CN101834853A - Method and system for sharing anonymous resource - Google Patents

Method and system for sharing anonymous resource Download PDF

Info

Publication number
CN101834853A
CN101834853A CN201010140904A CN201010140904A CN101834853A CN 101834853 A CN101834853 A CN 101834853A CN 201010140904 A CN201010140904 A CN 201010140904A CN 201010140904 A CN201010140904 A CN 201010140904A CN 101834853 A CN101834853 A CN 101834853A
Authority
CN
China
Prior art keywords
resource
authentication
anonymous
server
issue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201010140904A
Other languages
Chinese (zh)
Other versions
CN101834853B (en
Inventor
冯登国
张立武
张严
李强
王鹏翩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN2010101409046A priority Critical patent/CN101834853B/en
Publication of CN101834853A publication Critical patent/CN101834853A/en
Application granted granted Critical
Publication of CN101834853B publication Critical patent/CN101834853B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a system for sharing an anonymous resource, which belong to the technical field of computer information. The method for sharing the resource comprises the following steps that: a resource provider initiates a resource publishing request to a resource management server; the resource management server performs an anonymous authentication on the request; the resource provider generates a resource acquisition strategy, uses the resource acquisition strategy as a cipher key to encrypt the resource, and sends the acquisition strategy and the encrypted resource to the resource management server; the resource management server stores a binary group and releases resource description information; a resource acquirer retrieves the resource description information and initiates a resource acquisition request; the resource management server performs the anonymous authentication on the resource acquirer; and the resource acquirer acquires and decrypts the resource after acquiring a strategy verification. The invention also discloses a system sharing the resource, which corresponds to the method. The method and the system can be used for computer information technical application such as network resource sharing and the like.

Description

Anonymous resource share method and system
Technical field
The present invention relates to resource-sharing, relate in particular to anonymous authentication method, anonymous resource share method and system.Belong to the computer information technology field.
Background technology
Development of internet technology is achieved the information resources overall sharing, brings new knowledge acquisition pattern to people, has also caused new safety problem simultaneously, such as the information leakage problem that causes in the resource-sharing process.Along with network activity is increasing, individual privacy is paid attention to by people more and more, uses anonymous authentication and anonymous communication to ensure that the individual privacy of most of network activity is an inexorable trend.The core concept of anonymous authentication is in the process of authentication qualification authentication and identification to be separated, and promptly authentication can only be verified the association attributes that the user has in verification process, and don't reveals its concrete identity.
In the application that at present common Internet resources are shared, can set up some Resource Servers usually, come the issue of resource is managed, these servers also can be the user simultaneously related services such as resource index, charging are provided.Above-mentioned Resource Server provides the management means that can audit, can investigate; but simultaneously along with people improve constantly for the attention of privacy concern; how improving the protection to privacy of user when not reducing the system safety performance, is a major challenge that the resource sharing system designer faces.In at present main resource sharing network is used, usually user's privacy is not considered, or only user's IP is carried out anonymity and handle, this makes the opponent to follow the trail of user's behavior more easily, collects user profile and also sets up files on each of customers.Simultaneously, adopt the means of assumed name mapping can avoid the generation of said circumstances to a certain extent, but still can not avoid Resource Server to destroy user's privacy.
At present; some research projects have been arranged with the key content of anonymous authentication correlation technique as research; comprise the shibboleth project of Oasis tissue and the Liberty project of Liberty Alliance etc.; but the core technology of these projects is pseudonymities in communication process; make the third party can't obtain user's personal information; thereby protected user's individual privacy; but Resource Server is not then limited; server can be understood user's full detail when authentication; if server is dishonest or attacked; then can reveal user's personal information, might cause unknown threat.In addition, the full detail of resource generally will be preserved and understand to server, if server attacked the information that also can cause resource and revealed, and server will manage the access control of resource, thereby increased the weight of load of server.And the present invention has adopted a kind of anonymous authentication and method for communicating, not only can protect user's personal information to the third party of malice, and can make server also can't obtain user's personal information, server can only be verified the association attributes that the user has when authentication, other personal information about the user can't obtain, thus better protection user's individual privacy; And the resource that server is safeguarded is the result after resource being encrypted according to the acquisition strategy of resource by resource provider, the correct decoding resource of validated user ability that only has the attribute that satisfies tactful defined, so server also can't obtain the information about resource, thus better protection resource information; In addition, server only is responsible for preserving resource concurrence cloth resource, obtains resource for the user through authentication, thereby has also alleviated the maintenance cost of server.
Summary of the invention
One of purpose of the present invention is to overcome problems of the prior art, and a kind of anonymous resource share method and system are provided.
One. anonymous resource share method
Anonymous resource share method of the present invention comprises that the issue of anonymity (uploading) and the anonymity of resource obtain (download), the relation between the former corresponding resource publisher and the resource management server, the relation between corresponding resource acquisition person of the latter and the management server.Fig. 1 has provided the schematic diagram that concerns between the above-mentioned three, below in conjunction with this description of drawings anonymous resource share method of the present invention.
At first, the issue of anonymity of resource comprises the following steps:
A. resource provider is initiated resource issue request to resource management server, and described request comprises the descriptor of resource R;
B. resource management server carries out anonymous authentication to resource provider, and authentication is by then allowing resource provider issue resource;
Preferably, in order to guarantee that resource acquisition person can verify resource provider in the described below process resource access, after authentication is passed through herein, resource management server can generate and preserve an authentication information A, this authentication information comprises the descriptor of resource, and use the private key of resource management server to sign, to guarantee and can not be maliciously tampered, in the process that follow-up resource acquisition person verifies resource provider, will use this authentication information.
C. resource provider generates resource acquisition strategy P, and P is made up of the Boolean expression of a plurality of attributes; Resource provider is a key with described Boolean expression, uses the encryption method of setting that R is encrypted, the resource C after obtaining to encrypt; Resource provider sends to resource management server with P and C;
The encryption method of above-mentioned setting is preferably the encryption method based on attribute, the fail safe that this method had has guaranteed only to have the correct deciphering of validated user ability of the attribute expression formula that satisfies tactful defined and obtain to encrypt preceding source material, even other disabled users obtain this encrypt asset and can not correctly resolve, thereby can not obtain any information of relevant resource;
D. resource management server stores two tuples that are made of C and P, and issues described resource description information;
Secondly, the anonymity of resource is obtained and is comprised the following steps:
E. resource acquisition person is to the obtain request of resource management server initiation to R;
F. resource management server carries out anonymous authentication to resource acquisition person, and authentication is by then allowing resource acquisition person to obtain resource;
G. resource acquisition person judges according to P whether it has the authority of obtaining R, if then resource management server sends to resource acquisition person with C;
Especially, if among the step b, resource management server generates and has preserved authentication information A, then resource acquisition person can obtain authentication information A from resource management server before this step, whether the resource description that comprises among the validity of its signature of verification and the verification A is consistent with R, if checking is passed through, then carry out this step;
H. resource acquisition person obtains R according to its private key that has deciphering C.
In said method because the resource publisher resource of uploading onto the server not is a resource itself, but the result of resource after according to the acquisition strategy encryption, so server can't be understood the internal information of resource, thus better protection the internal information of resource; And the validated user that only has the attribute that satisfies tactful defined could correct deciphering and obtain the internal information of resource, even other disabled users obtain resource and also can't decipher, thereby also provides a kind of function of optional validated user for the resource publisher; In addition, user authentication information need transmit by credible mode between server and user.Transfer mode can select multiple different form to realize, if adopt the symmetric key system relation of breaking the wall of mistrust directly to transmit, transmit if adopt the PKI system can select under the encryption channel authentication information to be carried out signature way to encrypted authentication information.
In addition, since comparatively complicated based on the cryptographic algorithm of attribute, in order to improve the computational efficiency of system, in step c, directly resource itself is not encrypted, but, encrypt, and then use session_key that resource is encrypted to a symmetric key session_key who generates at random.When resource acquisition person need obtain resource, the ciphertext of deciphering session_key obtained session_key earlier, and then the session_key that uses deciphering to obtain is decrypted operation (step h) to resource.In the case, in step h, during the described acquisition strategy P of and if only if attribute that resource acquisition person had satisfies step c, just can obtain session_key by deciphering.
The anonymous authentication that step b in the said method and f relate to can carry out in the following manner:
1. authenticating party is registered to certificate server, obtain anonymous credentials σ, the promise g that this voucher uses its private key that authenticating party is sent by server signs and generates, and described promise g is generated by secret information t by authenticating party, and except that authenticating party, other entity can't calculate t by g;
2. authenticating party uses its anonymous credentials σ and some random number s to generate a signature sigma that blinds ', for the described anonymous credentials σ of any step 1, σ ' is with distributing;
3. authenticating party uses σ ' and some random number r to generate one and promises to undertake c, and for the described σ ' of any step 2, c is with distributing;
4. authenticating party sends to certificate server with σ ' and c;
5. certificate server generates a challenge r ' and sends to authenticating party;
6. authenticating party is according to s, t, and r and r ' generate an authentication information A and send to certificate server;
7. certificate server confirms whether authenticating party has and the corresponding secret information t of σ ', and σ ' can only be by the private key generation of certificate server, if then authenticating party is by authentication.
By above-mentioned anonymous authentication method, the user can prove the attribute that it has to server, and server then can't obtain the extraneous informations such as identity about the user.
Two. and anonymous resource sharing system (Privacy Preserving Based Resource Sharing System, PPBRSS)
The present invention also provides a kind of anonymous resource sharing system, and it is corresponding that method is shared in this system and above-mentioned anonymity.
Described PPBRSS system also provides complete resource-sharing support platform except realizing the relevant Core Feature of secret protection.As shown in Figure 2, the PPBRSS system is made of jointly client (comprising resource publisher and resource acquisition person) and server end, client mainly is responsible for will having added certain tactful resource with the form of anonymity and is published on the server and to the resource of being obtained and resolves, and server end mainly is responsible for the user is issued the management of resource and resource publisher and resource requestor are carried out anonymous authentication.Its main function components of PPBRSS system comprises: anonymous authentication member (AnonymousAuthentication Component, AAC), policy issue member (Policy Issuance Component, PIC), tactical management member (Policy Management Component, PMC), policy resolution member (Policy ParsingComponent, PPC), resource security components (Resource Encryption Component, REC), resource deciphering member (Resource Decryption Component, RDC), resource management member (Resource ManagementComponent, RMC), authentication information issue member (Authentication Message Issuance Component, AMIC), (Authentication Message Verification Component AMVC) waits functional part to authentication information verification member.Wherein client comprises PIC, PPC, REC, RDC and AMVC, and server end comprises AAC, RMC, PMC and AMIC.
AAC is the core component of PPBRSS, is the basis of secret protection, and anonymous authentication method is promptly realized in this member.Need to prove that AAC can only be arranged in the server end, also can be divided into the common anonymous authentication function that realizes in the client and server end.Client and server end are finished the anonymous authentication process by AAC, server end is behind the anonymous authentication of finishing client, from AAC, extract the attribute that the user had of initiating this session, so that when the user issues resource, assert for user's authentication release.Comprised multiple anonymous authentication method among the AAC and selected for the user, for example based on the anonymous authentication of password, based on the anonymous authentication of certificate etc.Simultaneously, AAC supports the plug property of anonymous authentication mode, is easy to that the user expands new anonymous authentication method and to the change of existing anonymous authentication method, to satisfy user's different demands.
PIC only serves client, is used for the resource publisher provides acquisition strategy from the resource of issuing to server.Use for the convenience of the user, the tactful kind that the user provides to PIC are optionally, and the tactful PIC to the XACML type provides graphical interfaces to help the user to formulate the acquisition strategy that will issue resource simultaneously.Behind the resource acquisition strategy that PIC acquisition user provides, these strategies are resolved, and convert the strategy of unified XACML type to, send to server then.In addition, the user can also change or delete announced strategy by PIC, also can expand the policing type that PIC supported by increasing the policy resolution device.
PMC only serves server end, is used for the management of server to the XACML policy library.PMC receives the policy issue request from PIC, and with strategy or tactful index stores in policy library.The PIC of client has guaranteed that PMC only accepts the strategy of XACML type, therefore some optimization methods in PMC, have been used at the XACML strategy, for example the scale of strategy is simplified with the efficient of raising PMC and to strategy and carried out collision detection, in time find the problem of the resource acquisition strategy existence that the user formulated, reduce security breaches.
PPC only serves client, is used for resource acquisition person the resource of obtaining is resolved.Whether PPC extracts the strategy of XACML type from the resource of obtaining, according to the attribute that resource acquisition person had strategy is assessed, be that can the validated user of this resource promptly correctly decipher this resource to judge resource acquisition person, and obtain the internal information of resource.
REC only serves client, is used for the resource publisher resource that will upload is encrypted.Resource publisher encrypts resource according to the acquisition strategy of resource, encrypt and use encryption method mentioned above, thereby the validated user that only has the attribute that satisfies tactful defined could the correct internal information of deciphering and obtaining resource.
RDC only serves client, is used for resource acquisition person the resource of being obtained is decrypted.Resource acquisition person can be decrypted the internal information of acquisition resource by RDC to resource after being judged to be the validated user of resource through AAC authentication and PPC.
RMC only serves server end, is used for server the resource that the user issues is managed.RMC is stored in the resource of user's issue in the resources bank, and externally issues the Resources list that is had, and RMC is in charge of the preservation resource, and after resource acquisition person is by the AAC authentication resource of appointment is issued the user.
AMIC only serves server end, is used for user and the resource authentication release information of server to being authenticated.AMIC binds the attribute that the publisher had of resource with the resource of being issued.
AMVC only serves client, is used for the authentication information that obtains from server end is resolved and verification.AMVC resolves this authentication information, and verifies after obtaining an authentication information, judges its legitimacy.
Compare with prior art, advantage of the present invention is mainly reflected in:
1. can realize the secret protection of user to the server anonymity, thus better protection user's individual privacy.Traditional resource-sharing scheme is not considered secret protection usually or is only adopted direct assumed name mapping techniques that user identity is protected at present; be that resource publisher and resource acquisition person use an assumed name when authenticating with server; like this when communication; the third party can't obtain user's personal information; thereby protected user's individual privacy; but server is understood user's full detail when authentication; if server is dishonest or attacked; then can reveal user's personal information, might cause unknown threat.And resource share method in the application of the invention or system; not only can protect user's personal information to the third party of malice; and can make server also can't obtain user's personal information; server can only be verified the association attributes that the user has when authentication; other personal information about the user can't obtain, thus better protection user's individual privacy.
2. can realize secret protection to resource information.Server is responsible for all resource informations of maintenance management in traditional resource-sharing scheme; that is to say all information of server understanding resource; if server is dishonest or attacked; then can cause resource to be revealed to the third party; and the resource share method among the present invention; the resource of server maintenance is the result after encrypting according to acquisition strategy, thereby has realized the secret protection to resource information.
3. the access control of resource is realized by client, thereby has alleviated the maintenance cost of server.Access control is realized by server in traditional resource-sharing scheme, server is not only wanted maintenance resources, also to safeguard the acquisition strategy relevant with resource, realization is to resource acquisition person's access control, and access control of the present invention is judged by the policy resolution member of client, the internal information of resource could correctly be deciphered and obtain to the validated user that only has the attribute that satisfies tactful defined, and server only needs carry out the authentication of legitimacy to the user.
4. complete function is applied widely.The invention provides the authentication that needs in the resource-sharing visit, the resource issue, the solution of a plurality of functions such as resource acquisition, in addition, the present invention has also solved problems such as individual privacy in the resource-sharing and resource information leakage, can fully satisfy the various demands of practical application.
Description of drawings
Fig. 1 represents the schematic diagram that concerns between three main bodys that the anonymous resource share method of the present invention relates to.
Fig. 2 represents the structure composition schematic diagram of the anonymous resource sharing system of the present invention.
Fig. 3 represents the resource issuing method schematic flow sheet of the embodiment of the invention.
Fig. 4 represents the resource acquiring method schematic flow sheet of the embodiment of the invention.
Embodiment
The present invention will be described in more detail below by specific embodiment.
Embodiment 1. anonymous authentication methods
Provide the instantiation of an anonymous authentication method that the present invention relates to below:
When a. the anonymous authentication system sets up, certificate server generates and the delivery system parameter (q, G, G, g, g, e), g wherein, g is respectively crowd G, the generator of G, order of a group are q, e is bilinearity mapping e:G * G → G.
B. certificate server is selected its private key x, y ∈ Zq, and generate its PKI X=g x, Y=g y, described Zq represents q rank group of integers.
C. authenticating party is selected t ∈ Zq at random when certificate server is registered, and sends C=g tTo certificate server, server is selected α ∈ Zq at random, calculates a=g α, and use its private key to generate anonymous credentials σ=(a, a y, a xC α xy), (c), certificate server sends to authenticating party with σ to the note work for a, b.
D. when authenticating party authenticated, authenticating party used its an anonymous credentials σ and a random number s=(s 1, s 2) generation one signature sigma that blinds '=(a ', b ', c ')=(a S1, b S1, c S1s2) send to certificate server, σ ' to σ with distributing;
E. both sides calculate G 0=e (g, c '), G 1=e (X, a '), G 2=e (X, b ');
F. authenticating party uses its an anonymous credentials σ and a random number r=(r 0, r 1) calculating one promise c=G 0 R0G 1 R1, c to σ with distributing.
G. certificate server generates a random challenge r ' and sends to authenticating party;
H. authenticating party is according to s, t, and r and r ' generate an authentication information A=(A 0, A 1)=(r 0+ r ' (1/s 2), r 1+ r ' (t)) sends to certificate server;
I. certificate server verification G 0 A0G 1 A1=cG 2 r', if then authenticating party is by authentication.
Embodiment 2. resource share methods and system
Present embodiment aims to provide an instantiation of resource share method of the present invention and system.
Present embodiment is set based on following sight: user A and B finish registration at Resource Server S, A wishes to obtain the attribute that the user of this resource should have by Resource Server issue resource and restriction, and B wishes to obtain the resource of A issue and verify the attribute that its publisher has.Therefore, in this was set, user A (computer client at user A place in other words) was the resource publisher, and user B (computer client at user B place in other words) is resource acquisition person.
The flow process of user A issue resource as shown in Figure 3, particular content is as follows:
1.Customer end A access server S submits resource issue request to.After S obtained this request, the AAC member of invoking server end was carried out authentication protocol, the legitimacy and the user property of user A identity is proved, and generate authentication information according to authentication result.
2.Server end sends to the AMIC member with the authentication information that generates, and is responsible for issue by it.
3.Customer end A request user selects the resource that will issue and the attribute that should have with this resource acquisition person, and call the PIC member, the attribute that the user is selected converts the strategy that PPC can resolve form to, then this strategy is sent to the PMC member of server end, is responsible for issue by it.
4.Customer end A is called the REC member, according to strategy resource is encrypted, and the result after encrypting is sent to the RMC member of server end, be in charge of by it, and information such as issue the Resources list.
5.Server S is called the authentication information of the AMIC member issue user A on it.
6.Server S is called the pairing policy information of PMC member issue resource on it.
7.Server S is called the information such as RMC member issue the Resources list on it.Resource issue flow process finishes.
After user A finishes resource issue, the flow process that user B obtains resource as shown in Figure 4, particular content is as follows:
1.Customer end B access server S obtains the Resources list, if resource requirement is then initiated the anonymous authentication request to server end S in tabulation.After S obtains this request, call the AAC member and carry out authentication protocol, legitimacy and the attribute of user of user identity B proved,, then go to step 2, otherwise return the resource acquisition failure information if the user is legal.
2.Customer end B is obtained the authentication assertion information of resource provider from the authentication information of server S issue, and calls the validity of this authentication assertion of AMVC member verification, if verification is passed through, then goes to step 3, otherwise returns the resource acquisition failure information.
3.Customer end B is obtained the resource requirement correspondence from the policy information of server S issue acquisition strategy, and call the PPC member strategy is resolved, mainly mate according to attribute and the acquisition strategy of user B, judge whether qualified decoding resource of user B, obtain resource request if judge to send to server S by customer end B then.
4.Server S is called the RMC member and is sent the specified resource of user to customer end B according to the request of obtaining of user B.After customer end B is obtained resource, call the RDC member resource of being obtained is decrypted, thus the full detail of acquisition resource.The resource acquisition flow process finishes.

Claims (7)

1. an anonymous resource share method is characterized in that, comprises the following steps:
A. resource provider is initiated resource issue request to resource management server, and described issue request comprises the descriptor of resource R;
B. resource management server carries out anonymous authentication to resource provider, and authentication is by then allowing resource provider issue resource;
C. resource provider generates resource acquisition strategy P, and P is made up of the Boolean expression of a plurality of attributes; Resource provider is a key with described Boolean expression, uses the encryption method of setting that R is encrypted, the resource C after obtaining to encrypt; Resource provider sends to resource management server with P and C;
D. resource management server stores two tuples that are made of C and P, and issues described resource description information;
E. resource acquisition person retrieves announced resource description information, selects its resource R that will obtain, to the request of obtaining of resource management server initiation to R;
F. resource management server carries out anonymous authentication to resource acquisition person, and authentication is by then allowing resource acquisition person to obtain resource;
G. resource acquisition person judges according to P whether it has the authority of obtaining R, if then resource management server sends to resource acquisition person with C;
H. resource acquisition person obtains R according to its private key that has deciphering C.
2. anonymous resource share method as claimed in claim 1 is characterized in that, in step g, resource acquisition person carries out anonymous authentication to resource provider, if checking is passed through, then judges according to P whether it has the authority of obtaining R, if then resource management server sends to resource acquisition person with C.
3. anonymous resource share method as claimed in claim 1 is characterized in that, the encryption method of the described setting of step c is based on the encryption method of attribute.
4. anonymous resource share method as claimed in claim 3 is characterized in that,
In step c, resource provider is encrypted R by following encryption method and is obtained C: a symmetric key session_key who generates is at random encrypted, with session_key R is encrypted then and obtain C;
In step h, resource acquisition person is decrypted C by following decryption method and obtains R: the ciphertext of deciphering session_key obtains session_key, with session_key C is decrypted then and obtains R.
5. anonymous resource share method as claimed in claim 4 is characterized in that, in step h, during the described acquisition strategy P of and if only if attribute that resource acquisition person had satisfies step c, just can obtain session_key by deciphering.
6. as any described anonymous resource share method of claim 1-5, it is characterized in that, resource management server by following anonymous authentication method to resource provider with obtain taker and authenticate:
A. authenticating party is registered to certificate server, obtain anonymous credentials σ, the promise g that this voucher uses its private key that authenticating party is sent by server signs and generates, and described promise g is generated by secret information t by authenticating party, and except that authenticating party, other entity can't calculate t by g;
B. authenticating party uses its anonymous credentials σ and some random number s to generate a signature sigma that blinds ', for the described anonymous credentials σ of any step a, σ ' is with distributing;
C. authenticating party uses σ ' and some random number r to generate one and promises to undertake c, and for the described σ ' of any step b, c is with distributing;
D. authenticating party sends to certificate server with σ ' and c;
E. certificate server generates a challenge r ' and sends to authenticating party;
F. authenticating party is according to s, t, and r and r ' generate an authentication information A and send to certificate server;
G. certificate server confirms whether authenticating party has and the corresponding secret information t of σ ', and σ ' can only be by the private key generation of certificate server, if then authenticating party is by authentication.
7. an anonymous resource sharing system comprises the client and server end, it is characterized in that,
Described client comprises policy issue member, policy resolution member, resource security components, resource deciphering member and authentication information verification member, wherein:
The acquisition strategy that the policy issue member provides graphical interfaces to help the user to formulate resource, the operation according to the user generates and the corresponding strategy of issue then;
The policy resolution member is realized the parsing to strategy, according to resource acquisition person's attribute strategy is assessed, to judge whether resource acquisition person is the validated user of this resource;
The resource security components is used resource according to the acquisition strategy of resource and is encrypted based on the encipherment scheme of attribute;
Resource deciphering member is realized the deciphering to encrypt asset, obtains source material;
Authentication information verification member is resolved and verification the authentication assertion of server end issue, makes the user be judged whether the resource publisher has its desired attribute;
Described server end comprises anonymous authentication member, resource management member, tactical management member and authentication information issue member, wherein:
The anonymous authentication member is realized the anonymous authentication between server end and the client;
The resource management member is realized the storage and the issue of resource;
The tactical management member receives the strategy from the issue of policy issue member, and with strategy or tactful index stores in policy library;
Authentication information issue member is realized the storage of resource uploader authentication information, and by the authentication assertion mode authentication information is issued.
CN2010101409046A 2010-04-02 2010-04-02 Method and system for sharing anonymous resource Expired - Fee Related CN101834853B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010101409046A CN101834853B (en) 2010-04-02 2010-04-02 Method and system for sharing anonymous resource

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010101409046A CN101834853B (en) 2010-04-02 2010-04-02 Method and system for sharing anonymous resource

Publications (2)

Publication Number Publication Date
CN101834853A true CN101834853A (en) 2010-09-15
CN101834853B CN101834853B (en) 2012-11-21

Family

ID=42718784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010101409046A Expired - Fee Related CN101834853B (en) 2010-04-02 2010-04-02 Method and system for sharing anonymous resource

Country Status (1)

Country Link
CN (1) CN101834853B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546225A (en) * 2010-12-08 2012-07-04 中国电信股份有限公司 Video resource sharing method and management platform
CN103391192A (en) * 2013-07-16 2013-11-13 国家电网公司 Cross-safety-domain access control system and method based on privacy protection
CN104919450A (en) * 2012-12-10 2015-09-16 皇家飞利浦有限公司 Method and system for making multisite performance measure anonymous and for controlling actions and re-identification of anonymous data
CN105740441A (en) * 2016-02-01 2016-07-06 上海凭安网络科技有限公司 Information publishing method without leaking privacy
CN105897742A (en) * 2016-05-26 2016-08-24 北京航空航天大学 Anonymous identity-based access control method applicable to electronic healthy network
CN106506474A (en) * 2016-11-01 2017-03-15 西安电子科技大学 A kind of efficient traceable data sharing method based on mobile cloud environment
CN106552420A (en) * 2015-09-30 2017-04-05 彭先立 Networking game device
CN103023684B (en) * 2011-09-26 2017-04-26 腾讯科技(深圳)有限公司 Method, device and system for network information management
CN107113616A (en) * 2014-11-03 2017-08-29 诺基亚通信公司 Dynamically distributes protection resource information based on the resource in wireless network
WO2017198088A1 (en) * 2016-05-19 2017-11-23 华为技术有限公司 Resource subscription method, resource subscription device, and resource subscription system
CN108400989A (en) * 2018-03-01 2018-08-14 北京东方英卡数字信息技术有限公司 A kind of safety certificate equipment of shared resource authentication, method and system
CN109743168A (en) * 2019-01-10 2019-05-10 四川虹微技术有限公司 A kind of alliance's chain resource share method, device and its storage medium
CN110311776A (en) * 2019-06-21 2019-10-08 矩阵元技术(深圳)有限公司 Data processing method, device, computer equipment and storage medium
US10637794B2 (en) 2016-05-19 2020-04-28 Huawei Technologies Co., Ltd. Resource subscription method, resource subscription apparatus, and resource subscription system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497427A (en) * 2002-10-22 2004-05-19 ��ʽ���綫֥ Information sharing system and information sharing method
GB2444342A (en) * 2006-12-01 2008-06-04 David Irvine A distributed system with anonymity and perpetual data
CN101359986A (en) * 2007-04-30 2009-02-04 英特尔公司 Apparatus and method for direct anonymous attestation from bilinear maps

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1497427A (en) * 2002-10-22 2004-05-19 ��ʽ���綫֥ Information sharing system and information sharing method
GB2444342A (en) * 2006-12-01 2008-06-04 David Irvine A distributed system with anonymity and perpetual data
CN101359986A (en) * 2007-04-30 2009-02-04 英特尔公司 Apparatus and method for direct anonymous attestation from bilinear maps

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
秦静等: "一个特殊的安全双方计算协议", 《通信学报》, vol. 25, no. 11, 30 November 2004 (2004-11-30), pages 35 - 42 *
雷浩等: "协同环境中共有资源的细粒度协作访问控制策略", 《软件学报》, vol. 16, no. 5, 31 May 2005 (2005-05-31), pages 1000 - 1011 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546225B (en) * 2010-12-08 2016-03-23 中国电信股份有限公司 Video resource sharing method and management platform
CN102546225A (en) * 2010-12-08 2012-07-04 中国电信股份有限公司 Video resource sharing method and management platform
CN103023684B (en) * 2011-09-26 2017-04-26 腾讯科技(深圳)有限公司 Method, device and system for network information management
CN104919450A (en) * 2012-12-10 2015-09-16 皇家飞利浦有限公司 Method and system for making multisite performance measure anonymous and for controlling actions and re-identification of anonymous data
CN103391192A (en) * 2013-07-16 2013-11-13 国家电网公司 Cross-safety-domain access control system and method based on privacy protection
CN103391192B (en) * 2013-07-16 2016-09-21 国家电网公司 A kind of based on secret protection across security domain access control system and control method thereof
CN107113616A (en) * 2014-11-03 2017-08-29 诺基亚通信公司 Dynamically distributes protection resource information based on the resource in wireless network
CN106552420A (en) * 2015-09-30 2017-04-05 彭先立 Networking game device
CN105740441A (en) * 2016-02-01 2016-07-06 上海凭安网络科技有限公司 Information publishing method without leaking privacy
WO2017198088A1 (en) * 2016-05-19 2017-11-23 华为技术有限公司 Resource subscription method, resource subscription device, and resource subscription system
US10637794B2 (en) 2016-05-19 2020-04-28 Huawei Technologies Co., Ltd. Resource subscription method, resource subscription apparatus, and resource subscription system
CN105897742A (en) * 2016-05-26 2016-08-24 北京航空航天大学 Anonymous identity-based access control method applicable to electronic healthy network
CN105897742B (en) * 2016-05-26 2019-03-01 北京航空航天大学 Anonymous Identity base access control method applied to electronic health care network
CN106506474B (en) * 2016-11-01 2020-01-17 西安电子科技大学 Efficient traceable data sharing method based on mobile cloud environment
CN106506474A (en) * 2016-11-01 2017-03-15 西安电子科技大学 A kind of efficient traceable data sharing method based on mobile cloud environment
CN108400989A (en) * 2018-03-01 2018-08-14 北京东方英卡数字信息技术有限公司 A kind of safety certificate equipment of shared resource authentication, method and system
CN108400989B (en) * 2018-03-01 2021-07-30 恒宝股份有限公司 Security authentication equipment, method and system for shared resource identity authentication
CN109743168A (en) * 2019-01-10 2019-05-10 四川虹微技术有限公司 A kind of alliance's chain resource share method, device and its storage medium
CN110311776A (en) * 2019-06-21 2019-10-08 矩阵元技术(深圳)有限公司 Data processing method, device, computer equipment and storage medium
CN110311776B (en) * 2019-06-21 2022-03-22 矩阵元技术(深圳)有限公司 Range proving method, range proving device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN101834853B (en) 2012-11-21

Similar Documents

Publication Publication Date Title
CN101834853B (en) Method and system for sharing anonymous resource
Kaaniche et al. A blockchain-based data usage auditing architecture with enhanced privacy and availability
US10243742B2 (en) Method and system for accessing a device by a user
CN103618728B (en) A kind of encryption attribute method at more mechanism centers
CN101159556B (en) Group key server based key management method in sharing encryption file system
CN103780607B (en) The method of the data de-duplication based on different rights
CN110572258B (en) Cloud password computing platform and computing service method
CN102075544A (en) Encryption system, encryption method and decryption method for local area network shared file
CN103248479A (en) Cloud storage safety system, data protection method and data sharing method
CN104901942A (en) Distributed access control method for attribute-based encryption
CN104767731A (en) Identity authentication protection method of Restful mobile transaction system
CN104486307A (en) Decentralized key management method based on homomorphic encryption
CN102170357A (en) Combined secret key dynamic security management system
CN101605137A (en) Safe distribution file system
CN104601571A (en) Data encryption system and method for interaction between tenants and cloud server memory
CN101282216B (en) Method for switching three-partner key with privacy protection based on password authentication
JP5452192B2 (en) Access control system, access control method and program
Gaber et al. Privdrm: A privacy-preserving secure digital right management system
Guo et al. Using blockchain to control access to cloud data
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
JP4840575B2 (en) Terminal device, certificate issuing device, certificate issuing system, certificate acquisition method and certificate issuing method
KR101068855B1 (en) The method for preventing changing the authority of information data
CN117195244A (en) Data security storage and sharing method based on blockchain and proxy re-encryption
Zhu et al. Secure and efficient mobile payment using QR code in an environment with dishonest authority
Kim et al. A secure channel establishment method on a hardware security module

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121121