Fine-grained access control method based on dense point labeling

Abstract

The invention discloses a fine-grained access control method based on dense point labeling. According to the method, firstly, secret point information including secret levels, effective time domains and effective space domains of secret points is marked, then grading secret keys are generated to carry out grading encryption on the secret points in a file, and the encrypted file is transmitted to aserver to be stored; allocating roles to the users, allocating operation authorities to the roles, and further expanding the role authorities; and finally, implementing access control in multiple dimensions according to the security level, the time domain, the space domain and the operation authority by taking the secret point as a unit. According to the method disclosed by the invention, the complexity of authority management is reduced, the files are stored and transmitted in a ciphertext form, and the storage and transmission security of the files is enhanced. The role permission set is expanded by multi-dimensionally labeling the secret point information, the access control strategy is refined, and the rationality and the leakproofness of access control are ensured. According to the method, fine-grained real-time access control is carried out by taking the secret point as a unit, so that the flexibility of access control is enhanced, and the security level of the electronic file is improved.

Description

technical field [0001] The invention belongs to the technical field of electronic information security, and in particular relates to a fine-grained access control method based on dense point marking. Background technique [0002] The vigorous development of the Internet and the increasing popularity and depth of office automation provide a more complete means for information resource sharing. In party and government departments at all levels, national defense and military industries, and enterprises and institutions, more and more information exists in the form of electronic files, which not only relates to the sound operation and rapid development of various industries in our country, but also directly relates to the provinces, confidentiality of information at the municipal and national level. Therefore, while realizing the sharing of information resources conveniently and quickly, preventing unauthorized users from illegally accessing sensitive information in the organiz...

AI Technical Summary

Problems solved by technology

However, most of the current access control technologies for electronic files are based on the file rather than the secret content in the file. Due to the full consideration of characteristics such as timeliness and timeliness, the access control mechanism is not rigorous enough to achieve effective management of electronic files

Moreover, most of the current electronic files are stored and transmitted in plain text, and the security of electronic files is difficult to guarantee, which may lead to the leakage of information resources