Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/60—Protecting data
  • G06F21/604—Tools and structures for managing or administering access control systems
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
  • H04L63/102—Entity profiles
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
  • H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
  • H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
  • H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Definitions

• Access control is an important feature of security in distributed systems, such as controlled information sharing across different departments in an enterprise and different companies in an industry. Different departments in a company often have different policies, different implementations of access control and legacy systems will frequently create issues with interoperability.
• a computer implemented method for dynamic access control by creating a capability where a capability is a secure reference to an object, where the capability is stored on a blockchain system comprising:
• the Confused Deputy Problem happens when a program which has access rights given to it for one purpose applies those access rights for some other purpose that is contrary to the original intent of the access rights, and therefore allows something that it should not allow.
• a classic example of this problem involves a program that is allowed to write into a directory, which contains a log file and billing information file. The program takes a parameter of a file to which it will write debugging information. A user can then supply the billing information file into the program and thus overwriting the billing information. This may not have been intended during system design, but if the program has the necessary access rights, it may perform this action, perhaps under malicious or erroneous user control.
• the invention is advantageous as it helps overcome this issue.
• one or more smart contract instances executing on the blockchain to: (a) receive a request from a sender to create a capability for the object;
• (d) store the capability for the object for the sender, wherein the capability can be used to dynamically determine access control for the object.
• one or more smart contract instances executing on the blockchain to:
• (d) store the capability for the object for the target, wherein the capability can be used to dynamically determine access control for the object.
• a computer implemented method for dynamic access control by revoking a capability where a capability is a secure reference to an object, where the capability is stored on a blockchain system comprises:
• one or more smart contract instances executing on the blockchain to:
• Fig. 2 illustrates a computer-implemented method for creating a capability.
• Fig. 3 illustrates a computer-implemented method for granting a capability.
• Fig. 4 illustrates a computer-implemented method for deleting a capability.
• Fig. 5 illustrates a computer-implemented method for revoking a capability.
• Fig. 6 illustrates a computer-implemented method for invoking a capability.
• Fig. 7 illustrates an example sender. Description of Embodiments
• the present invention generally relates to methods software and system for implementing dynamic access control on a blockchain system.
• the integrity of smart contracts ensures secure processing of the access control logic and management.
• Smart contracts form part of the computational infrastructure of many blockchain systems which can be used to perform, as well as store the history of, capability operations.
• transactions are aggregated into blocks.
• Each block contains a mathematical function calculation, called a hash, of the previous block.
• This mathematical function calculation is easy to calculate given a specific transaction but difficult to reverse given a specific hash. This represents a means to determine whether content in the transaction has been modified in any way.
• This creates a chain where any changes made to a block will change that block's hash, which must be recomputed and stored in the next block. This changes the hash of the next block, which must also be recomputed and so on until the end of the chain.
• each block is also linked to the previous block (the 'parent' block) by containing a reference the previous block.
• Each block is guaranteed to come after the previous block chronologically because the previous block's hash would otherwise not be known.
• Each block is also computationally impractical to modify once it has been in the chain for a while (typically in Bitcoin this is around 60 minutes or 6 blocks on average) because every block after it would also have to be regenerated.
• Smart contracts in a blockchain system are intended to replicate the legal concept of contracts. That is, where contracts are mutual agreements that impose obligations on the parties to the contract, a smart contract is a way of automatically imposing obligations or conditions on the transaction.
• Bitcoin and Ethereum (and most other blockchain systems) utilise scripts for the purpose of verifying transactions. It is possible that a smart contract can be implemented as a script and it would operate the same as the way a normal transaction would be verified.
• the term 'smart contract' is used interchangeably to refer to both the code that is used to execute a smart contract and the actual executing or executed smart contract.
• the term 'process instance' refers to the execution, and services provided by the smart contract.
• the term 'script' refers to the smart contract code that can be executed as a process instance.
• the current disclosure uses the term 'blockchain' to refer to actual blockchain itself (that is, the public shared ledger with blocks added sequentially).
• the current disclosure also uses the term blockchain in relation to a blockchain system and a blockchain network.
• the term 'blockchain system' is intended to refer to all the components that make the blockchain operate. This includes the wallet, code, transactions, the blockchain network, as well as the blockchain itself. Examples of blockchain systems used in the disclosure include Bitcoin and Ethereum. Where the term blockchain network is used (for example the Ethereum blockchain network), this is intended to refer to the computers running the blockchain code that are able to communicate with each other via a communications network such as the Internet.
• This component connects the blockchain process execution to the outside world.
• the interface makes available an external Application Programmable Interface (API) functions for a sender to call.
• API Application Programmable Interface
• a sender is a user process that initiates a capabilities operation.
• Capability' 158 and 'Invoke Capability' 159 may be process instances on the blockchain. These process instances handle much of the process logic of the creating, granting, deleting and revoking capabilities and may store the process state on the blockchain as well.
• a sender is the user process that initiates a capabilities operation.
• a capability is communicable, in the sense that it can be sent or communicated from one party to another party (such as a sender to a target or a user process to any other user process).
• the capability may be communicated as data much like any other communication. This allows for a user process to determine where the source of the capability came from.
• a capability is secure in that the system provides protection such that the object reference is not easy to copy or computationally infeasible to forge.
• the protection is enabled by the use of a blockchain system.
• the capabilities as protected object references can be created only, in one embodiment, through the use of privileged instructions in a smart contract which may be executed on the blockchain to give effect to the capability on the blockchain system.
• Fig.4 is an example method for a delete capability operation.
• the Dynamic Access Control Interface 150 receives 410 a request from a sender to delete a capability for an object.
• the Dynamic Access Control Interface 150 then calls the delete capability 156 process instance.
• the delete capability 156 process instance first determines 420 existence and ownership of the capability for the object for the sender. That is, the delete capability process instance ascertains what access rights the sender has for the object, and in particular it determines whether the sender is the owner.
• the delete capability process instance determines whether the access rights allow for the capability for the object to be deleted. That is, the delete capability process instance determines 430 whether the sender's access rights enable the sender to delete a capability for the object 140.
• the revoke capability process instance determines 530 whether the access rights for the sender for the object allow for the capability for the object for the target to be revoked. That is, the revoke capability process instance determines whether the sender' access rights enable the sender to revoke a capability for the object 140 for the target. Typically, if the sender is determined to be the owner of the object 140 then the sender would be able to revoke the capability for the object. Subsequently, the storage manager may remove 540 the capability. This is the step that removes the capability from the database.
• Bob 112 may wish to perform an activity on an object 140.
• the service resource owner will check that Bob is allowed to perform the activity by calling an invoke capability operation.
• the sender would be able to invoke the capability for the object.
• a smart contract has to be deployed before it can be executed.
• the compiled code of the script and the Application Binary Interface are required.
• the ABI defines how to interact with the Dynamic Access Control Interface 170.
• an API defines an interface for source code to be utilised
• an ABI defines the low-level binary interface between two or more pieces of software on a particular architecture.
• the ABI defines how the process instance will interact with itself, how the process instance interacts with the Ethereum network 150, and how the process instance 170 interacts with any code libraries.
• a compiler will typically produce both the compiled code and the ABI. Both the sender 120 and target 140 may have access to the ABI for the

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Signal Processing (AREA)
• Computer Networks & Wireless Communication (AREA)
• General Engineering & Computer Science (AREA)
• Computer Hardware Design (AREA)
• Theoretical Computer Science (AREA)
• Computing Systems (AREA)
• General Health & Medical Sciences (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Software Systems (AREA)
• Bioethics (AREA)
• Health & Medical Sciences (AREA)
• Automation & Control Theory (AREA)
• Storage Device Security (AREA)

Priority Applications (6)

Applications Claiming Priority (2)

Publications (1)

Family

ID=61299529

Family Applications (1)

Country Status (7)

Cited By (22)

Families Citing this family (40)

Citations (2)

Family Cites Families (8)

• 2017
  • 2017-08-30 EP EP17844684.5A patent/EP3479519B1/en active Active
  • 2017-08-30 WO PCT/AU2017/050928 patent/WO2018039722A1/en not_active Ceased
  • 2017-08-30 JP JP2019531494A patent/JP7019697B2/ja active Active
  • 2017-08-30 CN CN201780053286.1A patent/CN109691015B/zh active Active
  • 2017-08-30 KR KR1020197004184A patent/KR102480035B1/ko active Active
  • 2017-08-30 AU AU2017320341A patent/AU2017320341B2/en active Active
  • 2017-08-30 US US16/328,159 patent/US11153092B2/en active Active

Patent Citations (2)

Non-Patent Citations (8)

Also Published As

Similar Documents

Legal Events