A fine-grained cloud platform security access control method based on user identity capabilities

A technology for secure access and user identity, which is applied in the field of fine-grained cloud platform security access control, can solve problems such as non-unique user attributes, unsuitable for pervasive cloud environments, unclear division of permissions, etc., to achieve low cost and protection User privacy, the effect of avoiding communication bottlenecks

Active Publication Date: 2017-02-22
蜻蜓数字乡村研究院(苏州)有限公司
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the inherent and non-unique nature of user attributes, and different users may have multiple identical attributes, the process of fine-grained access faces the problem of unclear division of permissions
In the process of permission revocation, the revocation of a certain user attribute will involve other legitimate users with this attribute, and the consignment of revocation is relatively large, which is not suitable for the pervasive cloud environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A fine-grained cloud platform security access control method based on user identity capabilities
  • A fine-grained cloud platform security access control method based on user identity capabilities
  • A fine-grained cloud platform security access control method based on user identity capabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The invention will be described in further detail below in conjunction with the accompanying drawings.

[0032] Such as figure 1 and figure 2 As shown, in this embodiment, a fine-grained cloud platform security access control method based on user identity capability, the system of the present invention is composed of four functional entities: cloud, cloud server, user and DO. Among them, DO is the uploader and resource owner of cloud data, encrypts files and formulates related access strategies. Users are sharers of cloud data and have access rights to read, write, and execute files, but these rights can only be obtained after registration at DO. The cloud server undertakes an important task. It stores the identity-authority-ciphertext table uploaded by the DO. It is not only an agent of DO access control, but also a service provider of cloud computing storage. The cloud is a physical node composed of computer clusters, which only has the function of storage.

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a fine-grained cloud platform security access control method based on user identity capabilities, belonging to the technical field of resource access; the invention divides files uploaded by data owners into control fields and ciphertext fields, and stores the ciphertext fields in Cloud physical nodes, the cloud server saves the control field, and the cloud server agent performs intervention control, reasonably allocates network resources, reduces the burden on data owners, and only needs to update the control list locally in the process of access authorization redirection , associate each globally unique file number identifier with a globally unique user identity identifier, and bind the user's operation authority to achieve fine-grained access control, and encrypt the uploaded identity-permission-ciphertext list , to ensure the confidentiality and integrity of user information and file information, and reduce the risk of information leakage on the third-party cloud platform.

Description

technical field [0001] The invention relates to a fine-grained cloud platform security access control method based on user identity capabilities, and belongs to the technical field of resource access. Background technique [0002] The traditional access control method needs to build a database to store the user identity-password relationship list, but the cloud computing center is "third-party, semi-trusted". If these databases are exposed to the cloud platform, the risk of being compromised will increase. Once a large number of user identities are stolen, tampered with, or deleted, immeasurable losses will be caused. At the same time, cloud computing allows a large number of users to perform online file access operations at the same time. If user access is not fine-grained, it may cause file misreading, accidental deletion, and information leakage. [0003] If the DO (Data Owner, data owner) is always online, fine-grained security access control and real-time update of use...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 孙知信洪汉舒宫婧
Owner 蜻蜓数字乡村研究院(苏州)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap