CN109873824A - A kind of intelligent terminal access control method based on the encryption of attribute base - Google Patents
A kind of intelligent terminal access control method based on the encryption of attribute base Download PDFInfo
- Publication number
- CN109873824A CN109873824A CN201910140125.7A CN201910140125A CN109873824A CN 109873824 A CN109873824 A CN 109873824A CN 201910140125 A CN201910140125 A CN 201910140125A CN 109873824 A CN109873824 A CN 109873824A
- Authority
- CN
- China
- Prior art keywords
- intelligent terminal
- access
- data
- attribute
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of intelligent terminal access control methods based on the encryption of attribute base, and the method is encrypted using the ciphertext policy ABE base based on dull Boolean matrix and Bilinear map algorithm, realize the fine-granularity access control to default authorisation data.Dual session cycle identifier and pseudo random number are introduced as the dynamic variable parameter in the session period, for realizing the freshness for communicating and interacting.Attacker cannot obtain any information of pseudo-random function generator, it is ensured that only legal intelligent terminal could be decrypted ciphertext to obtain the data field of access device authorization access.
Description
Technical field
The invention belongs to Intelligent terminal for Internet of things equipment safety technical field more particularly to it is a kind of based on attribute base encryption
Intelligent terminal access control method.
Background technique
In Internet of Things with intelligent terminal after accessing network, can further access switch in device access device obtain
The data information of authorization.There may be the unlawful practices such as override data access for single intelligent terminal, in terms of data access control
Face severe privacy threats.Intelligent terminal may carry out unauthorized access to the data of access device, in access switch in device
During, intelligent terminal has been assigned scheduled access authority, can only access the authorization number for meeting data access control strategy
According to.Some intelligent terminal may attempt to access the data for access authority of exceeding oneself, and cause to invade other Intelligent terminal datas
Violate.
Summary of the invention
In view of the above-mentioned problems, the present invention provides a kind of intelligent terminal access control method based on the encryption of attribute base, weight
Point solves in data access, and intelligent terminal can only access the data in access authority, cannot surmount scheduled permission and be got over
Power access.The identity of intelligent terminal and data information cannot be replicated, distort and forge simultaneously, and any malicious attacker cannot lead to
It crosses identity personation and carries out deceptive practices, data integrity destruction can not be carried out by the exchange message of interception.The present invention passes through
Following technical scheme is taken to be achieved:
In system initialization, which includes access device D and intelligent terminal U;Different intelligent terminals set access
Data in standby D access device possess relatively independent access authority;That is intelligent terminal U can only access switch in device D it is specific
Data field, the access authority that cannot be exceeded oneself obtain other unauthorized data fields;This method mainly solve access device D and
Data access control problem between intelligent terminal U;
Assuming that B G=(q, g, h, G, G ', e, H) is a matched group, wherein q is a big prime number, and { G, G ' } is two q
The multiplicative group of rank, G=<g>=<h>, H are a collisionless Hash functions;Access device D and intelligent terminal U is defined to gather around respectively
There are respective public/private keys to { pkD,skDAnd { pkU,skU};Access device D possesses the public key pk of intelligent terminal UUAnd assumed name
PIDU, intelligent terminal U possesses respective assumed name PIDU, identity token value TUAnd the public key pk of access device DD;Note: public keyCorresponding private key sk{D,U}It is to be defined based on generation member g;
A is an attribute set, defines n property element A={ A to all intelligent terminals1,A2,...,An};Intelligence
Energy terminal U possesses the property set of oneselfFor realizing data access;Define AUAnd PUIt is dull Boolean matrix, respectively
For indicating the data access attribute list and data access authority strategy of intelligent terminal U;
Assuming that intelligent terminal U possesses data attribute collection AU=[aij]n×m, meet: for Ai∈ A:aij=1;Foraij=0;
Assuming that access device D possesses data storage scheme and access strategy PU=[pij]n×m, for constraining the data access rights of intelligent terminal U
Limit meets: for Ai∈PU: pij=1;Forpij=0;If
It sets up, it is believed that data attribute collection AUMeet data storage scheme and access strategy PUThe access authority of definition;
Step 1: the data access request of intelligent terminal U and the response of access device D:
The intelligent terminal U generates pseudorandom session cycle identifier sidU, extract identity token value TU, by data
sidU‖TUThe access device D is sent to as access request and starts a new authentication period;
When the access device D receives data sidU‖TUAfterwards, the access device D firstly generates session cycle identifier
sidD, and construct Your Majesty key mpk=(gi,h,hi, BG, e (g, h), H) and main private key msk=(α, g);Wherein, the access is set
Standby D randomly selects numerical valueIt calculatesWith
The access device D randomly selects numerical value σ ∈ { 0,1 }*, extract the data access authority plan of the intelligent terminal U
Slightly PU=[pij]n×m(pij∈{0,1});Wherein, the intelligent terminal U possesses to default authorisation data field DUAccess authority, it is full
Sufficient data access authority strategy PUControl requirement;The access device D is further according to data access authority strategy PUAnd identity
Token value TUDefine a multinomial Fa(x,PU):
The access device D calculates one group of numerical value M first0, M1, { M2i, M3, M4, and close value C={ M is constructed based on this1,
{M2i},M3,M4, then by data sidD‖ C is sent to the intelligent terminal U;Wherein,
M0=H (PU‖DU‖TU‖σ)
Step 2: the data access control of intelligent terminal U:
The intelligent terminal U extracts data attribute access list A firstU=[aij](aij∈ { 0,1 }, aij≤pij) weigh
Newly one data access list L of buildingU=[lij]n×m, wherein lij=pij-aij;The intelligent terminal U is according to data access list
LUWith identity token value TUTo define a multinomial FU(x,LU):
Based on this, FU(x,LU) meet following algebraic relation formula:
The intelligent terminal U randomly selects numerical valueWhat is calculated obtains data attribute access list AUDecryption it is close
Key
The intelligent terminal U calculates NU1, NU2, NU3:
Wherein, faiFor representative polynomial Fa(x,PU) in xiThe coefficient of item, fUiRepresentative polynomial FU(x,LU) in xi?
Coefficient;
Based on this,Meet following algebraic relation formula:
The intelligent terminal U recalculates numerical valueObtain the data field D of its default authorisationU;If the intelligence
Terminal U can use numerical valueThe close value C of successful decryption, it is believed that the intelligent terminal U is a legal intelligent terminal;
Conversely, then agreement terminates;
It is provided by the invention based on the wearable device authentication method selectively revealed, using based on dull Boolean matrix
The encryption of ciphertext policy ABE base and Bilinear map algorithm, realize the fine-granularity access control to default authorisation data.It introduces dual
Session cycle identifier and pseudo random number are fresh for realizing what is communicated and interact as the dynamic variable parameter in the session period
Property.Attacker cannot obtain any information of pseudo-random function generator, it is ensured that only legal intelligent terminal could to ciphertext into
Row decryption obtains the data field of access device authorization access.
The present invention designs the ciphertext policy ABE base Encryption Algorithm based on dull Boolean matrix, realizes to default authorisation data
Fine-granularity access control.For the access control algorithm compared with traditional algorithm, user possesses the decruption key of regular length, number
The size of mesh and data attribute collection be it is relatively independent, avoid the linear increase of decruption key.
Detailed description of the invention
Fig. 1 is that the present invention is based on the flow charts of the intelligent terminal access control method of attribute base encryption.
Specific embodiment
In conjunction with following specific embodiments and attached drawing, the invention will be described in further detail.Implement process of the invention, item
Part, experimental method etc. are among the general principles and common general knowledge in the art in addition to what is specifically mentioned below, the present invention
There are no special restrictions to content.
One, system initialization
In system initialization, which includes access device D and intelligent terminal U;Different intelligent terminals set access
Data in standby D access device possess relatively independent access authority;That is intelligent terminal U can only access switch in device D it is specific
Data field, the access authority that cannot be exceeded oneself obtain other unauthorized data fields;This method mainly solve access device D and
Data access control problem between intelligent terminal U;
Assuming that B G=(q, g, h, G, G ', e, H) is a matched group, wherein q is a big prime number, and { G, G ' } is two q
The multiplicative group of rank, G=<g>=<h>, H are a collisionless Hash functions;Access device D and intelligent terminal U is defined to gather around respectively
There are respective public/private keys to { pkD,skDAnd { pkU,skU};Access device D possesses the public key pk of intelligent terminalUAnd assumed name
PIDU, intelligent terminal U possesses respective assumed name PIDU, token TUAnd the public key pk of access device DD;Note: public keyCorresponding private key sk{D,U}It is to be defined based on generation member g;
A is an attribute set, defines n property element A={ A to all intelligent terminals1,A2,...,An};Intelligence
Energy terminal U possesses the property set of oneselfFor realizing data access;Define AUAnd PUIt is dull Boolean matrix, respectively
For indicating the data access attribute list and data access authority strategy of intelligent terminal U;
Assuming that intelligent terminal U possesses data attribute collection AU=[aij]n×m, meet: for Ai∈ A:aij=1;Foraij=0;
Assuming that access device D possesses data storage scheme and access strategy PU=[pij]n×m, for constraining the data access rights of intelligent terminal U
Limit meets: for Ai∈PU: pij=1;Forpij=0;If
It sets up, it is believed that data attribute collection AUMeet data storage scheme and access strategy PUThe access authority of definition;
Two, the response of the data access request of intelligent terminal U and access device D:
Intelligent terminal U generates pseudorandom session cycle identifier sidU, extract identity token value TU, by data sidU‖TU
Access device D is sent to as access request and starts a new authentication period;
When access device D receives the sid of intelligent terminal U transmissionU‖TUAfterwards, D firstly generates session cycle identifier sidD,
Construct Your Majesty's key mpk=(gi,h,hi, BG, e (g, h), H) and main private key msk=(α, g);Wherein, access device D is randomly selected
Numerical valueIt calculatesWith
Access device D randomly selects numerical value σ ∈ { 0,1 }*, extract the data access authority strategy P of intelligent terminal UU=
[pij]n×m(pij∈{0,1});Wherein, intelligent terminal U possesses to default authorisation data field DUAccess authority, meet access right
Limit strategy PUControl requirement;Access device D is further according to PUWith token value TUDefine a multinomial Fa(x,PU);
Access device D calculates one group of numerical value M first0, M1, { M2i, M3, M4, and close value C={ M is constructed based on this1,{M2i},
M3,M4, then by sidD‖ C is sent to intelligent terminal U;
M0=H (PU‖DU‖TU‖σ)
Three, the data access control of intelligent terminal U
Intelligent terminal U extracts data attribute access list A firstU=[aij](aij∈ { 0,1 }, aij≤pij) Lai Chongxin structure
Build a data access list LU=[lij]n×m, wherein lij=pij-aij;Intelligent terminal U is according to LUWith token value TUTo define one
A multinomial FU(x,LU);
Based on this, FU(x,LU) meet following algebraic relation formula:
Intelligent terminal U randomly selects numerical valueWhat is calculated obtains AUDecruption key
Intelligent terminal U calculates NU1, NU2, NU3;Wherein, faiFor representative polynomial Fa(x,PU) in xiThe coefficient of item, fUiTable
Show multinomial FU(x,LU) in xiThe coefficient of item;
Based on this,Meet following algebraic relation formula:
Intelligent terminal U recalculates numerical valueObtain the data field D of its default authorisationU;If intelligent terminal U
It can useThe close value C of successful decryption, it is believed that intelligent terminal U is a legal intelligent terminal;Conversely, agreement is whole
Only;
Protection content of the invention is not limited to above embodiments.Without departing from the spirit and scope of the invention, originally
Field technical staff it is conceivable that variation and advantage be all included in the present invention, and with appended claims be protect
Protect range.
Claims (7)
1. a kind of intelligent terminal access control method based on the encryption of attribute base characterized by comprising
Step 1: the data access request of intelligent terminal U and the response of access device D:
The intelligent terminal U generates pseudorandom session cycle identifier sidU, extract identity token value TU, by data sidU‖TU
The access device D is sent to as access request and starts a new authentication period;
When the access device D receives data sidU‖TUAfterwards, the access device D firstly generates session cycle identifier
sidD, and construct Your Majesty key mpk=(gi,h,hi, BG, e (g, h), H) and main private key msk=(α, g);Wherein, the access is set
Standby D randomly selects numerical valueIt calculatesWith
The access device D randomly selects numerical value σ ∈ { 0,1 }*, extract the data access authority strategy P of the intelligent terminal UU=
[pij]n×m(pij∈{0,1});Wherein, the intelligent terminal U possesses to default authorisation data field DUAccess authority, meet number
According to access authority strategy PUControl requirement;The access device D is further according to data access authority strategy PUAnd identity token
Value TUDefine a multinomial Fa(x,PU):
The access device D calculates one group of numerical value M first0, M1, { M2i, M3, M4, and close value C={ M is constructed based on this1,{M2i},
M3,M4, then by data sidD‖ C is sent to the intelligent terminal U;Wherein,
M0=H (PU‖DU‖TU‖σ)
Step 2: the data access control of intelligent terminal U:
The intelligent terminal U extracts data attribute access list A firstU=[aij](aij∈ { 0,1 }, aij≤pij) Lai Chongxin structure
Build a data access list LU=[lij]n×m, wherein lij=pij-aij;The intelligent terminal U is according to data access list LUWith
Identity token value TUTo define a multinomial FU(x,LU):
Based on this, FU(x,LU) meet following algebraic relation formula:
The intelligent terminal U randomly selects numerical valueWhat is calculated obtains data attribute access list AUDecruption key
The intelligent terminal U calculates NU1, NU2, NU3:
Wherein, faiFor representative polynomial Fa(x,PU) in xiThe coefficient of item, fUiRepresentative polynomial FU(x,LU) in xiThe coefficient of item;
Based on this,Meet following algebraic relation formula:
The intelligent terminal U recalculates numerical value σl,Obtain the data field D of its default authorisationU;If the intelligent terminal U
It can use numerical valueThe close value C of successful decryption, it is believed that the intelligent terminal U is a legal intelligent terminal;Conversely,
Then agreement terminates;
2. the intelligent terminal access control method according to claim 1 based on the encryption of attribute base, which is characterized in that use
Ciphertext policy ABE base Encryption Algorithm based on dull Boolean matrix realizes the fine-granularity access control to default authorisation data.
3. the intelligent terminal access control method according to claim 1 based on the encryption of attribute base, which is characterized in that user
Possess the decruption key of regular length, the size of number and data attribute collection be it is relatively independent, avoid the line of decruption key
Property increase.
4. the intelligent terminal access control method according to claim 1 based on the encryption of attribute base, which is characterized in that be
When system initialization, it is assumed that BG=(q, g, h, G, G ', e, H) is a matched group, and wherein q is a big prime number, and { G, G ' } is two
The multiplicative group of a q rank, G=<g>=<h>, H are a collisionless Hash functions;Define access device D and intelligent terminal U points
Do not possess respective public/private keys to { pkD,skDAnd { pkU,skU};Access device D possesses the public key pk of intelligent terminalUAnd vacation
Name PIDU, intelligent terminal U possesses respective assumed name PIDU, identity token value TUAnd the public key pk of access device DD。
5. the intelligent terminal access control method according to claim 4 based on the encryption of attribute base, which is characterized in that public keyCorresponding private key sk{D,U}It is to be defined based on generation member g.
6. the intelligent terminal access control method according to claim 4 based on the encryption of attribute base, which is characterized in that A is
One attribute set defines n property element A={ A to all intelligent terminals1,A2,...,An};Intelligent terminal U possesses
The property set of oneselfFor realizing data access;Define AUAnd PUIt is dull Boolean matrix, is respectively intended to indicate intelligence
The data access attribute list and data access authority strategy of energy terminal U.
7. the intelligent terminal access control method according to claim 6 based on the encryption of attribute base, which is characterized in that assuming that
Intelligent terminal U possesses data attribute collection AU=[aij]n×m, meet: for Ai∈ A:aij=1;Foraij=0;
Assuming that access device D possesses data storage scheme and access strategy PU=[pij]n×m, for constraining the data access authority of intelligent terminal U,
Meet: for Ai∈PU: pij=1;Forpij=0;IfAt
It is vertical, it is believed that data attribute collection AUMeet data storage scheme and access strategy PUThe access authority of definition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910140125.7A CN109873824A (en) | 2019-02-26 | 2019-02-26 | A kind of intelligent terminal access control method based on the encryption of attribute base |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910140125.7A CN109873824A (en) | 2019-02-26 | 2019-02-26 | A kind of intelligent terminal access control method based on the encryption of attribute base |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109873824A true CN109873824A (en) | 2019-06-11 |
Family
ID=66919202
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910140125.7A Pending CN109873824A (en) | 2019-02-26 | 2019-02-26 | A kind of intelligent terminal access control method based on the encryption of attribute base |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109873824A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112307519A (en) * | 2020-10-23 | 2021-02-02 | 复旦大学 | Hierarchical verifiable query system based on selective leakage |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624522A (en) * | 2012-03-30 | 2012-08-01 | 华中科技大学 | Key encryption method based on file attribution |
| US9043927B2 (en) * | 2012-09-27 | 2015-05-26 | Neo Mechanic Limited | Method and apparatus for authenticating location-based services without compromising location privacy |
-
2019
- 2019-02-26 CN CN201910140125.7A patent/CN109873824A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624522A (en) * | 2012-03-30 | 2012-08-01 | 华中科技大学 | Key encryption method based on file attribution |
| US9043927B2 (en) * | 2012-09-27 | 2015-05-26 | Neo Mechanic Limited | Method and apparatus for authenticating location-based services without compromising location privacy |
Non-Patent Citations (2)
| Title |
|---|
| HONG LIU等: "《Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing》", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 * |
| 刘占斌等: "《云计算中基于密文策略属性基加密的数据访问控制协议》", 《信息网络安全》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112307519A (en) * | 2020-10-23 | 2021-02-02 | 复旦大学 | Hierarchical verifiable query system based on selective leakage |
| CN112307519B (en) * | 2020-10-23 | 2022-06-17 | 复旦大学 | Hierarchical verifiable query system based on selective leakage |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107864139B (en) | Cryptographic attribute base access control method and system based on dynamic rules | |
| Guan et al. | Achieving efficient and secure data acquisition for cloud-supported internet of things in smart grid | |
| CN103618728B (en) | A kind of encryption attribute method at more mechanism centers | |
| Dowd et al. | Network security: it's time to take it seriously | |
| CN107070652B (en) | A kind of car networking method for secret protection that the ciphertext based on CP-ABE is anti-tamper and system | |
| CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
| CN103595793B (en) | Cloud data safe deleting system and method without support of trusted third party | |
| CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
| WO2018113563A1 (en) | Database query method and system having access control function | |
| Akhil et al. | Enhanced cloud data security using AES algorithm | |
| CN108881314A (en) | Mist calculates the method and system for realizing secret protection under environment based on CP-ABE ciphertext access control | |
| CN103067166B (en) | The stepped mixing encryption method and device of a kind of intelligent home system | |
| CN103327002A (en) | Cloud storage access control system based on attribute | |
| Rivera et al. | Secure communications and protected data for a Internet of Things smart toy platform | |
| CN108040056A (en) | Safety medical treatment big data system based on Internet of Things | |
| CN107846397A (en) | A kind of cloud storage access control method based on the encryption of attribute base | |
| CN106792501A (en) | A kind of LBS customer locations and privacy of identities guard method | |
| CN110502918A (en) | A kind of electronic document access control method and system based on classification safety encryption | |
| CN110086615A (en) | A kind of more authorized party's ciphertext policy ABE base encryption methods of distribution that medium is obscured | |
| CN101834853A (en) | Method and system for sharing anonymous resource | |
| CN106612169A (en) | Safe data sharing method in cloud environment | |
| CN106452770A (en) | Data encryption method and apparatus, data decryption method and apparatus, and system | |
| CN115426136B (en) | Cross-domain access control method and system based on block chain | |
| CN113179270B (en) | Mobile crowd sensing traceable and privacy protection-based data sharing method | |
| CN106487792A (en) | A kind of power marketing cloud storage encryption method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190611 |
|
| WD01 | Invention patent application deemed withdrawn after publication |