CN103501223B - The access control system of a kind of electronic product code and access control method thereof - Google Patents
The access control system of a kind of electronic product code and access control method thereof Download PDFInfo
- Publication number
- CN103501223B CN103501223B CN201310436525.5A CN201310436525A CN103501223B CN 103501223 B CN103501223 B CN 103501223B CN 201310436525 A CN201310436525 A CN 201310436525A CN 103501223 B CN103501223 B CN 103501223B
- Authority
- CN
- China
- Prior art keywords
- electronic product
- product code
- ciphertext
- code information
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention belongs to Internet of Things field of information security technology, it is provided that the access control system of a kind of electronic product code and access control method thereof.This system and access control method thereof apply based on third-party revocable attribute encryption technology; the electronic product code information characterizing Item Information is stored with ciphertext form; and the decrypted rights of abstract factory reader is carried out by the revocation list that sets a property in arbitration machine; achieve the ciphertext to electronic product code information and access control, compensate for Current electronic product code identification system deficiency in terms of secret protection.Simultaneously, owing to being the elementary cell controlled using attribute as access, therefore this access control system can realize fine-granularity access control, can stop the unauthorized access to Item Information of any unauthorized tag reader, and effective guarantee is stored in the privacy of Item Information in EPCIS.
Description
Technical field
The invention belongs to Internet of Things field of information security technology, particularly relate to the access control of a kind of electronic product code
System processed and access control method thereof.
Background technology
Electronic product code (Electronic Product Code, EPC) is that a kind of employing radio electronic label is
Carrier, realizes the article identification code of information transmission by the Internet.Radio electronic label is only loaded with
EPC, the parsing to EPC then needs to be completed by identification system.
Fig. 1 shows the identification system of the electronic product code that prior art provides.First, label reader is swept
Retouch the label being loaded with electronic product code being attached on article, extract the EPC of storage on this label, and be sent to
Middleware;Middleware, after processing EPC, submits to object oriented resolution server by the Internet
(Object Name Service, ONS);ONS searches the electronic product code information system depositing this EPC
The address of (Electronic Product Code Information System, EPCIS), and pass through middleware
EPCIS address is returned to label reader;Access EPCIS according to this address after label reader, and obtain
Take the Item Information being stored in EPCIS.
Article are brought into network, label by REID by the identification system of this electronic product code
Reader can the most at random access Item Information by network, its opening while bringing great convenience,
The Item Information making in EPCIS storage is easily stolen, distorted, deletion etc. is attacked.
Summary of the invention
The purpose of the embodiment of the present invention is to provide the access control system of a kind of electronic product code, it is intended to solve
In the identification system of existing electronic product code, label reader can the most at random access article by network
Information so that in EPCIS the Item Information of storage easily stolen, distorted, the problem of the attack such as deletion.
The embodiment of the present invention is achieved in that the access control system of a kind of electronic product code, described system
Including:
Register machine, is used for setting up common parameter and main private key, and is receiving registration request and described registration please
Ask when meeting condition, export the first private key and the second private key;
Electronic product code information system, for storing the ciphertext of electronic product code information and the close of counterpart keys
Literary composition, and after receiving label information access request, by the ciphertext of described electronic product code information and described
A part for the ciphertext of counterpart keys sends as the first ciphertext, and by another of the ciphertext of described counterpart keys
Part sends as the second ciphertext;
Label reader, for sending described registration request to described register machine, receives described first private key also
Storage, scanning afterwards is loaded with the label of electronic product code, sends described to described electronic product code information system
Label information access request, and receive described first ciphertext that described electronic product code information system sends, it
Rear reception intermediate object program, and utilize described intermediate object program, described first private key and described first ciphertext to decipher
To described electronic product information code information;
Arbitration machine, right for storing between the EIC equipment identification code characterizing described label reader and corresponding attribute thereof
The attribute revocation list that should be related to, receives described second private key of described register machine output, receives described electronics
Described second ciphertext of product code information system transmission and the EIC equipment identification code of described label reader, and pass through
Search described attribute revocation list and recognize the existing attribute of described label reader when meeting access structure,
Generate and return described intermediate object program to described label reader according to described second private key and the second ciphertext.
The another object of the embodiment of the present invention is that the access providing a kind of electronic product code as above controls
The access control method of system, said method comprising the steps of:
S1: register machine sets up common parameter and main private key;
S2: label reader sends registration request to described register machine, if described register machine confirms described registration
Request meets requirement, then generate the first private key and the second private key, and described first private key is sent to described mark
Sign reader, described second private key is sent to arbitration machine;
The scanning of S3: described label reader is loaded with the label of electronic product code, to electronic product code information system
Send label information access request;
S4: described electronic product code information system is after receiving described label information access request, by electronics
A part for the ciphertext of product code information and the ciphertext of counterpart keys is sent to label as the first ciphertext and reads
Device, and using another part of the EIC equipment identification code of label reader and the ciphertext of described counterpart keys as
Second ciphertext is sent to described arbitration machine;
S5: when described arbitration machine is by searching attribute revocation list, recognize the existing of described label reader
When attribute meets access structure, generate according to described second private key and described second ciphertext and return intermediate object program
To described label reader;
S6: described label reader utilizes described intermediate object program, described first private key and described first ciphertext solution
Close obtain electronic product information code information.
The access control system of electronic product code that the present invention proposes and access control method thereof apply based on the
The revocable attribute encryption technology of tripartite, deposits the electronic product code information characterizing Item Information with ciphertext form
Storage, and the decrypted rights of abstract factory reader is carried out by the revocation list that sets a property in arbitration machine, it is achieved
The ciphertext of electronic product code information is accessed and controls, compensate for Current electronic product code identification system in privacy
Deficiency in terms of protection.Simultaneously as be using attribute as accessing the elementary cell controlled, therefore this access
Control system can realize fine-granularity access control, and any unauthorized tag reader can be stoped Item Information
Unauthorized access, effective guarantee is stored in the privacy of Item Information in EPCIS.
Accompanying drawing explanation
Fig. 1 is the structure chart of the identification system of the electronic product code that prior art provides;
Fig. 2 is the structure chart of the access control system of the electronic product code that the embodiment of the present invention one provides;
Fig. 3 is the structure chart of the access control system of the electronic product code that the embodiment of the present invention two provides;
Fig. 4 is the access control method of the access control system of the electronic product code that the embodiment of the present invention three provides
Flow chart;
Fig. 5 is the access control method of the access control system of the electronic product code that the embodiment of the present invention four provides
Flow chart.
Detailed description of the invention
In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and reality
Execute example, the present invention is further elaborated.Only should be appreciated that specific embodiment described herein
Only in order to explain the present invention, it is not intended to limit the present invention.
In order to solve the problem that prior art exists, the present invention proposes a kind of by access rights administrative protection
The access control system of the electronic product code of system information safety, this system apply based on third-party can
Cancel attribute encryption technology, and to existing based on third-party revocable attribute encryption technology in safety and
Execution efficiency aspect is improved.
Embodiment one
Fig. 2 shows the structure of the access control system of the electronic product code that the embodiment of the present invention one provides, for
It is easy to explanation, illustrate only the part relevant to the embodiment of the present invention one.
In the embodiment of the present invention one, the access control system of electronic product code includes: register machine 14, is used for building
Vertical common parameter and main private key, and when receiving registration request and registration request meets condition, export first
Private key and the second private key;Electronic product code information system 12, for store the ciphertext of electronic product code information with
And the ciphertext of counterpart keys, and after receiving label information access request, close by electronic product code information
The part of ciphertext for literary composition and counterpart keys sends as the first ciphertext, and another by the ciphertext of counterpart keys
A part sends as the second ciphertext;Label reader 11, for sending registration request to register machine 14,
Receiving the first private key and store, scanning afterwards is loaded with the label of electronic product code, to electronic product code information system
System 12 transmission label information access request, and receive the first ciphertext that electronic product code information system 12 sends,
Receive intermediate object program afterwards, and utilize intermediate object program, the first private key and the deciphering of the first ciphertext to obtain electronic product
Information code information;Arbitration machine 13, for storing the EIC equipment identification code and correspondence thereof characterizing label reader 11
The attribute revocation list of corresponding relation between attribute, receives the second private key of register machine 14 output, receives electronics
Second ciphertext of product code information system 12 transmission and the EIC equipment identification code of label reader 11, and by looking into
Look for attribute revocation list and recognize the existing attribute of label reader 11 when meeting access structure, according to second
Private key and the second ciphertext generate and return intermediate object program to label reader 11.Wherein, electronic product code information
Refer to the details of article entrained by electronic product code.
The access control system of the electronic product code that the embodiment of the present invention one provides based on third-party can
Cancel attribute encryption technology, the electronic product code information characterizing Item Information is stored with ciphertext form, and leads to
Cross the revocation list that sets a property in arbitration machine 13 and carry out the decrypted rights of abstract factory reader 11, it is achieved that
The ciphertext of electronic product code information is accessed control, compensate for Current electronic product code identification system and protect in privacy
Protect the deficiency of aspect.Simultaneously as be using attribute as accessing the elementary cell controlled, therefore this access control
System processed can realize fine-granularity access control, can stop non-to Item Information of any unauthorized tag reader
Method accesses, and effective guarantee is stored in the privacy of Item Information in EPCIS.
Embodiment two
Fig. 3 shows the structure of the access control system of the electronic product code that the embodiment of the present invention two provides, for
It is easy to explanation, illustrate only the part relevant to the embodiment of the present invention two.
Different from embodiment one, in the embodiment of the present invention two, the access control system of electronic product code also includes:
Ciphering unit 15, is used for using AES to randomly generate key, and is encrypted electronic product code information,
Obtain the ciphertext of electronic product code information, afterwards according to the access structure of the electronic product code information preset, raw
Become the ciphertext of electronic product code information counterpart keys, and by the ciphertext of electronic product code information and counterpart keys
Ciphertext store in electronic product code information system 12.
Embodiment three
Electronic product described in the embodiment of the present invention three provides, embodiment one that Fig. 4 shows or embodiment two
The flow chart of the access control method of the access control system of code.
In the embodiment of the present invention three, the access control method of the access control system of electronic product code includes:
Step S1: register machine sets up common parameter and main private key.Step S1 can comprise the following steps that further
S11: security parameter λ is set.
S12: definition rank are the first multiplicative group of prime number pWith the second multiplicative groupObtain the first multiplicative group
Generation unit g, and define bilinear map e:
S13: set a property spaceFor attribute each in this attribute spaceWith
Machine is chosenAnd calculate
S14: randomly selectAnd calculate u=gβ, w=e (g, g)α。
S15: set up common parameterAnd main private key msk={gα}。
Step S2: label reader sends registration request to register machine, if register machine confirms that this registration request is full
Foot requirement, then generate the first private key and the second private key, and the first private key be sent to label reader, by the
Two private keys are sent to arbitration machine.Step S2 can comprise the following steps that further
S21: label reader sends registration request to register machine, this registration request at least includes label reader
EIC equipment identification code id and property set
S22: whenTime, register machine confirms that this registration request meets requirement, then register machine randomly choosesAnd calculateEach attribute simultaneously for userRegistration
Machine calculates
S23: register machine is by the first private keyIt is sent to label reader, and private by second
Key skid' it is sent to arbitration machine.
Step S3: label reader scanning is loaded with the label of electronic product code, to electronic product code information system
Send label information access request.
Step S4: electronic product code information system is after receiving label information access request, by electronic product
Ciphertext E of code informationkM a part for the ciphertext of () and counterpart keys is sent to label as the first ciphertext and reads
Read device, and using another part of EIC equipment identification code id of label reader and the ciphertext of counterpart keys as
Second ciphertext is sent to arbitration machine.
Step S5: when arbitration machine is by searching attribute revocation list, recognize the existing attribute of label reader
When meeting access structure, generate and return intermediate object program to label reader according to the second private key and the second ciphertext.
When the existing attribute that arbitration machine recognizes label reader is unsatisfactory for access structure, return error identification
FALSE is to label reader.
In the embodiment of the present invention three, attribute revocation list for characterize label reader 11 EIC equipment identification code and
Corresponding relation between its corresponding attribute, carries out rights management to facilitate to label reader 11, this attribute in order to
Characterize the information being loaded with the commodity that the label of electronic product code is attached at, such as, when being loaded with electronic product code
Label when being attached at certain brand shampoo, this attribute can include daily use chemicals class, shampoo, xx brand etc..
Such as, when a certain label reader 11 is revoked, with this label reader in setting attribute revocation list
Whole attributes of 11 correspondences are for cancel;When a certain attribute marking a certain label reader 11 is revoked, if
Determine in attribute revocation list this attribute of this label reader 11 for cancel;When attribute a certain in system is removed
During pin, set in attribute revocation list this attribute of each label reader 11 as cancelling.
Step S6: label reader utilizes intermediate object program, the first private key and the deciphering of the first ciphertext to obtain electronics and produces
Product information code information.
Embodiment four
Electronic product described in the embodiment of the present invention four provides, embodiment one that Fig. 5 shows or embodiment two
The flow chart of the access control method of the access control system of code.
Different from embodiment three, in embodiment four, the access of the access control system of electronic product code controls
Method also included before step S1:
Step S0: use AES to randomly generate key, and electronic product code information is encrypted,
To the ciphertext of electronic product code information, afterwards according to the access structure of the electronic product code information preset, generate
The ciphertext of electronic product code information counterpart keys, and by the ciphertext of electronic product code information and counterpart keys
Ciphertext stores in electronic product code information system.Step S0 can comprise the following steps that further
S01: use Advanced Encryption Standard (Advanced Encryption Standard, AES) AES
Randomly generate key k, and electronic product code information m is encrypted, obtain the close of electronic product code information
Literary composition Ek(m)。
S02: assume that the access structure of electronic product code information preset is access structure tree Γ, this access structure
The root node value of tree Γ is s.If the relation of logical AND need to be expressed, and the child node number of this access structure tree Γ
For n, then define arbitrary n-1 sub-nodal value and be respectively random numberN-th son
Nodal value isIf need to express logic or relation, then defining each child node value is s.
Assume that the leaf node attribute of this access structure tree Γ is combined intoThen generate the ciphertext of key kWherein: C=kws, C '=gs,
S03: by ciphertext E of electronic product code informationkThe ciphertext of (m) and counterpart keys
Store in electronic product code information system.
In the embodiment of the present invention four, in step s 4, the first ciphertext includes the ciphertext of electronic product code information
Ek(m) andSecond ciphertext includes C'.
In the embodiment of the present invention four, step S5 can comprise the following steps that further
S51: when the existing attribute that arbitration machine recognizes label reader meets access structure, private according to second
Key skid' and the second ciphertext C' generation intermediate object program Cτ, it is expressed as:
Cτ=e (skid',C') (1)
S52: arbitration machine is by intermediate object program Cτ=e (skid', C') return to label reader.
In the embodiment of the present invention four, step S6 can comprise the following steps that further
S61: label reader finds the minimal attribute set of access structure Γ in finite timeTo meet
S62: label reader calculates aes algorithm symmetric key k ', is expressed as:
It is true that in the embodiment of the present invention four, formula (1) is extended to:
Formula (2) is extended to:
Based on formula (4) and formula (5), the proof procedure of formula (3) is represented by:
S63: label reader is according to the symmetric key k ' ciphertext to the electronic product code information in the first ciphertext
EkM () deciphers, obtain electronic product information code information.
The present invention is by based on third-party revocable attribute encryption technology (Revocable Attribute-Based
Encryption, RABE) apply the access control field at electronic product code.And in the prior art, though
So also it is proposed based on third-party revocable attribute encryption technology, but this technology is not used in electricity
The access control field of sub-product code, existing deposits based on third-party revocable attribute encryption technology meanwhile
In following 2 deficiencies: meet chosen-plain attact safety, but its be not based on strong difficulty problem it is assumed that
Thus safety is not enough;The calculating task of arbitration machine is directly proportional to meeting access structure minimal attribute set dimension,
Thus execution efficiency is low.The present invention uses the access structure accessing tree, can formulate and door or door and thresholding etc.
Accessing control structure, based on judging bilinear Diffie-Hellman index difficulty problem, building support can
The encryption attribute scheme cancelled.Hereinafter will pass through opponentAnd challengerBetween interactive entertainment, from peace
Full property and execution efficiency two aspect, prove access control system and the visit thereof of the electronic product code that the present invention proposes
Ask the advantage of control method model:
One, safety.The present invention constructed based on third-party revocable attribute encryption technology based on tired
Difficulty is assumed to be described as follows:
Judge bilinear Diffie-Hellman index (decisional Bilinear Diffie-Hellman
Exponent, BDHE) assume: for the first multiplicative group that rank are prime number pWith the second multiplicative group
First multiplicative groupGeneration unit be g, it is known that bilinear map e:Random number
For given parameterIn polynomial time,With the second multiplicative groupOn random element undistinguishable.
, if BDHE assumes to set up, the most there is not polynomial time opponent and can successfully break through RABE in theorem 1
Scheme.
Assume to there is polynomial time opponentWith the probability that can not ignore break through in selecting safety game based on
Third-party revocable attribute encryption technology.
Initialize, it is known that attribute spaceAndOpponentChallenge is selected to access
Structure Γ, defines its leaf node community setChallengerKnown BDHE tupleThe algorithm of operating procedure S1, randomly selectsAssume
α=α '+βq+1, calculate u=gβ,For each attributeAt random
Definition ti=zi+biβη1+biβ2η2+…+biβnηn, whereinThe most correspondingly
Common parameterMain system private key msk={gα}.Challenger
Send common parameter with y to opponent
Stage 1, opponentTo challengerInitiate the inquiry of multinomial secondary key.According to opponentSelect
EIC equipment identification code id and property set(property setIt is unsatisfactory for access structure Γ), challengerOperating procedure
The algorithm of S2: uid=r+ ω1βq+ω2βq-1+…+ωnβq-n+1, wherein,For random number, ω1=-1,
And ωi·ηi=0.The key then produced Wherein, skidThe highest power of middle β is q,
I.e. skidIn the random the most about factorDue to gαIn containing the stipulations factorButIntroduce the stipulations factorTherefore skid' the stipulations factor can be eliminatedDue to ωi·ηi=0, therefore skid,iThe stipulations factor can be eliminated
ChallengerSend (skid,skid',skid,i) to opponent
Challenge: opponentTo challengerSend the cleartext information m that two parts of length is equal0And m1, challengerWith
B ∈ (0,1) chosen by machine, and uses access structure Γ, the algorithm in operating procedure S0, generation ciphertext C:C'=gs.The root node value of access structure tree Γ is random number s,
ForFor leaf node distributive property value si, calculate Ci:Due to property setIt is unsatisfactory for access structure Γ, definition
Stage 2, as the stage 1, opponentTo challengerInitiation key challenge, but opponentSelect
Community set be unsatisfactory for access structure Γ.
Conjecture, opponentConjecture b', ifThen opponentSuccess.
It is true that
If opponentSuccessfully break through based on third-party revocable attribute encryption technology, due toThis opponent i.e. can break through BDHE it is assumed that therefore native system and method thereof are in choosing
It is safe for selecting under plaintext attack.
Two, execution efficiency.Definition E is Bilinear map computing, P0With P1Represent the first multiplicative groupWith second
Multiplicative groupOn point multiplication operation, M0With M1Represent the first multiplicative groupWith the second multiplicative groupOn multiplication
Computing, the addition subtraction multiplication and division computing on finite field is ignored.Assume that user property collection dimension isVisit
Ask that structure attribute collection dimension isThe minimal attribute set dimension meeting access structure isAs
Following table one list existing based on third-party revocable attribute encryption technology and the present invention propose based on the 3rd
The execution efficiency of the revocable attribute encryption technology of side compares:
Table one
Visible, the present invention based in third-party revocable attribute encryption technology, the deciphering computing of arbitration machine
Amount far below existing scheme, thus can avoid arbitration machine to become the bottleneck of systematic function, thus the present invention based on
Third-party revocable attribute encryption technology runnability is more excellent.
In sum, access control system and the access control method thereof of the electronic product code that the present invention proposes should
With based on third-party revocable attribute encryption technology, by characterize the electronic product code information of Item Information with
Ciphertext form stores, and is carried out the deciphering of abstract factory reader by the revocation list that sets a property in arbitration machine
Authority, it is achieved that the ciphertext of electronic product code information is accessed control, compensate for Current electronic product code identification
System deficiency in terms of secret protection.Simultaneously as be using attribute as accessing the elementary cell controlled,
Therefore this access control system can realize fine-granularity access control, can stop any unauthorized tag reader pair
The unauthorized access of Item Information, effective guarantee is stored in the privacy of Item Information in EPCIS.It addition,
The present invention also existing based on third-party revocable attribute encryption technology on the basis of, improve and attack in plain text
Safety under hitting, and avoid arbitration machine and become the bottleneck of systematic function, optimize system performance.
One of ordinary skill in the art will appreciate that all or part of step realizing in above-described embodiment method is
Can be completed by the hardware that program controls to be correlated with, described program can be stored in a computer-readable
Taking in storage medium, described storage medium, such as ROM/RAM, disk, CD etc..
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all at this
Any amendment, equivalent and the improvement etc. made within bright spirit and principle, should be included in the present invention
Protection domain within.
Claims (9)
1. the access control system of an electronic product code, it is characterised in that described system includes:
Register machine, is used for setting up common parameter and main private key, and is receiving registration request and described registration please
Ask when meeting condition, export the first private key and the second private key;
Electronic product code information system, for storing the ciphertext of electronic product code information and the close of counterpart keys
Literary composition, and after receiving label information access request, by the ciphertext of described electronic product code information and described
A part for the ciphertext of counterpart keys sends as the first ciphertext, and by another of the ciphertext of described counterpart keys
Part sends as the second ciphertext;
Label reader, for sending described registration request to described register machine, receives described first private key also
Storage, scanning afterwards is loaded with the label of electronic product code, sends described to described electronic product code information system
Label information access request, and receive described first ciphertext that described electronic product code information system sends, it
Rear reception intermediate object program, and utilize described intermediate object program, described first private key and described first ciphertext to decipher
To described electronic product information code information;
Arbitration machine, right for storing between the EIC equipment identification code characterizing described label reader and corresponding attribute thereof
The attribute revocation list that should be related to, receives described second private key of described register machine output, receives described electronics
Described second ciphertext of product code information system transmission and the EIC equipment identification code of described label reader, and pass through
Search described attribute revocation list and recognize the existing attribute of described label reader when meeting access structure,
Generate and return described intermediate object program to described label reader according to described second private key and the second ciphertext.
2. the access control system of electronic product code as claimed in claim 1, it is characterised in that described system
System also includes:
Ciphering unit, is used for using AES to randomly generate key, and enters described electronic product code information
Row encryption, obtains the ciphertext of described electronic product code information, afterwards according to the described electronic product code letter preset
The access structure of breath, generates the ciphertext of described electronic product code information counterpart keys, and by described electronic product
The code ciphertext of information and the ciphertext of described counterpart keys store in described electronic product code information system.
3. the access of the access control system of the electronic product code as described in any one of claim 1 or 2
Control method, it is characterised in that said method comprising the steps of:
S1: register machine sets up common parameter and main private key;
S2: label reader sends registration request to described register machine, if described register machine confirms described registration
Request meets requirement, then generate the first private key and the second private key, and described first private key is sent to described mark
Sign reader, described second private key is sent to arbitration machine;
The scanning of S3: described label reader is loaded with the label of electronic product code, to electronic product code information system
Send label information access request;
S4: described electronic product code information system is after receiving described label information access request, by electronics
A part for the ciphertext of product code information and the ciphertext of counterpart keys is sent to label as the first ciphertext and reads
Device, and using another part of the EIC equipment identification code of label reader and the ciphertext of described counterpart keys as
Second ciphertext is sent to described arbitration machine;
S5: when described arbitration machine is by searching attribute revocation list, recognize the existing of described label reader
When attribute meets access structure, generate according to described second private key and described second ciphertext and return intermediate object program
To described label reader;
S6: described label reader utilizes described intermediate object program, described first private key and described first ciphertext solution
Close obtain electronic product information code information.
4. the access control method of the access control system of electronic product code as claimed in claim 3, it is special
Levying and be, before described step, described method is further comprising the steps of:
S0: use AES to randomly generate key, and electronic product code information is encrypted, obtain institute
State the ciphertext of electronic product code information, afterwards according to the access structure of the described electronic product code information preset,
Generate the ciphertext of described electronic product code information counterpart keys, and by the ciphertext of described electronic product code information with
And the ciphertext of described counterpart keys stores in described electronic product code information system.
5. the access control method of the access control system of electronic product code as claimed in claim 4, it is special
Levying and be, described step S1 comprises the following steps:
S11: security parameter λ is set;
S12: definition rank are the first multiplicative group of prime number pWith the second multiplicative groupObtain described first to take advantage of
Method groupGeneration unit g, and define bilinear map e:
S13: set a property spaceFor attribute each in described attribute space
Randomly selectAnd calculate
S14: randomly select α,And calculate u=gβ, w=e (g, g)α;
S15: set up common parameterAnd main private key msk={gα}。
6. the access control method of the access control system of electronic product code as claimed in claim 5, it is special
Levying and be, described step S2 comprises the following steps:
S21: described label reader sends registration request to described register machine, and described registration request at least includes
EIC equipment identification code id of described label reader and property set thereof
S22: whenTime, described register machine confirms that described registration request meets requirement, the most described registration
Machine randomly choosesAnd calculateEach attribute for user
Described register machine calculates
S23: described register machine is by the first private keyIt is sent to described label reader, and
By the second private key skid' it is sent to described arbitration machine.
7. the access control method of the access control system of electronic product code as claimed in claim 6, it is special
Levying and be, described step S0 comprises the following steps:
S01: use AES encryption algorithm to randomly generate key k, and electronic product code information m is added
Close, obtain ciphertext E of electronic product code informationk(m);
S02: if the access structure of the electronic product code information preset is access structure tree Γ, described access structure
The root node value of tree Γ is s, then when expressing the relation of logical AND, and the child node of described access structure tree Γ
When number is n, defines arbitrary n-1 sub-nodal value and be respectively random numberN-th
Individual sub-nodal value isWhen need to express logic or relation time, define described access knot
Each child node value of Broussonetia papyrifera Γ is s, if the leaf node attribute of described access structure tree Γ is combined intoThen generate
The ciphertext of described key kWherein: C=kws, C '=gs,
S03: by ciphertext E of described electronic product code informationk(m) and the ciphertext of described counterpart keysStore in described electronic product code information system.
8. the access control method of the access control system of electronic product code as claimed in claim 7, it is special
Levying and be, described step S5 comprises the following steps:
S51: when the existing attribute that described arbitration machine recognizes described label reader meets access structure, root
According to described second private key skid' and described second ciphertext C' generation intermediate object program Cτ, it is expressed as: Cτ=e (skid',C');
S52: described arbitration machine is by described intermediate object program Cτ=e (skid', C') return to described label reader.
9. the access control method of the access control system of electronic product code as claimed in claim 8, it is special
Levying and be, described step S6 comprises the following steps:
S61: described label reader finds the minimal attribute set of access structure Γ in finite timeWith
Meet
S62: described label reader calculates aes algorithm symmetric key k ', is expressed as:
Described electronics in described first ciphertext is produced by S63: described label reader according to described symmetric key k '
Ciphertext E of product code informationkM () deciphers, obtain described electronic product information code information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310436525.5A CN103501223B (en) | 2013-09-22 | 2013-09-22 | The access control system of a kind of electronic product code and access control method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310436525.5A CN103501223B (en) | 2013-09-22 | 2013-09-22 | The access control system of a kind of electronic product code and access control method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103501223A CN103501223A (en) | 2014-01-08 |
CN103501223B true CN103501223B (en) | 2016-08-10 |
Family
ID=49866398
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310436525.5A Active CN103501223B (en) | 2013-09-22 | 2013-09-22 | The access control system of a kind of electronic product code and access control method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103501223B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106127268A (en) * | 2016-06-13 | 2016-11-16 | 南京理工大学 | Portable household Articla management system and management method |
CN106203138B (en) * | 2016-07-06 | 2019-01-11 | 江苏国瑞信安科技有限公司 | A kind of access control system of electronic product code |
CN108595974B (en) * | 2018-05-07 | 2021-04-20 | 襄阳市尚贤信息科技有限公司 | Quick verification system for electronic product code |
US11316662B2 (en) * | 2018-07-30 | 2022-04-26 | Koninklijke Philips N.V. | Method and apparatus for policy hiding on ciphertext-policy attribute-based encryption |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101140645A (en) * | 2007-11-05 | 2008-03-12 | 陆航程 | Tax controlling method based on article internet, and tax controlling method and EPC, EBC article internet and implement used for tax controlling |
CN101533461A (en) * | 2008-03-11 | 2009-09-16 | Sap股份公司 | Enhanced item tracking using selective querying |
CN102594551A (en) * | 2012-03-31 | 2012-07-18 | 福建师范大学 | Method for reliable statistics of privacy data on radio frequency identification (RFID) tag |
-
2013
- 2013-09-22 CN CN201310436525.5A patent/CN103501223B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101140645A (en) * | 2007-11-05 | 2008-03-12 | 陆航程 | Tax controlling method based on article internet, and tax controlling method and EPC, EBC article internet and implement used for tax controlling |
CN101533461A (en) * | 2008-03-11 | 2009-09-16 | Sap股份公司 | Enhanced item tracking using selective querying |
CN102594551A (en) * | 2012-03-31 | 2012-07-18 | 福建师范大学 | Method for reliable statistics of privacy data on radio frequency identification (RFID) tag |
Also Published As
Publication number | Publication date |
---|---|
CN103501223A (en) | 2014-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220368545A1 (en) | Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption | |
CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
CN105049196B (en) | The encryption method that multiple keywords of designated position can search in cloud storage | |
CN103780393B (en) | Virtual-desktop security certification system and method facing multiple security levels | |
CN107256248A (en) | Encryption method can search for based on asterisk wildcard in cloud storage safety | |
CN105354233B (en) | The Linear SVM classified service inquiry system and method for two-way secret protection | |
CN104021157A (en) | Method for keyword searchable encryption based on bilinear pairs in cloud storage | |
US9712320B1 (en) | Delegatable pseudorandom functions and applications | |
CN108092972B (en) | Multi-authorization-center attribute-based searchable encryption method | |
CN106713508A (en) | Data access method and system based on cloud server | |
CN103501223B (en) | The access control system of a kind of electronic product code and access control method thereof | |
Xiang et al. | Achieving verifiable, dynamic and efficient auditing for outsourced database in cloud | |
Liu et al. | EMK-ABSE: Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination | |
CN107276766A (en) | A kind of many authorization attribute encipher-decipher methods | |
CN103347018A (en) | Long-distance identity authentication method based on intelligent card and under multiple-service environment | |
He et al. | Provable data integrity of cloud storage service with enhanced security in the internet of things | |
CN106980796A (en) | MDB is based under cloud environment+The multiple domain of tree connects the searching method of keyword | |
Fan et al. | Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting | |
CN109088719A (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
CN117040800A (en) | Personal archive management scheme based on alliance chain and non-certificate searchable encryption | |
Wu et al. | A new authenticated key agreement scheme based on smart cards providing user anonymity with formal proof | |
Zhao et al. | Full black-box retrievable and accountable identity-based encryption | |
Du et al. | A Lightweight Authenticated Searchable Encryption without Bilinear Pairing for Cloud Computing | |
WO2023134576A1 (en) | Data encryption method, attribute authorization center, and storage medium | |
CN113949545A (en) | Dual access control method based on time and attribute in cloud computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |