CN113378230A - Data access control method of DDS (direct digital synthesizer) distributed system - Google Patents
Data access control method of DDS (direct digital synthesizer) distributed system Download PDFInfo
- Publication number
- CN113378230A CN113378230A CN202110758999.6A CN202110758999A CN113378230A CN 113378230 A CN113378230 A CN 113378230A CN 202110758999 A CN202110758999 A CN 202110758999A CN 113378230 A CN113378230 A CN 113378230A
- Authority
- CN
- China
- Prior art keywords
- dds
- access control
- data
- authority
- publishing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000008569 process Effects 0.000 claims abstract description 17
- 238000005516 engineering process Methods 0.000 claims abstract description 14
- 238000011217 control strategy Methods 0.000 claims description 17
- 239000004576 sand Substances 0.000 claims description 2
- 238000012795 verification Methods 0.000 claims description 2
- 238000009826 distribution Methods 0.000 abstract description 7
- 238000004891 communication Methods 0.000 abstract description 5
- 230000008878 coupling Effects 0.000 abstract description 4
- 238000010168 coupling process Methods 0.000 abstract description 4
- 238000005859 coupling reaction Methods 0.000 abstract description 4
- 230000007246 mechanism Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a data access control method of a DDS (direct digital synthesizer) distributed system, which is used for performing topic-level fine-grained access control on the publishing and subscribing processes of data. The method is based on the data resource, firstly, the access control authority of the subject data is decomposed into publishing authority and subscription authority, secondly, an authority key pair is distributed according to the correlation between the subject access control authority and the user attribute, then, the publishing authority signature authentication is added in the DDS finding and matching process, and finally, the CP-ABE technology is utilized to limit the subject subscription range in the DDS publishing and subscribing process, so that a flexibly definable one-to-many data sharing authority control scheme is formed. The invention combines the DDS communication flow with the attribute-based encryption and signature authentication technology, designs a safe communication scheme which is matched with the loose coupling and one-to-many characteristics of DDS publishing/subscribing and ensures the confidentiality and authenticity of data distribution service, and solves the safety problems of unauthorized publishing and unauthorized subscribing among components in the process of publishing and subscribing messages.
Description
Technical Field
The invention relates to an access control technology in the field of information security, in particular to a data access control method of a DDS (direct digital synthesizer) distributed system.
Background
In a distributed system based on a Data Distribution Service (DDS), each component transmits data in real time through topic-based publishing/subscribing, and due to the loose coupling characteristic of the DDS, the data transmission relationship between the components becomes flexible, but the data interaction safety problems are brought, such as unauthorized publishing, unauthorized subscribing and the like, and the safety of communication middleware and upper-layer applications thereof is seriously threatened. Therefore, control is required for data access in the DDS system.
The traditional DDS access control method only realizes user-level access control, the configuration of access control authority is complex and tedious, the access control authority between a publisher and a subscriber needs to be defined one by one, namely whether a certain user can subscribe data published by another user is determined, and once the access control authority is configured between the two users, the subscriber can subscribe all data published by the publisher (no matter what subject).
In the traditional DDS access control, the access control of a subscriber is usually realized by means of an encryption technology, namely, a legal subscriber can decrypt data content, so that unauthorized subscription is prevented; in comparison, access control of a publisher is more difficult, a proxy or a central server does not exist in a purely distributed publish/subscribe mechanism, and an unauthorized publisher easily publishes data, so that each subscriber needs to verify the identity of the publisher, processing burden of the subscribers is increased, and most of current DDS systems only realize access control of the subscribers.
In addition, the nature of DDS publish/subscribe data is a one-to-many communication with data-centric, publisher and subscriber loosely coupled. However, the traditional DDS access control usually implements one-to-one authority control between entities in a data domain based on identity, on one hand, the identity of a legitimate publisher or subscriber needs to be determined in advance, and on the other hand, if the same data is to be delivered to different subscribers, the data needs to be encrypted for different subscribers respectively and then sent to the subscribers one-to-one, which results in a high message complexity. Therefore, in order to fit the application scenario of DDS data distribution, the access control method needs to select a novel cryptographic technology with characteristics of encryption and decryption by one party, regardless of entity identity, from the data resources themselves, so as to realize safer and more efficient data sharing.
Disclosure of Invention
In order to overcome the defects in the prior art and solve the problem of data access control of a DDS distributed system, the invention provides a subject data access control method of the DDS system. The invention decomposes the access control authority of the theme data into the theme publishing authority and the theme subscribing authority. In order to realize access control of a publisher, a signature authentication technology is combined with a DDS discovery and matching process, an SEDP protocol is expanded, only a legal publisher can pass signature authentication, and then a publish-subscribe relationship is established with a subscriber, so that unauthorized publication is prevented; in order to realize the access control of a subscriber and maintain the technical characteristics and advantages of one-to-many communication of loose coupling of a DDS system publisher and the subscriber, an attribute-based encryption technology is introduced, an access control strategy of a theme is converted into an access control structure in a CP-ABE, the publisher encrypts data according to the access control structure, and the subscriber can successfully decrypt the data only if an attribute set conforms to the access control structure, so that unauthorized subscription is prevented.
The technical scheme is as follows:
in order to achieve the purpose, the invention adopts the following technical scheme:
a data access control method of DDS distributed system, without needing to appoint the identity of the legal publisher and the legal subscriber of a certain theme, only need to clarify the attribute that the legal publisher and the legal subscriber of the theme need to have, can realize the access control to the data of the theme, prevent the unauthorized publication and the unauthorized subscription to the theme, including the following steps:
s10, dividing the data access control authority between the domain participants into the publishing authority and the subscribing authority of the subject, determining the publishing access control strategy and the subscribing access control strategy of the subject, and distributing the authority key pair of the corresponding authority according to the attribute set and the endpoint type (the publishing terminal or the subscribing terminal) of the user;
s20, combining with DDS automatic finding matching process, using signature authentication technology to realize user issuing authority authentication;
and S30, combining the DDS publishing and subscribing process, and realizing the authentication of the user subscription authority by using the CP-ABE technology.
Further, the step S1 specifically includes the following steps:
s11, DDS data management center determines the publish access control strategy and the subscribe access control strategy of the subject data, and generates the publish access control structure T of the subject according to the publish access control strategy and the subscribe access control strategyPAnd a subscription access control structure Ts;
S12, the DDS data management center generates an asymmetric key pair { GK, VK } for signature authentication for the subject;
s13, when a DDS user joins in the DDS distributed system, the DDS data management center generates a corresponding attribute key SK according to the attribute set owned by the DDS data management center;
s14, if the new DDS user is the publisher, verifying whether the attribute set of the new DDS user accords with the publishing access control strategy. If the key pair is matched with the key pair, the user is a legal publisher of the subject and generates a publisher authority key pair { GK, Ts}; if not, the user does not have the issue right of the subject and returns the verification failure.
And S15, if the newly added DDS user is a subscriber, verifying whether the attribute set of the newly added DDS user accords with the subscription access control strategy. If the user is matched with the theme, the user is a legal subscriber of the theme, and a subscriber end authority key pair { VK, SK } is generated for the user; if not, the user does not have the subscription right of the theme, and authentication failure is returned.
Further, in the step S2, based on the end point matching in the SEDP stage, the signature authentication of the issuing authority is added by using the discovery matching mechanism of the DDS itself, so as to prevent the data writer that does not obtain the issuing authority from illegally issuing data, specifically including the following steps:
in the stage of S21 and SEDP, the publisher adds an access control field in the endpoint information discoverwritedata message, and digitally signs the publishing subject name Topic using the signature key GK:
Sign=EnGK(Hash (Topic)) filling Sign into access controlA field;
in the stage of S22 and SEDP, after receiving a publisher discover WriterData message, a subscriber analyzes an access control field therein to obtain a digital signature Sign, and authenticates the digital signature Sign by using an authentication key VK: h1=DeVK(Sign),H2=Hash(Topic);
S23, comparing the hash value H in the step S221And H2Whether or not equal. If the two are equal, the authentication is successful, the subscriber successfully matches the publishing related subject authority of the DataWriter of the remote publisher in the SEDP stage, and continues to establish a publishing-subscribing relationship for the DataReader of the local subscriber and the DataWriter of the remote publisher; otherwise, the authentication fails, which means that the DataWriter of the remote publisher does not have the authority to publish the related subject, the DataReader of the local subscriber is prevented from establishing connection with the DataWriter of the remote publisher, and the publishing-subscribing relationship is failed to establish in the SEDP stage.
Further, in step S3, in combination with the DDS publish-subscribe process, the CP-ABE is used to encrypt the topic data, so as to prevent the DataReader that does not obtain the subscription right from illegally subscribing the data, which specifically includes the following steps:
s31, when legal DDS publisher publishes the topic data, the publisher uses the topic subscription access control structure TsAnd performing CP-ABE encryption on the theme Data: C-EnTs(Data), the ciphertext C is released;
s32, when the DDS user subscribes the theme, the subscription end decrypts the received theme ciphertext data C through the attribute key SK: de equals to DataSK(C) In that respect If the decryption is successful, the DDS user is indicated to have the permission of subscribing the theme, and the decrypted theme Data is submitted to the upper-layer application; otherwise, the subscription end does not have the authority of subscribing the theme, and the theme data is failed to be received.
Has the advantages that:
the invention has the beneficial effects that:
(1) a theme-level data access control model based on attributes is defined, one-to-many fine-grained access control in data distribution service is realized from the perspective of data resources, and the defects that the access control granularity is too coarse (user level), the access control authority configuration is complex and tedious (one-to-one defined by a publisher and a subscriber one by one) and the like in the conventional DDS access control method are overcome.
(2) By combining the SEDP and the signature authentication technology and utilizing the discovery and matching mechanism of the DDS, the problem of unauthorized release between components is solved, the safety of the system is improved, the influence of the safety on the DDS release and subscription performance is reduced, and the balance of the two is considered.
(3) By fusing the attribute-based encryption technology with the DDS publishing and subscribing process, the unauthorized subscription problem among components is solved while the confidentiality of data transmission is ensured, and loose coupling and one-to-many access control of data distribution services are realized.
Drawings
Fig. 1 is a general flowchart of a data access control method of a DDS distributed system in accordance with the present invention;
FIG. 2 is a representation of the publish access control structure of Topic Topic 1;
FIG. 3 is a representation of a subscription access control structure for Topic Topic 1;
Detailed Description
The technical solution of the present invention will be further described in detail with reference to the following examples.
Example (b): as shown in fig. 1, a data access control method of a DDS distributed system includes the following steps:
firstly, the DDS data management center parses an access control policy (see table 1, where 1/2 indicates that one of two attributes is satisfied, and 1/1 indicates that only one attribute is present and needs to be satisfied) of a single Topic (Topic1) in the system data resource, and generates a publishing access control structure T of the Topic1p1And a subscription access control structure Ts1As shown in fig. 2 and 3, respectively. Meanwhile, the DDS data management center generates a signature authentication key pair { GK ] for the Topic of Topic11,VK1}。
TABLE 1 topic Topicl Access control policy
Secondly, DDS users userl, user2 (distribution end), users 3, and users 4 (subscription end) in the distributed system submit the user attribute set to the data management center, as shown in table 2. The DDS data management center generates an attribute key { SK ] of a corresponding user according to the attribute set of each user1,SK2,SK3,SK4}。
TABLE 2DDS user Attribute set
| DDS user | Attribute collection |
| user1 | (line A, department of production, Shanghai area) |
| user2 | (line B, storage department, Beijing area) |
| user3 | (line A, fortune & maintenance department, Beijing area) |
| user4 | (line B, department of operation and maintenance, Shanghai area) |
Then, the data management center controls the structure T according to the release accessp1Verifying whether the users 1 and 2 have the publishing authority of the Topic1 or not according to the subscription access control structure Ts1Verify whether user3 and user4 have subscription rights for Topic1 and distribute the corresponding rights key pairs. KnotCombining the access control structure tree and the attribute set of each DDS user can obtain: the attribute set of user1 satisfies Tp1Obtaining a signing key GK for a legitimate issuer of the subject Topic Topic11And a subscription access control structure Ts1(ii) a The attribute set of user4 satisfies Ts1Obtaining a certification key VK for a legitimate subscriber of a Topic Topic11And symmetric key SK 4; the attribute sets of the users 2 and 3 do not satisfy the corresponding access control structures, and therefore do not have the corresponding rights of publishing the subscription Topic1, and cannot acquire the corresponding rights key pairs. The data access control authority parsing and key distribution process of the DDS distributed system Topic1 theme is completed.
Finally, when the DDS users user1 and user4 join the DDS distributed system, the entity discovery and matching process is performed first. The user1 adds the access control field in the message of publishing endpoint information discover WriterData, and uses GK1The issue Topic name Topic1 is signed: sign1 EnGK1(Hash (Topic1)), and fills Sign1 in the access control field. The user4 receives the published endpoint information discover WriterData message of the user1, analyzes the access control field therein to obtain a digital signature Sign1, and verifies the hash value H1And H2Whether or not they are equal (wherein: H1=DeVK1(Sign1),H2Hash (Topic 1)). Due to GK1With VK1The asymmetric key pairs belonging to the same Topic Topic1 are verified to be equal, and the user1 has the right to publish the Topic Topic1 and can establish a publish-subscribe relationship with the user 4. Then entering a publishing and subscribing stage of Topic data of Topic1, and utilizing a subscription Topic structure T by a legal publisher user1s1And performing CP-ABE encryption on the release data: C-EnTs1(Data), legitimate subscriber user4 utilizes attribute key SK4And (3) decryption: de equals to DataSK4(C) Since the attribute set of user4 conforms to the subscription access control structure Ts1And the decryption is successful, the user4 receives the Topic1 Data. This completes the data access control process of Topic1 theme of the DDS distributed system.
The above-described examples merely represent embodiments of the present invention in a detailed description and should not be construed as limiting the scope of the invention. It will be apparent to those skilled in the art that modifications and improvements can be made to the invention without departing from the spirit of the invention, and these are intended to be included within the scope of the invention.
Claims (4)
1. A data access control method of a DDS distributed system is characterized in that: the method comprises the following steps:
s1, dividing the data access control authority between the domain participants into the publishing authority and the subscribing authority of the subject, determining the publishing access control strategy and the subscribing access control strategy of the subject, and distributing the authority key pair of the corresponding authority according to the attribute set and the endpoint type (the publishing terminal or the subscribing terminal) of the user;
s2, combining with DDS automatic finding matching process, using signature authentication technology to realize user issuing authority authentication;
and S3, combining the DDS publishing and subscribing process, and realizing the authentication of the user subscription authority by using the CP-ABE technology.
2. The data access control method of the DDS distributed system as claimed in claim 1, wherein: the step S1 specifically includes the following steps:
s11, DDS data management center determines the publish access control strategy and the subscribe access control strategy of the subject data, and generates the publish access control structure T of the subject according to the publish access control strategy and the subscribe access control strategyPAnd a subscription access control architecture Ts;
s12, the DDS data management center generates an asymmetric key pair { GK, VK } for signature authentication for the subject;
s13, when a DDS user joins in the DDS distributed system, the DDS data management center generates a corresponding attribute key SK according to the attribute set owned by the DDS data management center;
s14, if the new DDS user is the publisher, verifying whether the attribute set of the new DDS user accords with the publishing access control strategy. If the key pair is matched with the key pair, the user is a legal publisher of the subject and generates a publisher authority key pair { GK, Ts}; if not, the user does not have the issue right of the subject and returns a verification errorFail.
And S15, if the newly added DDS user is a subscriber, verifying whether the attribute set of the newly added DDS user accords with the subscription access control strategy. If the user is matched with the theme, the user is a legal subscriber of the theme, and a subscriber end authority key pair { VK, SK } is generated for the user; if not, the user does not have the subscription right of the theme, and authentication failure is returned.
3. The data access control method of the DDS distributed system as claimed in claim 1, wherein: in step S2, a signature authentication process of issuing permission is added at a stage of a DDS Discovery matching process SEDP (Simple Endpoint Discovery Protocol), and the establishment of the issue-subscription relationship between the DataWriter and DataReader entity can be completed only when the signature authentication is successful, so as to prevent an unauthorized issuer from issuing the subject data, specifically including the following steps:
in the stage of S21 and SEDP, the publisher adds an access control field in the endpoint information discoverwritedata message, and digitally signs the publishing subject name Topic using the signature key GK: sign ═ EnGK(hash (topic)) filling Sign into the access control field;
in the stage of S22 and SEDP, after receiving a publisher discover WriterData message, a subscriber analyzes an access control field therein to obtain a digital signature Sign, and authenticates the digital signature Sign by using an authentication key VK: h1=DeVK(Sign),H2=Hash(Topic);
S23, comparing the hash value H in the step S221And H2Whether or not equal. If the two are equal, the authentication is successful, the subscriber successfully matches the publishing related subject authority of the DataWriter of the remote publisher in the SEDP stage, and continues to establish a publishing-subscribing relationship for the DataReader of the local subscriber and the DataWriter of the remote publisher; otherwise, the authentication fails, which means that the DataWriter of the remote publisher does not have the authority to publish the related subject, the DataReader of the local subscriber is prevented from establishing connection with the DataWriter of the remote publisher, and the publishing-subscribing relationship is failed to establish in the SEDP stage.
4. The data access control method of the DDS distributed system as claimed in claim 1, wherein: in the step S3, the CP-ABE technology is used in the process of publishing and subscribing to authenticate the subscription authority of the user and prevent unauthorized subscribers from subscribing to the topic data, which specifically includes the following steps:
s31, when legal DDS publisher publishes the topic data, the publisher uses the topic subscription access control structure TsAnd performing CP-ABE encryption on the theme Data:
releasing the ciphertext C;
s32, when the DDS user subscribes the theme, the subscription end decrypts the received theme ciphertext data C through the attribute key SK: de equals to DataSK(C) In that respect If the decryption is successful, the DDS user is indicated to have the permission of subscribing the theme, and the decrypted theme Data is submitted to the upper-layer application; otherwise, the subscription end does not have the authority of subscribing the theme, and the theme data is failed to be received.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110758999.6A CN113378230A (en) | 2021-07-05 | 2021-07-05 | Data access control method of DDS (direct digital synthesizer) distributed system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110758999.6A CN113378230A (en) | 2021-07-05 | 2021-07-05 | Data access control method of DDS (direct digital synthesizer) distributed system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113378230A true CN113378230A (en) | 2021-09-10 |
Family
ID=77580988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110758999.6A Pending CN113378230A (en) | 2021-07-05 | 2021-07-05 | Data access control method of DDS (direct digital synthesizer) distributed system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113378230A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113949541A (en) * | 2021-09-30 | 2022-01-18 | 南京航空航天大学 | DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy |
| CN114615049A (en) * | 2022-03-08 | 2022-06-10 | 斑马网络技术有限公司 | Authority checking method and system for event subscription |
| CN114944941A (en) * | 2022-04-24 | 2022-08-26 | 北京交通大学 | Block chain-based Internet of things service distributed access control method |
| CN115051839A (en) * | 2022-05-25 | 2022-09-13 | 东南大学 | KP-ABE-based DDS access control, encryption and decryption system and method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916954A (en) * | 2012-10-15 | 2013-02-06 | 南京邮电大学 | Attribute-based encryption cloud computing safety access control method |
| CN103166975A (en) * | 2013-04-03 | 2013-06-19 | 上海航天测控通信研究所 | Data distribution service (DDS) communication system |
| CN105991278A (en) * | 2016-07-11 | 2016-10-05 | 河北省科学院应用数学研究所 | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) |
| CN107846397A (en) * | 2017-09-30 | 2018-03-27 | 北京理工大学 | A kind of cloud storage access control method based on the encryption of attribute base |
| CN108989026A (en) * | 2018-07-05 | 2018-12-11 | 华东师范大学 | A kind of voidable method of user property under publish/subscribe environment |
| CN109547529A (en) * | 2018-10-16 | 2019-03-29 | 中国船舶重工集团公司第七〇九研究所 | A kind of distributed industrial data distributing method based on DDS |
-
2021
- 2021-07-05 CN CN202110758999.6A patent/CN113378230A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102916954A (en) * | 2012-10-15 | 2013-02-06 | 南京邮电大学 | Attribute-based encryption cloud computing safety access control method |
| CN103166975A (en) * | 2013-04-03 | 2013-06-19 | 上海航天测控通信研究所 | Data distribution service (DDS) communication system |
| CN105991278A (en) * | 2016-07-11 | 2016-10-05 | 河北省科学院应用数学研究所 | Ciphertext access control method based on CP-ABE (Ciphertext-Policy Attribute-Based Encryption) |
| CN107846397A (en) * | 2017-09-30 | 2018-03-27 | 北京理工大学 | A kind of cloud storage access control method based on the encryption of attribute base |
| CN108989026A (en) * | 2018-07-05 | 2018-12-11 | 华东师范大学 | A kind of voidable method of user property under publish/subscribe environment |
| CN109547529A (en) * | 2018-10-16 | 2019-03-29 | 中国船舶重工集团公司第七〇九研究所 | A kind of distributed industrial data distributing method based on DDS |
Non-Patent Citations (1)
| Title |
|---|
| 沈卓炜等: "基于安全协商的DDS安全通信中间件设计", 《技术研究》, no. 6, pages 19 - 25 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113949541A (en) * | 2021-09-30 | 2022-01-18 | 南京航空航天大学 | DDS (direct digital synthesizer) secure communication middleware design method based on attribute strategy |
| CN114615049A (en) * | 2022-03-08 | 2022-06-10 | 斑马网络技术有限公司 | Authority checking method and system for event subscription |
| CN114944941A (en) * | 2022-04-24 | 2022-08-26 | 北京交通大学 | Block chain-based Internet of things service distributed access control method |
| CN114944941B (en) * | 2022-04-24 | 2023-03-17 | 北京交通大学 | Block chain-based Internet of things service distributed access control method |
| CN115051839A (en) * | 2022-05-25 | 2022-09-13 | 东南大学 | KP-ABE-based DDS access control, encryption and decryption system and method |
| CN115051839B (en) * | 2022-05-25 | 2024-01-09 | 东南大学 | DDS access control and encryption and decryption system and method based on KP-ABE |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7818792B2 (en) | Method and system for providing third party authentication of authorization | |
| CN113378230A (en) | Data access control method of DDS (direct digital synthesizer) distributed system | |
| EP1226680B1 (en) | Secured ad hoc network and method for providing the same | |
| JP4705958B2 (en) | Digital Rights Management Method for Broadcast / Multicast Service | |
| EP1989855B1 (en) | A system and method for establishing a secure group of entities in a computer network | |
| KR20070083965A (en) | Method and system for authorizing multimedia multicasting | |
| CN111147460A (en) | Block chain-based cooperative fine-grained access control method | |
| US20240064143A1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| US8767966B2 (en) | Secure broadcasting and multicasting | |
| Heimgaertner et al. | A security architecture for the publish/subscribe C-DAX middleware | |
| US8699710B2 (en) | Controlled security domains | |
| US11743035B2 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| US11411744B2 (en) | Encryption communication method, information processing apparatus, and program | |
| CN112927026A (en) | Coupon processing method and device, electronic equipment and computer storage medium | |
| KR20220066801A (en) | Method and appratus for providing blackchain-based secure messenger service | |
| CN115051839B (en) | DDS access control and encryption and decryption system and method based on KP-ABE | |
| WO2021009866A1 (en) | Data distribution system, data processing device, and program | |
| Shen et al. | Ims: An identity-based many-to-many subscription scheme with efficient key management for wireless broadcast systems | |
| CN114567426B (en) | Data sharing method and system | |
| US11843636B1 (en) | Methods, mediums, and systems for verifying devices in an encrypted messaging system | |
| WO2002021793A2 (en) | System and method for encrypted message interchange | |
| Luo et al. | A Decentralized Access Control Framework For DDS | |
| Sriramulu et al. | A Secure Network Communication Based on Kerberos & MD5 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |