Abstract: To improve the security on accessing outsourced data in cloud computing, the established tree-based key management scheme, which is suitable for the owner-write-users-read/write scenario, is perfected. The new scheme takes full advantage of a hardware chip called Trusted Platform Module (TPM) to deal with malicious users in the scenario. It solves some troubles caused by session keys, other keys for encrypting or decrypting data blocks in the cloud and changes of user access rights. Moreover, these problems, such as ensuring an authentic user and securing his or her computer environment, are also considered. Meantime, the unsafe fact that the original scheme is vulnerable for type and replay attacks is discovered, and the fixed methods are also designed. Finally, the new scheme is modeled using the appliedcalculus, and the safety of the data access procedure is analyzed using the automated reasoning tool named ProVerif. Results indicate that the scheme extended is more practical and safe than the original.