In today's open environment, increasing numbers of network users access data stored in third-parties such as file servers on the Internet. Preserving data con dentiality is important; however, preserving privacy of access right and policy is imperative when the right and policy are as con dential as the data itself. To address this problem, previous researchers have proposed concepts of hidden credential and hidden policy to hide user's access privileges and content provider's policies respectively. To achieve both features simultaneously, other researchers either rely on a trusted mediator or require multiple rounds of online trust negotiations between two parties. In this paper, we present a novel cryptosystem which hides access policies in ciphertext and allows only users with satis ed attributes to retrieve corresponding plaintext successfully. By using our technique, both attributes and access policies can be kept secret through an o ine encrypt-decrypt process; furthermore, the trust dependency is reduced since no trusted mediator is required. Besides, our construction permits access policies constituted of both positive and negative attributes. Finally, we implement our method using Pairing-based Cryptography (PBC) Library, and discuss its performance under various contexts.