here. In addition, in both schemes, there is no encryption function for access files. The user who wants to access files can only be determined by the access control, their confidentiality are thus partially achieved (using notation ∆ to express). Finally, all schemes are correctly completed on all process designs, so they can achieve correctness and completeness.

Conclusions and Future Works
Cloud-based education has been actively promoted in recent years. Amid these efforts, the promotion of digital sharing systems is essential to ensure user and data security. To harness the immense benefits of cloud computing, we developed a cloud-based and learner-centered access control mechanism suitable for multi-user applications. The mechanism resolves the problems of managing numerous users and reduces the complexity of access relationships. It also ensures the confidentiality and integrity of user data stored in the cloud and prevents unauthorized individuals from randomly accessing or modifying digital data. The integrated learning feature of sharing systems prevents repeated investment and development, protects the natural environment, and enhances economic efficiency. Therefore, these systems may be used to facilitate the shift of mobile services to the cloud and stimulate developments in the software industry.
In the future, we will be strengthening the design for context-awareness to reach the perfect combination of CAAC and RABC with encryption function. In addition to a more stable use for cloud sharing, the scheme will be going further to a wider application in key managements, and access control for the area of Big Data, the Internet of Things, and AI that emphasize dynamic authentication, e.g., voice-command access control, biometric access control, intelligence-learning access control and key-configuration mechanism.