CN101729255A - Management right allocation method of party self-government management for multi-application environment - Google Patents
Management right allocation method of party self-government management for multi-application environment Download PDFInfo
- Publication number
- CN101729255A CN101729255A CN200810201299A CN200810201299A CN101729255A CN 101729255 A CN101729255 A CN 101729255A CN 200810201299 A CN200810201299 A CN 200810201299A CN 200810201299 A CN200810201299 A CN 200810201299A CN 101729255 A CN101729255 A CN 101729255A
- Authority
- CN
- China
- Prior art keywords
- control domain
- control
- autonomous
- domain
- privilege
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a management right allocation method of party self-government management for multi-application environment (such as a multi-application IC card, a multi-application intelligent terminal and a multi-application financial terminal); the management right allocation method comprises the following steps: build a control domain in the environment and appoint the cascaded superior level; give self-government privilege or self-government agency administration privilege to the control domain; place a secret key into an appointed field of the control domain; by adopting the management right allocation method in the invention, more autonomous right can give to the party, the interference to a master control party is reduced, the technology operation and management operation cost of the party and the master control party are reduced, the technological base suitable for complex business cooperation relation is constructed and the enthusiasm of business cooperation of the parties is improved.
Description
Technical field
The present invention relates to many applied environments, relate in particular to the administrative power distribution method of participant autonomous management in many applied environments.
Background technology
When participating in the management of many applied environments in many ways, typical situation is a plurality of participants to many application IC-card, uses the POS machine more or use the participative management of mobile phone more, and this moment uses IC-cards, use the POS machine more or use mobile phone as applied environment more than more.Tradition many applied environments technology has proposed the pattern of master control side, participant cooperative control card under the highest control of master control side.Be applied to control domain, traditional many applied environments technology has defined two kinds of special power (privilege) and has been used for the participant participative management: proxy management (DM) privilege and empowerment management (AM) privilege.
Here, control domain claims security domain or control unit again, it is a kind of special application in many applied environments, it is the interior management entity of using of environment of representing the outer entity of environment, be responsible for to its application application safety control strategy that includes and security service is provided, for example key handling, encryption, deciphering, digital signature generate and checking etc.When entity outside the environment requires to use the key of isolating fully in environment, control domain as the outer entity of environment in environment representative and be established.On presentation, control domain is just as the file in the PC system.The outer entity of environment comprises master control side and participant, and the master control side among the present invention refers to the chief executive of many applied environments, other each side under the permission of master control side, i.e. and participant can participative management.Participant will carry out the control domain content alteration according to the mode that master control side requires.
Proxy management (DM) is meant for certain proxy management privilege control territory in the environment, (token indicates the parameter used in the control domain, operation of object that this operation is what action type, operation, operation and the person of signing and issuing etc. to the token that the outer entity (can be participant or master control side) of environment will obtain earlier to sign and issue master control side, can be regarded as signature to concrete operations), hold this token then and carry out corresponding control domain content alteration in the environment after to the checking of token validity by environment.
Empowerment management (AM) is meant for certain empowerment management privilege control territory in the environment, the outer entity (can be participant or master control side) of difference environment whether for this reason control domain the owner and in two kinds of situation: for the nonowners of this control domain, adopt the token mode identical with proxy management; For the owner of this control domain, control domain proves it really for behind the owner of oneself by the entity authentication association key that is stored in the control domain, and the owner can carry out the operation of any permission.
Above-mentioned entity authentication refers in the environment entity and the outer entity of environment and carries out when mutual the authentication environment process of the authenticity of entity outward, can adopt symmetry algorithm or asymmetric arithmetic to carry out entity authentication, just allow the operation of permitting by the outer entity of the environment of entity authentication.
It should be noted that the chief executive as many applied environments, master control can reach the interior perhaps The whole control territory in the unconditional deletion control domain.
But only these two kinds of privileges are also not enough for the business partnership of the flexible management that realizes many applied environments and each side's complexity, and reason is:
(1) mode of participative management is less, can't satisfy the business demand of complicated partner, can't use the business partnership of complicated technology realization.
(2) master control side is more to the interference of participant, controls deeplyer, and no matter the participant control domain has AM still is the DM privilege, and master control Fang Junke interferes by token, and is only provided by master control side and the control token, causes the very high workload in master control side.
(3) because participant is limited more, the degree of freedom is not enough, causes cooperation enthusiasm not enough.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of in many applied environments, the method for the autonomous management of being permitted in licensed scope by participant.
For solving the problems of the technologies described above, the invention provides a kind of administrative power distribution method of participant management environment, comprising: in environment, set up control domain and specify the higher level of its cascade; Give the self-management privilege for described control domain; And key inserted described control domain specific field, wherein, described self-management privilege makes the authentication between described participant and the described environment comprise the steps: that described participant sets up session by interactive device request and described environment; Described environmental response request echo reply is set up session; Described interactive device is prepared enciphered message and ready enciphered message is passed to the target control territory; And the target control territory verifies whether described enciphered message mates with the entity authentication association key of this control domain storage, if coupling, then assert the owner of described participant for oneself, set up the session of described control domain and terminal, allow described participant to carry out the change of the control domain content of any support, otherwise return mistake.
The present invention also provides a kind of administrative power distribution method of participant management environment, it is characterized in that, described method comprises: set up control domain and specify the higher level of its cascade in environment; And give autonomous proxy management privilege for described control domain, wherein, described autonomous proxy management privilege makes the authentication between described participant and the described environment comprise the steps: that described participant is set up by the interactive device request and the session of described environment; Described environmental response request echo reply; Described interactive device is prepared loading command and the specific data territory of autonomous token embedding operation order is sent to described environment with described loading command then; Described environment is untied the loading command of receiving, described autonomous token is passed to the control domain of autonomous token authentication privilege verify; Use the corresponding autonomous token in higher level autonomy side to sign and issue the legitimacy of the described autonomous token of public key verifications with autonomous token authentication privilege control territory, if be proved to be successful and this autonomous token content conforms to the content of described loading command, then proceed the processing of loading command, echo reply is given described interactive device after finishing.
The present invention also provides a kind of control domain system of many applied environments, constitute multilevel hierarchy by a plurality of control domains with self-management privilege, one of them control domain is top control domain, be cascaded to self, described top control domain is set up under the permission of master control side, and under the supervision of master control side, install the entity authentication association key additional, the content of described top control domain can be changed after by entity authentication by its owner, a plurality of control domains are directly administered by top control domain, be positioned at the second level, the content of described second level control domain can be deleted by the owner of top control domain, but can not be changed by it, described second level control domain sets up and installs additional key under the possessory permission of top control domain, the owner of second level control domain can freely change the content of other control domain accordingly after by entity authentication.A plurality of control domains can be positioned at third and fourth ... level, administered by its immediate superior control domain, stipulate identical with second level control domain, but the non-top control domain of its immediate superior control domain.
The present invention also provides a kind of control domain system of many applied environments, constitute multilevel hierarchy by autonomy side's control domain and a plurality of control domain with autonomous proxy management privilege, wherein said autonomy side control domain is top control domain, be cascaded to self, under the permission of master control side, set up, and under the supervision of master control side, install the entity authentication association key additional and autonomous token is signed and issued PKI, the content of described top autonomy side control domain can freely changed by behind the entity authentication by its owner, a plurality of control domains with autonomous proxy management privilege are positioned at the second level, administered by described top autonomy side control domain, control domain content with autonomous proxy management privilege can be deleted by the owner of top autonomy side control domain, but cannot be changed by it, described control domain with autonomous proxy management privilege is set up under the possessory permission of top autonomy side control domain, holds the autonomous token that the owner signs and issues and just can change its content.A plurality of control domains can be positioned at third and fourth ... level, administered by its immediate superior control domain, stipulate identical with second level control domain, but the non-top control domain of its immediate superior control domain.
The present invention also provides a kind of control domain system of many applied environments, constitute multilevel hierarchy by a plurality of autonomy sides control domain, a plurality of control domain and a plurality of control domain with autonomous proxy management privilege with self-management privilege, comprising: top autonomy side control domain, it is special self-management privilege control territory, is cascaded to self; Second level control domain comprises autonomous side's control domain (being special self-management privilege control territory), self-management privilege control territory and autonomous proxy management privilege control territory, and they are administered by described top autonomy side control domain; Third and fourth that may exist ... level control domain, comprise autonomous side's control domain, self-management privilege control territory and autonomous proxy management privilege control territory, administered by its immediate superior control domain, stipulate identical with second level control domain, but the non-top control domain of its immediate superior control domain.Wherein must hold the content that the autonomous token of signing and issuing higher level autonomy side could change the control domain with autonomous proxy management privilege.
Adopt above-mentioned administrative power distribution method can offer participant more independence power, reduce the interference of master control side, reduce the technology operation and the bookkeeping cost of participant and master control side, make up the technical foundation that can adapt to complicated business partnership, improve the enthusiasm of the professional cooperation of participant.For example can promote many application IC-cards, use intelligent terminal more, use the financial terminal fast development more, attract participant rapidly, for the client provides more application and service more easily.
Description of drawings
Describe the specific embodiment of the present invention in detail below in conjunction with accompanying drawing.
Fig. 1 shows SM privilege control territory, the privilege control territory is acted on behalf of in special SM privilege control territory-autonomous side's control domain and autonomy.
Fig. 2 shows the process of using the entity authentication mode to authenticate.
Fig. 3 shows the self-management pattern of basic SM privilege control territory cascade.
Fig. 4 shows for AutoDM privilege control territory and uses token to carry out the process of control domain content alteration.
Fig. 5 shows the autonomous proxy management pattern of basic AutoDM privilege control territory and the cascade of autonomous side's control domain.
Fig. 6 shows SM and forms the typical autonomous management pattern of mixing with the cascade of AutoDM privilege control territory.
Embodiment
Many applied environments have unique chief executive--master control side, and participant is participative management under the permission of master control side, the autonomous management activity that participant can only be permitted in licensed scope.Two kinds of privileges that the present invention proposes, i.e. self-management (SM) and autonomous proxy management (AutoDM) are at any control domain in the environment; And a control domain can only have a kind of administrative power at the most and distribute the privilege of class (DM, AM, SM, AutoDM are the privilege that administrative power is distributed class).Control domain also can not have the privilege that any administrative power is distributed class, and meaning this moment can be can not carry out other any changes the deletion except master control for the control domain content.
Self-management is meant for certain self-management privilege control territory in the environment, only allows the owner of this control domain to carry out the content alteration of control domain; Control domain is true for behind the owner of oneself by the outer entity of entity authentication association key verification environment that is stored in the control domain, and the owner can carry out the operation of any permission.
Autonomous proxy management is meant for certain autonomous proxy management privilege control territory in the environment, the outer entity (can be participant or master control side) of environment will obtain the autonomous token that sign and issue its higher level autonomy side earlier, this autonomy token indicates the parameter used in the control domain, operation of object that this operation is what action type, operation, operation and the person of signing and issuing etc., can regard signature as, hold this token then and carry out corresponding control domain content alteration in the environment after to the checking of token validity by environment to concrete operations.
The autonomy side here is a kind of special participant, refers to master control side or its autonomous status of approval, higher level autonomy side after setting up control domain under the permission of master control side or higher level autonomy side, can provide the special participant that autonomous token carries out autonomous management voluntarily; And assigned address master control side or the autonomous token of higher level autonomy side supervision autonomy side's placement at autonomy side's control domain are signed and issued PKI, master control side or higher level autonomy side are except deletion control domain content, the control domain content that can't use token (or autonomous token of higher level autonomy side) to interfere autonomy side, autonomy side holds its autonomous token and signs and issues private key, and the control domain that corresponding autonomy side has is held its autonomous token and signed and issued PKI.
Notice that with traditional many applied environments technology unanimity, as the chief executive of many applied environments, master control can reach the interior perhaps The whole control territory in the unconditional deletion control domain.
Control domain can form hierarchical relationship by cascade, and a control domain can only be cascaded to higher level's control domain, and top control domain is cascaded to himself.Different control domains may belong to different participants in many applied environments, also may a participant have a plurality of control domains, between each participant and and master control side between the pass tie up in many applied environments and shine upon out with the control domain cascade connection.The present invention only illustrates that the control domain of SM, AutoDM privilege makes up the pattern that realizes autonomous management.
The technology that the present invention relates to can independently be used also can unite use with traditional many applied environments administrative power distribution technique (as DM, AM privileged mode), unites use and will make many applied environments master control side and participant realize that the control of different levels is with autonomous.
Among the present invention,, suppose that master control side only specifies a control domain to have (autonomy) token authentication and receipt generates privilege for reducing the complexity that non-key factor causes.Token indicates object (as application, load document etc.), the parameter in the operating process and the person of signing and issuing etc. of operation types, operation; All to provide token to every kind of each object operation or operative combination; Token is signed and issued by master control side, but autonomous token is signed and issued voluntarily by autonomy side in this patent; In this patent, identical mechanism is used in the checking of token and autonomous token, and gives same control domain with the attest function of two kinds of tokens.Receipt can generate after the operation of having carried out relating to token or autonomous token by having control domain that receipt generates privilege, and return to the outer entity of many applied environments, to reflect that many applied environments have carried out this agent operation, this makes background system can follow the tracks of many applied environments content alteration situation; Among the present invention, carried out relating to the identical mechanism of agent operation use of token and autonomous token, and given same control domain the receipt generation function of two kinds of tokens operations.
Roughly flow process is identical in the foundation in SM and AutoDM privilege control territory, comprising: at first, set up control domain and specify higher level's (top control domain is cascaded to self) of its cascade in many applied environments; Give SM or AutoDM privilege according to certain rule to control domain then; At last, for SM privilege control territory, entity authentication association key and other keys are inserted the control domain specific field; Do not need to insert key for AutoDM privilege control territory.
The privilege control territory is acted on behalf of in SM privilege control territory, special SM privilege control territory-autonomous side's control domain, autonomy, and illustrate respectively as Fig. 1: the SM privilege control has the entity authentication association key in the territory; Except that having the entity authentication association key, also there is autonomous token and signs and issues PKI in special SM privilege control territory-autonomous side's control domain; The AutoDM privilege control does not have key in the territory.
The cascade connection in various privilege control territory will be followed the restriction of certain rule, and specified in more detail will be described herein-after.
When being its owner, certain SM privilege control domain authentication participant just allow this participant to carry out the change of this control domain content.Below in conjunction with Fig. 2 explanation if initiate content alteration be the owner of control domain the time, the detailed process of using the entity authentication mode to authenticate.
At first participant is set up session (mark 201 among the figure) by interactive device request and many applied environments (as many application IC-card); Many applied environments response request echo reply is set up session, return reply in may comprise many applied environments identifier, random number and authentication number, according to the different echo reply contents different (mark 202) of the cryptographic algorithm that adopts; Interactive device is prepared enciphered message (mark 203) then; Interactive device passes to target control territory (mark 204) with ready enciphered message; The target control territory verifies whether this enciphered message mates (mark 205) with the entity authentication association key of this control domain storage; If coupling is then assert the owner of this participant for oneself, the session of setting up control domain and terminal allows participant to carry out the change of the control domain content of any support, otherwise returns mistake (mark 206).
The key algorithm that is used to carry out entity authentication can be a symmetry algorithm, as the 3DES algorithm, can be asymmetric arithmetic also, as RSA Algorithm.Symmetry algorithm has different characteristics with asymmetric arithmetic.Asymmetric arithmetic has authentication property, non repudiation, PKI can openly wait good characteristic.
Mentioned above utilizes the entity authentication association key of participant to generate by participant by the enciphered message that interactive device passes to the target control territory, wherein relates to symmetry algorithm and asymmetric arithmetic.
The characteristics of using symmetry algorithm to generate enciphered message are: many applied environments identifier (for example IC card numbers of using) and random number that participant utilizes many applied environments conversation request to return in replying are disperseed the symmetrical master key of entity authentication more, obtain the entity authentication working key, use this working key encrypting and authenticating number to obtain enciphered message; The sub-key that entity authentication symmetry master key disperses through too much applied environment identifier should be stored in the SM privilege control territory in many applied environments, so that it can verify this enciphered message.
The characteristics of using asymmetric arithmetic to generate enciphered message are: enciphered message is to use the entity authentication private key of participant that the authentication number is encrypted and generates enciphered message; The SM control domain is held the entity authentication PKI, so that the enciphered message that the entity authentication private key that checking receives generates.
SM privilege control territory can exist in many applied environments as top control domain separately, realizes self-management, also can form hierarchical self-management pattern by simple cascade.
Fig. 3 shows the self-management pattern of basic SM privilege control territory cascade, and wherein all control domains are the SM authority, and each control domain all can carry out self-management by entity authentication.
For control domain, must hold the autonomous token of signing and issuing its immediate superior autonomy side (being called the autonomous token of higher level) and just can carry out this AutoDM control domain content alteration, but higher level autonomy side there is the power of unconditional deletion control domain content with AutoDM privilege.
A plurality of autonomy sides control domain can be arranged in many applied environments, and autonomous side's control domain exists for the use that cooperates AutoDM privilege control territory.So that simplify the complexity of all kinds privilege control territory combination, regulation only have the control domain of SM privilege may be as autonomous side's control domain.The autonomous token of this higher level can only be signed and issued by the owner of the immediate superior autonomy side control domain in AutoDM privilege control territory, the higher level autonomy side that is called this AutoDM privilege control territory, here " higher level " is a relative notion, is at this AutoDM privilege security domain.
In order to make autonomous token have authentication property and non repudiation, the signing and issuing and verify and must use asymmetric arithmetic of autonomous token, for example RSA Algorithm etc.The higher level autonomy side in AutoDM privilege control territory holds autonomous token and signs and issues private key, and autonomous token is signed and issued the autonomous token that PKI is kept at its corresponding control domain in higher level autonomy side and signed and issued in the PKI field.
It is effective to the AutoDM control domain under its linchpin that the autonomous token of certain autonomous side's control domain is signed and issued PKI, useless to AutoDM privilege control territory under SM privilege control territory under its linchpin and the linchpin of this SM privilege control territory.
Autonomy side's control domain and common SM privilege control territory difference are to have its autonomous token and sign and issue PKI under the permission of master control side.The present invention is not that autonomous side's control domain independently defines a new privilege, but sign and issue PKI field (whether being Null for example) by the autonomous token of checking SM privilege control territory and can determine whether it is autonomous side's control domain, autonomous token is signed and issued PKI and is installed additional under the permission of master control side and supervision by autonomy side.
Autonomy side's control domain is the same with common SM privilege control territory, but can independently use also cascade to use, and the mode that use this moment also is same as SM privilege control territory; But ordinary circumstance autonomy side control domain is to be used with AutoDM privilege control territory.
The running in AutoDM privilege control territory needs the autonomous token of its higher level autonomy side to sign and issue PKI to cooperate.When the control domain that will carry out operation (being the control domain content alteration) when participant had the AutoDM privilege, participant should at first be applied for the autonomous token of operation correspondence to its higher level autonomy side.For example participant wishes a load document (as application code) is loaded into the control domain of certain band AutoDM authority in many applied environments, and then participant is at first applied for the autonomous token of this operation to its higher level autonomy side; This autonomous token uses following content to sign and issue private key with its autonomous token in higher level autonomy side and signs and issues: action type for load, with reference to setting title in many applied environments of Control Parameter, load document, the purpose control domain that will load, load document data block Hash (being used to verify the integrality of load document), loading parameters etc.In fact can see its higher level autonomy side as signs and issues private key with autonomous token a concrete loading command is signed and issued.
After participant obtains this autonomous token, could carry out content alteration to specifying AutoDM privilege control territory.
Use token to carry out the detailed process of control domain content alteration below in conjunction with Fig. 4 explanation for AutoDM privilege control territory.At first by the session (mark 401) of interactive device request foundation with many applied environments; Many applied environments response request echo reply (mark 402); Interactive device is prepared loading command and with the specific data territory (mark 403) of autonomous token embedding operation order; The loading command that will include this autonomous token then sends to environment (mark 404); Many applied environments are untied the loading command of receiving and are found to have autonomous token in the order, verify (mark 405) so pass to the control domain of band (autonomy) token authentication privilege; Band (autonomy) token authentication privilege control territory uses the corresponding autonomous token in higher level autonomy side to sign and issue the legitimacy of this autonomous token of public key verifications, if this autonomous token authentication success and this autonomous token content conform to the content of this loading command, then proceed the processing (mark 406) of loading command; The back echo reply of finishing dealing with is given interactive device (mark 407).
After using (autonomy) token to carry out autonomous proxy management operation, can select to allow many applied environments generate receipt at this operation, illustrate that these many applied environments have carried out this (autonomy) proxy management operation.Have the control domain generation receipt that receipt generates privilege in many applied environments, pass to and own mutual equipment, interactive device passes to its background system with this receipt, background system is transmitted to the management system of higher level autonomy side of the AutoDM privilege security domain of generation (autonomy) proxy management operation again, and realization is to the tracking of many applied environments autonomy side control domain content status.The generation of receipt can be used symmetric encipherment algorithm or rivest, shamir, adelman.
AutoDM privilege control territory can not independently be used, and its upper strata must have autonomy side's control domain to verify autonomous token for it.
Autonomous side's control domain of the direct correlation in AutoDM privilege control territory is its higher level autonomy side control domain; Its immediate superior control domain may not be its higher level autonomy side control domain; Change to AutoDM privilege control territory content will obtain the autonomous token that its higher level autonomy side control domain owner signs and issues earlier.
Fig. 5 shows the autonomous proxy management pattern of basic AutoDM privilege control territory and the cascade of autonomous side's control domain.In Fig. 5, top control domain 501 is autonomous side's control domain, and it is cascaded to self, and top control domain 501 is set up under the permission of master control side, and installs the entity authentication association key additional and autonomous token is signed and issued PKI under the supervision of master control side; The owner 501 of control domain 501 can freely change the content of control domain 501 after by entity authentication, but must not interfere except the deletion right is arranged for the content of control domain 502 and control domain 503 under the linchpin.Under the owner 501 permission, AutoDM privilege control territory 502 and control domain 503 are set up, and change the content of control domain 502 and control domain 503 and must hold the autonomous token that the owner 501 signs and issues.Must hold the autonomous token of signing and issuing higher level autonomy side and could change AutoDM privilege security domain content, this is the characteristics of AutoDM privilege.
For the cascade connection between the distinct control domain, cascade between the control domain will be observed a principle: the administrative power allocation strategy of subordinate's control domain can not conflict with the administrative power allocation strategy of higher level's control domain, therefore regulation: subordinate SM privilege control territory, subordinate autonomy side control domain can be set up in SM privilege control territory; Autonomy side's control domain can be set up subordinate autonomy side control domain, subordinate SM privilege control territory, subordinate AutoDM privilege control territory; Subordinate AutoDM privilege control territory is set up in AutoDM privilege control territory only.These regulations concern clear and definite when making various control domain cascade, make subordinate's control domain formulate the strategy of oneself in the administrative power allocation strategy of higher level's control domain.
SM forms with the cascade of AutoDM privilege control territory and typically mixes the autonomous management pattern as shown in Figure 6, and in Fig. 6, control domain A is top control domain, and it is cascaded to self.601,602 control domains are two autonomy side's control domains, and they storages autonomous token is is separately signed and issued PKI; The higher level autonomy side of 603 control domains is 601; 604 control domains are common SM privilege control territory not as autonomous side's control domain; The higher level autonomy side of 605 control domains is 602; 606, the higher level autonomy side of 607 control domains is 601, because their the most direct higher level SM control domains are 601 control domains.
Usually, basic self-management pattern and autonomous proxy management pattern are more commonly used.
Four kinds of privilege: DM, the AM, SM, the AutoDM that comprehensively the present invention relates to, can realize administrative power distribution complicated flexibly in many applied environments, four kinds of authorities are fewer and feweri according to the intervention of the order master control side of DM->AM->SM->AutoDM, and the autonomy of participant is more and more.The control domain of these four kinds of privileges can simultaneously and be stored in more than one in the applied environment, and the master control policy can adopt the different administrative power methods of salary distribution to different participants, thereby adapts to various management strategy and business partnership.
The control domain that has DM, AM privilege, master control can then can't be interfered for SM, master control side, AutoDM privilege control territory to intervene the content of control domain by token; AutoDM privilege control territory allows its higher level autonomy side to provide autonomous token voluntarily, reaches the intervention to AutoDM privilege control territory content; By the use of SM, AutoDM privilege, can make autonomy side have very big autonomy, can carry out autonomy to linchpin inner control territory.
Adopt SM, AutoDM administrative power allocation model can offer participant more independence power, reduce the interference of master control side, reduce the technology operation and the bookkeeping cost of participant and master control side, make up the technical foundation that can adapt to complicated business partnership, improve the enthusiasm of the professional cooperation of participant.For example can promote many application IC-cards, use intelligent terminal more and use the financial terminal fast development more, attract participant rapidly, for the client provides more application and service more easily.
Claims (19)
1. the administrative power distribution method of a participant management environment is characterized in that, described method comprises:
In environment, set up control domain and specify the higher level of its cascade;
Give the self-management privilege for described control domain; And
Key is inserted described control domain specific field,
Wherein, described self-management privilege makes the authentication between described participant and the described environment comprise the steps:
Described participant is set up session by interactive device request and described environment;
Described environmental response request echo reply is set up session;
Described interactive device is prepared enciphered message and ready enciphered message is passed to the target control territory; And
The target control territory verifies whether described enciphered message mates with the entity authentication association key of this control domain storage, if coupling, then assert the owner of described participant for oneself, set up the session of described control domain and terminal, allow described participant to carry out the change of the control domain content of any support, otherwise return mistake.
2. administrative power distribution method as claimed in claim 1, wherein, for top control domain, the higher level of its cascade is self.
3. administrative power distribution method as claimed in claim 1, wherein, described key comprises the entity authentication association key.
4. administrative power distribution method as claimed in claim 3, wherein, described key comprises that autonomous token signs and issues PKI.
5. administrative power distribution method as claimed in claim 1, wherein, described environment is many application I C cards or uses intelligent terminal more or use financial terminal more.
6. administrative power distribution method as claimed in claim 1 wherein, comprises many applied environments identifier, random number and authentication number in described the replying.
7. administrative power distribution method as claimed in claim 1, wherein, described enciphered message is generated by symmetric encipherment algorithm or rivest, shamir, adelman.
8. the administrative power distribution method of a participant management environment is characterized in that, described method comprises:
In environment, set up control domain and specify the higher level of its cascade; And
Give autonomous proxy management privilege for described control domain,
Wherein, described autonomous proxy management privilege makes the authentication between described participant and the described environment comprise the steps:
Described participant is by the session of interactive device request foundation with described environment;
Described environmental response request echo reply;
Described interactive device is prepared loading command and the specific data territory of autonomous token embedding operation order is sent to described environment with described loading command then;
Described environment is untied the loading command of receiving, described autonomous token is passed to the control domain of autonomous token authentication privilege verify;
Use the corresponding autonomous token in higher level autonomy side to sign and issue the legitimacy of the described autonomous token of public key verifications with autonomous token authentication privilege control territory, if be proved to be successful and this autonomous token content conforms to the content of described loading command, then proceed the processing of loading command, echo reply is given described interactive device after finishing.
9. administrative power distribution method as claimed in claim 8, wherein, for top control domain, the higher level of its cascade is self.
10. administrative power distribution method as claimed in claim 8, wherein, described environment is many application IC-cards or uses intelligent terminal more or use financial terminal more.
11. administrative power distribution method as claimed in claim 8, wherein, described autonomous token is signed and issued by higher level autonomy side.
12. administrative power distribution method as claimed in claim 8 wherein, comprises the step that is generated receipt by described environment.
13. as the administrative power distribution method of claim 12, wherein, described receipt is encrypted by symmetric cryptography cryptographic algorithm or asymmetric encryption and is generated.
14. the control domain system of applied environment more than a kind constitutes multilevel hierarchy by a plurality of control domains with self-management privilege, wherein
Described one-level in multistage is top, comprise a top self-management privilege control territory, be cascaded to self, described top control domain is set up under the permission of master control side, and under the supervision of master control side, install the entity authentication association key additional, the content of described top control domain can be changed after by entity authentication by its owner
The described multistage second level that comprises, have and be subjected to directly a plurality of second level control domain of administration of top control domain, the content of described second level control domain can be deleted by the owner of top control domain, but can not be changed by it, described second level control domain sets up and installs additional key under the possessory permission of top control domain, the owner of second level control domain can freely change the content of corresponding second level control domain after by entity authentication.
15. the control domain system of many applied environments as claimed in claim 14, wherein said other grade in multistage comprises and is subjected to directly a plurality of subordinates control domain of administration of its higher level's control domain, the content of described subordinate control domain can be deleted by the owner of higher level's control domain, but can not be changed by it, described subordinate control domain sets up and installs additional key under the possessory permission of higher level's control domain, the owner of subordinate's control domain can freely change the content of corresponding subordinate control domain after by entity authentication.
16. the control domain system of applied environment more than a kind constitutes multilevel hierarchy by autonomy side's control domain and a plurality of control domain with autonomous proxy management privilege, wherein
Described one-level in multistage is top, comprise a top autonomy side control domain, it is cascaded to self, under the permission of master control side, set up, and under the supervision of master control side, install the entity authentication association key additional and autonomous token is signed and issued PKI, the content of described top autonomy side control domain can freely changed by behind the entity authentication by its owner
The described multistage second level that comprises, have a plurality of control domains with autonomous proxy management privilege, administered by described top autonomy side control domain, control domain content with autonomous proxy management privilege can be deleted by the owner of top autonomy side control domain, but cannot be changed by it, described control domain with autonomous proxy management privilege is set up under the possessory permission of top autonomy side control domain, holds the autonomous token that the top autonomy side control domain owner signs and issues and just can change its content.
17. the control domain system of many applied environments as claimed in claim 16, wherein said other grade in multistage comprises and is subjected to directly a plurality of subordinates control domain of administration of its higher level's control domain, the content of described subordinate control domain can be deleted by the owner of its higher level's control domain, but cannot be changed by it, described subordinate control domain is set up under the possessory permission of higher level's control domain, holds the autonomous token that the top autonomy side control domain owner signs and issues and just can change its content.
18. the control domain system of applied environment more than a kind constitutes multilevel hierarchy by a plurality of autonomy sides control domain, a plurality of control domain and a plurality of control domain with autonomous proxy management privilege with self-management privilege, wherein
Described one-level in multistage is top, comprises top autonomy side control domain, and it is special self-management privilege control territory, is cascaded to self;
The described multistage second level that comprises has second level control domain, comprises autonomous side's control domain, self-management privilege control territory and autonomous proxy management privilege control territory as special self-management privilege control territory, and they are administered by described top autonomy side control domain;
Described other level in multistage comprises autonomous side's control domain, self-management privilege control territory and autonomous proxy management privilege control territory, administered by its immediate superior control domain.
Wherein for each control domain, the control domain owner can freely change the content in corresponding self-management privilege control territory after by entity authentication, perhaps holds the autonomous token that the higher level autonomy side control domain owner of this control domain signs and issues and can change the content that this has the control domain of autonomous proxy management privilege.
19. as claim 16 any one administrative power distribution method in the claim 18, wherein, autonomous side's control domain of direct correlation with control domain of autonomous proxy management privilege is its higher level autonomy side control domain, will obtain the autonomous token that its higher level autonomy side control domain owner signs and issues earlier to the change of control domain content with autonomous proxy management privilege.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102012991A CN101729255B (en) | 2008-10-16 | 2008-10-16 | Management right allocation method of party self-government management for multi-application environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102012991A CN101729255B (en) | 2008-10-16 | 2008-10-16 | Management right allocation method of party self-government management for multi-application environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101729255A true CN101729255A (en) | 2010-06-09 |
| CN101729255B CN101729255B (en) | 2012-11-28 |
Family
ID=42449535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102012991A Active CN101729255B (en) | 2008-10-16 | 2008-10-16 | Management right allocation method of party self-government management for multi-application environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101729255B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110300166A (en) * | 2019-06-27 | 2019-10-01 | 江苏恒宝智能系统技术有限公司 | A kind of data partition security exchange method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7698428B2 (en) * | 2003-12-15 | 2010-04-13 | International Business Machines Corporation | Apparatus, system, and method for grid based data storage |
| CN101005396B (en) * | 2006-01-16 | 2010-07-28 | 中国科学院计算技术研究所 | Method for support network resource dynamic integration and cooperation under network environment |
-
2008
- 2008-10-16 CN CN2008102012991A patent/CN101729255B/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110300166A (en) * | 2019-06-27 | 2019-10-01 | 江苏恒宝智能系统技术有限公司 | A kind of data partition security exchange method and system |
| CN110300166B (en) * | 2019-06-27 | 2020-10-30 | 恒宝股份有限公司 | Data partition safety interaction method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101729255B (en) | 2012-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101819612B (en) | Versatile content control with partitioning | |
| CN102057382B (en) | Temporary domain membership for content sharing | |
| CN101908106B (en) | Memory system with versatile content control | |
| CN101107611B (en) | Private and controlled ownership sharing method, device and system | |
| US9686072B2 (en) | Storing a key in a remote security module | |
| CN101821747B (en) | Multi-factor content protection method and system | |
| CN101465732B (en) | Method and terminal for ensuring digital certificate safety | |
| CN101464932B (en) | Cooperation method and system for hardware security units, and its application apparatus | |
| CN101490688A (en) | Content control system and method using certificate revocation lists | |
| AU2005251026A1 (en) | Method and apparatus for playing back content based on digital rights management between portable storage and device, and portable storage for the same | |
| JP2004513585A5 (en) | ||
| WO2021139338A1 (en) | Data access permission verification method and apparatus, computer device, and storage medium | |
| CN103186723B (en) | The method and system of digital content security cooperation | |
| CN115883154A (en) | Access certificate issuing method, block chain-based data access method and device | |
| CN114372242A (en) | Ciphertext data processing method, authority management server and decryption server | |
| CN109587115A (en) | A kind of data file security distribution application method | |
| CN113592497A (en) | Financial transaction service security authentication method and device based on block chain | |
| US7251825B2 (en) | Method to use a virtual private network using a public network | |
| CN101729255B (en) | Management right allocation method of party self-government management for multi-application environment | |
| CN104899480A (en) | Software copyright protection and management method based on combined public key identity authentication technology | |
| CN111431880B (en) | Information processing method and device | |
| TWI725623B (en) | Point-to-point authority management method based on manager's self-issued tickets | |
| CN101089865A (en) | Method, device and system for field grant transfer | |
| CN101107610A (en) | A method for discouraging illegal distribution of content within a drm system for commercial and personal content | |
| Montagut et al. | Traceability and integrity of execution in distributed workflow management systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |