Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the invention provides a kind of access control method based on threshold cryptography theory, taking following technical scheme:
A kind of access control method based on threshold cryptography theory of the present invention, said method comprising the steps of:
Step 1: security strategy and necessary condition are defined in policy service;
Step 2: the distribution of security strategy, key fragments and metadata on security incident channel;
Step 3: the composite services of user's request access, and gain access.
Described step 1 specifically comprises the following steps:
Step 1-1: determine security strategy, described security strategy is made up of multiple security strategy layer;
Step 1-2: specify according to security strategy and meet the necessary condition that reaches needed for corresponding senior background and the identity of authorized object or role;
Step 1-3: the primitive provided in Utilization strategies service, is defined in security strategy and necessary condition in policy service.
Described necessary condition be composition respective combination service each Component service ready or allow accessed time the required state reached.
Described step 2 specifically comprises the following steps:
Step 2-1: according to described security strategy layer, policy service uses the mutation RSA Algorithm based on Shamir threshold cryptography mechanism, generates the metadata of trigger condition when some key fragments and this key fragments of application;
Step 2-2: Event Service utilizes Observer Pattern, Establishment strategy service and respective background serve between based on the security incident channel of SSL; Wherein background service comprises background management and each Component service agency;
Step 2-3: based on the end to end connection of SSL on the security incident channel that policy service is provided by Event Service, security strategy layer is sent to the background management that background service provides, the communication process on this security incident channel is by RSA Algorithm asymmetric encryption;
Step 2-4: policy service by Event Service end to end connection based on SSL on security incident channel is provided, the metadata of trigger condition when key fragments and this key fragments of application is distributed to corresponding assembly service broker, and now in composite services, encryption layer is formed;
Step 2-5: if there is multiple security strategy layer, performs step 2-1 to step 2-4, repeatedly until all security strategy layers all form respective encrypted layer.
In described step 2-4, key fragments and metadata adopt AES-128 algorithm symmetric cryptography, unified in its key platform, communication data on security incident channel group key symmetric cryptography corresponding to this security incident channel, and this group key transmits after RSA Algorithm asymmetric encryption between policy service and background service and each Component service agency.
Described step 3 comprises the following steps:
Step 3-1: user's request access composite services;
Step 3-2: background service monitoring assembly service place security incident channel, if background condition conforms to the metadata of trigger condition during application key fragments, then corresponding assembly service broker contributes the key fragments held; When background service receives the key fragments meeting the definition of certain security strategy layer, then respective encrypted layer is removed;
Step 3-3: if all encryption layers are successfully removed, user can obtain the access rights of respective combination service.
Compared with prior art, beneficial effect of the present invention is:
1) in the access control being applied in SOA multi-domain environment by threshold cryptography theory, the theoretical and senior background of isomery of conbined usage threshold cryptography produces access control policy, the background in SOA multi-domain environment has been applied in access control;
2) seamless access control method complete under providing a kind of SOA multi-domain environment, while easy to implement, improves the fail safe of access control decision process;
3) fine-grained access control and efficient key management can be provided, access control can be carried out in any granularity;
4) support flexible access control policy, support multi-layer security, in most complex scenarios with still can efficient operation when increasing cipher key size;
5) trust is distributed in whole SOA multi-domain environment, improves the accuracy of access control policy.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
A kind of access control method based on threshold cryptography theory of the present invention, said method comprising the steps of:
Step 1: security strategy and necessary condition are defined in policy service;
Step 2: the distribution of security strategy, key fragments and metadata on security incident channel;
Step 3: the composite services of user's request access, and gain access.
Described step 1 specifically comprises the following steps:
Step 1-1: determine security strategy, described security strategy is made up of multiple security strategy layer;
Step 1-2: specify according to security strategy and meet the necessary condition that reaches needed for corresponding senior background and the identity of authorized object or role;
Step 1-3: the primitive provided in Utilization strategies service, is defined in security strategy and necessary condition in policy service.
Described necessary condition be composition respective combination service each Component service ready or allow accessed time the required state reached.
Described step 2 specifically comprises the following steps:
Step 2-1: according to described security strategy layer, policy service uses the mutation RSA Algorithm based on Shamir threshold cryptography mechanism, generates the metadata of trigger condition when some key fragments and this key fragments of application;
Step 2-2: Event Service utilizes Observer Pattern, Establishment strategy service and respective background serve between based on the security incident channel of SSL; Wherein background service comprises background management and each Component service agency;
Step 2-3: based on the end to end connection of SSL on the security incident channel that policy service is provided by Event Service, security strategy layer is sent to the background management that background service provides, the communication process on this security incident channel is by RSA Algorithm asymmetric encryption;
Step 2-4: policy service by Event Service end to end connection based on SSL on security incident channel is provided, the metadata of trigger condition when key fragments and this key fragments of application is distributed to corresponding assembly service broker, and now in composite services, encryption layer is formed;
Step 2-5: if there is multiple security strategy layer, performs step 2-1 to step 2-4, repeatedly until all security strategy layers all form respective encrypted layer.
In described step 2-4, key fragments and metadata adopt AES-128 algorithm symmetric cryptography, unified in its key platform, communication data on security incident channel group key symmetric cryptography corresponding to this security incident channel, and this group key transmits after RSA Algorithm asymmetric encryption between policy service and background service and each Component service agency.
Described step 3 comprises the following steps:
Step 3-1: user's request access composite services;
Step 3-2: background service monitoring assembly service place security incident channel, if background condition conforms to the metadata of trigger condition during application key fragments, then corresponding assembly service broker contributes the key fragments held; When background service receives the key fragments meeting the definition of certain security strategy layer, then respective encrypted layer is removed;
Step 3-3: if all encryption layers are successfully removed, user can obtain the access rights of respective combination service.
Principle of the present invention is: in order to seamless access complete under realizing distributed SOA multi-domain environment controls, and invention introduces the idea of being encrypted by composite services secret sharing scheme (threshold cryptography is theoretical).This mechanism is based on the thought sharing same key between different entities.A key will be divided into different key fragments.Produce a key, one group specifies several destination entity in advance and must mutually cooperate.The RSA cryptographic algorithms of mutation have employed the thought of threshold cryptography theory.For the secret sharing scheme based on polynomial interpolation.Suppose that key d is a numeral, d be divided into some key fragments d
i, choose a random k-1 order polynomial:
f(x)=a
0+a
1x+...+a
k-1x
k-1
Wherein a
0=d, the coefficient providing any subset k, the f (x) in (i, f (i)) and can make f (0) obtain for d by interpolation method.But only know that k-1 is calculate d not.
Suppose, for certain composite services S, to serve S1, Component service S2 at corresponding assembly, under the condition that Component service S3 is ready, and user identity R can access for during engineers and technicians E or senior executive M.So safety officer should adopt two-layer encipherment protection, the background information whether corresponding Component service of ground floor is ready, the identity information of second layer corresponding requests person.Meanwhile, ground floor needs all to meet, and the second layer needs part to meet.
For ground floor encryption layer:
After determining security strategy, security strategy is defined in policy service by the Interaction function that safety officer need be provided by policy service.Now, policy service by RSA Threshold Signature mechanism according to described security strategy, can generate corresponding key d and key fragments d1 thereof, d2, d3.
After this, key fragments and described trigger condition by security policy distribution to corresponding background management c1, can be distributed to Component service S1, the service broker b1 that S2, S3 are corresponding, b2, b3 by policy service.Described service broker is generally small, dedicated computer.Described key fragments needs by AES-128 algorithm symmetric cryptography before sending.The channel that described process of transmitting adopts must by a group key symmetric cryptography, and this group key can be distributed with its public key encryption respectively after Channel subscription person mutually certification.
If there is access request, then first checks each Component service information, work as S1, when the whether ready background information of S2, S3 satisfies condition, then corresponding service broker b1, b2, b3 can contribute its key fragments d1 held, d2, d3, so ground floor encryption layer is removed, otherwise, denied access.
The decrypting process of second layer encryption layer is see ground floor.
After two-layer encryption layer is all removed, visitor can access composite services S.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit; those of ordinary skill in the field still can modify to the specific embodiment of the present invention with reference to above-described embodiment or equivalent replacement; these do not depart from any amendment of spirit and scope of the invention or equivalent replacement, are all applying within the claims of the present invention awaited the reply.