CN103501223B - The access control system of a kind of electronic product code and access control method thereof - Google Patents

The access control system of a kind of electronic product code and access control method thereof Download PDF

Info

Publication number
CN103501223B
CN103501223B CN201310436525.5A CN201310436525A CN103501223B CN 103501223 B CN103501223 B CN 103501223B CN 201310436525 A CN201310436525 A CN 201310436525A CN 103501223 B CN103501223 B CN 103501223B
Authority
CN
China
Prior art keywords
electronic product
product code
ciphertext
code information
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310436525.5A
Other languages
Chinese (zh)
Other versions
CN103501223A (en
Inventor
喻建平
张鹏
刘宏伟
刘军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen University
Original Assignee
Shenzhen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen University filed Critical Shenzhen University
Priority to CN201310436525.5A priority Critical patent/CN103501223B/en
Publication of CN103501223A publication Critical patent/CN103501223A/en
Application granted granted Critical
Publication of CN103501223B publication Critical patent/CN103501223B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention belongs to Internet of Things field of information security technology, it is provided that the access control system of a kind of electronic product code and access control method thereof.This system and access control method thereof apply based on third-party revocable attribute encryption technology; the electronic product code information characterizing Item Information is stored with ciphertext form; and the decrypted rights of abstract factory reader is carried out by the revocation list that sets a property in arbitration machine; achieve the ciphertext to electronic product code information and access control, compensate for Current electronic product code identification system deficiency in terms of secret protection.Simultaneously, owing to being the elementary cell controlled using attribute as access, therefore this access control system can realize fine-granularity access control, can stop the unauthorized access to Item Information of any unauthorized tag reader, and effective guarantee is stored in the privacy of Item Information in EPCIS.

Description

The access control system of a kind of electronic product code and access control method thereof
Technical field
The invention belongs to Internet of Things field of information security technology, particularly relate to the access control of a kind of electronic product code System processed and access control method thereof.
Background technology
Electronic product code (Electronic Product Code, EPC) is that a kind of employing radio electronic label is Carrier, realizes the article identification code of information transmission by the Internet.Radio electronic label is only loaded with EPC, the parsing to EPC then needs to be completed by identification system.
Fig. 1 shows the identification system of the electronic product code that prior art provides.First, label reader is swept Retouch the label being loaded with electronic product code being attached on article, extract the EPC of storage on this label, and be sent to Middleware;Middleware, after processing EPC, submits to object oriented resolution server by the Internet (Object Name Service, ONS);ONS searches the electronic product code information system depositing this EPC The address of (Electronic Product Code Information System, EPCIS), and pass through middleware EPCIS address is returned to label reader;Access EPCIS according to this address after label reader, and obtain Take the Item Information being stored in EPCIS.
Article are brought into network, label by REID by the identification system of this electronic product code Reader can the most at random access Item Information by network, its opening while bringing great convenience, The Item Information making in EPCIS storage is easily stolen, distorted, deletion etc. is attacked.
Summary of the invention
The purpose of the embodiment of the present invention is to provide the access control system of a kind of electronic product code, it is intended to solve In the identification system of existing electronic product code, label reader can the most at random access article by network Information so that in EPCIS the Item Information of storage easily stolen, distorted, the problem of the attack such as deletion.
The embodiment of the present invention is achieved in that the access control system of a kind of electronic product code, described system Including:
Register machine, is used for setting up common parameter and main private key, and is receiving registration request and described registration please Ask when meeting condition, export the first private key and the second private key;
Electronic product code information system, for storing the ciphertext of electronic product code information and the close of counterpart keys Literary composition, and after receiving label information access request, by the ciphertext of described electronic product code information and described A part for the ciphertext of counterpart keys sends as the first ciphertext, and by another of the ciphertext of described counterpart keys Part sends as the second ciphertext;
Label reader, for sending described registration request to described register machine, receives described first private key also Storage, scanning afterwards is loaded with the label of electronic product code, sends described to described electronic product code information system Label information access request, and receive described first ciphertext that described electronic product code information system sends, it Rear reception intermediate object program, and utilize described intermediate object program, described first private key and described first ciphertext to decipher To described electronic product information code information;
Arbitration machine, right for storing between the EIC equipment identification code characterizing described label reader and corresponding attribute thereof The attribute revocation list that should be related to, receives described second private key of described register machine output, receives described electronics Described second ciphertext of product code information system transmission and the EIC equipment identification code of described label reader, and pass through Search described attribute revocation list and recognize the existing attribute of described label reader when meeting access structure, Generate and return described intermediate object program to described label reader according to described second private key and the second ciphertext.
The another object of the embodiment of the present invention is that the access providing a kind of electronic product code as above controls The access control method of system, said method comprising the steps of:
S1: register machine sets up common parameter and main private key;
S2: label reader sends registration request to described register machine, if described register machine confirms described registration Request meets requirement, then generate the first private key and the second private key, and described first private key is sent to described mark Sign reader, described second private key is sent to arbitration machine;
The scanning of S3: described label reader is loaded with the label of electronic product code, to electronic product code information system Send label information access request;
S4: described electronic product code information system is after receiving described label information access request, by electronics A part for the ciphertext of product code information and the ciphertext of counterpart keys is sent to label as the first ciphertext and reads Device, and using another part of the EIC equipment identification code of label reader and the ciphertext of described counterpart keys as Second ciphertext is sent to described arbitration machine;
S5: when described arbitration machine is by searching attribute revocation list, recognize the existing of described label reader When attribute meets access structure, generate according to described second private key and described second ciphertext and return intermediate object program To described label reader;
S6: described label reader utilizes described intermediate object program, described first private key and described first ciphertext solution Close obtain electronic product information code information.
The access control system of electronic product code that the present invention proposes and access control method thereof apply based on the The revocable attribute encryption technology of tripartite, deposits the electronic product code information characterizing Item Information with ciphertext form Storage, and the decrypted rights of abstract factory reader is carried out by the revocation list that sets a property in arbitration machine, it is achieved The ciphertext of electronic product code information is accessed and controls, compensate for Current electronic product code identification system in privacy Deficiency in terms of protection.Simultaneously as be using attribute as accessing the elementary cell controlled, therefore this access Control system can realize fine-granularity access control, and any unauthorized tag reader can be stoped Item Information Unauthorized access, effective guarantee is stored in the privacy of Item Information in EPCIS.
Accompanying drawing explanation
Fig. 1 is the structure chart of the identification system of the electronic product code that prior art provides;
Fig. 2 is the structure chart of the access control system of the electronic product code that the embodiment of the present invention one provides;
Fig. 3 is the structure chart of the access control system of the electronic product code that the embodiment of the present invention two provides;
Fig. 4 is the access control method of the access control system of the electronic product code that the embodiment of the present invention three provides Flow chart;
Fig. 5 is the access control method of the access control system of the electronic product code that the embodiment of the present invention four provides Flow chart.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and reality Execute example, the present invention is further elaborated.Only should be appreciated that specific embodiment described herein Only in order to explain the present invention, it is not intended to limit the present invention.
In order to solve the problem that prior art exists, the present invention proposes a kind of by access rights administrative protection The access control system of the electronic product code of system information safety, this system apply based on third-party can Cancel attribute encryption technology, and to existing based on third-party revocable attribute encryption technology in safety and Execution efficiency aspect is improved.
Embodiment one
Fig. 2 shows the structure of the access control system of the electronic product code that the embodiment of the present invention one provides, for It is easy to explanation, illustrate only the part relevant to the embodiment of the present invention one.
In the embodiment of the present invention one, the access control system of electronic product code includes: register machine 14, is used for building Vertical common parameter and main private key, and when receiving registration request and registration request meets condition, export first Private key and the second private key;Electronic product code information system 12, for store the ciphertext of electronic product code information with And the ciphertext of counterpart keys, and after receiving label information access request, close by electronic product code information The part of ciphertext for literary composition and counterpart keys sends as the first ciphertext, and another by the ciphertext of counterpart keys A part sends as the second ciphertext;Label reader 11, for sending registration request to register machine 14, Receiving the first private key and store, scanning afterwards is loaded with the label of electronic product code, to electronic product code information system System 12 transmission label information access request, and receive the first ciphertext that electronic product code information system 12 sends, Receive intermediate object program afterwards, and utilize intermediate object program, the first private key and the deciphering of the first ciphertext to obtain electronic product Information code information;Arbitration machine 13, for storing the EIC equipment identification code and correspondence thereof characterizing label reader 11 The attribute revocation list of corresponding relation between attribute, receives the second private key of register machine 14 output, receives electronics Second ciphertext of product code information system 12 transmission and the EIC equipment identification code of label reader 11, and by looking into Look for attribute revocation list and recognize the existing attribute of label reader 11 when meeting access structure, according to second Private key and the second ciphertext generate and return intermediate object program to label reader 11.Wherein, electronic product code information Refer to the details of article entrained by electronic product code.
The access control system of the electronic product code that the embodiment of the present invention one provides based on third-party can Cancel attribute encryption technology, the electronic product code information characterizing Item Information is stored with ciphertext form, and leads to Cross the revocation list that sets a property in arbitration machine 13 and carry out the decrypted rights of abstract factory reader 11, it is achieved that The ciphertext of electronic product code information is accessed control, compensate for Current electronic product code identification system and protect in privacy Protect the deficiency of aspect.Simultaneously as be using attribute as accessing the elementary cell controlled, therefore this access control System processed can realize fine-granularity access control, can stop non-to Item Information of any unauthorized tag reader Method accesses, and effective guarantee is stored in the privacy of Item Information in EPCIS.
Embodiment two
Fig. 3 shows the structure of the access control system of the electronic product code that the embodiment of the present invention two provides, for It is easy to explanation, illustrate only the part relevant to the embodiment of the present invention two.
Different from embodiment one, in the embodiment of the present invention two, the access control system of electronic product code also includes: Ciphering unit 15, is used for using AES to randomly generate key, and is encrypted electronic product code information, Obtain the ciphertext of electronic product code information, afterwards according to the access structure of the electronic product code information preset, raw Become the ciphertext of electronic product code information counterpart keys, and by the ciphertext of electronic product code information and counterpart keys Ciphertext store in electronic product code information system 12.
Embodiment three
Electronic product described in the embodiment of the present invention three provides, embodiment one that Fig. 4 shows or embodiment two The flow chart of the access control method of the access control system of code.
In the embodiment of the present invention three, the access control method of the access control system of electronic product code includes:
Step S1: register machine sets up common parameter and main private key.Step S1 can comprise the following steps that further
S11: security parameter λ is set.
S12: definition rank are the first multiplicative group of prime number pWith the second multiplicative groupObtain the first multiplicative group Generation unit g, and define bilinear map e:
S13: set a property spaceFor attribute each in this attribute spaceWith Machine is chosenAnd calculate
S14: randomly selectAnd calculate u=gβ, w=e (g, g)α
S15: set up common parameterAnd main private key msk={gα}。
Step S2: label reader sends registration request to register machine, if register machine confirms that this registration request is full Foot requirement, then generate the first private key and the second private key, and the first private key be sent to label reader, by the Two private keys are sent to arbitration machine.Step S2 can comprise the following steps that further
S21: label reader sends registration request to register machine, this registration request at least includes label reader EIC equipment identification code id and property set
S22: whenTime, register machine confirms that this registration request meets requirement, then register machine randomly choosesAnd calculateEach attribute simultaneously for userRegistration Machine calculates
S23: register machine is by the first private keyIt is sent to label reader, and private by second Key skid' it is sent to arbitration machine.
Step S3: label reader scanning is loaded with the label of electronic product code, to electronic product code information system Send label information access request.
Step S4: electronic product code information system is after receiving label information access request, by electronic product Ciphertext E of code informationkM a part for the ciphertext of () and counterpart keys is sent to label as the first ciphertext and reads Read device, and using another part of EIC equipment identification code id of label reader and the ciphertext of counterpart keys as Second ciphertext is sent to arbitration machine.
Step S5: when arbitration machine is by searching attribute revocation list, recognize the existing attribute of label reader When meeting access structure, generate and return intermediate object program to label reader according to the second private key and the second ciphertext. When the existing attribute that arbitration machine recognizes label reader is unsatisfactory for access structure, return error identification FALSE is to label reader.
In the embodiment of the present invention three, attribute revocation list for characterize label reader 11 EIC equipment identification code and Corresponding relation between its corresponding attribute, carries out rights management to facilitate to label reader 11, this attribute in order to Characterize the information being loaded with the commodity that the label of electronic product code is attached at, such as, when being loaded with electronic product code Label when being attached at certain brand shampoo, this attribute can include daily use chemicals class, shampoo, xx brand etc.. Such as, when a certain label reader 11 is revoked, with this label reader in setting attribute revocation list Whole attributes of 11 correspondences are for cancel;When a certain attribute marking a certain label reader 11 is revoked, if Determine in attribute revocation list this attribute of this label reader 11 for cancel;When attribute a certain in system is removed During pin, set in attribute revocation list this attribute of each label reader 11 as cancelling.
Step S6: label reader utilizes intermediate object program, the first private key and the deciphering of the first ciphertext to obtain electronics and produces Product information code information.
Embodiment four
Electronic product described in the embodiment of the present invention four provides, embodiment one that Fig. 5 shows or embodiment two The flow chart of the access control method of the access control system of code.
Different from embodiment three, in embodiment four, the access of the access control system of electronic product code controls Method also included before step S1:
Step S0: use AES to randomly generate key, and electronic product code information is encrypted, To the ciphertext of electronic product code information, afterwards according to the access structure of the electronic product code information preset, generate The ciphertext of electronic product code information counterpart keys, and by the ciphertext of electronic product code information and counterpart keys Ciphertext stores in electronic product code information system.Step S0 can comprise the following steps that further
S01: use Advanced Encryption Standard (Advanced Encryption Standard, AES) AES Randomly generate key k, and electronic product code information m is encrypted, obtain the close of electronic product code information Literary composition Ek(m)。
S02: assume that the access structure of electronic product code information preset is access structure tree Γ, this access structure The root node value of tree Γ is s.If the relation of logical AND need to be expressed, and the child node number of this access structure tree Γ For n, then define arbitrary n-1 sub-nodal value and be respectively random numberN-th son Nodal value isIf need to express logic or relation, then defining each child node value is s. Assume that the leaf node attribute of this access structure tree Γ is combined intoThen generate the ciphertext of key kWherein: C=kws, C '=gs,
S03: by ciphertext E of electronic product code informationkThe ciphertext of (m) and counterpart keys Store in electronic product code information system.
In the embodiment of the present invention four, in step s 4, the first ciphertext includes the ciphertext of electronic product code information Ek(m) andSecond ciphertext includes C'.
In the embodiment of the present invention four, step S5 can comprise the following steps that further
S51: when the existing attribute that arbitration machine recognizes label reader meets access structure, private according to second Key skid' and the second ciphertext C' generation intermediate object program Cτ, it is expressed as:
Cτ=e (skid',C') (1)
S52: arbitration machine is by intermediate object program Cτ=e (skid', C') return to label reader.
In the embodiment of the present invention four, step S6 can comprise the following steps that further
S61: label reader finds the minimal attribute set of access structure Γ in finite timeTo meet
S62: label reader calculates aes algorithm symmetric key k ', is expressed as:
k ′ = C C τ / C τ ′ - - - ( 3 )
It is true that in the embodiment of the present invention four, formula (1) is extended to:
C τ = e ( sk i d ′ , C ′ ) = e ( g α g βu i d , g s ) = e ( g , g ) α s e ( g , g ) βu i d s - - - ( 4 )
Formula (2) is extended to:
Based on formula (4) and formula (5), the proof procedure of formula (3) is represented by:
C C τ / C τ ′ = C e ( g , g ) α s e ( g , g ) βsu i d / e ( g , g ) βu i d s = k e ( g , g ) α s e ( g , g ) α s = k - - - ( 6 )
S63: label reader is according to the symmetric key k ' ciphertext to the electronic product code information in the first ciphertext EkM () deciphers, obtain electronic product information code information.
The present invention is by based on third-party revocable attribute encryption technology (Revocable Attribute-Based Encryption, RABE) apply the access control field at electronic product code.And in the prior art, though So also it is proposed based on third-party revocable attribute encryption technology, but this technology is not used in electricity The access control field of sub-product code, existing deposits based on third-party revocable attribute encryption technology meanwhile In following 2 deficiencies: meet chosen-plain attact safety, but its be not based on strong difficulty problem it is assumed that Thus safety is not enough;The calculating task of arbitration machine is directly proportional to meeting access structure minimal attribute set dimension, Thus execution efficiency is low.The present invention uses the access structure accessing tree, can formulate and door or door and thresholding etc. Accessing control structure, based on judging bilinear Diffie-Hellman index difficulty problem, building support can The encryption attribute scheme cancelled.Hereinafter will pass through opponentAnd challengerBetween interactive entertainment, from peace Full property and execution efficiency two aspect, prove access control system and the visit thereof of the electronic product code that the present invention proposes Ask the advantage of control method model:
One, safety.The present invention constructed based on third-party revocable attribute encryption technology based on tired Difficulty is assumed to be described as follows:
Judge bilinear Diffie-Hellman index (decisional Bilinear Diffie-Hellman Exponent, BDHE) assume: for the first multiplicative group that rank are prime number pWith the second multiplicative group First multiplicative groupGeneration unit be g, it is known that bilinear map e:Random number For given parameterIn polynomial time,With the second multiplicative groupOn random element undistinguishable.
, if BDHE assumes to set up, the most there is not polynomial time opponent and can successfully break through RABE in theorem 1 Scheme.
Assume to there is polynomial time opponentWith the probability that can not ignore break through in selecting safety game based on Third-party revocable attribute encryption technology.
Initialize, it is known that attribute spaceAndOpponentChallenge is selected to access Structure Γ, defines its leaf node community setChallengerKnown BDHE tupleThe algorithm of operating procedure S1, randomly selectsAssume α=α '+βq+1, calculate u=gβ,For each attributeAt random Definition ti=zi+biβη1+biβ2η2+…+biβnηn, whereinThe most correspondingly
Common parameterMain system private key msk={gα}.Challenger Send common parameter with y to opponent
Stage 1, opponentTo challengerInitiate the inquiry of multinomial secondary key.According to opponentSelect EIC equipment identification code id and property set(property setIt is unsatisfactory for access structure Γ), challengerOperating procedure The algorithm of S2: uid=r+ ω1βq2βq-1+…+ωnβq-n+1, wherein,For random number, ω1=-1, And ωi·ηi=0.The key then produced Wherein, skidThe highest power of middle β is q, I.e. skidIn the random the most about factorDue to gαIn containing the stipulations factorButIntroduce the stipulations factorTherefore skid' the stipulations factor can be eliminatedDue to ωi·ηi=0, therefore skid,iThe stipulations factor can be eliminated
ChallengerSend (skid,skid',skid,i) to opponent
Challenge: opponentTo challengerSend the cleartext information m that two parts of length is equal0And m1, challengerWith B ∈ (0,1) chosen by machine, and uses access structure Γ, the algorithm in operating procedure S0, generation ciphertext C:C'=gs.The root node value of access structure tree Γ is random number s, ForFor leaf node distributive property value si, calculate Ci:Due to property setIt is unsatisfactory for access structure Γ, definition
Stage 2, as the stage 1, opponentTo challengerInitiation key challenge, but opponentSelect Community set be unsatisfactory for access structure Γ.
Conjecture, opponentConjecture b', ifThen opponentSuccess.
It is true that
C τ C τ ′ = e ( g , g ) α ′ s
If opponentSuccessfully break through based on third-party revocable attribute encryption technology, due toThis opponent i.e. can break through BDHE it is assumed that therefore native system and method thereof are in choosing It is safe for selecting under plaintext attack.
Two, execution efficiency.Definition E is Bilinear map computing, P0With P1Represent the first multiplicative groupWith second Multiplicative groupOn point multiplication operation, M0With M1Represent the first multiplicative groupWith the second multiplicative groupOn multiplication Computing, the addition subtraction multiplication and division computing on finite field is ignored.Assume that user property collection dimension isVisit Ask that structure attribute collection dimension isThe minimal attribute set dimension meeting access structure isAs Following table one list existing based on third-party revocable attribute encryption technology and the present invention propose based on the 3rd The execution efficiency of the revocable attribute encryption technology of side compares:
Table one
Visible, the present invention based in third-party revocable attribute encryption technology, the deciphering computing of arbitration machine Amount far below existing scheme, thus can avoid arbitration machine to become the bottleneck of systematic function, thus the present invention based on Third-party revocable attribute encryption technology runnability is more excellent.
In sum, access control system and the access control method thereof of the electronic product code that the present invention proposes should With based on third-party revocable attribute encryption technology, by characterize the electronic product code information of Item Information with Ciphertext form stores, and is carried out the deciphering of abstract factory reader by the revocation list that sets a property in arbitration machine Authority, it is achieved that the ciphertext of electronic product code information is accessed control, compensate for Current electronic product code identification System deficiency in terms of secret protection.Simultaneously as be using attribute as accessing the elementary cell controlled, Therefore this access control system can realize fine-granularity access control, can stop any unauthorized tag reader pair The unauthorized access of Item Information, effective guarantee is stored in the privacy of Item Information in EPCIS.It addition, The present invention also existing based on third-party revocable attribute encryption technology on the basis of, improve and attack in plain text Safety under hitting, and avoid arbitration machine and become the bottleneck of systematic function, optimize system performance.
One of ordinary skill in the art will appreciate that all or part of step realizing in above-described embodiment method is Can be completed by the hardware that program controls to be correlated with, described program can be stored in a computer-readable Taking in storage medium, described storage medium, such as ROM/RAM, disk, CD etc..
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all at this Any amendment, equivalent and the improvement etc. made within bright spirit and principle, should be included in the present invention Protection domain within.

Claims (9)

1. the access control system of an electronic product code, it is characterised in that described system includes:
Register machine, is used for setting up common parameter and main private key, and is receiving registration request and described registration please Ask when meeting condition, export the first private key and the second private key;
Electronic product code information system, for storing the ciphertext of electronic product code information and the close of counterpart keys Literary composition, and after receiving label information access request, by the ciphertext of described electronic product code information and described A part for the ciphertext of counterpart keys sends as the first ciphertext, and by another of the ciphertext of described counterpart keys Part sends as the second ciphertext;
Label reader, for sending described registration request to described register machine, receives described first private key also Storage, scanning afterwards is loaded with the label of electronic product code, sends described to described electronic product code information system Label information access request, and receive described first ciphertext that described electronic product code information system sends, it Rear reception intermediate object program, and utilize described intermediate object program, described first private key and described first ciphertext to decipher To described electronic product information code information;
Arbitration machine, right for storing between the EIC equipment identification code characterizing described label reader and corresponding attribute thereof The attribute revocation list that should be related to, receives described second private key of described register machine output, receives described electronics Described second ciphertext of product code information system transmission and the EIC equipment identification code of described label reader, and pass through Search described attribute revocation list and recognize the existing attribute of described label reader when meeting access structure, Generate and return described intermediate object program to described label reader according to described second private key and the second ciphertext.
2. the access control system of electronic product code as claimed in claim 1, it is characterised in that described system System also includes:
Ciphering unit, is used for using AES to randomly generate key, and enters described electronic product code information Row encryption, obtains the ciphertext of described electronic product code information, afterwards according to the described electronic product code letter preset The access structure of breath, generates the ciphertext of described electronic product code information counterpart keys, and by described electronic product The code ciphertext of information and the ciphertext of described counterpart keys store in described electronic product code information system.
3. the access of the access control system of the electronic product code as described in any one of claim 1 or 2 Control method, it is characterised in that said method comprising the steps of:
S1: register machine sets up common parameter and main private key;
S2: label reader sends registration request to described register machine, if described register machine confirms described registration Request meets requirement, then generate the first private key and the second private key, and described first private key is sent to described mark Sign reader, described second private key is sent to arbitration machine;
The scanning of S3: described label reader is loaded with the label of electronic product code, to electronic product code information system Send label information access request;
S4: described electronic product code information system is after receiving described label information access request, by electronics A part for the ciphertext of product code information and the ciphertext of counterpart keys is sent to label as the first ciphertext and reads Device, and using another part of the EIC equipment identification code of label reader and the ciphertext of described counterpart keys as Second ciphertext is sent to described arbitration machine;
S5: when described arbitration machine is by searching attribute revocation list, recognize the existing of described label reader When attribute meets access structure, generate according to described second private key and described second ciphertext and return intermediate object program To described label reader;
S6: described label reader utilizes described intermediate object program, described first private key and described first ciphertext solution Close obtain electronic product information code information.
4. the access control method of the access control system of electronic product code as claimed in claim 3, it is special Levying and be, before described step, described method is further comprising the steps of:
S0: use AES to randomly generate key, and electronic product code information is encrypted, obtain institute State the ciphertext of electronic product code information, afterwards according to the access structure of the described electronic product code information preset, Generate the ciphertext of described electronic product code information counterpart keys, and by the ciphertext of described electronic product code information with And the ciphertext of described counterpart keys stores in described electronic product code information system.
5. the access control method of the access control system of electronic product code as claimed in claim 4, it is special Levying and be, described step S1 comprises the following steps:
S11: security parameter λ is set;
S12: definition rank are the first multiplicative group of prime number pWith the second multiplicative groupObtain described first to take advantage of Method groupGeneration unit g, and define bilinear map e:
S13: set a property spaceFor attribute each in described attribute space Randomly selectAnd calculate
S14: randomly select α,And calculate u=gβ, w=e (g, g)α
S15: set up common parameterAnd main private key msk={gα}。
6. the access control method of the access control system of electronic product code as claimed in claim 5, it is special Levying and be, described step S2 comprises the following steps:
S21: described label reader sends registration request to described register machine, and described registration request at least includes EIC equipment identification code id of described label reader and property set thereof
S22: whenTime, described register machine confirms that described registration request meets requirement, the most described registration Machine randomly choosesAnd calculateEach attribute for user Described register machine calculates
S23: described register machine is by the first private keyIt is sent to described label reader, and By the second private key skid' it is sent to described arbitration machine.
7. the access control method of the access control system of electronic product code as claimed in claim 6, it is special Levying and be, described step S0 comprises the following steps:
S01: use AES encryption algorithm to randomly generate key k, and electronic product code information m is added Close, obtain ciphertext E of electronic product code informationk(m);
S02: if the access structure of the electronic product code information preset is access structure tree Γ, described access structure The root node value of tree Γ is s, then when expressing the relation of logical AND, and the child node of described access structure tree Γ When number is n, defines arbitrary n-1 sub-nodal value and be respectively random numberN-th Individual sub-nodal value isWhen need to express logic or relation time, define described access knot Each child node value of Broussonetia papyrifera Γ is s, if the leaf node attribute of described access structure tree Γ is combined intoThen generate The ciphertext of described key kWherein: C=kws, C '=gs,
S03: by ciphertext E of described electronic product code informationk(m) and the ciphertext of described counterpart keysStore in described electronic product code information system.
8. the access control method of the access control system of electronic product code as claimed in claim 7, it is special Levying and be, described step S5 comprises the following steps:
S51: when the existing attribute that described arbitration machine recognizes described label reader meets access structure, root According to described second private key skid' and described second ciphertext C' generation intermediate object program Cτ, it is expressed as: Cτ=e (skid',C');
S52: described arbitration machine is by described intermediate object program Cτ=e (skid', C') return to described label reader.
9. the access control method of the access control system of electronic product code as claimed in claim 8, it is special Levying and be, described step S6 comprises the following steps:
S61: described label reader finds the minimal attribute set of access structure Γ in finite timeWith Meet
S62: described label reader calculates aes algorithm symmetric key k ', is expressed as:
Described electronics in described first ciphertext is produced by S63: described label reader according to described symmetric key k ' Ciphertext E of product code informationkM () deciphers, obtain described electronic product information code information.
CN201310436525.5A 2013-09-22 2013-09-22 The access control system of a kind of electronic product code and access control method thereof Active CN103501223B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310436525.5A CN103501223B (en) 2013-09-22 2013-09-22 The access control system of a kind of electronic product code and access control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310436525.5A CN103501223B (en) 2013-09-22 2013-09-22 The access control system of a kind of electronic product code and access control method thereof

Publications (2)

Publication Number Publication Date
CN103501223A CN103501223A (en) 2014-01-08
CN103501223B true CN103501223B (en) 2016-08-10

Family

ID=49866398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310436525.5A Active CN103501223B (en) 2013-09-22 2013-09-22 The access control system of a kind of electronic product code and access control method thereof

Country Status (1)

Country Link
CN (1) CN103501223B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106127268A (en) * 2016-06-13 2016-11-16 南京理工大学 Portable household Articla management system and management method
CN106203138B (en) * 2016-07-06 2019-01-11 江苏国瑞信安科技有限公司 A kind of access control system of electronic product code
CN108595974B (en) * 2018-05-07 2021-04-20 襄阳市尚贤信息科技有限公司 Quick verification system for electronic product code
US11316662B2 (en) * 2018-07-30 2022-04-26 Koninklijke Philips N.V. Method and apparatus for policy hiding on ciphertext-policy attribute-based encryption

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101140645A (en) * 2007-11-05 2008-03-12 陆航程 Tax controlling method based on article internet, and tax controlling method and EPC, EBC article internet and implement used for tax controlling
CN101533461A (en) * 2008-03-11 2009-09-16 Sap股份公司 Enhanced item tracking using selective querying
CN102594551A (en) * 2012-03-31 2012-07-18 福建师范大学 Method for reliable statistics of privacy data on radio frequency identification (RFID) tag

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101140645A (en) * 2007-11-05 2008-03-12 陆航程 Tax controlling method based on article internet, and tax controlling method and EPC, EBC article internet and implement used for tax controlling
CN101533461A (en) * 2008-03-11 2009-09-16 Sap股份公司 Enhanced item tracking using selective querying
CN102594551A (en) * 2012-03-31 2012-07-18 福建师范大学 Method for reliable statistics of privacy data on radio frequency identification (RFID) tag

Also Published As

Publication number Publication date
CN103501223A (en) 2014-01-08

Similar Documents

Publication Publication Date Title
US20220368545A1 (en) Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN105049196B (en) The encryption method that multiple keywords of designated position can search in cloud storage
CN103780393B (en) Virtual-desktop security certification system and method facing multiple security levels
CN107256248A (en) Encryption method can search for based on asterisk wildcard in cloud storage safety
CN105354233B (en) The Linear SVM classified service inquiry system and method for two-way secret protection
CN104021157A (en) Method for keyword searchable encryption based on bilinear pairs in cloud storage
US9712320B1 (en) Delegatable pseudorandom functions and applications
CN108092972B (en) Multi-authorization-center attribute-based searchable encryption method
CN106713508A (en) Data access method and system based on cloud server
CN103501223B (en) The access control system of a kind of electronic product code and access control method thereof
Xiang et al. Achieving verifiable, dynamic and efficient auditing for outsourced database in cloud
Liu et al. EMK-ABSE: Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination
CN107276766A (en) A kind of many authorization attribute encipher-decipher methods
CN103347018A (en) Long-distance identity authentication method based on intelligent card and under multiple-service environment
He et al. Provable data integrity of cloud storage service with enhanced security in the internet of things
CN106980796A (en) MDB is based under cloud environment+The multiple domain of tree connects the searching method of keyword
Fan et al. Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting
CN109088719A (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN117040800A (en) Personal archive management scheme based on alliance chain and non-certificate searchable encryption
Wu et al. A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof
Zhao et al. Full black-box retrievable and accountable identity-based encryption
Du et al. A Lightweight Authenticated Searchable Encryption without Bilinear Pairing for Cloud Computing
WO2023134576A1 (en) Data encryption method, attribute authorization center, and storage medium
CN113949545A (en) Dual access control method based on time and attribute in cloud computing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant