CN103391192A - Cross-safety-domain access control system and method based on privacy protection - Google Patents
Cross-safety-domain access control system and method based on privacy protection Download PDFInfo
- Publication number
- CN103391192A CN103391192A CN2013102983667A CN201310298366A CN103391192A CN 103391192 A CN103391192 A CN 103391192A CN 2013102983667 A CN2013102983667 A CN 2013102983667A CN 201310298366 A CN201310298366 A CN 201310298366A CN 103391192 A CN103391192 A CN 103391192A
- Authority
- CN
- China
- Prior art keywords
- access control
- service requester
- isp
- security domain
- domain access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
Description
Claims (19)
- One kind based on secret protection across the security domain access control system; it is characterized in that; described system comprises authorization server, ISP and service requester; described authorization server carries out data interaction with service requester and ISP respectively, and described service requester and ISP carry out data interaction.
- As claimed in claim 1 based on secret protection across the security domain access control system, it is characterized in that, described authorization server is assigned the service requester mandate, provide both sides' public and private key distribution to service requester and ISP, and security domain access control process and Privacy Preservation Mechanism are merged; Described authorization server comprises cipher key store, attribute library and policy library.
- As claimed in claim 2 based on secret protection across the security domain access control system, it is characterized in that, described cipher key store be used for to be preserved the mandate PKI of service requester and ISP's encryption key; The attribute information of described attribute library storage service provider module and service supplicant module; Described policy library is used for the decision strategy of storage system; Cipher key store, attribute library, policy library all possess to preservation information increase, delete, search, backup functionality.
- As claimed in claim 1 based on secret protection across the security domain access control system, it is characterized in that, described ISP accepts the passive entity of principal access by the regulation of authority set; Comprise tactful extraction module and encrypting module;Described tactful extraction module carries out the strategy extraction by sending the object attribute; Described encrypting module has been responsible for the encrypted work of information, comprises the access control policy to resource settings.
- As claimed in claim 1 based on secret protection across the security domain access control system, it is characterized in that, described service requester is the ISP to be had the active entities of rights of using, comprises authorized application module and deciphering module;Described authorized application module is carried out authority application by sending the main body attribute; Described deciphering module has been responsible for the decryption work of information.
- One kind based on secret protection across the security domain access control method, it is characterized in that, described method adopts Privacy Preservation Mechanism, comprises the steps:(1) based on secret protection across the initialization of security domain access control system;(2) service requester sends the sign ID request authorized certificate of oneself to authorization server;(3) authorization server identifies according to service requester the property set that ID Analysis Service requestor has;(4) authorization server calculates and authorizes the decruption key component to send to service requester;(5) ISP sends all properties sign relevant to local policy to authorization server;(6) authorization server calculates encryption policy encryption key component and sends to the ISP;(7) service requester is initiated service request to the ISP;(8) ISP's calculation services requestor's mandate decruption key component, and choose at random intermediate variable, make u=H 3(σ, m);(9) ISP is according to request resource marker extraction policy expression, and first ancestral's number of definite ciphertext;(10) determine ciphertext, and to service requester, send the resource response information that process is encrypted;(11) service requester fetch strategy expression formula from resource response information, determine simultaneously first ancestral's number of ciphertext, and judge whether first yuan ancestral number of ciphertext belongs to the addition cyclic group;(12) service requester is constructed key according to policy expression, chooses the combinations of attributes that meets tactful subitem;(13) service requester double counting, and checking U=uP(14) service requester with the output of decruption key component expressly.
- As claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (1), system initialization is completed by authorization server, comprising: given security parameter k ∈ Z +, input k produces large prime number q, selects to meet the super unusual elliptic curve E/GF (p) that the BDH problem is difficult to resolve, and by E/GF (p), generates the group G that two rank are q 1And G 2, G 1For addition cyclic group, G 2For multiplication loop group, bilinear map Choose at random intermediate variable P ∈ G 1Choose random number And hash function H 2: G 2→ { 0,1} n, n ∈ Z +, , H 4: { 0,1} n→ { 0,1} n, (n ∈ Z +);
- As claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (2), the sign ID scope be ID ∈ { 0,1} *In described step (3), described property set { a 1, a 2..., a mExpression.
- As claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (4), authorization server calculates
- As claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (5), described attribute-bit is with { a 1, a 2..., a nExpression.
- 11. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (6), authorization server calculates To gather Send to the ISP, set Be the mandate encryption key component that authorization server is distributed to the ISP; G 1Represent that super unusual hyperbola produces the addition cyclic group, P represents the intermediate variable of choosing at random, P ∈ G 1 The formula factor of authorizing the encryption key component is calculated in expression.
- 12. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that in described step (7), described service request use<ID, SID〉expression, wherein SID is resource identification.
- 13. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (8), ISP's calculation services requestor's mandate decruption key component And choose at random intermediate variable σ ∈ (0,1) n, make u=H 3(σ, m).
- 14. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (9), the ISP is according to request resource sign SID fetch strategy expression formula { a i,1∧ ... ∧ a i,m, determine respectively first ancestral's number of ciphertext for each policy expression
- 15. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (10), choose positive integer
- 16. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (11), first ancestral's number of ciphertext C is k, makes C=<U, V 1..., V k, W 〉, when first yuan ancestral number of ciphertext belongs to the addition cyclic group, namely Change step (12) over to; When first yuan ancestral number of ciphertext does not belong to the addition cyclic group, namely Refuse ciphertext.
- 17. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (12), the combinations of attributes of tactful subitem
- 18. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, in described step (13), the service requester double counting
- 19. as claimed in claim 1 based on secret protection across the security domain access control method, it is characterized in that, described step (2)-step (4) and step (5)-step (6) are concurrency relation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310298366.7A CN103391192B (en) | 2013-07-16 | 2013-07-16 | A kind of based on secret protection across security domain access control system and control method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310298366.7A CN103391192B (en) | 2013-07-16 | 2013-07-16 | A kind of based on secret protection across security domain access control system and control method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103391192A true CN103391192A (en) | 2013-11-13 |
CN103391192B CN103391192B (en) | 2016-09-21 |
Family
ID=49535357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310298366.7A Active CN103391192B (en) | 2013-07-16 | 2013-07-16 | A kind of based on secret protection across security domain access control system and control method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103391192B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468610A (en) * | 2014-12-24 | 2015-03-25 | 北京智捷伟讯科技有限公司 | Credibility measuring method suitable for emergency rescue platform |
CN104660583A (en) * | 2014-12-29 | 2015-05-27 | 国家电网公司 | Encryption service method based on Web encryption service |
CN105681306A (en) * | 2016-01-13 | 2016-06-15 | 华北水利水电大学 | Spatial data security control system based on access mode protection |
CN107360252A (en) * | 2017-08-16 | 2017-11-17 | 上海海事大学 | A kind of Data Access Security method that isomery cloud domain authorizes |
CN107579980A (en) * | 2017-09-07 | 2018-01-12 | 福州大学 | Lightweight double call control system in medical Internet of Things |
WO2020087876A1 (en) * | 2018-10-30 | 2020-05-07 | 中国科学院信息工程研究所 | Information circulation method, device and system |
CN111556339A (en) * | 2020-04-15 | 2020-08-18 | 长沙学院 | Video information privacy protection system and method based on sensitive information measurement |
CN113742779A (en) * | 2021-09-18 | 2021-12-03 | 湖北工业大学 | Service customization system and method with privacy protection function |
CN115242490A (en) * | 2022-07-19 | 2022-10-25 | 北京计算机技术及应用研究所 | Group key secure distribution method and system under trusted environment |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107944299B (en) * | 2017-12-29 | 2020-03-03 | 西安电子科技大学 | Method, device and system for processing privacy information |
CN108632035B (en) * | 2018-05-17 | 2021-02-19 | 湖北工业大学 | Inadvertent transmission system and method with access control |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805341A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network authentication and key allocation method across secure domains |
US20060168022A1 (en) * | 2004-12-09 | 2006-07-27 | Microsoft Corporation | Method and system for processing a communication based on trust that the communication is not unwanted as assigned by a sending domain |
CN101030858A (en) * | 2007-02-09 | 2007-09-05 | 华中科技大学 | Trust protocol based on hidden certificate |
CN101771676A (en) * | 2008-12-31 | 2010-07-07 | 华为技术有限公司 | Setting and authentication method for cross-domain authorization and relevant device and system |
CN101834853A (en) * | 2010-04-02 | 2010-09-15 | 中国科学院软件研究所 | Method and system for sharing anonymous resource |
CN101997876A (en) * | 2010-11-05 | 2011-03-30 | 重庆大学 | Attribute-based access control model and cross domain access method thereof |
CN102244660A (en) * | 2011-07-12 | 2011-11-16 | 北京航空航天大学 | Encryption method for realizing support of FGAC (Fine Grained Access Control) |
CN102710623A (en) * | 2012-05-23 | 2012-10-03 | 中国电力科学研究院 | Intelligent grid electricity information privacy protection method based on multi-party interaction |
CN102761551A (en) * | 2012-07-09 | 2012-10-31 | 郑州信大捷安信息技术股份有限公司 | System and method for multilevel cross-domain access control |
CN102916954A (en) * | 2012-10-15 | 2013-02-06 | 南京邮电大学 | Attribute-based encryption cloud computing safety access control method |
-
2013
- 2013-07-16 CN CN201310298366.7A patent/CN103391192B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060168022A1 (en) * | 2004-12-09 | 2006-07-27 | Microsoft Corporation | Method and system for processing a communication based on trust that the communication is not unwanted as assigned by a sending domain |
CN1805341A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network authentication and key allocation method across secure domains |
CN101030858A (en) * | 2007-02-09 | 2007-09-05 | 华中科技大学 | Trust protocol based on hidden certificate |
CN101771676A (en) * | 2008-12-31 | 2010-07-07 | 华为技术有限公司 | Setting and authentication method for cross-domain authorization and relevant device and system |
CN101834853A (en) * | 2010-04-02 | 2010-09-15 | 中国科学院软件研究所 | Method and system for sharing anonymous resource |
CN101997876A (en) * | 2010-11-05 | 2011-03-30 | 重庆大学 | Attribute-based access control model and cross domain access method thereof |
CN102244660A (en) * | 2011-07-12 | 2011-11-16 | 北京航空航天大学 | Encryption method for realizing support of FGAC (Fine Grained Access Control) |
CN102710623A (en) * | 2012-05-23 | 2012-10-03 | 中国电力科学研究院 | Intelligent grid electricity information privacy protection method based on multi-party interaction |
CN102761551A (en) * | 2012-07-09 | 2012-10-31 | 郑州信大捷安信息技术股份有限公司 | System and method for multilevel cross-domain access control |
CN102916954A (en) * | 2012-10-15 | 2013-02-06 | 南京邮电大学 | Attribute-based encryption cloud computing safety access control method |
Non-Patent Citations (1)
Title |
---|
李崴等: "基于SAML的联邦身份管理机制研究", 《全国第19届计算机技术与应用(CACIS)学术会议论文集(下册)》, 1 July 2008 (2008-07-01) * |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468610B (en) * | 2014-12-24 | 2017-10-27 | 北京智捷伟讯科技有限公司 | A kind of credible measure suitable for emergency relief platform |
CN104468610A (en) * | 2014-12-24 | 2015-03-25 | 北京智捷伟讯科技有限公司 | Credibility measuring method suitable for emergency rescue platform |
CN104660583B (en) * | 2014-12-29 | 2018-05-29 | 国家电网公司 | A kind of cryptographic services method based on Web cryptographic services |
CN104660583A (en) * | 2014-12-29 | 2015-05-27 | 国家电网公司 | Encryption service method based on Web encryption service |
CN105681306A (en) * | 2016-01-13 | 2016-06-15 | 华北水利水电大学 | Spatial data security control system based on access mode protection |
CN107360252A (en) * | 2017-08-16 | 2017-11-17 | 上海海事大学 | A kind of Data Access Security method that isomery cloud domain authorizes |
CN107360252B (en) * | 2017-08-16 | 2020-03-24 | 上海海事大学 | Data security access method authorized by heterogeneous cloud domain |
CN107579980A (en) * | 2017-09-07 | 2018-01-12 | 福州大学 | Lightweight double call control system in medical Internet of Things |
WO2020087876A1 (en) * | 2018-10-30 | 2020-05-07 | 中国科学院信息工程研究所 | Information circulation method, device and system |
CN111556339A (en) * | 2020-04-15 | 2020-08-18 | 长沙学院 | Video information privacy protection system and method based on sensitive information measurement |
CN113742779A (en) * | 2021-09-18 | 2021-12-03 | 湖北工业大学 | Service customization system and method with privacy protection function |
CN113742779B (en) * | 2021-09-18 | 2024-03-22 | 湖北工业大学 | Service customization system and method with privacy protection function |
CN115242490A (en) * | 2022-07-19 | 2022-10-25 | 北京计算机技术及应用研究所 | Group key secure distribution method and system under trusted environment |
CN115242490B (en) * | 2022-07-19 | 2023-09-26 | 北京计算机技术及应用研究所 | Group key secure distribution method and system in trusted environment |
Also Published As
Publication number | Publication date |
---|---|
CN103391192B (en) | 2016-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103391192A (en) | Cross-safety-domain access control system and method based on privacy protection | |
CN103327002B (en) | Based on the cloud memory access control system of attribute | |
Sun | Privacy protection and data security in cloud computing: a survey, challenges, and solutions | |
Liang et al. | PDPChain: A consortium blockchain-based privacy protection scheme for personal data | |
She et al. | Homomorphic consortium blockchain for smart home system sensitive data privacy preserving | |
CN107864139B (en) | Cryptographic attribute base access control method and system based on dynamic rules | |
CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
CN103179114A (en) | Fine-grained access control method for data in cloud storage | |
CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
CN104584509A (en) | An access control method, a device and a system for shared data | |
Zhang et al. | Data security sharing model based on privacy protection for blockchain‐enabled industrial Internet of Things | |
CN104780175A (en) | Hierarchical classification access authorization management method based on roles | |
CN104935590A (en) | HDFS access control method based on role and user trust value | |
CN102655508A (en) | Method for protecting privacy data of users in cloud environment | |
CN103780393B (en) | Virtual-desktop security certification system and method facing multiple security levels | |
CN111274599A (en) | Data sharing method based on block chain and related device | |
CN106612271A (en) | Encryption and access control method for cloud storage | |
Lan et al. | A New Security Cloud Storage Data Encryption Scheme Based on Identity Proxy Re-encryption. | |
CN115426136A (en) | Cross-domain access control method and system based on block chain | |
CN104184736B (en) | A kind of method and system realizing secure cloud and calculate | |
Liu et al. | Black-box accountable authority cp-abe scheme for cloud-assisted e-health system | |
Yan et al. | Traceable and weighted attribute-based encryption scheme in the cloud environment | |
Huang et al. | ZT-Access: A combining zero trust access control with attribute-based encryption scheme against compromised devices in power IoT environments | |
CN114398627A (en) | Zero-trust-based power scheduling quantum password cloud application system and method | |
Wang et al. | A role-based access control system using attribute-based encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160425 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: State Grid Smart Grid Institute Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute |
|
CB02 | Change of applicant information |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Smart Grid Institute |
|
COR | Change of bibliographic data | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |