CN103391192B - A kind of based on secret protection across security domain access control system and control method thereof - Google Patents

Abstract

The present invention relates to control system and the control method thereof of information security field, be specifically related to a kind of based on secret protection across security domain access control system and control method thereof.Control system includes authorization server, ISP and service requester, control method uses Privacy Preservation Mechanism, at system initialization, authorize and assign, strategy customization, encryption, in message recovery and proof procedure, complete to access across security domain to control and the fusion of Privacy Preservation Mechanism, achieve the protection to requestor's privacy information, solve service requester privacy leakage problem in security domain accesses control, the technical scheme that the application of the invention provides can realize the secret protection of service requester, reduce information announcing degree, stop sensitive information leakage, realize the personal secrets of service requester.

Description

A kind of based on secret protection across security domain access control system and control method thereof

Technical field

The present invention relates to control system and the control method thereof of information security field, be specifically related to a kind of based on secret protection Access control system and control method thereof across security domain.

Background technology

Along with computer technology, the fast development of network technology and application popularization, the scattered multiple tissues in region achieve Carried out by computer network that Remote Dynamic is mutual and cooperative work, network ecommerce, E-Government, online research The application model of main flow is progressively become Deng activity.The extensive information system application of network cross-domain many tissues has opening Property, the feature of distributivity, dynamic, the most cross-domain access controls to present distribution of resource, movable dynamic, main body Can not the feature such as awareness.How in cross-domain access control, resource to ISP control effectively and protects simultaneously The privacy of service requester becomes one of important study hotspot of information security field.

In Distributed access control model, the information announcings such as a large amount of attributes generally provide to service by service requester Person, in order to ISP gives service requester authority according to attribute information according to control strategy.But a large amount of attribute informations Disclosure easily cause privacy leakage, this brings hidden danger and risk to service requester.Therefore, research accesses control across security domain Method processed, thus protect the privacy information of service requester to be significant in multiple domain interoperability environment.

At present, beam-based alignment model uses and accesses control UCON (Usage Control) is to access control Important research direction, field, traditional access control is extended by UCON, defines mandate, obligation and condition three decision Sexual factor, proposes simultaneously and accesses the seriality and two important attribute of transmutability controlled.In traditional access controls, authorize Decision-making judged before accessing operation execution, and accessed in control in the modern times, had relatively long-term lasting resource to make With or cancel immediately resources use right limit application requirement, these are required for during the use of whole resource access request Monitoring in real time, this feature is referred to as " seriality ".Additionally, in traditional access controls, attribute can only be by management row For being just modified, but in numerous applications, these attributes have to be modified, for variable genus because of the behavior of main body Property renewal be likely to occur in use resource before, it may occur however that use during, it is also possible to occur make to be finished in resource After one-tenth, this feature is referred to as " transmutability ".Seriality controls and variable attribute makes authorization decision based on history be easier to Implement.

The safety evaluating access control model includes three aspect confidentiality, integrity and availability.Wherein, confidentiality Refer to that guarantee information is not leaked to unauthorized person；Integrity refers to prevent arbitrarily generating, revise and deleting information, it is ensured that letter Cease and be delivered to the real stay of two nights and not reproducible without distortions from real information source；Availability guarantee information system should be at any time for awarding Power user provides service, prevents the refusal service caused due to virus, assault and is utilized by enemy.In order to solve distribution In formula access control model, main body verifies that object identity, communication port resource safe and reliable, object checking main body offer is complete The safety problem such as true, to use a series of access control policy, it is achieved the access of safety controls when design system.Existing In Distributed access control mechanism, a large amount of attributes are disclosed to resource owner with this gain access by service requester, this A little attributes typically include substantial amounts of privacy information, in cross-domain safe access control environment, it is impossible to carry out service requester Effective secret protection.

Summary of the invention

For the deficiencies in the prior art, the present invention provides a kind of based on secret protection across security domain access control system, Another object is to provide a kind of based on secret protection across security domain access control method, and the present invention solves to access control across security domain Service requester privacy leakage problem in system, the control method of the present invention is a kind of tactic method, and the application of the invention carries The technical scheme of confession can realize the secret protection of service requester, reduces information announcing degree, stops sensitive information leakage, real The personal secrets of existing service requester.

It is an object of the invention to use following technical proposals to realize:

The present invention provides a kind of based on secret protection across security domain access control system, and it thes improvement is that, described System includes authorization server, ISP and service requester, described authorization server respectively with service requester kimonos Business supplier carries out data interaction, described service requester and ISP and carries out data interaction.

Wherein, service requester mandate is assigned by described authorization server, provides service requester and ISP The public and private key distribution of both sides, and security domain is accessed control process and Privacy Preservation Mechanism merges；Described authorization service Device includes cipher key store, attribute library and policy library.

Wherein, described cipher key store is for preserving mandate PKI and the encryption key of ISP of service requester；Institute State attribute library storage service provider module and the attribute information of service supplicant module；Described policy library is for storing system Decision strategy；Cipher key store, attribute library, policy library are provided with increasing preservation information, delete, search, backup functionality.

Wherein, described ISP is the passive entity accessed by the regulation acceptance subject of authority set；Including strategy Extraction module and encrypting module；

Described strategy extraction module carries out strategy extraction by sending object attribute；Described encrypting module has been responsible for information Encrypted work, comprise the access control policy to resource settings.

Wherein, described service requester is the active entities having ISP and using authority, including authorized application Module and deciphering module；

Described authorized application module carries out authority application by sending body attribute；Described deciphering module has been responsible for information Decryption work.

The present invention based on another object provide a kind of based on secret protection across security domain access control method, its improve Part is, described method uses Privacy Preservation Mechanism, comprises the steps:

(1) based on secret protection across security domain access control system initialization；

(2) service requester sends the mark ID request authorized certificate of oneself to authorization server；

(3) property set that authorization server has according to service requestor identifications ID Analysis Service requestor；

(4) authorization server calculates and authorizes decruption key component to be sent to service requester；

(5) ISP sends all properties mark relevant to local policy to authorization server；

(6) authorization server calculates encryption policy encryption key component and is sent to ISP；

(7) service requester initiates service request to ISP；

(8) ISP calculates the mandate decruption key component of service requester, and randomly selects intermediate variable, makes u =H₃(σ,m)；

(9) ISP extracts policy expression according to request resource identification, and determines first ancestral's number of ciphertext；

(10) determine ciphertext, and send the resource response information through encryption to service requester；

(11) service requester extracts policy expression from resource response information, determines first ancestral's number of ciphertext simultaneously, and Judge whether first first ancestral's number of ciphertext belongs to addition cyclic group；

(12) service requester constructs key according to policy expression, chooses the combinations of attributes meeting strategy subitem；

(13) service requester double counting, and verify U=uP?

(14) service requester is with the output of decruption key component in plain text.

Wherein, in described step (1), system initialization is completed by authorization server, including: given security parameter k ∈ Z⁺, Input k produces Big prime q, selects to meet super unusual elliptic curve E/GF (p) that BDH problem is difficult to resolve, generates two by E/GF (p) Individual rank are the group G of q₁And G₂, G₁For addition cyclic group, G₂For multiplication loop group, bilinear mapRandom choosing Take intermediate variable P ∈ G₁；Choose random numberAnd hash functionH₂:G₂→{0,1}ⁿ,n∈Z⁺、H₄:{0,1}ⁿ→{0,1}ⁿ, (n ∈ Z⁺)；

Structure plaintext space M={0,1}ⁿAnd the cryptogram spaceSystematic parameter is $\mathrm{params}=\⟨q,G_1,G_2,\hat{e},n,P,H_1,H_2,H_3,H_4,\⟩,$ Wherein, master key is $s\∈Z_q^{*}.$

Wherein, in described step (2), ID is in the range of ID ∈ { 0,1} for mark^*；In described step (3), described property set With { a₁,a₂,...,a_mRepresent.

Wherein, in described step (4), authorization server calculatesWithWill collection CloseIt is sent to service requester, setBe authorization server be distributed to service please The mandate decruption key component of the person of asking, under meeting access control policy premise, (access control policy is that resource owner is formulated , with this algorithm does not has much relations, it is simply that formulate: the user possessing what attribute can access possess what attribute Resource, belongs to the policy development category of access control method UCON) deciphering security information.

Wherein, in described step (5), described attribute-bit { a₁,a₂,...,a_nRepresent.

Wherein, in described step (6), authorization server calculatesWill setIt is sent to ISP, setIt is authorization server and is distributed to the mandate encryption key component of ISP；G₁ Representing that super unusual hyperbola produces addition cyclic group, P represents the intermediate variable randomly selected, P ∈ G₁；Represent that calculating mandate adds The formula factor of decryption key component.

Wherein, in described step (7), described service request represents with<ID, SID>, and wherein SID is resource identification.

Wherein, in described step (8), ISP calculates the mandate decruption key component of service requesterAnd randomly select intermediate variable σ ∈ (0,1)ⁿ, make u=H₃(σ,m)。

Wherein, in described step (9), ISP extracts policy expression { a according to request resource identification SID_i,1∧...∧ a_i,m(each component of this expression formula refers to attribute, and which type of combinations of attributes representative must possess could obtain access right Limit), first ancestral's number of ciphertext is determined respectively for each policy expressionIts In:Represent encryption component.

There is a lot of policy expression for each resource, meet any one policy expression and can obtain corresponding power Limit, each component of this expression formula refers to the corresponding ciphertext unit ancestral's component calculated for each policy expression, All ciphertext unit ancestrals that all of policy expression calculates collectively constitute ciphertext.

Wherein, in described step (10), positive integer is chosenDetermine ciphertext $C=<\mathrm{uP},\mathrm{\&sigma;}\&CirclePlus;H_2\left(g_1^z\right),...\mathrm{\&sigma;}\&CirclePlus;H_2\left(g_k^z\right),m\&CirclePlus;H_4\left(\mathrm{\&sigma;}\right)>$ (This is an XOR), $g_1=\hat{e}(Q_{\mathrm{ID}},e_i)\&Element;G_2^{*},$ I=1 ..., k, send the resource response information<Ploicy, C>through encryption to service requester；Represent hash function H3 Hash space；Ploicy is the access strategy of resource.

Wherein, in described step (11), first ancestral's number of ciphertext C is k, makes C=< U, V₁,...,V_k, W >, when the first of ciphertext Individual unit ancestral's number belongs to addition cyclic group, i.e.Then proceed to step (12)；When first first ancestral's number of ciphertext is not belonging to addition Cyclic group, i.e.Then refuse ciphertext.

Wherein, in described step (12), the combinations of attributes of strategy subitem The coefficient of decruption key component and encryption key component is all with { a₁,a₂,...,a_mRepresent, above limit the use of n, m and represent, represent The number of attribute, will not confusion reigned because attribute is universal formulation, some properties user and service side can have , property set is decruption key component and the coefficient of encryption key component,Represent encryption component,Represent deciphering component.

Wherein, in described step (13), service requester double counting U=H₃(σ m), verifies U=uP, if U=uP, is then proved to be successful, proceeds to step (14)；Otherwise refuse ciphertext；U represents encryption First tuple of ciphertext C.

Wherein, described step (2)-step (4) and step (5)-step (6) are concurrency relation.

Compared with the prior art, the present invention reaches to provide the benefit that:

The control method that the present invention provides is a kind of method of tactic, by a kind of new based on secret protection across peace Universe access control method, solves service requester privacy leakage problem in security domain accesses control, it is achieved service request The secret protection of person, reduces information announcing degree, stops sensitive information leakage, it is achieved the personal secrets of service requester.Specifically :

1, authorization server module:

Authorization server module includes cipher key store, attribute library, policy library three part.Cipher key store saves service requester Authorize PKI and the encryption key of ISP.The attribute information of attribute library storage system each side.Strategy library storage system Decision strategy.Cipher key store, attribute library, policy library are provided with increasing preservation information, delete, search, backup etc. is basic Function, effectively meets the requirement accessed during control information source.

2, Service provider module:

Service provider module includes strategy extraction module and encrypting module.Strategy extraction module is by sending object Attribute carries out strategy extraction.Encrypting module has been responsible for the encrypted work of information, contains the access to resource settings and controls plan Slightly.Strategy is lain in encryption key by the encryption processing operation of ISP, has contained the access to resource settings and has controlled Rule, data have also been obtained safely and are effectively protected simultaneously.

3, service requester module:

Service carries and includes authorized application module and deciphering module in supplicant module.Authorized application module is main by sending Body attribute carries out authority application.Deciphering module has been responsible for the decryption work of information, and the concordance being equivalent to access in control is tested Card process.Individual mandate is assigned and is lain in decruption key by the decryption processes of service requester, has contained access control The consistency desired result of the attribute that system strategy and user are had, decryption oprerations completes and accesses the consistency checking controlled.

4, Privacy preserving algorithms:

Authorized certificate is successfully mapped by Privacy preserving algorithms with decruption key component, and constructs with policy expression Encryption key component, the decruption key that and if only if encryption key that requestor has is corresponding can be deciphered, and has reached full Foot requestor makes the safe mesh of the acquisition applicant information that ISP is the fewest while obtaining legitimate access rights Mark.Privacy preserving algorithms system initialization, authorize assign, strategy customization, encryption, in message recovery and proof procedure, Complete to access across security domain to control and the fusion of Privacy Preservation Mechanism, it is achieved that the protection to requestor's privacy information, solve Service requester privacy leakage problem in security domain accesses control.

Accompanying drawing explanation

Fig. 1 be the present invention provide based on secret protection across security domain access Control system architecture figure；

Fig. 2 is the flow chart across security domain access control method based on secret protection that the present invention provides.

Detailed description of the invention

Below in conjunction with the accompanying drawings the detailed description of the invention of the present invention is described in further detail.

Privacy Preservation Mechanism is on the basis of using access control model, in conjunction with Identity based encryption technology, it is achieved cross-domain Access the privacy controlled.Present mechanism is divided into five parts: at system initialization, mandate appointment, strategy customization and response, encryption Reason, message recovery and checking.Present mechanism carrys out Descriptive strategies expression formula with attribute boolean's argument, policy expression is converted into and extracts Normal form, forms the mapping between access control decision and strategy Boolean expression value.Strategy is lain in public affairs by ISP In key being encrypted information, message is decrypted by requestor with containing the decruption key authorizing appointment, request that and if only if Person has private key corresponding to encrypted public key and can decipher.Present mechanism does not reveal user sensitive information, and the service that effectively protects please The privacy of the person of asking.

Based on secret protection across security domain access control method mainly consider of both problem: (1) access control system System structure design；(2) Privacy Preservation Mechanism design.Privacy Preservation Mechanism design main contents include system initialization, public and private key Extract, encrypt, four stages such as deciphering.Privacy Preservation Mechanism design refers mainly to the design of privacy algorithm flow, and main consideration authorizes clothes The appointment to authorizing of the business device, the distribution of private key, PKI problem and encryption, the decryption problems such as distribution, complete the one of strategy Straightforward verification and the secret protection of requestor.

One, system structure:

The based on secret protection of present invention offer accesses Control system architecture figure as it is shown in figure 1, include three across security domain Individual part, authorization server module, Service provider module and service supplicant module.In figure, authorization server is native system Core: authorization server considers to authorize service requester appointment, public and private to service requester and ISP both sides The problems such as key distribution, will access control process and Privacy Preservation Mechanism merges across security domain.The present invention is visiting across security domain Ask that control proposes Privacy Preservation Mechanism in mutual, effectively protect the hidden of under security domain access controlled environments service requester Private.Authorization server carries out data interaction, service requester and ISP with service requester and ISP respectively Carry out data interaction.

It is given below and illustrates:

Authorization server module: authorization server module includes cipher key store, attribute library, policy library three part.Cipher key store Save the authorization key of service requester and the encryption key of ISP.Attribute library attribute information storage.Strategy stock The decision strategy of storage system, policy library is based on mandate, obligation and three decision factors of condition, and combines seriality and variable genus Property, design a set of Policy model accessing and controlling.Cipher key store, attribute library, policy library be provided with increasing preservation information, Delete, search, the basic function such as backup.

Service provider module: Service provider module is the passive reality accessed by the regulation acceptance subject of authority set Body (i.e. object).Object can be Workflow system is used information, file, the aggregation such as record, it is also possible to be on network Hardware device, the terminal etc. in radio communication.Service provider module includes strategy extraction module and encrypting module.Strategy Extraction module carries out strategy extraction.Encrypting module has been responsible for the encrypted work of information, contains the access control to resource settings System strategy.

Service requester module: service requester module is that ISP can have some master using authority Dynamic entity (i.e. main body).The implication of main body is very extensive, can be the tissue (user's group) at user place, user itself, it is also possible to Be user use terminal, card machine, handheld terminal (wireless) etc., it might even be possible to be application services or process.Clothes Business carries and includes authorized application module and deciphering module in supplicant module.Authorized application module carries out authority application, wherein, main Body attribute is the attribute that access decision process uses, and identifies new medicine and feature, is the important ginseng in authority decision making process Number, service requester needs periodically or non-periodically to be updated to authorization server the attribute information of oneself by authorized application module. Deciphering module has been responsible for the decryption work of information, is equivalent to access the consistency checking process in control.

Privacy preserving algorithms: Privacy preserving algorithms is in system initialization, mandate appointment, strategy customization, encryption, message Recover and in proof procedure, complete to access across security domain to control and the fusion of Privacy Preservation Mechanism.

Two, method flow:

1, system initialization:

System initialization is completed by authorization server, by a given security parameter k ∈ Z⁺, produce a Big prime q, Two rank of generation are the group G of q simultaneously₁、G₂With a bilinear mapThen a random number is chosenWith four hash functions $H_1:{\left\{\mathrm{0,1}\right\}}^{*}\&RightArrow;G_1^{*},$ H₂:G₂→{0,1}ⁿ,n∈Z⁺、 $H_3:{\left\{\mathrm{0,1}\right\}}^n\&times;{\left\{\mathrm{0,1}\right\}}^n\&RightArrow;Z_q^{*},$ H₄: {0,1}ⁿ→{0,1}ⁿ, construct plaintext space M={0,1}ⁿAnd the cryptogram space

2, authorization server module:

Authorize assign completed by authorization server, service requester in order to obtain implement resource access time mandate with Card, it is necessary to authorization server application bill, by the mark ID ∈ { 0,1} of oneself^*To authorization server, authorization server passes through Property set { a that Analysis Service requestor has₁,a₂,...,a_m, calculate the mandate decruption key component of service requester

Strategy extracts and is also completed by authorization server, and ISP, in order to obtain access control policy, needs to mandate Server carries out strategy extraction, by sending all properties mark { a relevant with local policy to authorization server₁,a₂,..., a_nAuthorized server calculate mandate encryption key component

3, Service provider module

The resource request<ID, SID>that service requester is sent by Service provider module, by being encrypted place by data Service requester it is transferred to after reason.ISP calculatesAnd randomly select σ ∈ (0,1)ⁿ, allow u= H₃(σ m), then chooses a positive integerRelative strategy expression formula { a is extracted according to resource SID_i,1∧...∧a_i,m, Calculate respectively for each policy expressionThen ciphertext is calculated $C=<\mathrm{uP},\mathrm{\&sigma;}\&CirclePlus;H_2\left(g_1^z\right),...,\mathrm{\&sigma;}\&CirclePlus;H_2\left(g_k^z\right),m\&CirclePlus;H_4\left(\mathrm{\&sigma;}\right)>,g_1=\hat{e}(Q_{\mathrm{ID}},e_i)\&Element;G_2^{*},i=1,...,k.$

4, service requester module:

Service requester module receives the cipher-text information that ISP sends, and uses the decruption key of oneself to solve Close.Service requester extracts policy expression from resource response information, determines first ancestral number k of ciphertext C simultaneously, makes C=U, V₁,...,V_k, W, ifThen refuse ciphertext.IfThen construct key according to policy expression, choose symbol Close the combinations of attributes of strategy subitem,Double counting $V_i\&CirclePlus;H_2\left(\hat{e}(d_i,U)\right)=\mathrm{\&sigma;},W\&CirclePlus;H_4\left(\mathrm{\&sigma;}\right)=m,u=H_3(\mathrm{\&sigma;},m),$ Checking U=uP?If, U=uP, it is proved to be successful, Otherwise refuse ciphertext, if being proved to be successful, the plaintext M that output ciphertext C is corresponding.

5, Privacy preserving algorithms:

Privacy preserving algorithms is divided into system initialization, authorizes appointment, strategy customization, encryption, message recovery and checking Deng five processes, control and the fusion of Privacy Preservation Mechanism by completing the execution of five processes to access across security domain.

The flow chart across security domain access control method based on secret protection that the present invention provides is as in figure 2 it is shown, include Following step:

(1) system initialization, a given security parameter k ∈ Z⁺, input k produces a Big prime q, selects one to meet Super unusual elliptic curve E/GF (p) that BDH problem is difficult to resolve, generates, by E/GF (p), the group G that two rank are q₁、G₂, G₁For addition Cyclic group, G₂For multiplication loop group, a feasible bilinear mapRandomly select a P ∈ G₁.Choosing Take a random number $s\&Element;Z_q^{*}$ With four hash functions $H_1:{\left\{\mathrm{0,1}\right\}}^{*}\&RightArrow;G_1^{*},H_2:G_2\&RightArrow;{\left\{\mathrm{0,1}\right\}}^n,n\&Element;Z^{+},$ H₄:{0,1}ⁿ→{0,1}ⁿ, construct plaintext space M={0,1}ⁿAnd the cryptogram space $C=G_1^{*}\&times;{\left\{\mathrm{0,1}\right\}}^n.$ Now, systematic parameter is $\mathrm{params}=\&lang;q,G_1,G_2,\hat{e},n,P,H_1,H_2,H_3,H_4\&rang;,$ Wherein, master key For $s\&Element;Z_q^{*}.$

(2) service requester sends the mark ID ∈ { 0,1} of oneself to authorization server^*To authorization server；

(3) authorization server analyzes, according to service requester ID, the property set { a that this service requester has₁,a₂,..., a_m}；

(4) authorization server calculates $Q_{\mathrm{ID}}=H_1\left(\mathrm{ID}\right)\&Element;G_1^{*}$ With $a_i^s{Q}_{\mathrm{ID}},i=1,...,m,$ Will set It is sent to service requester, setBe authorization server be distributed to service requester mandate deciphering close Key component, legitimate service requestor passes through these bills, deciphers security information under meeting access control policy premise；

(5) ISP sends all properties mark { a relevant to local policy to authorization server₁,a₂,..., a_nGive authorization server；

(6) authorization server calculatesWill setIt is sent to ISP, setIt is authorization server and is distributed to the mandate encryption key component of ISP；

(7) service requester initiates service request<ID, SID>to ISP, and wherein SID is resource identification；

(8) ISP calculatesAnd randomly select σ ∈ (0,1)ⁿ, allow u=H₃(σ,m)；

(9) ISP extracts relative strategy expression formula { a according to resource SID_i,1∧...∧a_i,m, this expression formula Each component refer to attribute, which type of combinations of attributes representative must possess could gain access；For each Policy expression calculates respectively $e_i=a_{i,1}^{s}P+...+a_{i,m}^{s}P=(a_{i,1}^s+...+a_{i,m}^s)P;$

(10) positive integer is chosen $z\&Element;Z_q^{*},$ Calculate ciphertext $C=<\mathrm{uP},\mathrm{\&sigma;}\&CirclePlus;H_2\left(g_1^z\right),...,\mathrm{\&sigma;}\&CirclePlus;H_2\left(g_k^z\right),m\&CirclePlus;H_4\left(\mathrm{\&sigma;}\right)>,$ The resource response<Ploicy, C>through encryption is sent to service requester；This Individual is an XOR,Represent the hash space of hash function H3；Ploicy is the access strategy of resource.

(11) service requester extracts policy expression from resource response information, determines first ancestral number k of ciphertext C simultaneously, Make C=< U, V₁,...,V_k, W >, ifThen refuse ciphertext；

(12) service requester constructs key according to policy expression, chooses the combinations of attributes meeting strategy subitem, $d_i=a_{i,1}^s{Q}_{\mathrm{ID}}+a_{i,m}^s{Q}_{\mathrm{ID}}=(a_{i,1}^s+a_{i,m}^s)Q_{\mathrm{ID}};$

(13) service requester double countingU=H₃(σ m), tests Card U=uP?If, U=uP, it is proved to be successful, proceeds to step (14), otherwise refuse ciphertext；σ and m is the intermediate variable calculated, u =H₃(σ, m) for map, in this algorithm many encryption and decryption computing formula principles utilize based on discrete logarithm difficult problem Encipher-decipher method；

U represents first tuple of encrypted cipher text C.During encryption, encipherer utilizes first of formula U=uP calculating ciphertext Then unit ancestral number U sends ciphertext, and deciphering person utilizes private key again to calculate uP to see the most consistent with ciphertext, if unanimously representing ciphertext Can deciphering；The purpose judged is the concordance utilizing bilinear map Property Verification encryption and decryption.

(14) service requester is with the output of decruption key component in plain text.

The present invention uses Privacy preserving algorithms, system initialization, authorize assign, strategy customization, encryption, message extensive In multiple and proof procedure, complete to access across security domain to control and the fusion of Privacy Preservation Mechanism, reduce information announcing degree, stop Sensitive information leakage, it is achieved the personal secrets of service requester.

Finally should be noted that: above example is only in order to illustrate that technical scheme is not intended to limit, to the greatest extent The present invention has been described in detail by pipe with reference to above-described embodiment, and those of ordinary skill in the field are it is understood that still The detailed description of the invention of the present invention can be modified or equivalent, and any without departing from spirit and scope of the invention Amendment or equivalent, it all should be contained in the middle of scope of the presently claimed invention.

Claims (14)

1. one kind based on secret protection across security domain access control method, it is characterised in that the system of described method is base In secret protection across security domain access control system, described system include authorization server, ISP and service request Person, described authorization server carries out data interaction, described service requester kimonos respectively with service requester and ISP Business supplier carries out data interaction；

Service requester mandate is assigned by described authorization server, and service requester and ISP provide both sides' is public and private Key is distributed, and security domain accesses control process and Privacy Preservation Mechanism merges；Described authorization server includes key Storehouse, attribute library and policy library；

Described cipher key store is for preserving mandate PKI and the encryption key of ISP of service requester；Described attribute stock Storage Service provider module and the attribute information of service supplicant module；Described policy library is for storing the decision strategy of system； Cipher key store, attribute library, policy library are provided with increasing preservation information, delete, search, backup functionality；

Described ISP is the passive entity accessed by the regulation acceptance subject of authority set；Including strategy extraction module and Encrypting module；

Described strategy extraction module carries out strategy extraction by sending object attribute；Described encrypting module has been responsible for adding of information Close work, comprises the access control policy to resource settings；

Described service requester is the active entities having ISP and using authority, including authorized application module and deciphering Module；

Described authorized application module carries out authority application by sending body attribute；Described deciphering module has been responsible for the solution of information Close work；

Described method uses Privacy Preservation Mechanism, comprises the steps:

(1) based on secret protection across security domain access control system initialization；

(2) service requester sends the mark ID request authorized certificate of oneself to authorization server；

(3) property set that authorization server has according to service requestor identifications ID Analysis Service requestor；

(4) authorization server calculates and authorizes decruption key component to be sent to service requester；

(5) ISP sends all properties mark relevant to local policy to authorization server；

(6) authorization server calculates encryption policy encryption key component and is sent to ISP；

(7) service requester initiates service request to ISP；

(8) ISP calculates the mandate decruption key component of service requester, and randomly selects intermediate variable, makes u=H₃ (σ,m)；U=H₃(σ, m) for mapping, σ and m is the intermediate variable calculated, H₃For hash function；

(9) ISP extracts policy expression according to request resource identification, and determines first ancestral's number of ciphertext；

(10) determine ciphertext, and send the resource response information through encryption to service requester；

(11) service requester extracts policy expression from resource response information, determines first ancestral's number of ciphertext simultaneously, and judges Whether first first ancestral's number of ciphertext belongs to addition cyclic group G₁；

(12) service requester constructs key according to policy expression, chooses the combinations of attributes meeting strategy subitem；

(13) service requester double counting, and verify that whether U is equal to uP；Wherein, P ∈ G₁Intermediate variable；U represents encrypted cipher text C First tuple；

(14) service requester is with the output of decruption key component in plain text.

2. based on secret protection across security domain access control method, it is characterised in that described step (1), in, system initialization is completed by authorization server, including: given security parameter k ∈ Z⁺, input k produces Big prime q, selects Meet super unusual elliptic curve E/GF (p) that BDH problem is difficult to resolve, generate, by E/GF (p), the group G that two rank are q₁And G₂, G₁For Addition cyclic group, G₂For multiplication loop group, bilinear mapRandomly select intermediate variable P ∈ G₁；Choose master KeyAnd hash functionH₂:G₂→{0,1}ⁿ,n∈Z⁺、 H₄: {0,1}ⁿ→{0,1}ⁿ, n ∈ Z⁺；

Structure plaintext space M={0,1}ⁿAnd the cryptogram spaceSystematic parameter is

3. based on secret protection across security domain access control method, it is characterised in that described step (2), in, ID is in the range of ID ∈ { 0,1} for mark^*；In described step (3), described property set { a₁,a₂,...,a_mRepresent.

4. based on secret protection across security domain access control method, it is characterised in that described step (4), in, authorization server calculatesWithWill setIt is sent to Service requester, setIt is authorization server to be distributed to the mandate decruption key of service requester and divide Amount, deciphers security information under meeting access control policy premise.

5. based on secret protection across security domain access control method, it is characterised in that described step (5) in, described attribute-bit { a₁,a₂,...,a_nRepresent.

6. based on secret protection across security domain access control method, it is characterised in that described step (6) In, authorization server calculatesWill setIt is sent to ISP, set It is authorization server and is distributed to the mandate encryption key component of ISP；Represent to calculate and authorize encryption key component The formula factor.

7. based on secret protection across security domain access control method, it is characterised in that described step (7), in, described service request represents with<ID, SID>, and wherein SID is resource identification.

8. based on secret protection across security domain access control method, it is characterised in that described step (8), in, ISP calculates the mandate decruption key component of service requesterAnd in randomly selecting Between variable σ ∈ (0,1)ⁿ, make u=H₃(σ,m)。

9. based on secret protection across security domain access control method, it is characterised in that described step (9), in, ISP extracts policy expression { a according to request resource identification SID_i,1∧...∧a_i,m, for each strategy Expression formula determines first ancestral's number of ciphertext respectively

10. based on secret protection across security domain access control method, it is characterised in that described step Suddenly, in (10), positive integer is chosenDetermine ciphertext The resource response information<Ploicy, C>through encryption is sent to service requester； Represent hash function H₃Hash space；Ploicy is the access strategy of resource.

11. is based on secret protection across security domain access control method, it is characterised in that described step Suddenly, in (11), first ancestral's number of ciphertext C is k, makes C=< U, V₁,...,V_k, W >, follow when first first ancestral's number of ciphertext belongs to addition Ring group G₁, i.e.Then proceed to step (12)；When first first ancestral's number of ciphertext is not belonging to addition cyclic group G₁, i.e.Then refuse ciphertext.

12. is based on secret protection across security domain access control method, it is characterised in that described step Suddenly in (12), the combinations of attributes of strategy subitem

13. is based on secret protection across security domain access control method, it is characterised in that described step Suddenly in (13), service requester double countingU=H₃(σ, m), checking Whether U, equal to uP, if U=uP, is then proved to be successful, proceeds to step (14)；Otherwise refuse ciphertext.

14. is based on secret protection across security domain access control method, it is characterised in that described step Suddenly (2)-step (4) and step (5)-step (6) are concurrency relation.