为了提高云计算中外包数据访问机制的安全性，该文完善了一种基于树的密钥管理方案，原方案适用于数据拥有者-写-用户-读/写的应用场景。针对场景中的恶意用户，新机制引入了可信平台模块(Trusted Platform Module, TPM)，主要解决了原方案在数据访问过程中由会话密钥、数据加/解密密钥以及用户权限的变更产生的问题。此外，也考虑了如何确保用户的真实性和用户计算环境的安全性问题。同时，发现了原方案中的重放攻击和类型缺陷攻击，并提出了修正方案。最后，应用演算建模并利用验证工具ProVerif分析了新机制的安全性。结果表明，新机制增强了原方案的实用性和安全性。
To improve the security on accessing outsourced data in cloud computing, the established tree-based key management scheme, which is suitable for the owner-write-users-read/write scenario, is perfected. The new scheme takes full advantage of a hardware chip called Trusted Platform Module (TPM) to deal with malicious users in the scenario. It solves some troubles caused by session keys, other keys for encrypting or decrypting data blocks in the cloud and changes of user access rights. Moreover, these problems, such as ensuring an authentic user and securing his or her computer environment, are also considered. Meantime, the unsafe fact that the original scheme is vulnerable for type and replay attacks is discovered, and the fixed methods are also designed. Finally, the new scheme is modeled using the appliedcalculus, and the safety of the data access procedure is analyzed using the automated reasoning tool named ProVerif. Results indicate that the scheme extended is more practical and safe than the original.