A Distributed Service Access Authorization and Access Control Method Based on Attribute-Based Cryptography

Abstract

The invention proposes a distributed service access authorization and access control method based on attribute-based cryptography, which is used to solve the authentication, authorization and access control problems of cross-domain access to multi-service provider services by users. The present invention designs an authorization and service access control mechanism based on multi-factor authentication and distributed hierarchical attribute passwords. The services of each supplier are organized into a hierarchical service tree, and the authority of each user includes the services ordered by it. The collection and its subscription time, the service provider's access strategy is determined by the service attribute and time attribute, and the combination of user authentication, authorization and access control is realized by integrating multi-factor authentication and attribute password mechanism. The invention supports users to use a unified service release and management platform to access services of multiple service providers and service providers in the system across domains.

Description

technical field [0001] The invention belongs to the field of access control in the discipline of network space security, in particular to a method for comprehensively realizing authentication, authorization and access control in a distributed environment. Background technique [0002] Cloud Computing is a new and broad research field, it is a convenient service model. Cloud computing can allow users to access resource pool models (such as networks, servers, storage, applications, and services) on demand through the Internet, thereby quickly providing services to users. It is a technology of parallel computing, distributed computing, and grid computing. develop. Cloud computing has five basic characteristics: on-demand self-service, extensive network access, resource pools, fast and flexible usage, and measurable services. In this technology, a user can subscribe to a service provided by a service provider, and the user only needs a terminal, a smartphone or a tablet connec...

AI Technical Summary

Problems solved by technology

In the documents CN102916954A, CN103220291A, CN104022868A, CN104113408A, the revocation of user authority is considered, but efficient decryption is not considered

In the article "A Fog / Cloud-Based Data Delivery Model for Publish-Subscribe Systems", the author Vikas Pardesi et al. introduce a service agent to provide service access control interfaces for multiple service providers, but service providers need to maintain a huge user access control Table, there is very big delay in this centralized access control mode, and service agent becomes the performance bottleneck of the system; Proposed efficient key distribution method in CN105915333A, but only has a single service attribute authority to distribute key, in actual During the implementation process, the burden on authority has been greatly increased

In the Chinese patent document CN2015101068880.5, the patent titled "A Distributed Access Control Method Based on Attribute Encryption" proposes a method that can not only protect the privacy and security of data, but also achieve efficient distribution and scalability. The encryption method of fine-grained access control uses multiple authorities to share the workload of a single authority, and can realize user revocation, but it does not perform hierarchical management on the service attributes in the service package subscribed by the user, and the efficiency is not high

In the existing literature, most of them are researches on data privacy protection in cloud environment, and there are very few researches on cloud computing services.

Images