The content of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the present invention provides a kind of access control side theoretical based on threshold cryptography
Method, adopt the following technical scheme that:
A kind of access control method theoretical based on threshold cryptography of the present invention, the described method comprises the following steps:
Step 1:Security strategy and necessary condition are defined in policy service;
Step 2:The distribution of security strategy, key fragments and metadata on security incident channel;
Step 3:User asks to access composite services, and gain access.
The step 1 specifically includes following steps:
Step 1-1:Security strategy is determined, the security strategy is made up of multiple security strategy layers;
Step 1-2:The necessary condition for meeting to reach needed for corresponding advanced background is specified according to security strategy and has been authorized
The identity of object or role;
Step 1-3:The primitive provided in Utilization strategies service, security strategy and necessary condition are defined on policy service
In.
The necessary condition is ready or required when allowing accessed reach for each Component service of composition respective combination service
The state arrived.
The step 2 specifically includes following steps:
Step 2-1:According to the security strategy layer, policy service uses the mutation based on Shamir threshold cryptography mechanism
RSA Algorithm, the metadata of trigger condition when generating some key fragments and the application key fragments;
Step 2-2:Event Service utilizes Observer Pattern, and SSL is based between establishment strategy service and respective background service
Security incident channel;Wherein background service includes background management and each component service broker;
Step 2-3:End-to-end company based on SSL on the security incident channel that policy service is provided by Event Service
Connect, security strategy layer is sent to the background management provided to background service, the communication process on the security incident channel is calculated by RSA
Method asymmetric encryption;
Step 2-4:Policy service provides the end to end connection based on SSL on security incident channel by Event Service,
The metadata of trigger condition when key fragments and the application key fragments is distributed to corresponding assembly service broker, now combination clothes
Encryption layer is formed in business;
Step 2-5:If there are multiple security strategy layers, step 2-1 to step 2-4 is performed repeatedly, until all security strategies
Layer all forms respective encrypted layer.
In the step 2-4, key fragments and metadata use AES-128 algorithm symmetric cryptographies, are united in its key platform
One, communication data on the security incident channel group key symmetric cryptography corresponding to the security incident channel, and the group key passes through
Transmitted after RSA Algorithm asymmetric encryption between policy service and background service and each component service broker.
The step 3 comprises the following steps:
Step 3-1:User asks to access composite services;
Step 3-2:Security incident channel where the service of background service monitoring assembly, if background condition is same to apply key fragments
When trigger condition metadata be consistent, then corresponding assembly service broker contributes the key fragments held;When background service receives
Meet the key fragments that certain security strategy layer defines, then respective encrypted layer is removed;
Step 3-3:If all encryption layers are successfully removed, user can obtain the access rights of respective combination service.
Compared with prior art, the beneficial effects of the present invention are:
1) threshold cryptography theory is applied in the access control in SOA multi-domain environments, threshold cryptography reason has been used in combination
By access control policy is produced with the advanced background of isomery, the background in SOA multi-domain environments access control has been applied to
In;
2) complete seamless access control method under a kind of SOA multi-domain environments is provided, easy to implement while, is improved
The security of access control decision process;
3) fine-grained access control and efficient key management can be provided so that access control can be in any granularity
Carry out;
4) access control policy of elasticity is supported, supports multi-layer security, in most complex scenarios and increase cipher key size still
Can be with efficient operation;
5) trust is distributed in whole SOA multi-domain environments, improves the accuracy of access control policy.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
A kind of access control method theoretical based on threshold cryptography of the present invention, the described method comprises the following steps:
Step 1:Security strategy and necessary condition are defined in policy service;
Step 2:The distribution of security strategy, key fragments and metadata on security incident channel;
Step 3:User asks to access composite services, and gain access.
The step 1 specifically includes following steps:
Step 1-1:Security strategy is determined, the security strategy is made up of multiple security strategy layers;
Step 1-2:The necessary condition for meeting to reach needed for corresponding advanced background is specified according to security strategy and has been authorized
The identity of object or role;
Step 1-3:The primitive provided in Utilization strategies service, security strategy and necessary condition are defined on policy service
In.
The necessary condition is ready or required when allowing accessed reach for each Component service of composition respective combination service
The state arrived.
The step 2 specifically includes following steps:
Step 2-1:According to the security strategy layer, policy service uses the mutation based on Shamir threshold cryptography mechanism
RSA Algorithm, the metadata of trigger condition when generating some key fragments and the application key fragments;
Step 2-2:Event Service utilizes Observer Pattern, and SSL is based between establishment strategy service and respective background service
Security incident channel;Wherein background service includes background management and each component service broker;
Step 2-3:End-to-end company based on SSL on the security incident channel that policy service is provided by Event Service
Connect, security strategy layer is sent to the background management provided to background service, the communication process on the security incident channel is calculated by RSA
Method asymmetric encryption;
Step 2-4:Policy service provides the end to end connection based on SSL on security incident channel by Event Service,
The metadata of trigger condition when key fragments and the application key fragments is distributed to corresponding assembly service broker, now combination clothes
Encryption layer is formed in business;
Step 2-5:If there are multiple security strategy layers, step 2-1 to step 2-4 is performed repeatedly, until all security strategies
Layer all forms respective encrypted layer.
In the step 2-4, key fragments and metadata use AES-128 algorithm symmetric cryptographies, are united in its key platform
One, communication data on the security incident channel group key symmetric cryptography corresponding to the security incident channel, and the group key passes through
Transmitted after RSA Algorithm asymmetric encryption between policy service and background service and each component service broker.
The step 3 comprises the following steps:
Step 3-1:User asks to access composite services;
Step 3-2:Security incident channel where the service of background service monitoring assembly, if background condition is same to apply key fragments
When trigger condition metadata be consistent, then corresponding assembly service broker contributes the key fragments held;When background service receives
Meet the key fragments that certain security strategy layer defines, then respective encrypted layer is removed;
Step 3-3:If all encryption layers are successfully removed, user can obtain the access rights of respective combination service.
The present invention principle be:In order to realize, complete seamless access control, the present invention draw under distributed SOA multi-domain environments
Enter the idea of composite services secret sharing scheme (threshold cryptography is theoretical) encryption.The mechanism is based between different entities altogether
Enjoy the thought of same key.One key will be divided into different key fragments.A key is produced, one group refers in advance
Having determined several destination entities must cooperate.The RSA cryptographic algorithms of mutation employ the theoretical thought of threshold cryptography.With based on more
Exemplified by the secret sharing scheme of item formula interpolation method.Assuming that key d is a numeral, d is divided into some key fragments di, choose
One random k-1 order polynomial:
F (x)=a0+a1x+...+ak-1xk-1
Wherein a0=d, provides any subset k in (i, f (i)), and f (x) coefficient by interpolation method and can make f (0)
Obtained for d.But just know that k-1 are not enough to calculate d.
Assuming that for certain composite services S, it is necessary to service S1 in corresponding assembly, Component service S2, Component service S3 are ready
Under the conditions of, and can access when user identity R is engineers and technicians E or senior executive M.So safety officer
Two layers of encipherment protection should be used, first layer corresponds to the whether ready background information of Component service, second layer corresponding requests person's
Identity information.Meanwhile first layer need to all meet, the second layer needs part to meet.
By taking first layer encryption layer as an example:
After security strategy is determined, the Interaction function that safety officer need to be provided by policy service determines security strategy
Justice is in policy service.Now, policy service can be close corresponding to generation by RSA Threshold Signatures mechanism according to the security strategy
Key d and its key fragments d1, d2, d3.
Hereafter, policy service can by security policy distribution to corresponding background manage c1, by key fragments and it is described touch
Clockwork spring part is distributed to service broker b1, b2, b3 corresponding to Component service S1, S2, S3.The service broker is usually small, dedicated
Computer.The key fragments are needed by AES-128 algorithm symmetric cryptographies before sending.The channel that the transmission process uses must be by
One group key symmetric cryptography, the group key can be distributed with its public key encryption respectively after Channel subscription person is mutually authenticated.
If there is access request, each component information on services is first checked, works as S1, S2, S3 whether ready background information meets
During condition, then corresponding service broker b1, b2, b3 can contribute its key fragments d1, d2, d3 for holding, then first layer adds
Close layer is removed, otherwise, denied access.
The decrypting process of second layer encryption layer is referring to first layer.
After two layers of encryption layer is removed, visitor may have access to composite services S.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, institute
The those of ordinary skill in category field with reference to above-described embodiment still can to the present invention embodiment modify or
Equivalent substitution, these are applying for this pending hair without departing from any modification of spirit and scope of the invention or equivalent substitution
Within bright claims.