Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attribute-based access control model and cross domain access method thereof

A technology of access control and attributes, applied in transmission systems, electrical components, etc., to achieve the effect of access control

Inactive Publication Date: 2011-03-30
CHONGQING UNIV
View PDF4 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] The invention provides an attribute-based access control model and its cross-domain access method. The model regards the user's role and management domain as a certain attribute of the user, so it can be compatible with the existing RBAC model and can effectively Solve the efficiency problem of user-role-permission assignment under complex role conditions in RBAC model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attribute-based access control model and cross domain access method thereof
  • Attribute-based access control model and cross domain access method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0062] Such as figure 1 As shown, an attribute-based access control model described in the present invention, in order to simplify the description of the method, two management domains, the first management domain 1 and the second management domain 2, are used as examples for illustration. Including a first management domain 1 and a second management domain 2 connected to the Internet, wherein the first management domain 1 is provided with a first access control server 1a, and the first access control server 1a is connected with at least one first application Server 1b, wherein the second management domain 2 is provided with a second access control server 2a, the second access control server 2a is connected to at least one second application server 2b, the key lies in: it also includes a certificate server 3 and an attribute management server 4;

[0063] Where certificate server 3 is used for:

[0064] I. By issuing server certificates to the first access control server 1a a...

Embodiment 2

[0127] A cross-domain access method based on an attribute-based access control model, the key of which is:

[0128] Step 1. The certificate server issues server certificates to the first management domain 1 and the first management domain 2, respectively, for maintaining the trust chain relationship between the first access control server 1a and the second access control server 2a;

[0129] Step 2, the user logs in to the first management domain 1 through the first application server 1b, the first access control server 1a issues an attribute certificate containing a digital signature to the user, and the user downloads the attribute certificate to the local disk of the first application server 1b for storage;

[0130] Step 3. When the user logs in to the second management domain 2 and anonymously accesses resources under the second management domain 2, submit the attribute certificate issued by the first management domain 1 to the second management domain 2;

[0131] Step 4, t...

Embodiment 3

[0134] A cross-domain access method based on an attribute-based access control model, the key of which is:

[0135] Step 1. The certificate server issues server certificates to the first management domain 1 and the first management domain 2, respectively, for maintaining the trust chain relationship between the first access control server 1a and the second access control server 2a;

[0136] Step 2: The user logs in to the first management domain 1 through the first application server 1b, and the certificate server and the first access control server 1a issue to the user a user certificate encrypted with a private key and an attribute certificate containing a digital signature respectively. The certificate is downloaded to the local disk of the first application server 1b for storage;

[0137] Step 3: When the user transparently accesses resources under the second management domain 2, submit the user certificate and the attribute certificate to the second management domain 2 at...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an attribute-based access control model and a cross domain access method thereof. The attribute-based access control model comprises a first management domain and a second management domain, and is characterized by comprising certificate servers and attribute management servers. The cross domain access method of the system comprises the following steps: the certificate servers are respectively used for awarding a server certificate for the first management domain and the second management domain; a user downloads an attribute certificate to a local disk for storage by logging on the first management domain; the user submits the attribute certificate to the second management domain; a second access control server verifies the attribute certificate; and the second access control server extracts an attribute value to judge the operation validity of the user. The attribute-based access control model and the cross domain access method thereof of the invention have the obvious advantages that the role of the user and the management domains can be considered as a single attribute of the user, the efficiency problem of user-role-authority valuation under the condition of complex role in a role-based access control (RBAC) model can be effectively solved, and the corresponding access control method is provided for an anonymous user in an open network environment.

Description

technical field [0001] The invention relates to an attribute-based universal access control technology in an open network environment, in particular to an attribute-based access control model and a cross-domain access method. Background technique [0002] The access control system determines which users can access the system in the network environment, which resources in the system can be accessed, and what operations can be performed on these resources. The core issue of cross-domain access in an open network environment is: how does the access control system identify users from other application systems, and then judge whether the user's operation is legal according to the access control policy in the system. [0003] Before attribute-based access control was proposed, research on access control methods mainly focused on autonomous access control, mandatory access control, and role-based access control. Other types of access control methods such as task-based or workflow-b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 钟将冯永汪成亮李季侯素娟
Owner CHONGQING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com