CN113779537B - Authority management method for verifier - Google Patents

Authority management method for verifier Download PDF

Info

Publication number
CN113779537B
CN113779537B CN202111095730.0A CN202111095730A CN113779537B CN 113779537 B CN113779537 B CN 113779537B CN 202111095730 A CN202111095730 A CN 202111095730A CN 113779537 B CN113779537 B CN 113779537B
Authority
CN
China
Prior art keywords
authority
employee
certificate
rights
verifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111095730.0A
Other languages
Chinese (zh)
Other versions
CN113779537A (en
Inventor
杨波
谭亦夫
张彦超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Unionpay Card Technology Co ltd
Original Assignee
Beijing Unionpay Card Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Unionpay Card Technology Co ltd filed Critical Beijing Unionpay Card Technology Co ltd
Priority to CN202111095730.0A priority Critical patent/CN113779537B/en
Publication of CN113779537A publication Critical patent/CN113779537A/en
Application granted granted Critical
Publication of CN113779537B publication Critical patent/CN113779537B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a right management method for a verifier, which comprises the following steps: when the employee wants to use a right, the employee presents a right certificate to the verifier by means of the certificate carrier; the verifier verifies the validity of the employee digital certificate to verify the identity of the employee; the verifier inquires whether a certificate ID number corresponding to a right certificate where the right is located exists in the revocation list; the verifier inquires whether the authority number corresponding to the authority exists in the revocation list; the verifier checks whether the authority which the employee wants to use exists in the authority certificate and the authority validity period corresponding to the authority; the verifier inquires whether an administrator authorized to the employee's permission certificate has permission grant rights granted to the permission; the verifier verifies the validity of the authority certificate through the public key of the manager; and providing the service corresponding to the authority for the staff. The invention realizes efficient, flexible and safe management of employee rights based on the digital certificate, has low cost and is suitable for popularization.

Description

Authority management method for verifier
Technical Field
The invention relates to a right management method for a verifier (such as an access control and the like), belonging to the technical field of right management.
Background
Currently, rights management applied to hardware device validators is typically implemented by formulating access control mechanisms. The access control mechanism is classified according to policies and may be classified into a conventional access control model, a role-based access control model, a task-and role-based access control model, and the like.
Conventional access control models include autonomous access control (DAC) and Mandatory Access Control (MAC), wherein DAC becomes very large when there are many users due to its access control list (Access Control List, ACL for short), and thus is prone to maintenance difficulties. The MAC is used for a multi-stage security military system, and has the defects of large implementation workload, inflexibility and troublesome management.
In a role-based access control model, users and access permissions are connected together through roles, so that access control of a subject to an object is realized, and the mechanism is relatively fit with reality, easy to understand and relatively wide in application. But for dynamic rights management it is also necessary to extend the character model.
The task-based access control model combines the task and the authority, and after the task is executed, the subject cannot continue to access the object, which is widely applied to software engineering development, but some problems are still exposed in the practical application process, for example, the task is not effectively separated from the task, or the task is required to be used in combination with the task-based access control model, so that the realization is troublesome.
In the access control model based on the task and the role, the required authority is granted when the task starts to be executed, the task is retracted when the task ends, the role and the authority are unhooked, the task is added between the task and the authority as connection, and the disadvantage is that the realization workload is large.
From the specific implementation, whether the employee has a certain authority is judged, and verification is generally performed through the following ways: first, password identification, typically equipped with a password keypad, verifies the rights by entering the correct password. Second, card identification is performed by reading information such as employee numbers or names by reading a card (magnetic card or radio frequency card) or the like. Third, biometric identification is performed by verifying biometric information of the employee, such as fingerprints, palmprints, faces, irises, etc. The above embodiment has the following disadvantages: 1. these embodiments all require a background server to maintain the identity information, authority information, etc. of the staff, which increases cost intangibly. 2. These embodiments all present more or less safety issues. For example, the password identification method has problems such as weak password, brute force cracking, password leakage, and the like. For another example, cards used for card identification may be duplicated, resulting in rights abuse. For example, biometric information such as a fingerprint or a face in a biometric system can be manually molded to achieve the purpose of passing authentication, which is dangerous.
Disclosure of Invention
The invention aims to provide a rights management method for a verifier, which realizes efficient, flexible and safe management of employee rights based on a digital certificate, has low cost and is suitable for popularization.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a rights management method for a verifier, comprising the steps of:
a) When the employee wants to use a right, the employee presents a right certificate to the verifier by means of the certificate carrier so as to start verifying the right;
b) The verifier verifies the validity of the employee digital certificate to verify the identity of the employee: if the employee digital certificate is valid, entering the next step, otherwise, stopping the verification if the employee digital certificate is not passed;
c) The verifier inquires whether a credential ID number corresponding to a right credential where the right is located exists in the revocation list: if yes, the verification is not passed, and the process is finished, otherwise, the next step is carried out;
d) The verifier inquires whether a right number corresponding to the right exists in the revocation list: if yes, the verification is not passed, and the process is ended, otherwise, the next step is carried out;
e) The verifier checks whether the rights which the employee wants to use exist in the rights voucher and the rights validity period corresponding to the rights: if the authority exists in the authority certificate and is not expired, entering the next step, otherwise, checking is not passed, and ending;
f) The verifier queries whether an administrator authorized to the employee's rights voucher has rights granted to the right: if the authority is authorized, the next step is carried out, otherwise, the verification is not passed, and the process is finished;
g) The verifier verifies the validity of the right certificate through the public key of the manager: if not, the verification is not passed, and if not, the verification is passed, and the next step is carried out;
h) Providing the employee with a service corresponding to the authority;
the generation of the authority certificate comprises the following steps:
1) The employee applies for the authority, generates an authority application list, and signs the authority application list through a private key corresponding to the digital certificate owned by the employee;
2) The administrator checks whether the authority exceeding the employee position exists in the authority application list according to the position of the employee, and checks whether the authority validity period of the authority application of the employee is reasonable: if the applied authority is in the authority range corresponding to the employee position and the authority validity period is reasonable, checking is passed, and entering the next step, otherwise, ending;
3) The administrator verifies the employee identity based on verifying the validity of the employee digital certificate, while verifying the integrity of the rights application list: if the employee digital certificate is valid and the authority application list is complete, the verification is passed, the next step is entered, and if not, the process is ended;
4) The administrator signs the authority application list by using an administrator private key to generate an authority certificate, generates a certificate ID number, then issues the authority certificate and the certificate ID number to staff and stores the authority certificate and the certificate ID number on a certificate carrier.
The invention has the advantages that:
the invention realizes effective management of employee rights based on the digital certificate, has flexible management, high safety, small maintenance and management workload and low realization cost, and is suitable for popularization.
Drawings
Fig. 1 is a schematic diagram of a rights verification flow.
Fig. 2 is a schematic diagram of a rights credential generation flow.
Detailed Description
As will be understood with reference to fig. 1 and 2, the rights management method for a verifier of the present invention includes the steps of:
a) When the employee wants to use a right, the employee presents a right certificate to the verifier by means of the certificate carrier so as to start verifying the right;
b) The verifier verifies the validity of the employee digital certificate to verify the identity of the employee: if the employee digital certificate is valid, entering the next step, otherwise, if the employee digital certificate is invalid, the verification is not passed, and ending;
c) The verifier inquires whether a credential ID number corresponding to a right credential where the right is located exists in a revocation list, wherein the revocation list comprises the credential ID number, the right number, the revocation date and a revocation person: if the certificate ID number exists in the revocation list, the verification of the authority is not passed, and the process is finished, otherwise, the next step is carried out;
d) The verifier inquires whether a right number corresponding to the right exists in the revocation list: if the authority number exists in the revocation list, the verification of the authority is not passed, and if the authority number does not exist in the revocation list, the next step is carried out;
e) The verifier checks whether the rights which the employee wants to use exist in the rights voucher and the rights validity period corresponding to the rights: if the authority exists in the authority certificate and is not expired, entering the next step, otherwise, verifying the authority is not passed, and ending;
f) The verifier queries whether an administrator authorized to the employee's rights voucher has rights granted to the right: if the administrator has the right granting right which grants the right, the next step is carried out, otherwise, if the administrator does not have the right granting right which grants the right, the verification of the right is not passed, and the process is finished;
g) The verifier verifies the validity of the right certificate through the public key of the manager: if the authority certificate is invalid, the authority certificate is tampered, the verification of the authority is not passed, and the process is finished, otherwise, if the authority certificate is valid, the authority certificate is authorized and not tampered, the verification of the authority is passed, and the next step is carried out;
h) Providing the employee with a service corresponding to the authority;
the generation of the authority certificate comprises the following steps:
1) The employee applies for the authority, generates an authority application list, and signs the authority application list through a private key corresponding to the digital certificate owned by the employee, wherein: the authority application list comprises authority numbers, application time, authority validity period, digital certificates of the staff and an administrator public key corresponding to the authorities which the staff wants to apply for;
2) The administrator checks whether the authority exceeding the employee position exists in the authority application list according to the position of the employee, and checks whether the authority validity period of the authority application of the employee is reasonable: if the applied authority is in the authority range corresponding to the employee position and the authority validity period is reasonable, checking and passing, and entering the next step, otherwise, ending (certainly, if meeting special requirements in actual application, the authority exceeding the employee position can also pass checking and passing according to the requirements);
3) The administrator verifies the employee identity based on verifying the validity of the employee's digital certificate, while verifying the integrity of the rights application list (verifying whether the rights application list is tampered with and whether data is lost): if the employee digital certificate is valid and the authority application list is complete, namely the authority application list is not tampered and the data is not lost, the verification is passed, the next step is entered, and if not, the process is ended;
4) The administrator signs the authority application list by using an administrator private key, generates an authority certificate, generates a certificate ID number, then issues the authority certificate and the certificate ID number to the staff, and stores the authority certificate and the certificate ID number on a certificate carrier owned by the staff.
Of course, in actual implementation, in addition to the employee applying the authority to generate the authority credential, the administrator may also generate the authority credential for the employee directly for the basic authority that the employee should possess.
In actual implementation, the issuing mode of the authority certificate and the certificate ID number is as follows:
writing information corresponding to the authority credentials and credential ID numbers into credential carriers used by staff by an administrator; or alternatively
The administrator generates a writing instruction and sends the writing instruction to the verifier so that when an employee shows the authority certificate to the verifier for the first time by means of the certificate carrier, the verifier writes information corresponding to the authority certificate and the certificate ID number into the certificate carrier through the writing instruction.
In the present invention, the modification of the rights includes:
if part of the rights in the rights voucher are reduced, adding the rights number corresponding to the rights to be reduced to the revocation list;
if the rights are added, the steps 1) -4) are re-executed.
In the present invention, revocation of rights credentials includes: and directly adding the certificate ID number of the authority certificate to the revocation list, namely reducing all the authorities in the authority certificate.
In actual implementation, the administrator changes include:
changing the original manager into a new manager;
the verification function of the public key of the manager of the original manager is reserved, and the authority of the original manager for issuing the authority certificate is revoked, so that the manager change can not influence the verification of the authority certificate issued before;
in this way, in the subsequent operation, the new authority certificate can continuously replace the old authority certificate, and when the old authority certificate is completely replaced by the new authority certificate, the digital certificate of the original manager is revoked, namely all functions of the original manager are revoked. For example, the manager has his digital certificate in the way he has been convinced, and needs to revoke his digital certificate, so that he will not issue a right certificate that can be verified at will.
In actual implementation, the loss processing of the authority credentials includes:
if the authority certificate of the employee is lost (such as due to the loss of the certificate carrier), the digital certificate is issued to the employee again by the unit root certificate, the original digital certificate is revoked, so that the lost authority certificate cannot pass the verification, and then a new authority certificate is generated for the employee by the administrator.
In practical implementation, the digital certificate is preferably an SM2 (national cryptographic algorithm) digital certificate (without limitation), and includes an initialization step before issuing the SM2 digital certificate for the administrators and employees of each department of the organization:
finite field F defining SM2 digital certificates p Elliptic curve E (F) p ) Two parameters a, b of the equation and a base point G on the elliptic curve, where g= (x) G ,y G ),x G 、y G Respectively the abscissa and the ordinate, x of the base point G G 、y G ∈F p The base point G has an order of n, which is a positive integer greater than 1.
For specific definition of the above parameters, reference may be made to GB/T32918.2-2016 section 2 of the information security technology SM2 elliptic Curve public key cryptography algorithm: digital signature algorithm.
Further, the generating of the authority credentials includes the steps of:
1-1) an employee B applies one or more rights according to actual needs, and then generates a rights application list M, wherein the rights application list M comprises a rights number Num, application time, rights validity period and an issuer corresponding to the rights which the employee wants to apply forDigital certificate Cert for engineering B B And an administrator public key P A
1-2) employee B passes through digital certificate Cert B The corresponding private key signs the authority application list M;
1-3) staff B submits a signed authority application list M to an administrator A;
1-4) an administrator A checks whether the authority exceeding the position of the employee exists in the authority application list M submitted by the employee B, and meanwhile checks whether the validity period of the authority applied by the employee B is reasonable or not: if the authority exceeding the staff position exists or the authority with unreasonable validity exists, the auditing is not passed, and the process is ended, otherwise, the next step is carried out;
1-5) manager A verifies the digital certificate Cert B To verify the identity of employee B, while verifying the integrity of rights application list M: if employee B's digital certificate Cert B The verification is passed if the authority application list M is valid and complete, the next step is entered, otherwise, the process is finished;
1-6) the administrator a calculates a first temporary value D and sends the first temporary value D to employee B, wherein: d= zfP B Z is a random number, the hash function value f is calculated by a hash function hash () (SM 3 hash algorithm), f=hash (M I N ||x G ||y G ||a||b||P B ||P A ) N is the order of the base point G, P B Digital certificate Cert, which is employee B B A corresponding public key;
1-7) after employee B receives the first temporary value D, calculate a second temporary value U and return the second temporary value U to administrator a, wherein: u= (d) B ) -1 D,d B Digital certificate Cert, which is employee B B A corresponding private key;
1-8) after receiving the second temporary value U, the administrator a verifies whether the equation u= zfG holds: if the equation is satisfied, entering the next step, otherwise ending;
1-9) Administrator A generates a random number k, k ε (1, n-1), computes a credential first value s and a credential second value r, and generates a credential ID number ID, where: s= (d) A +k) -1 ,r=fkG,id=hash(s,r,M),d A Is a digital certificate owned by administrator aCert A A corresponding private key;
1-10) packaging s, r and M into data packets (s, r, M), wherein the data packets (s, r, M) can be in a JSON format for transmitting text, so that authority credentials are generated;
1-11) issuing a rights voucher and a voucher ID number ID to employee B.
Further, the verification of the authority comprises the steps of:
2-1) employee B wants to use rights Q, and then submits rights credential (s, r, M) to verifier V through the action of the credential carrier holding the rights credential approaching verifier V;
2-2) verifier V verifies employee B digital certificate Cert B To verify employee identity: if staff B digital certificate Cert B If the result is valid, the next step is carried out, otherwise, the process is finished;
2-3) the verifier V inquires whether the credential ID number ID corresponding to the authority credential where the authority Q is located exists in a revocation list, wherein the revocation list comprises the credential ID number ID, the authority number Num, the revocation date and the revocation person: if not, entering the next step, otherwise, ending;
2-4) the verifier V queries whether the rights number Num corresponding to the rights Q is present in the revocation list: if not, entering the next step, otherwise, ending;
2-5) verifier V checks if the right Q that employee B wants to use is present in the right voucher and if the right Q expires: if the authority Q exists in the authority certificate and is not expired, entering the next step, otherwise ending;
2-6) verifier V inquires of administrator a whether it has the right grant right to grant right Q: if the administrator A has the authority granting right, the next step is carried out, otherwise, the process is finished;
2-7) the verifier V generates a random number h and calculates a third temporary value C and sends the third temporary value C to the employee B, wherein: c=hash (s, r, M) hps B
2-8) employee B, after receiving the third temporary value C, calculates a fourth temporary value F and returns the fourth temporary value F to validator V, wherein: f=d B -1 C;
2-9) verifier V verifies whether the equation f=hash (s, r, M) hG holds: if the equation is satisfied, entering the next step, otherwise ending;
2-10) verifier V computes f=hash (M n x) G ||y G ||a||b||P B ||P A ) Then verify equation s (fP A +r) =fg whether: if the equation is satisfied, the authority Q passes verification, the next step is entered, and if not, the process is ended;
2-11) providing employee B with the service corresponding to rights Q.
In the present invention, the credential carrier should have data read-write and computing capabilities. The credential carrier may be a hardware device such as a smart terminal, e.g. a smart phone, a smart card, e.g. a cryptographic card, a work card, an IC card.
When the credential carrier is an intelligent terminal, information interaction between staff and an administrator and between the staff and a verifier is realized through the intelligent terminal. When the credential carrier is a smart card, the information interaction between the employee and the administrator involves a computer in addition to the smart card participation, and the information interaction between the employee and the validator is accomplished through the smart card.
In the present invention, the information interaction between the administrator and the staff and the verifier is implemented by a computer, where the computer is used as a server, but optionally a reader/writer and a smart terminal (such as a smart phone) may be involved. For example, an administrator holds a reader-writer to issue a right credential and a credential ID number to an employee. Here, the reader/writer should have data reading and writing capability. For another example, the administrator issues the authority certificate and the certificate ID number to the employee's mobile phone through his own mobile phone through the computer as a server.
In the invention, the verifier is a hardware device with the capabilities of data reading and writing and calculating (such as password calculating), such as an access control.
In practical application, each department in the unit should be provided with an administrator, and the administrator should be acted on by a person having higher authority in the department.
In the invention, the trust relationship of the digital certificate is as follows: in the unit using the verifier, the trust relationship of the digital certificates is based on a unit root certificate, and the unit root certificate issues respective digital certificates for administrators and all employees of each department.
The staff has a unique private key for the own digital certificate, and the private key is distributed to the staff and kept by the staff. Likewise, the administrator has a unique private key for its own digital certificate, which private key is kept by the administrator's person. The employee's digital certificate is typically stored in a credential carrier and the administrator's digital certificate is typically stored in a computer.
The following is illustrative:
the new employee sheet just goes into job, and the department responsible for the management of the unit root certificate generates a new digital certificate for the sheet, which provides a basis for trust for the sheet in later work with other associates and verifiers (e.g., access control).
Then, the manager of the department where the sheetlet is located generates a basic authority certificate, such as the authority to enter the entrance gate, the dining hall of the restaurant, the gym, and other basic authorities related to the job where the sheetlet is located, for example, the old Wang Weixiao sheets of the manager of the department where the sheetlet is located. The permission certificate obtained by the sheet at this moment can be obtained by the sheet itself to give permission Shen Qingqu or can be directly obtained by a department administrator for the sheet Zhang Shengcheng because the permission certificate relates to the basic permission of the units and departments. Finally, the rights voucher is written to a sheetlet voucher carrier, such as a cell phone.
If the sheet is required to apply for the access rights of the machine room beyond the basic rights for working reasons within a period of time after working, the sheet is required to inquire the rights number of the access rights of the machine room, and the rights validity period is set in combination, so that a rights application list M related to the access rights of the machine room is generated. The rights application list M includes: rights number, application time, rights validity period, applicant, department, digital certificate. Then, the sheet signs the authority application list M with its own private key and sends the signed list M to the manager's old and young. Then, the manager's old king checks the authority application list M (whether the machine room access authority exceeds the position of the small sheet, and whether the validity period of the machine room access authority of the small sheet application is reasonable) and verifies the identity and the integrity of the authority application list M.
Assuming here that the audit and verification pass, the senior then sends a verification message to the sheetlet, the content of the verification message being D, d= zfP B Where f=hash (M n x) G ||y G ||a||b||P B ||P A ) F is authority credential content, z is random number generated by the King, P B Is the public key corresponding to the small digital certificate, P A Is the manager public key of the old king. After the sheet receives D, calculate U, u= (D B ) -1 D, then return U to the old king. Here, only a small Zhang Cai with this private key has the ability to calculate the result of U. After the old king receives U, it is verified whether the equation u= zfG holds. Here, assuming that this is true, the sheetlet passes the authentication. The administrator king then begins generating rights credentials for the sheetlet. The old king first generates a random number k, then calculates s and r, and simultaneously generates a credential ID number ID, s= (d) A +k) -1 R= fkG, id=hash (s, r, M). Then, the king issues the packed data packet (s, r, M) and id together to the small mobile phone, wherein (s, r, M) is the authority certificate.
Thus, when a sheetlet is entering a machine room, a right credential (s, r, M) is presented to the entrance guard (validator) at the entrance of the machine room. The access control then first verifies the validity of the digital certificate held by the sheetlet and then queries whether the id of this rights credential he presents is present in the revocation list. If the access ticket does not exist, the access ticket continues to inquire whether the authority number corresponding to the machine room access ticket authority in the authority ticket exists in the revocation list. Here, if no, the entrance guard checks whether the machine room entrance guard rights are present in the rights voucher and expire. Here, if the access control inquiry is present and not expired, the access control inquiry manager is about whether the old king of the manager has the right to grant the access right to the machine room. Assuming possession here, the entrance guard then generates a random number h, calculates C, c=hash (s, r, M) hP B And sends C to the sheetlet. After the sheet receives C, F, f=d is calculated B -1 C, returning F to the entrance guard. Here, only the small sheets have the ability to calculate F. Then, the entrance guard verifies whether the equation f=hash (s, r, M) hG is satisfied. The assumption here holds, the entrance guard continues to calculate f, f=hash (M I N ||x G ||y G ||a||b||P B ||P A ) Then verify equation s (fP A +r) =fg. The assumption here is true, which means that the verification of the access rights of the small machine room is passed at this time. The gate is then opened, allowing the sheetlet to enter the machine room.
In practice, if for some reason some rights to the sheetlet need to be restricted, it can be handled as appropriate. If all rights in the rights credential owned by the sheetlet need to be revoked, the sheetlet can contact the administrator's old king, letting the old king add the id of this rights credential to the revocation list on the computer that is the server. If the authority certificate owned by the sheetlet has five authorities, one authority needs to be deleted, the sheetlet can contact an administrator, the old and the king, and the authority number corresponding to the one authority deleted by the old Wang Jiangyao is added to a revocation list on a computer serving as a server.
If a sheet leaves a job on a certain day, the digital certificate of the sheet needs to be revoked.
The invention has the advantages that:
1. the maintenance and the management are convenient, and the workload is small: compared with the existing autonomous access control (DAC), the invention ensures that maintenance personnel does not need to maintain huge ACLs any more, but only needs to periodically maintain the revocation list with small data volume, and the revoked authority can be immediately deleted from the revocation list without maintenance if the revoked authority is expired, thus the workload of maintenance and management is small, and the resource consumption is greatly reduced.
Specifically, the ACL stores rights information of all incumbent employees, and once the employee rights change, the ACL needs to be modified, which can be seen as a huge workload. In the present invention, however, the revocation list is modified only in the following cases: first, the employee does not get a job, but the rights are revoked in advance. For example, a certain job is completed in advance (in practice, it is also possible not to revoke the rights unless applied to a case where the security level is very high, requiring that the corresponding rights be revoked immediately after the completion of the task). Second, when granting rights, the administrator operates the error, granting the employee the right to the error, but this is very rare. Thus, the revocation list is typically empty, and the maintenance personnel can be seen to be very small in workload.
2. The safety is high: on the one hand, when the invention is actually implemented, the possibility that an attacker authenticates the identity of staff through a digital certificate is extremely low, the possibility that the validity of the authority is verified through a cryptographic technology is extremely low, and the possibility that the authority is attacked through exhaustion is extremely low. On the other hand, the information of the credential carrier is not easy to copy, even if the information is copied, the security storage of the private key can ensure that the information cannot pass the identity verification after the copying, and compared with the card only storing the information related to staff in the prior art, the card is higher in copying difficulty and higher in cost. Specifically, if copying is performed, in addition to the complete credential carrier information and digital certificate, a private key corresponding to the digital certificate needs to be obtained, and the private key is stored in a security chip of the credential carrier, and the security chip can protect the key from being illegally read, so that the difficulty in implementing copying is high.
3. The dynamic expansion of rights is facilitated: in the authority credential generation stage, the authority set can be dynamically given based on roles, for example, the new employee authority set can comprise basic authorities such as gate access, unit canteen access and gymnasium access, and the authority can be managed in fine granularity, for example: and generating a right certificate for the right entering the machine room independently and writing the right certificate into a certificate carrier. Here, the permission set is a permission set with a certain reference value given in connection with the actual situation, but what permission is granted by the staff in particular is still determined by the administrator in connection with the actual situation. It can be seen that this mode of rights management provides convenience for dynamic expansion of rights.
The foregoing is a description of the preferred embodiments of the present invention and the technical principles applied thereto, and it will be apparent to those skilled in the art that any modifications, equivalent changes, simple substitutions and the like based on the technical scheme of the present invention can be made without departing from the spirit and scope of the present invention.

Claims (8)

1. A rights management method for a verifier, comprising the steps of:
a) When the employee wants to use a right, the employee presents a right certificate to the verifier by means of the certificate carrier so as to start verifying the right;
b) The verifier verifies the validity of the employee digital certificate to verify the identity of the employee: if the employee digital certificate is valid, entering the next step, otherwise, stopping the verification if the employee digital certificate is not passed;
c) The verifier inquires whether a credential ID number corresponding to a right credential where the right is located exists in the revocation list: if yes, the verification is not passed, and the process is finished, otherwise, the next step is carried out;
d) The verifier inquires whether a right number corresponding to the right exists in the revocation list: if yes, the verification is not passed, and the process is ended, otherwise, the next step is carried out;
e) The verifier checks whether the rights which the employee wants to use exist in the rights voucher and the rights validity period corresponding to the rights: if the authority exists in the authority certificate and is not expired, entering the next step, otherwise, checking is not passed, and ending;
f) The verifier queries whether an administrator authorized to the employee's rights voucher has rights granted to the right: if the authority is authorized, the next step is carried out, otherwise, the verification is not passed, and the process is finished;
g) The verifier verifies the validity of the right certificate through the public key of the manager: if not, the verification is not passed, and if not, the verification is passed, and the next step is carried out;
h) Providing the employee with a service corresponding to the authority;
the generation of the authority certificate comprises the following steps:
1) The employee applies for the authority, generates an authority application list, and signs the authority application list through a private key corresponding to the digital certificate owned by the employee;
2) The administrator checks whether the authority exceeding the employee position exists in the authority application list according to the position of the employee, and checks whether the authority validity period of the authority application of the employee is reasonable: if the applied authority is in the authority range corresponding to the employee position and the authority validity period is reasonable, checking is passed, and entering the next step, otherwise, ending;
3) The administrator verifies the employee identity based on verifying the validity of the employee digital certificate, while verifying the integrity of the rights application list: if the employee digital certificate is valid and the authority application list is complete, the verification is passed, the next step is entered, and if not, the process is ended;
4) The administrator signs the authority application list by using an administrator private key to generate an authority certificate, generates a certificate ID number, then issues the authority certificate and the certificate ID number to staff and stores the authority certificate and the certificate ID number on a certificate carrier.
2. The rights management method for a verifier of claim 1, wherein:
the issuing mode of the authority certificate and the certificate ID number is as follows:
writing information corresponding to the authority credentials and the credential ID number into the credential carrier used by the staff by the administrator; or alternatively
And generating a writing instruction by the administrator and sending the writing instruction to the verifier so that when the employee shows the authority certificate to the verifier for the first time by the certificate carrier, the verifier writes information corresponding to the authority certificate and the certificate ID number into the certificate carrier through the writing instruction.
3. The rights management method for a verifier of claim 1, wherein:
the modification of the rights includes:
if part of the rights in the rights voucher are reduced, adding a rights number corresponding to the rights to be reduced to the revocation list;
if the rights are added, the steps 1) -4) are re-executed.
4. The rights management method for a verifier of claim 1, wherein:
the revocation of the rights credential includes: and directly adding the certificate ID number of the authority certificate to the revocation list.
5. The rights management method for a verifier of claim 1, wherein:
the administrator changes include:
changing the original manager into a new manager;
the verification function of the public key of the manager of the original manager is reserved, and the authority of the original manager for issuing the authority certificate is revoked, so that the manager change can not influence the verification of the authority certificate issued before;
when the old authority credentials are replaced by the new authority credentials, the digital certificates of the original manager are revoked;
the loss processing of the authority certificate comprises the following steps:
if the authority certificate of the employee is lost, the digital certificate is issued to the employee again by the unit root certificate, the original digital certificate is revoked, so that the lost authority certificate cannot pass verification, and then a manager generates a new authority certificate for the employee.
6. A rights management method for a verifier as claimed in any one of claims 1 to 5, wherein:
the digital certificate is an SM2 digital certificate, and comprises an initialization step before issuing the SM2 digital certificate for administrators and staff of each department of a unit:
finite field F defining the SM2 digital certificate p Elliptic curve E (F) p ) Two parameters a, b of the equation and a base point G on the elliptic curve, where g= (x) G ,y G ),x G 、y G Respectively the abscissa and the ordinate, x of the base point G G 、y G ∈F p The base point G has an order of n, which is a positive integer greater than 1.
7. The rights management method for a verifier as claimed in claim 6, wherein:
the generation of the authority certificate comprises the following steps:
1-1) staff B applies for rights, and then generates a rights application list M, wherein the rights application list M comprises a rights number Num, application time, rights validity period and a digital certificate Cert of issuing staff B B And an administrator public key P A
1-2) employee B passes through digital certificate Cert B The corresponding private key signs the authority application list M;
1-3) staff B submits a signed authority application list M to an administrator A;
1-4) an administrator A checks whether the authority exceeding the position of the employee exists in the authority application list M submitted by the employee B, and meanwhile checks whether the validity period of the authority applied by the employee B is reasonable or not: if the authority exceeding the staff position exists or the authority with unreasonable validity exists, the auditing is not passed, and the process is ended, otherwise, the next step is carried out;
1-5) manager A verifies the digital certificate Cert B To verify the identity of employee B, while verifying the integrity of rights application list M: if employee B's digital certificate Cert B The verification is passed if the authority application list M is valid and complete, the next step is entered, otherwise, the process is finished;
1-6) the administrator a calculates a first temporary value D and sends the first temporary value D to employee B, wherein: d= zfP B Z is a random number, the hash function value f is generated by a hash function hash () calculation, f=hash (M I N ||x G ||y G ||a||b||P B ||P A ) N is the order of the base point G, P B Digital certificate Cert, which is employee B B A corresponding public key;
1-7) after employee B receives the first temporary value D, calculate a second temporary value U and return the second temporary value U to administrator a, wherein: u= (d) B ) -1 D,d B Digital certificate Cert, which is employee B B A corresponding private key;
1-8) after receiving the second temporary value U, the administrator a verifies whether the equation u= zfG holds: if the equation is satisfied, entering the next step, otherwise ending;
1-9) Administrator A generates a random number k, k ε (1, n-1), computes a credential first value s and a credential second valuer, and generates a credential ID number ID, wherein: s= (d) A +k) -1 ,r=fkG,id=hash(s,r,M),d A Is a digital certificate Cert owned by administrator A A A corresponding private key;
1-10) packaging s, r and M into data packets (s, r, M), thereby generating a rights voucher;
1-11) issuing a rights voucher and a voucher ID number ID to employee B.
8. The rights management method for a verifier of claim 7, wherein:
the verification of the rights comprises the steps of:
2-1) employee B wants to use rights Q and then submit rights credentials (s, r, M) to verifier V;
2-2) verifier V verifies employee B digital certificate Cert B To verify employee identity: if staff B digital certificate Cert B If the result is valid, the next step is carried out, otherwise, the process is finished;
2-3) the verifier V inquires whether the credential ID number ID corresponding to the authority credential where the authority Q is located exists in a revocation list, wherein the revocation list comprises the credential ID number ID, the authority number Num, the revocation date and the revocation person: if not, entering the next step, otherwise, ending;
2-4) the verifier V queries whether the rights number Num corresponding to the rights Q is present in the revocation list: if not, entering the next step, otherwise, ending;
2-5) verifier V checks if the right Q that employee B wants to use is present in the right voucher and if the right Q expires: if the authority Q exists in the authority certificate and is not expired, entering the next step, otherwise ending;
2-6) verifier V inquires of administrator a whether it has the right grant right to grant right Q: if the manager A owns the manager A, the next step is carried out, otherwise, the process is finished;
2-7) the verifier V generates a random number h and calculates a third temporary value C and sends the third temporary value C to the employee B, wherein: c=hash (s, r, M) hps B
2-8) employee B receives the third temporary value C and calculates a fourth temporary value FAnd returns a fourth temporary value F to verifier V, wherein: f=d B -1 C;
2-9) verifier V verifies whether the equation f=hash (s, r, M) hG holds: if the equation is satisfied, entering the next step, otherwise ending;
2-10) verifier V computes f=hash (M n x) G ||y G ||a||b||P B ||P A ) Then verify equation s (fP A +r) =fg whether: if the equation is satisfied, the authority Q passes verification, the next step is entered, and if not, the process is ended;
2-11) providing employee B with the service corresponding to rights Q.
CN202111095730.0A 2021-09-17 2021-09-17 Authority management method for verifier Active CN113779537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111095730.0A CN113779537B (en) 2021-09-17 2021-09-17 Authority management method for verifier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111095730.0A CN113779537B (en) 2021-09-17 2021-09-17 Authority management method for verifier

Publications (2)

Publication Number Publication Date
CN113779537A CN113779537A (en) 2021-12-10
CN113779537B true CN113779537B (en) 2023-11-03

Family

ID=78851992

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111095730.0A Active CN113779537B (en) 2021-09-17 2021-09-17 Authority management method for verifier

Country Status (1)

Country Link
CN (1) CN113779537B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117333140B (en) * 2023-11-24 2024-02-20 贵州航天云网科技有限公司 Enterprise information service management system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271040A (en) * 2011-07-26 2011-12-07 北京华大信安科技有限公司 Identity verifying system and method
CN113204744A (en) * 2021-04-07 2021-08-03 西安西电链融科技有限公司 Software authorization system and method based on distributed identity
CN113259125A (en) * 2021-06-10 2021-08-13 国网浙江省电力有限公司物资分公司 Block chain-based national network digital certificate management method and device and electronic equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271040A (en) * 2011-07-26 2011-12-07 北京华大信安科技有限公司 Identity verifying system and method
CN113204744A (en) * 2021-04-07 2021-08-03 西安西电链融科技有限公司 Software authorization system and method based on distributed identity
CN113259125A (en) * 2021-06-10 2021-08-13 国网浙江省电力有限公司物资分公司 Block chain-based national network digital certificate management method and device and electronic equipment

Also Published As

Publication number Publication date
CN113779537A (en) 2021-12-10

Similar Documents

Publication Publication Date Title
US10127377B2 (en) Mobile credential revocation
US10829088B2 (en) Identity management for implementing vehicle access and operation management
US9979709B2 (en) Methods for secure restoration of personal identity credentials into electronic devices
US7694330B2 (en) Personal authentication device and system and method thereof
US10608828B2 (en) Revocation status using other credentials
US9092016B2 (en) Universal validation module for access control systems
US9769164B2 (en) Universal validation module for access control systems
CN113779537B (en) Authority management method for verifier
CN113781689A (en) Access control system based on block chain
KR101616795B1 (en) Method for manage private key file of public key infrastructure and system thereof
US20210319116A1 (en) Systems and methods of access validation using distributed ledger identity management
Li et al. E-passport EAC scheme based on Identity-Based Cryptography
KR102209481B1 (en) Method for operating account reinstating service based account key pairs, system and computer-readable medium recording the method
TWI773217B (en) System, method and computer program product for pass-through control
Camenisch et al. Credential-based access control extensions to XACML
Deswarte et al. Towards a privacy-preserving national identity card
Jeon Four-factor verification methodology for entity authentication assurance
Mercer et al. Mechanism to Authenticate a Reader to a Credential
Macan EU Service Directive, Digital Identity and ID Documents in Bosnia and Herzegovina
KR20110115256A (en) Electronic signature management method using signer identification
Hong et al. A role-based fast negotiation model in openning network
Sukaimi Smart Card-An Alternative to Password Authentication
JP2009112015A (en) Personal authentication device and system and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant