Cryptography attribute-based access control method and system based on dynamic rule

An access control and cryptography technology, applied in the information field, can solve the problems of not being able to maintain dynamic attributes, not having scalability, etc., to achieve the effect of ensuring consistency and integrity, and efficient authorization access process

Active Publication Date: 2018-03-30
UNIV OF SCI & TECH BEIJING
View PDF6 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But in this kind of ABE, the access policy is fixed in the ciphertext and cannot be changed, so it is not scalable; secondly, the attribute assignment and key combination are fixed, and dynamic attributes cannot be maintained.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cryptography attribute-based access control method and system based on dynamic rule
  • Cryptography attribute-based access control method and system based on dynamic rule
  • Cryptography attribute-based access control method and system based on dynamic rule

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0090] A cryptographic attribute-based access control method based on dynamic rules. In this embodiment, the method includes four entity attribute sets, corresponding access policies and authorization procedures. The specific embodiments are as follows, which will also be used in subsequent embodiments :

[0091] Subject attribute set S, including: name and occupation, denoted as S 1 ,S 2 . The name is represented by a string, if it contains two members {"ZhangSan","LiSi"}, formally name it as S 1 :={s 11 ,s 12}. Occupation includes two attribute values ​​{Doctor, Nurse}, formally named as S 2 :={s 21 ,s 22}.

[0092] Object attribute set O, including: file name and file type, expressed as O 1 ,O 2 . The filename is a string, formalized as O 1 :={0,1} n . The file type includes two attribute values ​​{WardRecord,PatientArchive} of "Ward Record" and "Patient Archive", which are formally named as O 2 ={o 21 ,o 22}.

[0093] Action attribute set A, including: b...

Embodiment 2

[0106] An encryption scheme is included in the access control system based on said cryptographic attribute, an embodiment of the scheme is as follows:

[0107] 1. System initialization algorithm (Setup): the input is a bilinear mapping system

[0108] The output is the public-private key pair of the policy center and each entity.

[0109] 1) in G 1 ,G 2 The generators g and h are randomly selected on the group;

[0110] 2) at The domain randomly selects the secret exponent α, and calculates g α ;

[0111] 3) The public / private key pair of the output policy center P is pk P =(g,h,g α ) and sk P =(α);

[0112] 4) For each entity T∈Ω in the entity set Ω={S,O,A,E}, in The domain randomly selects the secret exponent β T ,calculate

[0113] 5) The public / private key pair of the output entity T is and sk T =(β T )right

[0114]

[0115] 2. Object Encryption Algorithm (ObjectEnc): The input is the public key pk of the policy center P p , the output is the se...

Embodiment 3

[0155] This example takes the access policy Π in Example 1 as an example, and gives the conversion process of generating the cryptographic representation of the policy Π. This embodiment is also a detailed description of steps 2) and 4) in the policy generation algorithm (PolicyGen) and step 2) in the resource decryption algorithm (ObjectDec).

[0156] An access policy Π is composed of one or more predicates. As mentioned above, in a medical diagnosis record system, the doctor "Zhang San" wants to read the ward records on Monday. At this time, the access policy is set as "doctors can read the ward records at any time or nurses can read the ward records on weekdays." ”, the strategy can be formalized as:

[0157]

[0158] Formally describe this access strategy as the following access matrix:

[0159]

[0160] where P 1 P 5 denote the predicate S 2 =s 21 , S 2 =s 22 ,E 1 =e 11 , O 2 =o 21 and A 1 =a 11 . In this way, the access policy can be formalized as

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a cryptography attribute-based access control method and system based on a dynamic rule, mainly belonging to the technical field of information. In the cryptography attribute-based access control system based on the dynamic rule, protected objects are stored in a encrypted form, and only the requests satisfying the requirements of access policies in the attribute-based access control can be authorized to decrypt the objects, therefore, it can be ensured that data in an unsafe environment can be accessed with authorization according to a security policy, and meanwhile,the extensibility of the policies and the dynamic acquisition of the attributes are also supported. The cryptography attribute-based access control method and system based on the dynamic rule are divorced from the traditional encryption system framework, and are a new attribute-based access control model, method and system supporting the cryptography decision. The cryptography attribute-based access control method and system based on the dynamic rule can achieve more secure, diversified, dynamic and flexible access authorization, which are suitable for large-scale organizations or informationsystems, and can be applied to the environments such as cloud computing, grid computing, distributed computing, and so on.

Description

technical field [0001] The invention mainly belongs to the field of information technology, and in particular relates to a cryptographic attribute-based access control method and system based on dynamic rules. The method and system support cryptographic access with extensible policies and dynamically acquired attributes, are suitable for large-scale organizations or information systems, and can be applied to environments such as cloud computing, grid computing, and distributed computing. Background technique [0002] Access control is one of the core technologies to ensure the security of information systems. Its task is to ensure that digital assets are not used illegally. It usually refers to the different authorized access of the subject to the object itself or its resources according to certain control strategies or permissions. [0003] In recent years, with the continuous growth of network application diversity and system scale, a new access control technology called A...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0407H04L63/06H04L63/0807H04L63/10H04L63/20H04L63/0428H04L63/045H04L9/088H04L9/3073H04L9/3268
Inventor 朱岩于汝云尹昊秦瑶
Owner UNIV OF SCI & TECH BEIJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap