CN113779537A

CN113779537A - Authority management method for verifier

Info

Publication number: CN113779537A
Application number: CN202111095730.0A
Authority: CN
Inventors: 杨波; 谭亦夫; 张彦超
Original assignee: Beijing Unionpay Card Technology Co ltd
Current assignee: Beijing Unionpay Card Technology Co ltd
Priority date: 2021-09-17
Filing date: 2021-09-17
Publication date: 2021-12-10
Anticipated expiration: 2041-09-17
Also published as: CN113779537B

Abstract

The invention discloses a permission management method for a verifier, which comprises the following steps: when the employee wants to use a right, the employee presents the right certificate to the verifier by means of the certificate carrier; the verifier verifies the validity of the employee digital certificate to verify the identity of the employee; the verifier inquires whether the ID number of the certificate corresponding to the authority certificate of the authority exists in a revocation list; the verifier inquires whether the authority number corresponding to the authority exists in a revocation list; the verifier checks whether the authority which the employee wants to use exists in the authority certificate and the authority validity period corresponding to the authority; the verifier inquires whether the administrator authorized to the employee authority certificate has the authority granting right for granting the authority; the verifier verifies the validity of the authority certificate through the administrator public key; and providing the service corresponding to the authority for the employee. The invention realizes the high-efficiency, flexible and safe management of the employee authority based on the digital certificate, has low cost and is suitable for popularization.

Description

Authority management method for verifier

Technical Field

The invention relates to a permission management method for a verifier (such as an access gate, etc.), belonging to the technical field of permission management.

Background

Currently, rights management applied to hardware device verifiers is typically implemented by formulating an access control mechanism. The access control mechanism is divided according to a policy, and may be divided into a conventional access control model, a role-based access control model, a task and role-based access control model, and the like.

The conventional Access Control model includes an autonomous Access Control (DAC) and a Mandatory Access Control (MAC), wherein the DAC is prone to have a problem of difficult maintenance because an Access Control List (ACL) of the DAC becomes very large when a large number of users exist. MAC is mostly used for multistage safety military systems, and has the defects of too large workload for realization, insufficient flexibility and troublesome management.

In the role-based access control model, a user and access permission are connected together through a role, so that access control of a subject to an object is realized. However, for dynamic rights management, the role model needs to be extended to realize the dynamic rights management.

The task-based access control model combines the task and the authority, and after the task is executed, the subject cannot continuously access the object, so that the task-based access control model is widely applied to software engineering development, but some problems are still exposed in the actual application process, for example, the task-based access control model is not effectively separated from the role, or is combined with the role-based access control model for use, so that the realization is troublesome.

In the access control model based on the tasks and the roles, the required authority is granted when the tasks start to execute, the required authority is withdrawn when the tasks end, the roles and the authority are unhooked, and the tasks are added between the roles and the authority as connection, so that the defect is that the realized workload is large.

From the specific implementation, whether the employee has a certain authority is determined, and the authentication is generally performed through the following approaches: first, password identification, typically equipped with a password keypad, verifies the authority by entering the correct password. Second, card identification is performed by reading information such as employee numbers or names through a card (magnetic card or radio frequency card) or the like. And thirdly, performing biological identification, namely verifying the biological characteristics of the staff by checking the biological characteristics, such as fingerprints, palm prints, human faces, irises and other biological characteristic information. The above embodiment has the following disadvantages: 1. in the embodiments, identity information, authority information and the like of the staff need to be maintained at a background server, so that the cost is increased virtually. 2. Both of these embodiments present more or less safety issues. For example, the password identification method has the problems of weak passwords, brute force cracking, password leakage and the like. As another example, cards used for card identification may be copied, thereby causing abuse of the authority. For another example, biometric information such as fingerprints and human faces in a biometric identification mode can be verified through manual modeling, which is dangerous.

Disclosure of Invention

The invention aims to provide a permission management method for a verifier, which realizes efficient, flexible and safe management of employee permission based on a digital certificate, has low cost and is suitable for popularization.

In order to achieve the purpose, the invention adopts the following technical scheme:

a rights management method for a verifier, comprising the steps of:

a) when the employee wants to use a right, the employee presents the right certificate to the verifier by means of the certificate carrier to start verifying the right;

b) the verifier verifies the validity of the employee digital certificate to verify the identity of the employee: if the employee digital certificate is valid, entering the next step, otherwise, ending the verification if the employee digital certificate is not valid;

c) the verifier inquires whether the ID number of the certificate corresponding to the authority certificate of the authority exists in a revocation list: if yes, the verification is not passed, and the method is ended, otherwise the next step is carried out;

d) the verifier queries whether the authority number corresponding to the authority exists in a revocation list: if yes, the verification is not passed, and the method is ended, otherwise, the next step is carried out;

e) the verifier checks whether the authority which the employee wants to use exists in the authority certificate and the authority validity period corresponding to the authority: if the authority exists in the authority certificate and is not expired, entering the next step, otherwise, failing to pass the verification, and ending;

f) the verifier queries whether the administrator authorized to the employee's rights voucher has the rights granting right to grant the right: if the right is granted, entering the next step, otherwise, the verification fails, and ending;

g) the verifier verifies the validity of the authority certificate through the administrator public key: if the verification is invalid, the verification is not passed, and the verification is finished, otherwise, the verification is passed, and the next step is carried out;

h) providing a service corresponding to the authority for the employee;

wherein the generation of the permission credential comprises:

1) the employee applies for the authority, an authority application list is generated, and the authority application list is signed through a private key corresponding to the own digital certificate;

2) the administrator examines whether the authority exceeding the positions of the employees exists in the authority application list according to the positions of the employees, and simultaneously examines whether the authority validity period of the employees applying for the authority is reasonable: if the applied authority is in the authority range corresponding to the positions of the employees and the authority validity period is reasonable, the audit is passed, the next step is carried out, and if not, the process is finished;

3) the administrator verifies the employee identity based on verifying the validity of the employee digital certificate, while verifying the integrity of the permission application list: if the employee digital certificate is valid and the authority application list is complete, the verification is passed, the next step is carried out, and if not, the operation is finished;

4) the administrator signs the authority application list by using an administrator private key to generate an authority certificate and a certificate ID number, and then the authority certificate and the certificate ID number are issued to the staff and stored on a certificate carrier.

The invention has the advantages that:

the invention realizes effective management of employee authority based on the digital certificate, and has the advantages of flexible management, high safety, small workload of maintenance and management, low realization cost and suitability for popularization.

Drawings

Fig. 1 is a flow chart of rights verification.

FIG. 2 is a flow diagram of rights credential generation.

Detailed Description

As will be understood with reference to fig. 1 and 2, the rights management method for a verifier of the present invention includes the steps of:

b) the verifier verifies the validity of the employee digital certificate to verify the identity of the employee: if the employee digital certificate is valid, entering the next step, otherwise, if the employee digital certificate is invalid, failing to pass the verification, and ending;

c) the verifier inquires whether a certificate ID number corresponding to the authority certificate of the authority exists in a revocation list, wherein the revocation list comprises the certificate ID number, the authority number, the revocation date and a revoker: if the ID number of the certificate exists in the revocation list, the authentication of the authority is not passed, and the operation is finished, otherwise, the next step is carried out;

d) the verifier queries whether the authority number corresponding to the authority exists in a revocation list: if the authority number exists in the revocation list, the authority is not verified, and the process is finished, otherwise, if the authority number does not appear in the revocation list, the next step is carried out;

e) the verifier checks whether the authority which the employee wants to use exists in the authority certificate and the authority validity period corresponding to the authority: if the authority exists in the authority certificate and is not expired, entering the next step, otherwise, not verifying the authority, and ending;

f) the verifier queries whether the administrator authorized to the employee's rights voucher has the rights granting right to grant the right: if the administrator has the authority granting right for granting the authority, entering the next step, otherwise, if the administrator does not have the authority granting right for granting the authority, the verification of the authority is not passed, and ending;

g) the verifier verifies the validity of the authority certificate through the administrator public key: if the authority certificate is invalid, the authority certificate is falsified, the authority certificate is not verified, and the process is finished, otherwise, if the authority certificate is valid, the authority certificate is authorized and is not falsified, the authority certificate is verified, and the next step is carried out;

h) providing a service corresponding to the authority for the employee;

wherein the generation of the permission credential comprises:

1) the staff applies for the authority, generates an authority application list, and signs the authority application list through a private key corresponding to a digital certificate owned by the staff, wherein: the authority application list comprises an authority number, application time, an authority validity period, a digital certificate of the employee and an administrator public key corresponding to the authority which the employee wants to apply;

2) the administrator examines whether the authority exceeding the positions of the employees exists in the authority application list according to the positions of the employees, and simultaneously examines whether the authority validity period of the employees applying for the authority is reasonable: if the applied authority is in the authority range corresponding to the positions of the employees and the validity period of the authority is reasonable, the authority is approved, the next step is carried out, and if the authority is not in the authority range corresponding to the positions of the employees, the next step is carried out, otherwise, the operation is finished (certainly, in the actual application, if special requirements are met, the authority exceeding the positions of the employees can be approved as required);

3) the administrator verifies the employee identity based on verifying the validity of the employee digital certificate, while verifying the integrity of the permission application list (verifying whether the permission application list is tampered with and data is lost): if the employee digital certificate is valid and the authority application list is complete, namely the authority application list is not tampered and the data is not lost, the verification is passed, the next step is carried out, and if not, the verification is finished;

4) and the administrator signs the authority application list by using an administrator private key to generate an authority certificate and a certificate ID number, and then the authority certificate and the certificate ID number are issued to the employee and stored on a certificate carrier owned by the employee.

Of course, in actual implementation, besides the employee themselves actively applies for the authority to generate the authority credential, the administrator can also directly generate the authority credential for the employee according to the basic authority that the employee should have.

In actual implementation, the issuing mode of the authority certificate and the certificate ID number is as follows:

writing information and a certificate ID number corresponding to the authority certificate into a certificate carrier used by an employee by an administrator; or

And generating a write instruction by the administrator and sending the write instruction to the verifier, so that when the employee shows the authority certificate to the verifier by means of the certificate carrier for the first time, the verifier writes the information corresponding to the authority certificate and the certificate ID number into the certificate carrier through the write instruction.

In the present invention, the modification of the rights includes:

if part of authority in the authority certificate is reduced, adding an authority number corresponding to the reduced authority to a revocation list;

and if the authority is added, re-executing the steps 1) -4).

In the present invention, revocation of a rights voucher includes: the credential ID number of the rights credential is directly added to the revocation list, i.e., all rights in the rights credential are pared down.

In actual implementation, changes by the administrator include:

changing the original administrator into a new administrator;

the verification function of the administrator public key of the original administrator is reserved, and the authority of the original administrator for issuing the authority certificate is cancelled, so that the administrator can not influence the verification of the previously issued authority certificate after being changed;

therefore, in the subsequent operation, the new authority certificate can continuously replace the old authority certificate, and when the old authority certificate is completely replaced by the new authority certificate, the digital certificate of the original administrator is revoked, namely all functions of the original administrator are cancelled. For example, when the administrator resigns, his digital certificate cannot be trusted, and needs to be revoked, so that he can optionally issue an authorization certificate that can be verified.

In practical implementation, the process of losing the authority credential includes:

if the authority certificate of the employee is lost (if the authority certificate is lost due to the certificate carrier), the unit root certificate issues the digital certificate for the employee again, and cancels the original digital certificate, so that the lost authority certificate can not pass the verification, and then the administrator generates a new authority certificate for the employee.

In practical implementation, the digital certificate is preferably an SM2 (national cryptographic algorithm) digital certificate (without limitation), and before issuing an SM2 digital certificate to administrators and employees of each department of a unit, the method includes an initialization step:

finite field F defining SM2 digital certificate_pElliptic curve E (F)_p) Two parameters a, b of the equation and a base point G on the elliptic curve, where G ═ x_G，y_G)，x_G、y_GRespectively, the abscissa and ordinate, x, of the base point G_G、y_G∈F_pThe base point G has the order n, and n is a positive integer greater than 1.

The specific definition of the parameters can refer to GB/T32918.2-2016 (information Security technology SM 2) part 2 of elliptic curve public key cryptography algorithm: digital signature algorithm.

Further, the generation of the rights voucher includes the steps of:

1-1) the employee B applies for one or more authorities according to actual needs, and then generates an authority application list M, wherein the authority application list M comprises an authority number Num corresponding to the authority which the employee wants to apply, application time, authority validity period and a digital certificate Cert of the issued employee B_BAnd administrator public key P_A；

1-2) employee B passes through the digital certificate Cert_BThe corresponding private key signs the authority application list M;

1-3) the employee B submits the signed authority application list M to the administrator A;

1-4) the administrator A verifies whether the authority application list M submitted by the employee B has authority exceeding the positions of the employees, and simultaneously verifies whether the authority validity period of the employee B for authority application is reasonable: if the authority exceeding the positions of the employees exists or the authority with unreasonable validity period exists, the verification is not passed, and the process is finished, otherwise, the next step is carried out;

1-5) Administrator A verifies the digital certificate Cert_BTo verify the identity of employee B and at the same time to verify the integrity of the authority application list M: if employee B's digital certificate Cert_BIf the authority application list is valid and the authority application list M is complete, the verification is passed, the next step is carried out, and if the authority application list M is not complete, the verification is ended;

1-6) Administrator A calculates a first temporary value D and sends the first temporary value D to employee B, wherein: D-zfP_BAnd z is a random number, z is,the hash function value f is calculated by a hash function hash () (SM3 hash algorithm), where f is hash (M | | n | | x)_G||y_G||a||b||P_B||P_A) N is the order of base point G, P_BIs a digital certificate Cert of employee B_BA corresponding public key;

1-7) after receiving the first temporary value D, employee B calculates a second temporary value U and returns the second temporary value U to administrator A, wherein: u ═ d_B)^-1D，d_BIs a digital certificate Cert of employee B_BA corresponding private key;

1-8) when administrator a receives the second temporary value U, it verifies whether equation U is zfG true: if the equality is established, entering the next step, otherwise ending;

1-9) the administrator A generates a random number k, k ∈ (1, n-1), calculates a first value s of the credential and a second value r of the credential, and generates a credential ID number ID, where: s ═ d (d)_A+k)^-1，r＝fkG，id＝hash(s，r，M)，d_AIs a digital certificate Cert owned by Administrator A_AA corresponding private key;

1-10) packing s, r and M into a data packet (s, r, M), wherein the data packet (s, r, M) can be in a JSON format used for transmitting texts, so that the authority certificate is generated;

1-11) issues to employee B the authority credential and credential ID number ID.

Further, the verification of the rights comprises the steps of:

2-1) employee B wants to use authority Q, and then submits authority certificate (s, r, M) to verifier V by the action of certificate carrier storing authority certificate approaching verifier V;

2-2) verifier V verifies employee B digital certificate Cert_BTo verify employee identity: if employee B digital certificate Cert_BIf the result is valid, the next step is carried out, otherwise, the operation is finished;

2-3) the verifier V inquires whether the ID number ID of the certificate corresponding to the authority certificate of the authority Q exists in a revocation list, wherein the revocation list comprises the ID number ID of the certificate, the authority number Num, a revocation date and a revoker: if not, entering the next step, otherwise, ending;

2-4) the verifier V inquires whether the authority number Num corresponding to the authority Q exists in the revocation list: if not, entering the next step, otherwise, ending;

2-5) verifier V checks if the authority Q that employee B wants to use exists in the authority voucher and if the authority Q is expired: if the authority Q exists in the authority certificate and is not expired, entering the next step, otherwise, ending;

2-6) verifier V inquires of administrator A whether or not the authority granting authority Q: if the administrator A has the authority granting right, entering the next step, otherwise, ending;

2-7) the verifier V generates a random number h, calculates a third temporary value C, and sends the third temporary value C to the employee B, wherein: c ═ hash (s, r, M) hP_B；

2-8) after receiving the third temporary value C, employee B calculates a fourth temporary value F and returns the fourth temporary value F to verifier V, wherein: f ═ d_B ^-1C；

2-9) the verifier V verifies whether the equation F ═ hash (s, r, M) hG holds: if the equality is established, entering the next step, otherwise ending;

2-10) verifier V calculates f ═ hash (M | | | n | | | x)_G||y_G||a||b||P_B||P_A) Then verify the equation s (fP)_AWhether + r) ═ fG holds: if the equation is established, the permission Q passes the verification and enters the next step, otherwise, the operation is finished;

2-11) provides the service corresponding to the authority Q to the employee B.

In the invention, the certificate carrier has data reading and writing and computing capabilities. The credential carrier may be a hardware device such as a smart terminal, a smart card, and the like, where the smart terminal is a smart phone, and the smart card is a password card, a work card, and an IC card.

When the certificate carrier is an intelligent terminal, information interaction among the staff, the administrator and the verifier is realized through the intelligent terminal. When the voucher carrier is a smart card, information interaction between the employee and the administrator involves a computer in addition to the participation of the smart card, and information interaction between the employee and the verifier is realized through the smart card.

In the invention, the information interaction between the administrator, the staff and the verifier is realized by a computer, wherein the computer is used as a server, but can also be a reader-writer and an intelligent terminal (such as a smart phone) as the case may be. For example, an administrator holds a reader-writer to issue an authority credential and a credential ID number to an employee. Here, the reader/writer should have data read/write capability. For another example, the administrator issues the authority credential and the credential ID number to the employee's mobile phone through the own mobile phone via the computer as the server.

In the invention, the verifier is a hardware device with data reading and writing and computing (such as computing password) capabilities, such as entrance guard.

In practical application, each department in a unit is provided with an administrator, and the administrator is taken by a person with higher authority in the department.

In the invention, the trust relationship of the digital certificate is as follows: in the unit using the verifier, the trust relationship of the digital certificate is based on a unit root certificate as a trust basis, and the unit root certificate issues respective digital certificates for the administrator and all employees of each department.

The employee has a unique private key for his/her digital certificate, and this private key is distributed to the employee and is kept by the employee. Likewise, the administrator has a unique private key for his own digital certificate, which is personally kept in the custody of the administrator. The employee's digital certificate is typically stored in a credential carrier, and the administrator's digital certificate is typically stored in a computer.

The following examples illustrate:

the new employee's sheetlet has just entered work, and the department responsible for the authority's root certificate management generates a new digital certificate for the sheetlet that provides a basis for the sheetlet to trust with other colleagues and validators (e.g., gate inhibition) in future work.

Then, the manager of the department of the small sheets generates a basic authority certificate such as the authority of entrance guard of the entrance of the unit, dining rooms, gymnasiums and other basic authorities related to the positions of the small sheets. At the moment, the authority certificate obtained by the small sheets relates to basic authority about units and departments, so that the small sheets can be obtained by submitting authority requests by themselves or can be directly generated for the small sheets by a department administrator. Finally, the rights voucher is written to a small voucher carrier, such as a cell phone.

If the small sheets need to apply for the machine room access permission except the basic permission due to work reasons within a period of time after work, the small sheets need to inquire the permission number of the machine room access permission, and an permission application list M about the machine room access permission is generated by combining the requirement of setting the validity period of the permission. The authority application list M includes: authority number, application time, authority validity period, applicant, department in which the applicant is located, and digital certificate. Then, the small sheet signs the authority application list M with a private key of the small sheet and sends the authority application list M to the manager. Therefore, the manager laowang verifies the authority application list M (whether the authority of the machine room entrance guard is beyond the requirement of the position of the smaller sheet, and whether the validity period of the authority of the machine room entrance guard applied by the smaller sheet is reasonable), and verifies the identity and the integrity of the authority application list M.

It is assumed here that the audit and verification pass, and then the queen sends a verification message to the sheetlet, the content of which is D, D being zfP_BWhere f is hash (M | | | n | | | x)_G||y_G||a||b||P_B||P_A) F is the content of the rights voucher, z is a random number generated by the King, P_BIs a public key corresponding to a digital certificate of small size, P_AIs the manager public key of the king. After receiving D, the small piece calculates U, U ═ D_B)^-1And D, returning U to the old king. Here, only the small sheet with this private key has the ability to compute the result of U. After receiving the U, the joss verifies whether the equation U is zfG. Assuming that this is true, the sheetlet passes the authentication. The manager's queen then begins generating the permission credential for the sheetlet. The King generates a random number k, then calculates s and r, and generates a certificate ID number ID (d)_A+k)^-1R is fkG, id hash (s, r, M). And then, the old king issues the packaged data packet (s, r, M) and the id to a small mobile phone together, wherein (s, r, M) is the authority certificate.

Thus, when the small sheets enter the machine room, the small sheets move to the machine room doorThe entrance guard (verifier) of the mouth presents the rights voucher (s, r, M). The access control then first verifies the validity of the digital certificate owned by the sheetlet and then queries whether the id of this authorization document he presents exists in the revocation list. If the access authority does not exist, the access control continues to inquire whether the authority number corresponding to the machine room access authority in the authority certificate exists in the revocation list. Assuming that the access control authority does not exist, the access control checks whether the access control authority of the machine room exists in the authority certificate and is overdue. Assuming that the access control authority exists and is not expired, the access control inquires whether the old king of the administrator has the authority granting authority for granting the access authority of the machine room. Assuming possession, the gate generates a random number h, and calculates C, C ═ hash (s, r, M) hP_BAnd sends C to the sheetlet. After C is received by the small piece, F is calculated, and F is equal to d_B ^-1C, and returning the F to the entrance guard. Here, only the sheetlet has the ability to calculate F. Then, the gate inhibition verifies whether the equation F ═ hash (s, r, M) hG holds. Assuming that the above is true, the gate inhibition continues to calculate f, f equals hash (M | | | n | | x)_G||y_G||a||b||P_B||P_A) Then verify the equation s (fP)_AAnd + r) ═ fG. If the situation is true, the verification of the entrance guard authority of the machine room of the small sheet is passed. Then, the door is opened to allow the small sheets to enter the machine room.

In practice, if for some reason some rights of the sheetlet need to be restricted, this can be handled as appropriate. If all rights in the rights voucher owned by the sheetlet need to be revoked, the sheetlet can contact the manager's King, and the King can add the id of the rights voucher to the revocation list on the computer serving as the server. If the authority certificate owned by the small sheet has five authorities, one authority needs to be deleted, then the small sheet can contact the manager laowang, and the authority number corresponding to the authority to be deleted by the laowang is added to a revocation list on a computer serving as a server.

If the small sheets leave the job on a certain day, the digital certificate of the small sheets needs to be revoked.

The invention has the advantages that:

1. convenient maintenance and management, and small workload: compared with the existing autonomous access control (DAC), the method and the system enable maintenance personnel not to maintain huge ACLs any more, but only periodically maintain the revocation list with small data volume, and if the revoked authority is expired, the revoked authority can be immediately deleted from the revocation list without maintenance, so that the workload of maintenance and management is small, and the resource consumption is greatly reduced.

Specifically, the ACL stores the authority information of all the employees, and once the authority of the employees changes, the ACL needs to be modified, so that the workload is huge. However, in the present invention, the revocation list can only be modified in the following cases: first, the employee is not resignated, but the authority is revoked in advance. For example, a certain job is completed in advance (in practice, it is also possible not to revoke the rights, unless applied to a situation where the security level is very high and the corresponding rights are immediately revoked to complete the task). Second, when granting rights, the administrator operates in error, granting the employee the wrong rights, but this is very rare. Thus, the revocation list is typically empty, and it is seen that maintenance personnel have minimal workload.

2. The safety is high: on one hand, when the method is actually implemented, the possibility that an attacker authenticates the identity of the employee through a digital certificate is extremely low, the possibility that the authority validity is verified through a cryptographic technology is extremely low, and the possibility of exhaustive attack is also extremely low. On the other hand, the information of the certificate carrier is not easy to copy, even if the information is copied, the safe storage of the private key can ensure that the information cannot pass the authentication after being copied, and compared with a card only storing the related information of the employee in the prior art, the card is higher in copying difficulty and higher in cost. Specifically, if the copy is performed, besides the complete credential carrier information and the digital certificate, a private key corresponding to the digital certificate needs to be obtained, and the private key is stored in a security chip of the credential carrier, and the security chip protects the private key from being illegally read, which makes it difficult to implement the copy.

3. Facilitating dynamic extension of permissions: in the authority credential generation stage, the invention can give the authority set dynamically based on roles, for example, the new employee authority set can include basic authorities such as gate access, unit dining room, gymnasium access and the like, and can manage the authority in a fine granularity manner, for example: and independently generating an authority certificate for the authority of entering the machine room and writing the authority certificate into a certificate carrier. Here, the permission set is a permission set with a certain reference value given in combination with the actual situation, but what kind of permission is granted to the employee is still determined by the administrator in combination with the actual situation. It can be seen that this mode of rights management provides convenience for dynamic extension of rights.

The above description is of the preferred embodiment of the present invention and the technical principles applied thereto, and it will be apparent to those skilled in the art that any changes and modifications based on the equivalent changes and simple substitutions of the technical solutions of the present invention are within the protection scope of the present invention without departing from the spirit and scope of the present invention.

Claims

1. A rights management method for a verifier, comprising the steps of:

h) providing a service corresponding to the authority for the employee;

wherein the generation of the permission credential comprises:

2. The rights management method for a verifier as recited in claim 1, wherein:

the authority certificate and the certificate ID number are issued in the following mode:

writing information corresponding to the authority certificate and the certificate ID number into the certificate carrier used by the employee by the administrator; or

And generating a writing instruction by the administrator and sending the writing instruction to the verifier, so that when the employee shows the authority certificate to the verifier by means of the certificate carrier for the first time, the verifier writes the information corresponding to the authority certificate and the certificate ID number into the certificate carrier through the writing instruction.

3. The rights management method for a verifier as recited in claim 1, wherein:

the modification of the rights includes:

if part of authority in the authority certificate is reduced, adding an authority number corresponding to the reduced authority to the revocation list;

and if the authority is added, re-executing the steps 1) -4).

4. The rights management method for a verifier as recited in claim 1, wherein:

the revocation of the rights voucher includes: directly adding a credential ID number of the permission credential to the revocation list.

5. The rights management method for a verifier as recited in claim 1, wherein:

changes by the administrator include:

changing the original administrator into a new administrator;

when the old authority certificate is completely replaced by the new authority certificate, the digital certificate of the original administrator is revoked;

the loss processing of the authority certificate comprises the following steps:

if the authority certificate of the employee is lost, the unit root certificate issues the digital certificate for the employee again, the original digital certificate is revoked, the lost authority certificate cannot pass the verification, and then the administrator generates a new authority certificate for the employee.

6. The rights management method for a verifier according to any one of claims 1 to 5, characterized in that:

the digital certificate is an SM2 digital certificate, and before issuing the SM2 digital certificate to managers and employees of each department of a unit, the method comprises the following initialization steps:

a finite field F defining said SM2 digital certificate_pElliptic curve E (F)_p) Two parameters a, b of the equation and a base point G on the elliptic curve, where G ═ x_G，y_G)，x_G、y_GRespectively, the abscissa and ordinate, x, of the base point G_G、y_G∈F_pThe base point G has the order n, and n is a positive integer greater than 1.

7. The rights management method for a verifier as recited in claim 6, wherein:

the generation of the permission certificate comprises the following steps:

1-1) employee B applies for permission and then generates permission application list M, wherein the permission application list M comprises permission number Num, application time, permission validity period and digital certificate Cert of issued employee B_BAnd administrator public key P_A；

1-5) Administrator A verifies the digital certificate Cert_BTo verify the identity of employee B and at the same time to verify the integrity of the authority application list M: if employee B's digital certificate Cert_BIf the authority application list M is valid and complete, the verification is passed and the system enters into the systemOne step, otherwise, ending;

1-6) Administrator A calculates a first temporary value D and sends the first temporary value D to employee B, wherein: D-zfP_BZ is a random number, and the hash function value f is calculated by a hash function hash (), where f is hash (M | | n | | | x)_G||y_G||a||b||P_B||P_A) N is the order of base point G, P_BIs a digital certificate Cert of employee B_BA corresponding public key;

1-10) packing s, r and M into a data packet (s, r, M), thereby generating a permission certificate;

8. The rights management method for a verifier as recited in claim 7, wherein:

the verification of the rights comprises the steps of:

2-1) employee B wants to use permission Q, and then submits permission credential (s, r, M) to verifier V;

2-6) verifier V inquires of administrator A whether or not the authority granting authority Q: if the administrator A owns, entering the next step, otherwise ending;

2-11) provides the service corresponding to the authority Q to the employee B.