LU102395B1 - Method and system for dynamic authority access control based on privacy protection - Google Patents
Method and system for dynamic authority access control based on privacy protection Download PDFInfo
- Publication number
- LU102395B1 LU102395B1 LU102395A LU102395A LU102395B1 LU 102395 B1 LU102395 B1 LU 102395B1 LU 102395 A LU102395 A LU 102395A LU 102395 A LU102395 A LU 102395A LU 102395 B1 LU102395 B1 LU 102395B1
- Authority
- LU
- Luxembourg
- Prior art keywords
- resource
- ciphertext
- attribute
- access
- terminal member
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses a method and a system for dynamic access control based on privacy protection. The method includes: (1). initializing system parameters, wherein define the terminal members in the method and related parameters of the terminal members, and the basic knowledge used in the method is introduced. CA and each terminal member generate their own public and private key pairs. These constitute the system parameters of the method; (2). authenticating identity of terminal members, wherein CA authenticates terminal members in the entire network shared domain, and each terminal member calculates its own attribute weights; (3). encrypting and storing shared resources, wherein each terminal member uses the encryption key to encrypt its shared resources, then each terminal member sets an access policy and keyword descriptions for the resource ciphertext and publishes it on the public information sharing platform. Then each terminal member stores the resource ciphertext in the ciphertext database (CD); (4). accessing to shared resources, wherein each terminal member sends the access permissions to the RSSP to match the access policy to obtain the ciphertext resource link. Then the terminal member downloads the resource ciphertext according to the link and calculates the decryption key according to the corresponding attribute weights to decrypt and access the resource ciphertext; (5). updating permissions and dynamically accessing shared resources, wherein terminal members can update their access permissions by obtaining rewards or penalties to access higher-level or lower-level shared resources.
Description
METHOD AND SYSTEM FOR DYNAMIC AUTHORITY ACCESS CONTROL BASED'UNP232°
PRIVACY PROTECTION Field of the Invention The present invention relates to the technical field of information security, and in particular to a method and a system for dynamic authority access control based on privacy protection. Background of the Invention With the rapid development of the Internet of Things, the way we interact with the world has undergone great changes, gradually changing people's lifestyles. How to ensure the safe sharing of data, avoid the leakage of sensitive information and protect the privacy of users is a serious challenge. Access control is one of the key issues to realize the security of the Internet of Things, which largely guarantees the trust problem of the Internet of Things. Access control technology, as one of the core technologies of secure data sharing, can ensure that shared data can only be accessed by terminal members with corresponding permissions. The terminal members use different levels of permissions to access shared resources with different sensitivity levels, so that shared resources can be accessed flexibly, dynamically and fine-grained. At the same time, it combines identity authentication technology and encryption technology to ensure safe resource sharing. In the process of identity authentication, for traditional identity authentication methods, personal identity information is easily exposed. An identity authentication method based on hidden attributes is proposed to protect personal privacy and avoid malicious attacks from illegal members. When the shared data resource is stored and transmitted, the shared data resource is encrypted, which greatly improves the security and anti-leakage of the data. Aiming at the limitations of secure resource sharing in the complex network environment of the Internet of Things, and combined with the improved related methods proposed above, the patent of the present invention sets a flexible access control strategy. The proposed method is based on a flexible access control strategy to achieve secure, flexible and fine-grained access to shared resources, and strives to promote the development of this research. Summary of the Invention In order to solve the shortcomings of the prior art, the present invention discloses a privacy protection-based dynamic authority access control method, which makes resource sharing safer and more flexible. LU102395 To achieve the above purpose, the specific solution of the present invention is as follows: A dynamic authority access control method based on privacy protection includes the following steps: Step one: The initialization of relevant parameters in the information sharing network domain is mainly for the certification authority CA and each terminal member to generate their own public/private key pair; Step two: Each terminal member in the domain calculates attribute parameters and attribute weights according to their attribute sets, CA uses the attribute parameters to authenticate each terminal member; Step three: The terminal member who shares the resource, the resource sharer, calculates the encryption key, then uses the key to encrypt the shared resource and stores the encrypted ciphertext in the ciphertext database. Last, the resource sharer sets the access policy and keywords of the ciphertext for access and acquisition; Step four: The terminal member who obtains shared resources, the resource visitor, searches for the resources they need according to keywords, and then matches the access policy of the ciphertext resource. If the terminal member has access right, he can obtain the corresponding ciphertext link to download the ciphertext. Then the terminal member calculates the group key and decrypts to obtain the plaintext resource. Otherwise, the member cannot obtain the ciphertext link to obtain the ciphertext; Step five: The terminal members in the domain will receive rewards or penalties, etc., which may cause changes in the resource access permissions of terminal members, thereby obtaining new access permissions and accessing higher-level or lower-level resources; Further, in the Step one for initializing parameters in this method, the specific steps are as follows: Step1-1) define terminal members and related parameters in the information sharing domain, and introduce basic knowledge of this method; Step1-2) the certification authority CA and each terminal member run the key generation algorithm to generate their own public and private key pairs.
Further, in the Step two for identity authentication of hidden attributes of terminal members, the specific steps are as follows:
Step2-1) the attributes of all terminal members in the information sharing domain form a netwb12395 attribute set. CA sorts the attributes in the network attribute set and sets the attribute serial number; Step2-2) each terminal member uses its own attributes to calculate attribute parameters, and sends these parameters to the CA for identity authentication; Step2-3) CA verifies the identity of each terminal member by using the received attribute parameters. If the verification is successful, CA further calculates the attribute-related parameters and sends them to each terminal member. Otherwise, CA will kick the terminal member out of the information sharing domain; Step2-4) after each terminal member receives the attribute parameters sent by CA. Each member calculates their attribute weights based on these attribute-related parameters. After that, each terminal member successfully registers; CA sends public information to the resource sharing service platform (RSSP); Further, in the Step three for encrypting and storing data resources by the resource sharer, the specific steps are as follows: Step3-1) each terminal member randomly selects the encryption key of the shared resource to encrypt the resource. Each member sets keywords description and access permission for the ciphertext, then sends the encrypted ciphertext, keywords and access permission parameters to the resource sharing service platform(RSSP); Step3-2) after RSSP receives the message sent by each terminal member, it verifies the identity of each terminal member. If the verification is successful, RSSP publishes the access rights and keywords to the public information sharing platform, and stores the ciphertext in the ciphertext database (CD). Otherwise, RSSP broadcasts “Error” to the entire information sharing domain.
Further, in the Step four for matching access permissions and accessing shared resources by the resource visitor, the specific steps are as follows: Step4-1) resource visitor determines the resources he want to access based on keywords and access permissions. Then resource visitor sends the attribute serial numbers and other parameters corresponding to the access permissions to RSSP. After RSSP receives the information, it verifies the identity of the resource visitor. If the verification is successful, RSSP sends the ciphertext link of the resource to the resource visitor; Step4-2) after the data visitor downloads the ciphertext by using the ciphertext link, he selects the corresponding attribute weights according to the access permission policy to calculate the decryption key. Then the data visitor decrypts the ciphertext to obtain the plaintext of sharbd239° resources. Further, in the Step five for dynamically accessing high-level or low-level resources by the resource visitors, the specific steps are as follows: Step5-1) when resource visitor gets rewards, he can apply to CA for a new permission, and a new attribute weight can be calculated. Then the resource visitor uses this attribute weight and original attribute weights to calculate the decryption key to access higher-level shared resources.
Step5-2) when a resource visitor is punished, an attribute permission will be revoked, and the corresponding attribute weight will become invalid. Then the resource visitor uses the remaining attribute weights calculate the decryption key to access lower-level shared resources.
Dynamic authority access control method based on privacy protection, comprising the following modules: Parameter initialization module is to define the parameters required by the dynamic access control method. CA and each terminal member generate their own public and private key pairs; Identity authentication module is for each terminal member to perform identity authentication to CA. And each terminal member obtains their respective attribute-related parameters and attributes weights; Encrypted storage module of the shared resource is that the resource sharer calculates the encryption key to encrypt the shared data resource. Then the resource sharer stores the encrypted resource ciphertext in the ciphertext database (CD), and sets the access permission for the ciphertext; Access module of the shared resource is that the resource visitor sends resource keywords and access permissions to the CA to obtain the ciphertext link. Then the resource visitor downloads the ciphertext according to the link and calculates the decryption key to decrypt the ciphertext, thereby accessing the shared resource; Dynamic access module of shared resources is that resource visitor obtains rewards or penalties, which causes changes in resource access permissions, thereby accessing higher-level or lower-level shared resources; Further, the module for initializing parameters is comprises: Define the parameter variables used in the access control method, and introduce the basic knowledge used in the method;
CA and each terminal member run the key generation algorithm to generate their own publictäh 2395 private key pairs. Finally, the system parameters of the entire access control method are obtained.
Further, the module for identity authentication of hidden attributes of terminal members is comprises: 5 CA sets the corresponding attribute serial number according to the defined ordered attribute set. Each terminal member uses its own ordered attribute set to calculate attribute parameters. Then the terminal member sends these parameters and corresponding attribute serial numbers to CA; After CA receives the message sent by the terminal member, it verifies the identity of each terminal member. If the verification is successful, CA calculates the attribute-related parameters according to the received parameters and sends them to each terminal member. Otherwise, CA kicks the terminal member out of the information sharing domain; After receiving the message sent by CA, each terminal member verifies the identity of CA. If the verification is successful, each terminal member calculates the attribute weights according to the received parameters. The terminal member registration is successful. Otherwise, each terminal member performs identity authentication to CA again.
Further, the module for encrypting and storing data resources by the resource sharer is comprises: The resource sharer randomly selects an encryption key to encrypt the shared resource to generate the ciphertext, and sets the access permissions and keywords of the ciphertext. Then the resource sharer sends the ciphertext, access permissions and keywords to the RSSP; After RSSP receives the message sent by the resource sharer, it verifies the identity of the resource sharer. If the verification is successful, RSSP will publish some public parameters such as access permissions and keywords on the public information sharing platform, and store the ciphertext in the ciphertext database (CD). Otherwise, RSSP broadcasts “Error” to the entire information sharing domain; Further, the module for matching access permissions and accessing shared resources is comprises: Resource visitor determines the resources he access based on keywords and access permissions. Then the resource visitor sends permission information and identity information to RSSP to apply for access to resources. RSSP verifies the identity of resource visitor based on the received information. If the verification is successful, RSSP will provide the corresponding resource ciphertext link to the resource visitor. Otherwise, RSSP broadcasts “Error” to the entire information sharing domain; LU102395 The resource visitor downloads the resource ciphertext by using the ciphertext link, and uses the corresponding attribute weights to calculate the decryption key to decrypt the resource ciphertext, thereby obtaining and accessing the shared resource.
Further, the module for dynamically accessing high-level or low-level resources by the resource visitors is comprises: Terminal members can obtain a new attribute for rewards. Then the members use the new attribute to apply for corresponding attribute permission to the CA, thereby accessing higher-level shared resources.
Terminal members who are punished will be cancelled a specific access permission, and they can only use the remaining attribute authority to access lower-level shared resources.
The present invention has the following beneficial effects:
1. The present invention utilizes the method of hidden attribute authentication, which improves the traditional identity authentication technology and proposes an identity authentication technology based on hidden attributes. It can not only achieve the effect of identity authentication, but also hide the identity information of terminal members, avoiding the leakage of personal privacy.
2. This method realizes dynamic and fine-grained access control technology. Terminal members with different numbers of attributes have different access permission. Terminal members access resources of the corresponding level according to their own access permission. And terminal members can access higher-level or lower-level resources by upgrading or downgrading their permissions.
3. This method has high security. The shared resources of each terminal member need to be encrypted before being uploaded and stored in RSSP. Moreover, when terminal members obtain resources, they need double authentication of identity and access permission to access. This double guarantee mechanism can resist collusion attacks and has high security. Brief Description of the Drawings Fig.1 is a flow chart of the entire access control method; Fig.2 is a model diagram of the entire access control method;
Detailed Description of the Embodiments LU102395 In order to help the skilled technicians in the field to understand the solution of the present invention, the embodiments will be illustrated below in detail, which is combined with the drawings.
In the embodiment, it mainly describes the resource sharing among terminal members in the information sharing domain and terminal members access to higher-level or lower-level resource sharing by updating the access authority when rewards and punishments are obtained.
As shown in Fig.1, the method for dynamic access control method based on privacy protection mainly includes the following steps: Step101, initialize the parameters. Define the required parameters of the access control method. CA and terminal members generate their own public and private key pairs. The specific implementation steps are as follows: Step1-1) Assuming that the information sharing network contains a certification authority CA and n terminal members. CA is mainly used to verify terminal identity and generate system parameters and system master key. The set of # terminal members is denoted asU = {u,,u,,...,u,} , and the corresponding identity set is /D ={id, ‚id, ,...,id, }. The sequence of constraint attributes for all access to network resources is Air, = À | 4, |--| 4 |A4,|...| 4, wherei < j,4 < A (Gi, j, RE N°). And the corresponding constraint attribute set is Attr,, = {A > 4,,..., Ap} . The attribute sequence of the terminal memberu, is alr, =a, |a, |..la, (1Si<n) and the corresponding ordered attribute set is attr, ={a,,,a, >a, >a, } , where a, ; <a, ,.,, attr, © Attr,, , atlr,, represents the attribute set corresponding to terminal member 4, R,re N°, R,r represents the number of attributes, N” represents a positive integer , 4, represents the 7th attribute of terminal member «, ; Step1-2) Assuming G, and G, are an additive group and a multiplicative group on the elliptic curve of prime orderd, respectively. The discrete logarithm over G and Gare difficult, g, € G, is a generators of G,. Parameter e:G,xG, > G, is a computable bilinear mapping. Set GF(g)is a finite field with order 4, whereq >R. H,:{0,1} >Z;,H, :G, —>Z;, H,:GF(q)—0", 4° th} 02395 hash functions: Step1-3) CA runs the key generation algorithm KeyGen(l*) to obtain a public/private key pair (SK, PKç4), where SK, eZ, and PK, = SK, g,. Any member u EU(1<i<n) chooses > a random positive integers, € Z and calculates sk, = H,(id, )s, . The private key of u,is sk, and the public key is pk, = g,sk,, . The system parameters are params = (PK .,,q.G,,G,, g,,e, H,, H,) .
Step102, hidden attribute authentication.
Each terminal member performs identity authentication with hidden attributes to CA, and obtains its own attribute-related parameters and attribute weights. The specific implementation steps are as follows: Step2-1) CA broadcasts the attribute sequence set for accessing network resources and corresponding sequence numbers {(4,,S,),(4,,5,),...,(4z,Sz)}, where A(1<i<R) represents attribute, S; represents the serial number corresponding to the attribute 4, .
Step2-2) each terminal user u,(1<i<n)with an ordered attribute setattr, ={q,,,a,,,....q,,}, where a; <a ,(1<j<r) . U; calculates the attribute parameters $,=15,4,8,9,5,4,,8,-9,75,4,,8 and 0, =s, H,(4, [9-|92,)PKcs . Then, u, sends {id, , pk, ,0,,(3 1, 4,8),(82,4,5,),....(8,.4,,5,)} to CA. Where, id, is the identity of the terminal %,, Pk, is the public key of the terminalw,, 0, is an intermediate parameter required for identity authentication; H,0 is a hash function.
Step2-3) after receiving the messages {Id , pk, .0,,(3 1, 4,51), (4 2, 4,,5,),....(8,,, 4,.5,)}, CA calculates 7, = SKC}0, = s, H, (8, [9-19.02 and verifies the identity of 4, by the equation H (id, )n, =? H,(4,, [92-2 pk, . If it holds, CA selects a random numbers 24; eZ (l <k<r) for each attribute @,, , CA calculates attribute-related parameters #,; =, A, (1<k <r) and its signature 0, = SK 64404191 + 14,8, 5, +--+ 14,4,,)8 . (Note that for any attributes 9,, and a, of different terminals 4, and u,(i#/), if j=k , then ts, =%a4s ). Then, CA sends messages
{PK 4>0,,(Xiys Xin» Xi) to the register terminal #,. Where, 7, is an intermediate parameter 2995 required for identity authentication. The verification method of #,(id, )n, =? H, (39, (89, pk, H (id, )n, = H, (id, )SK_ 0, =H, (id, )s, H, (3, 9.9.) is: . =sk, H,(3, |9-|9,)8 =H,(%,|4,--|4,) pk, Step2-4) after receiving the messages {PKo„06 (X Xi2>-Xi-)} from CA, u(l<i<n) > u(l<i<n) calculates the attribute weights 1, = 5,” Zu =lea4,8 1, = 5,” Kio = 104202815 I,= 5,” Kir =la,9,8 . Then, wu, verifies the identity of CA and attribute weight (i<r< . . . . . IT ofa, (1<k<r) by equation e( 6, gi) _ e( 4, P Ke): If it holds, 4; obtains the attribute weight T, , corresponding to each of its attributed, ,(1<k <r) . Each terminal member has successfully istered. Where, th i i is: registered ere e verification method of e( 6, 2) —e ( 0, P Ke) is e(0;, 8 )=e(SK (14,4, tig, ++ Loy, 9,)81> 8) = e(Uca18i1 Flan, +….+1c4,9;,)81> PK ça) =e((l;+T,+..+T,), PK) = e(4,, PK.) Step2-5) finally, according to the messages {id, , pk, ,0,,(3,,4,,5),(3,,4,5,)s..-.(3,,4,,S,)} sent by 4, , CA sends the information {pk,,S,;,S,,.--S,,} of each 4, to resource storage service platform (RSSP), where the attribute serial number (S,,:$;2:--->$,,) of u, corresponds to the network attribute serial number S,,S,,...,S, .
Step103, encrypted storage of shared resources.
The resource sharer calculates the encryption key to encrypt the shared resource. The resource sharer sets the access authority and keywords for the encrypted ciphertext resource, and then the resource sharer sends the ciphertext to RSSP. After RSSP receives the message, it verifies the identity of the terminal member. If the verification is successful, the ciphertext is stored in the ciphertext database and the public information of the ciphertext is published on the public information sharing platform. The specific implementation steps are as follows:
Step3-1) resource sharer 4, with attribute set arr, N sens 3 j,teN’,t 24.102395 randomly selects the encryption key Æ,, € GF(g)of the shared resource to encrypt the shared resource C; „ = H;(k, ,)®m, ;. Then u; calculates and sets the access rights of the ciphertext resource. 4, randomly selects (#—1) random numbers b,,,b,,,..h,, € GF(q) to construct a polynomial f(x)= b,x + b,x" +..+b,x+k, , of degree (1-1). According to the attribute weight set Te, ={T,.T,,....T,} corresponding to the access attribute set attr, of the resource, u, calculates the access permission X, = S(T, Jj =12,...0). u, describes the plaintext keyword keyword, „of the ciphertext resource (used to search for the keyword information of the ciphertext resource). U; calculates the signature 0 a = sk, ‘H,(S,, IS]. IS. [Pa | Va, |p, le. |keyword, „)g, according to the attribute serial number (S,,,S,,,-S,,) corresponding to the access to the resource attribute. # sends the information {id, , Pk, .(¥, »S,,):€ n>0i mr keyword, ,}(j=1,2,...t) to RSSP.
Where, GF(q) is a finite field of prime number 4, ¢ ,is a ciphertext resource, M,,is a plaintext resource, H :{0,1} > Z, is a hash function, /(0 is a Lagrange interpolation polynomial function.
Step3-2) after the resource storage service platform (RSSP) receives the message {id, , pk, .( Yu, ‚Si eG m Tim keyword, „}(j =1,2,...,1) sent by terminal member 4, , RSSP calculates Bm = H,(S,,[[S..] 5. Ju I.
Ap, le... |keyword, „)g, according to the received information.
RSSP verifies the identity of terminal member u; and the integrity of the signature information by calculating whether e(0,,> Pk,)=e(,,8) holds.
Where @, represents the intermediate variable required to verify the identity of terminal memberw,, e(-) is a bilinear mapping function that can be calculated.
The verification method of e(o,,.pk, )=e(8,.8) Is &(3, Ph, =e (5h; H (SoS ous [Pi u Jr Nn [Rerword 1. PR) =e(H,(S,, | Sa (JS; [Pas |»... |, le... |keyword, ,)g, 8) =ed,.8) Step3-3) After RSSP has verified the terminal identity, the public information
; . . . . . LU102395 {id, pk, .(y, p S,_,). keyword; ,} will be published on the public information sharing platform, and the ciphertext resource c,,, Will be stored in the ciphertext database (CD). Step104, downloading and accessing to shared resources. Resource visitor searches for the resources he needs based on keywords and matches access permissions. If the resource visitor has the access authority to the resource, his identity information and access permission parameters are sent to RSSP. After RSSP receives the message sent by the visitor, it verifies the identity and access permission of the visitor. If the verification is successful, the ciphertext link is sent to the resource visitor. The resource visitor downloads the resource ciphertext according to the link, and uses the corresponding attribute weights to calculate the decryption key to decrypt and access the ciphertext. The specific implementation steps are as follows: Step4-1) resource visitor #,(1< j<n) searches for the resource ciphertext C,„ he needs on RSSP according to the keywords keyword, , . Resource visitor 4,finds out the attribute serial number required to access the resource on the information sharing platform. If the resource visitor u ; has the attribute corresponding to the attribute serial number, 4, has the access permission to access the resource. #; calculates ©, = sk, H,(S aS ofS a |keyword, ,)8, and sends the message {id, Pk, >(S,1>-+>$;1) 0 j,m>KeyWord, „} to RSSP to apply for access to the resource. Where ©, represents the intermediate parameters required for identity authentication, H, :{0,1} > Z, is the hash function.
Step4-2) after RSSP receives the message {id, ,Pk, ,(S,,,-..S,,).0,,. keyword, „} sent by 4, it will match the attribute serial number set (S,;,..S,,) in the sent message with (8,158, Jt <r) published on the information sharing platform (that is, whether #, has the attribute access permissions it claims), If it matches RSSP calculates On = HS, | Sin |--|s is |keyword, ,)g, and verifies the identity of terminal member #, by calculating whether equation €(& im PK, ) = e(9, m 81) holds. If the equation holds, RSSP will provide the ciphertextC,,’s link corresponding to the keyword keyword, tou,. If the equation does not hold, u; will be removed from the network domain. Where @,, represents the 7995 intermediate parameters required for verifying the identity of#,. The verification method e(o, m pk, ) =e(sk,'H,(S |S, ,|---|S, Keyword, )g,, Pk, ) ofe(0,m> PK, )=e(8,,.8) is: ! > > | | 7 | ’ ? 5 =e(H6,, | Sa] [S.. (keyword, „)g, 81) = ed, > g) Step4-3) after 4, have downloaded the ciphertext€,,, 4, uses the corresponding attribute > serial number (¥, ,S,,)(j=12,..1) obtained from the information sharing platform and the corresponding attribute weights 7, ,(j=12,...1) of 4; to recover the polynomial { f x-—T, ; g@=2x, IT 1-1. according to the Lagrange theorem. That is, g(x)= f(x), u, = =1,0# iJ ia calculates the decryption key &(0)=k,, of ciphertext ©, to obtain plaintext information m, ; = €, ® Hy(k, „). Where, g(x) represents the Lagrange interpolation polynomial function, €, represents the ciphertext resource, M, ; represents the plaintext resource.
Step105, dynamic access to shared resources.
The terminal members in the domain will receive rewards or penalties, etc., which may cause changes in the resource access permissions of terminal members, thereby obtaining new access permissions and accessing higher-level or lower-level resources. The specific implementation steps are as follows: Step5-1) terminal member can obtain a new membership attribute for rewards. Then the members use the new attribute to apply for corresponding attribute permission to the CA, thereby accessing higher-level shared resources. The specific implementation steps are as follows: The terminal member %#, can obtain a new membership attribute 4, , for rewards. 4, can apply to the certification authority CA to obtain the attribute weights corresponding to 4, _, the process is as follows: u; calculates attribute parameter St Sa Ay 81 and 0,75, H,(3,,4)PKc,. Then 4, sends information {id, , Pk, ‚0, (9;,41>4,.1>$,44)} to CA, where 0; is an intermediate parameter required to verify the identity of#,, H,(-) is a hash function; LU102395 After CA receives the message tid, » Pk, 0,53; 115 4.,155,1)} sent by u ;; CA calculates n,= SK 0 17% H,(9,,1)8, and verifies the identity of 4, by calculating whether the equation H, (id, )n, =H, (9,1) Pk, holds.
If the verification is successful, CA randomly selects a positive integer I, €Z, for attributed,,,,, CA calculates ¥,,. = kyr, and, = SKcalca,nO, 18 - CA sends the information {PK.4,d,,%,,.} to the terminal member#,; Where 7, and J, are the intermediate parameters required to verify the identity of CA and the terminal member.
The verification method of H (id, )n, = H,(8,,,) Pk, is: fh Ga, 1, =H, (id, )s,, a (Br) ’ ’ =H, (8,1) Pk, After U, receives the message {PKo., 0, X;,.13, 4, calculates T, =s, À pret Flcarm@ rn 8 and verifies whether the identity of CA and the attribute 4, corresponding to the attribute weight Typ by calculating whether the equation e(ô 81) = eT, ,..P K.,) holds.
If the verification is successful, #, obtains the attribute weight T7, corresponding to attributed, ,.; - After 4, obtains the new attribute weight T,,,, u, applies the new attribute weights {7 i=1,2,....,r +1} to access higher-level shared resources according to the steps in 104. Step5-2) terminal members who are punished will be cancelled a specific access authority, and he can only use the remaining attribute authority to access lower-level shared resources.
The specific implementation steps are as follows: When terminal members are punished, such as reduced trust or illegal operations, certain specific resource access rights may be cancelled.
Suppose the current attribute set of terminal member 4, isattr,,, ={a, .a, ,..a, }(j,r€N,r<R). u, is punished and an attribute 4, is cancelled, then the attribute set of 4, becomes attr, ={a, .a, ...a, }. 4, can only use the corresponding attribute weights {7}, |i =1,2,...,r—1} to access lower-level shared resources.
The process of revoking attribute 4, of 4, is as follows: First, CA broadcasts a revocation notice of attribute 4, of4;; After receiving the notification,
RSSP und he i . . . . . . LlJ102395 pdates the information of #; in the information sharing platform, that is, cancels the S,, item in the %, column. Where S,, represents the 7 -th serial number of terminal member #,.
CA selects a random numbers 1, €0 Cs, Alcı,) for the attribute a, of each u,(1<i<n,i#j) , CA computes the attribute-related parameter #,, =¢,9 (1<i<n,i# j)and its > signature Op, = SK, 1 ar, 8) . Then, CA broadcasts messages {PK 40s rs Toros Xjar Kae Zar) to all the register terminal #, .
After receiving the messages {PKondus( Zr Zap jar Xpress Zor) from CA, u,(1<i<n,i# j)calculates the attribute weight T, = 5,” Zi = 14,8, . Then, 4; verifies the identity of CA and attribute weight 7, of @,(1Si<n) by verifying whether the equation e(6-48,)= e(T,,,PK.,) holds. If it holds, # obtains the attribute weight T,, corresponding to its attribute a, (1<Æ<r) . u; updates the previous attribute weight 77, with Try. At this time, #; cannot calculate the new attribute weight 7’, and #, can only access low-level shared resources. Where the verification method of e(d-,,8)= eT, PK.,) is: (Oey 81) =e(SKtc4,9;,815 81) = e(ic,, 9,8 SK 4,8) ’ =e(T;,, PK.) With the above implementation steps (from Step101 to Step105), a privacy-based dynamic access control method can be implemented.
Corresponding with the method for privacy-based dynamic access control technology, a system for privacy-based dynamic access control technology is provided in the embodiment, whose structure is shown in Fig.1.
In the embodiment, the system is comprises: Module101, that is, parameter initialization module. In this module, define the relevant parameters and other parameters of the terminal members in the system. CA and each terminal member generate their own public and private key pair.
Module102, that is, identity authentication and registration module. In this module, each terminal member performs identity authentication with the authentication authority CA to prove that it 4102595 legitimate user who can participate in information resource sharing. Each terminal member obtains attribute-related parameters and calculates corresponding attribute weights for subsequent operations.
Module103, that is, the resource sharer randomly selects an encryption key to encrypt the shared resource. And the resource sharer sets the access permission and keywords description for it. Then the encrypted ciphertext resource is stored in the ciphertext database (CD), the access strategy and keyword description of the shared ciphertext resource are published on the public information sharing platform for resource visitors to access and obtain the shared resource.
Module104, that is, access module of shared resources. In this module, resource visitor searches for keywords on the public information sharing platform to determine the resources he want to access and matches the access strategy. If the access permissions match, the resource visitor sends the attribute weights and other parameters to RSSP to apply for access to the ciphertext resource. After RSSP receives the information sent by the resource visitor, it verifies the identity and access permission of the resource visitor, RSSP sends the ciphertext link to the resource visitor after verification. After the resource visitor downloads the ciphertext, the resource visitor calculates the decryption key according to the corresponding attribute weights of the matched access policy to decrypt the ciphertext to obtain and view the shared resource.
Module105, that is, dynamic access to modules. In this module, system terminal members who obtain rewards or punishments can obtain a new permission attribute or be revoked an attribute to cause a change in resource access permissions. Terminal members use the changed access permissions to access higher-level or lower-level shared resources.
The structure of Module101 show in Fig.l (parameter initialization module) is shown in Fig.2, which comprises: Unit101, the definition of system parameters. In this unit, define the parameter variables used in the access control method, and introduce the basic knowledge used in the method; Unit102, public and private key pair generation. In this unit, CA and each terminal member run the key generation algorithm to generate their own public and private key pairs. Finally, the system parameters of the entire access control method are obtained.
The structure of Module102 shown in Fig.l (identity authentication and registration module) is shown in Fig.2, which comprises:
Unit201, terminal members request identity authentication from CA. In this unit, CA sets {#02395 corresponding attribute serial number according to the defined ordered attribute set. Each terminal member uses its own ordered attribute set to calculate attribute parameters. Then the terminal member sends these parameters and corresponding attribute serial numbers to the CA; Unit202, terminal members complete identity authentication. In this unit, after the CA receives the message sent by the terminal member, it verifies the identity of each terminal member. If the verification is successful, CA calculates the attribute-related parameters according to the received parameters and sends them to each terminal member. Otherwise, the CA kicks the terminal member out of the information sharing domain; Unit203, terminal members obtain attribute weights. In this unit, after receiving the message sent by the CA, each terminal member verifies the identity of the CA. If the verification is successful, each terminal member calculates the attribute weights according to the received parameters, the terminal member registration is successful. Otherwise, each terminal member performs identity authentication to the CA again.
The structure of Module103 shown in Fig.l (encrypted storage of shared resources module) is shown in Fig.2, which comprises: Unit301, encryption of shared resources. In this unit, the resource sharer randomly selects an encryption key to encrypt the shared resource to generate a ciphertext, and the resource sharer sets the access permissions and keywords of the ciphertext; Unit302, resource ciphertext storage and set access permissions. In this unit, after RSSP receives the message sent by the resource sharer, it verifies the identity of the resource sharer. If the verification is successful, RSSP will publish some public parameters such as access permissions and keywords on the public information sharing platform, and store the ciphertext in the ciphertext database. Otherwise, RSSP broadcasts “Error” to the entire information sharing domain; The structure of Module104 shown in Fig.1 (shared resource access module) is shown in Fig.2, which comprises: Unit401, obtain the download link address of the shared resource. In this unit, resource visitor determines the resources he access based on keywords and access permissions. Then resource visitor sends permission information and identity information to RSSP to apply for access to resources. RSSP verifies the identity of resource visitor based on the received information. If the verification is successful, RSSP will provide the corresponding resource ciphertext link to the resource visitor. Otherwise, RSSP broadcasts “Error” to the entire information sharing domain; LU102395 Unit402, download and decrypt the shared resources. In this unit, the resource visitor downloads the resource ciphertext by using the ciphertext link, and the resource visitor uses the corresponding attribute weights to calculate the decryption key to decrypt the resource ciphertext, thereby obtaining and accessing the shared resource. The structure of Module105 shown in Fig.1 (shared resource dynamic access module) is shown in Fig.2, which comprises: Unit501, terminal members’ permissions are upgraded to access higher-level shared resources. In this unit, terminal members can obtain a new membership attribute for rewards. Then the members use the new attribute to apply for corresponding attribute permission to the CA, thereby accessing higher-level shared resources.
Unit502, terminal members’ permissions are downgraded to access lower-level shared resources. In this unit, terminal members who are punished will be cancelled a specific access permission, and he can only use the remaining attribute authority to access lower-level shared resources.
The system for dynamic authority access control based on privacy protection is shown in Fig.2, the dynamic permission access control system based on privacy protection can be used in large enterprises, hospitals, military and other places that require confidential transmission and focus on privacy protection.
In summary, in the embodiment of the present invention, firstly, the system parameters are defined, and the basic knowledge used by the method and the system is introduced. CA and each terminal member generate their own public and private key pairs. Secondly, each terminal member requests identity authentication from the certification authority CA, CA performs identity authentication on each terminal member and sends the attributes-related parameters of each terminal member to them. Then each terminal member calculates the corresponding attribute weights.
Thirdly, terminal members who want to share resources, resource sharers, randomly select an encryption key to encrypt their shared resources. The resource sharers store the encrypted resource ciphertext in the ciphertext database CD, and set access permissions and keyword descriptions for the shared ciphertext resources. Then the resource sharers send these parameters and some public information to the public information sharing platform for terminal members to access and obtain.
Fourthly, terminal members who need to access shared resources, resource visitors, search for the resources they want to access based on keywords and match access permissions. If the access authority is satisfied, the authority will be authenticated to RSSP to obtain the ciphertext downliddd02395 link. The resource visitor downloads the ciphertext according to the link, and uses the attribute weights to calculate the decryption key to decrypt the shared ciphertext and access the shared resource. Fifthly, Resource visitor changes their access permissions by obtaining rewards or penalties, thereby accessing higher-level or lower-level shared resources. It can be seen that once the invention is implemented, the method and system for privacy protection-based dynamic authority access control would be realized. The invention adopts an identity authentication method with hidden attributes, which not only authenticates the identity of terminal members well, but also protects personal privacy well. The invention uses encryption technology to encrypt shared resources into ciphertext and stores them in a ciphertext database, which well protects the security of shared resources. When resource visitor accesses resources, he obtains shared resources according to the two-factor authentication of authority authentication and identity authentication, which guarantees the security of data resources. Terminal members can access resources of different sensitivity levels according to different access permissions, so that terminal members can access resources at other levels by obtaining rewards or penalties and updating permissions, making the access to shared resources more flexible and fine-grained. The method and system can make the access of shared resources more secure and flexible.
The embodiments in the present specification are described in a progressive manner, whose similar parts can refer to each other. In particular, since the device embodiment is substantially similar to the method embodiment, its description is relatively simple, whose relevant parts can refer to the corresponding parts of the method embodiment.
The embodiments of the present invention have been described in detail, which are provided for the purpose of understanding the method and system of the invention. The protection scope of the present invention is not limited in this. Those skilled technicians in the research field should be aware that various modification or variations on the basis of the technical solutions of the present invention, so the description shall not be understood as a limitation to the present invention.
Claims (12)
1. A dynamic authority access control method based on privacy protection, characterized in comprising the following steps: Step one: The initialization of relevant parameters in the information sharing network domain is mainly for the certification authority CA and each terminal member to generate their own public/private key pair; Step two: Each terminal member in the domain calculates attribute parameters and attribute weights according to their attribute sets, CA uses the attribute parameters to authenticate each terminal member; Step three: The terminal member who shares the resource, the resource sharer, calculates the encryption key, then uses the key to encrypt the shared resource and stores the encrypted ciphertext in the ciphertext database. Last, the resource sharer sets the access policy and keywords of the ciphertext for access and acquisition; Step four: The terminal member who obtains shared resources, the resource visitor, searches for the resources they need according to keywords, and then matches the access policy of the ciphertext resource. If the terminal member has access right, he can obtain the corresponding ciphertext link to download the ciphertext. Then the terminal member calculates the group key and decrypts to obtain the plaintext resource. Otherwise, the member cannot obtain the ciphertext link to obtain the ciphertext; Step five: The terminal members in the domain will receive rewards or penalties, etc., which may cause changes in the resource access permissions of terminal members, thereby obtaining new access permissions and accessing higher-level or lower-level resources;
2. The method for dynamic access control based on privacy protection of claim 1, characterized in wherein in the Step one for initializing system parameters, the specific steps are as follows: Step1-1) define terminal members and related parameters in the information sharing domain, and introduce basic knowledge of this method; Step1-2) the certification authority CA and each terminal member run the key generation algorithm to generate their own public and private key pairs.
3. The method for dynamic access control based on privacy protection of claim 1, characterized in wherein in the Step two for identity authentication of terminal members, the specific steps are as follows: LU102395 Step2-1) the attributes of all terminal members in the information sharing domain form a network attribute set. CA sorts the attributes in the network attribute set and sets the attribute serial number for each attribute; Step2-2) each terminal member uses its own attributes to calculate attribute parameters, and sends these parameters to the CA for identity authentication; Step2-3) CA verifies the identity of each terminal member by using the received attribute parameters. If the verification is successful, CA further calculates the attribute-related parameters and sends them to each terminal member. Otherwise, CA will kick the terminal member out of the information sharing domain; Step2-4) after each terminal member receives the attribute-related parameters sent by CA, each member calculates their attribute weights based on these attribute-related parameters. After that, each terminal member successfully registers; CA sends public information to the resource sharing service platform (RSSP);
4. The method for dynamic access control based on privacy protection of claim 1, characterized in wherein in the Step three for the encryption and storage of shared resources, the specific steps are as follows: Step3-1) each terminal member randomly selects the encryption key of the shared resource to encrypt the resource. Each member sets keywords description and access permission for the ciphertext, then the terminal member sends the encrypted ciphertext, keywords and access permission parameters to the resource sharing service platform (RSSP); Step3-2) after PSSP receives the message sent by each terminal member, it verifies the identity of each terminal member. If the verification is successful, RSSP publishes the access permissions and keywords to the public information sharing platform, and stores the ciphertext in the ciphertext database (CD). Otherwise, RSSP broadcasts “Error” to the entire information sharing domain.
5. The method for dynamic access control based on privacy protection of claim 1, characterized in wherein in the Step four for accessing shared resources, the specific steps are as follows: Step4-1) resource visitor determines the resources he want to access based on keywords and access permissions. Then resource visitor sends the attribute serial numbers and other parameters corresponding to the access permissions to RSSP. After RSSP receives the information, it verifies the identity of the resource visitor. If the verification is successful, RSSP sends the ciphertext link of the resource to the resource visitor; LU102395 Step4-2) after the data visitor downloads the ciphertext by using the ciphertext link, he selects the corresponding attribute weights according to the access permission policy to calculate the decryption key. Then the data visitor decrypts the ciphertext to obtain the plaintext of shared > resources.
6. The method for dynamic access control based on privacy protection of claim 1, characterized in wherein in the Step four for dynamically accessing shared resources, the specific steps are as follows: Step5-1) when resource visitor gets rewards, he can apply to CA for a new permission, and a new attribute weight can be calculated. Then the resource visitor uses this attribute weight and original attribute weights to calculate the decryption key to access higher-level shared resources.
Step5-2) when a resource visitor is punished, an attribute will be revoked, and the corresponding attribute weight will become invalid. Then the resource visitor uses the remaining attribute weights calculate the decryption key to access lower-level shared resources.
7. A system for dynamic access control based on privacy protection, characterized in comprising the following modules: Parameter initialization module is to define the parameters required by the dynamic access control method. CA and each terminal member generate their own public and private key pairs; Identity authentication module is for each terminal member to perform identity authentication to CA. And each terminal member obtains their respective attribute-related parameters and attributes weights; Encrypted storage module of the shared resource is that the resource sharer calculates the encryption key to encrypt the shared data resource. Then the resource sharer stores the encrypted resource ciphertext in the ciphertext database and sets the access permission for the ciphertext; Access module of the shared resource is that the resource visitor sends resource keywords and access rights to RSSP to obtain the ciphertext link. Then the resource visitor downloads the ciphertext according to the link and calculates the decryption key to decrypt the ciphertext, thereby accessing the shared resource; Dynamic access module of shared resources is that resource visitor obtains rewards or penalties, which causes changes in resource access permissions, thereby accessing higher-level or lower-level shared resources;
8. A system for dynamic access control based on privacy protection of claim 6, characterized i1,02395 wherein initialization module of system parameter comprises: Unit of definition of system parameters, wherein define the parameter variables used in the access control method, and introduce the basic knowledge used in the method; Unit of public and private key pair generation, CA and each terminal member run the key generation algorithm to generate their own public and private key pairs. Finally, the system parameters of the entire access control method are obtained.
9. A system for dynamic access control based on privacy protection of claim 6, characterized in, wherein module of identity authentication and registration comprises: Unit of terminal members request identity authentication from CA, wherein CA sets the corresponding attribute serial number according to the defined ordered attribute set. Each terminal member uses its own ordered attribute set to calculate attribute parameters. Then the terminal member sends these parameters and corresponding attribute serial numbers to CA; Unit of terminal members complete identity authentication, after CA receives the message sent by the terminal member, it verifies the identity of each terminal member. If the verification is successful, CA calculates the attribute-related parameters according to the received parameters and sends them to each terminal member. Otherwise, CA kicks the terminal member out of the information sharing domain; Unit of terminal members obtain attribute weights, wherein terminal members receive the message sent by CA, each terminal member verifies the identity of CA. If the verification is successful, each terminal member calculates the attribute weights according to the received parameters, the terminal member registration is successful. Otherwise, each terminal member performs identity authentication to CA again.
10. A system for dynamic access control based on privacy protection of claim 6, characterized in, wherein module of encryption and storage of shared resources comprises: Unit of encryption of shared resources, wherein the resource sharer randomly selects an encryption key to encrypt the shared resource to generate a ciphertext and sets the access permission and keywords of the ciphertext. Then the resource sharer sends the ciphertext, access permissions and keywords to RSSP; Unit of store resource ciphertext and set access policy, wherein RSSP receives the message sent by the resource sharer, it verifies the identity of the resource sharer. If the verification is successful,
RSSP will publish some public parameters such as access permissions and keywords on the publit02395 information sharing platform, and store the ciphertext in the ciphertext database. Otherwise, RSSP broadcasts “Error” to the entire information sharing domain;
11. A system for dynamic access control based on privacy protection of claim 6, characterized in, wherein module of shared resource access comprises: Unit of obtain the download link address of the shared resource, wherein resource visitor determines the resources he access based on keywords and access permissions. The resource visitor sends permission information and identity information to RSSP to apply for access to resources. RSSP verifies the identity of resource visitor based on the received information. If the verification is successful, the RSSP will provide the corresponding resource ciphertext link to the resource visitor. Otherwise, RSSP broadcasts “Error” to the entire information sharing domain; Unit of download and decrypt the shared resources, wherein the resource visitor downloads the resource ciphertext by using the ciphertext link, and the resource visitor uses the corresponding attribute weights to calculate the decryption key to decrypt the resource ciphertext, thereby obtaining and accessing the shared resource.
12. A system for dynamic access control based on privacy protection of claim 6, characterized in, wherein module of shared resource dynamic access comprises: Unit of terminal members’ permissions are upgraded to access higher-level shared resource, wherein terminal members can obtain a new attribute for rewards. Then the members use the new attribute to apply for corresponding attribute permission to CA, thereby accessing higher-level shared resources.
Unit of terminal members’ permissions are downgraded to access lower-level shared resources, wherein who are punished will be cancelled a specific attribute. These terminal members can only use the remaining attribute authority to access lower-level shared resources.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011252203 | 2020-11-11 | ||
CN202011275889.6A CN112383550B (en) | 2020-11-11 | 2020-11-16 | Dynamic authority access control method based on privacy protection |
Publications (1)
Publication Number | Publication Date |
---|---|
LU102395B1 true LU102395B1 (en) | 2021-10-25 |
Family
ID=74584183
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
LU102395A LU102395B1 (en) | 2020-11-11 | 2021-01-11 | Method and system for dynamic authority access control based on privacy protection |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN112383550B (en) |
LU (1) | LU102395B1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113411297A (en) * | 2021-05-07 | 2021-09-17 | 上海纽盾科技股份有限公司 | Situation awareness defense method and system based on attribute access control |
CN113346993B (en) * | 2021-06-09 | 2022-07-15 | 郑州轻工业大学 | Layered dynamic group key negotiation method based on privacy protection |
CN113489733B (en) | 2021-07-13 | 2022-07-29 | 郑州轻工业大学 | Content center network privacy protection method based on block chain |
CN113411186B (en) * | 2021-08-19 | 2021-11-30 | 北京电信易通信息技术股份有限公司 | Video conference data security sharing method |
CN114297595B (en) * | 2021-12-29 | 2024-04-19 | 盐城国睿信科技有限公司 | Access authority control system and method for mental health system |
CN115242388B (en) * | 2022-07-26 | 2024-06-25 | 郑州轻工业大学 | Group key negotiation method based on dynamic attribute authority |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107992B (en) * | 2013-02-04 | 2015-06-17 | 杭州师范大学 | Multistage authority management method for cloud storage enciphered data sharing |
AU2016361318B2 (en) * | 2015-11-24 | 2022-03-17 | Live Nation Entertainment, Inc. | Short-range device communications for secured resource access |
CN106992988B (en) * | 2017-05-11 | 2020-12-08 | 浙江工商大学 | Cross-domain anonymous resource sharing platform and implementation method thereof |
CN108881195A (en) * | 2018-06-07 | 2018-11-23 | 蒋云 | Data safety sharing method and device based on cloud environment |
CN110224986B (en) * | 2019-05-07 | 2020-09-25 | 电子科技大学 | Efficient searchable access control method based on hidden policy CP-ABE |
CN110247761B (en) * | 2019-06-18 | 2021-04-20 | 西安电子科技大学 | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner |
CN110912897B (en) * | 2019-11-27 | 2021-11-30 | 郑州轻工业大学 | Book resource access control method based on ciphertext attribute authentication and threshold function |
CN111447058B (en) * | 2020-03-30 | 2023-02-03 | 郑州轻工业大学 | Book resource access control method based on Chinese remainder theorem |
-
2020
- 2020-11-16 CN CN202011275889.6A patent/CN112383550B/en active Active
-
2021
- 2021-01-11 LU LU102395A patent/LU102395B1/en active IP Right Grant
Also Published As
Publication number | Publication date |
---|---|
CN112383550A (en) | 2021-02-19 |
CN112383550B (en) | 2022-07-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
LU102395B1 (en) | Method and system for dynamic authority access control based on privacy protection | |
JP6895478B2 (en) | Parameter-based key derivation | |
US7680937B2 (en) | Content publication | |
CN103856477B (en) | A kind of credible accounting system and corresponding authentication method and equipment | |
CN109963282B (en) | Privacy protection access control method in IP-supported wireless sensor network | |
US20060129847A1 (en) | Methods and systems for providing a secure data distribution via public networks | |
CN110912897B (en) | Book resource access control method based on ciphertext attribute authentication and threshold function | |
KR20170106515A (en) | Multi-factor certificate authority | |
CN115694838B (en) | Anonymous trusted access control method based on verifiable certificates and zero knowledge proof | |
Huang et al. | An efficient authentication and key agreement protocol for IoT-enabled devices in distributed cloud computing architecture | |
Bhandari et al. | A framework for data security and storage in Cloud Computing | |
CN113228560A (en) | Issuing apparatus and method for issuing, and requesting apparatus and method for requesting digital certificate | |
WO2022069137A1 (en) | Challenge-response protocol based on physically unclonable functions | |
Li et al. | Secure data access and sharing scheme for cloud storage | |
Tian et al. | An efficient scheme of cloud data assured deletion | |
Yang et al. | Protecting personal sensitive data security in the cloud with blockchain | |
US11496287B2 (en) | Privacy preserving fully homomorphic encryption with circuit verification | |
Lv et al. | Heterogeneous Cross‐Domain Identity Authentication Scheme Based on Proxy Resignature in Cloud Environment | |
CN117097526A (en) | Block chain-based data security sharing method and device | |
Liang | Enabling privacy preservation and decentralization for attribute-based task assignment in crowdsourcing | |
Nie et al. | Time‐enabled and verifiable secure search for blockchain‐empowered electronic health record sharing in IoT | |
Wang et al. | Attribute‐Based User Revocable Data Integrity Audit for Internet‐of‐Things Devices in Cloud Storage | |
CN115941221A (en) | Access control method based on block chain in mobile edge cloud cooperation | |
Song et al. | A secure and effective anonymous integrity checking protocol for data storage in multicloud | |
Miao et al. | Doas: efficient data owner authorized search over encrypted cloud data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FG | Patent granted |
Effective date: 20211025 |