CN114666067B - Cross-domain fine-grained attribute access control method and system based on block chain - Google Patents
Cross-domain fine-grained attribute access control method and system based on block chain Download PDFInfo
- Publication number
- CN114666067B CN114666067B CN202210562634.0A CN202210562634A CN114666067B CN 114666067 B CN114666067 B CN 114666067B CN 202210562634 A CN202210562634 A CN 202210562634A CN 114666067 B CN114666067 B CN 114666067B
- Authority
- CN
- China
- Prior art keywords
- node
- trust
- value
- subject
- main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004364 calculation method Methods 0.000 claims abstract description 16
- 239000004480 active ingredient Substances 0.000 claims description 12
- 230000003993 interaction Effects 0.000 claims description 12
- 238000012797 qualification Methods 0.000 claims description 5
- 239000002131 composite material Substances 0.000 claims description 4
- 239000003999 initiator Substances 0.000 claims description 3
- 230000001105 regulatory effect Effects 0.000 claims 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 claims 1
- 229910052799 carbon Inorganic materials 0.000 claims 1
- 230000003247 decreasing effect Effects 0.000 claims 1
- 238000004519 manufacturing process Methods 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 4
- 238000004806 packaging method and process Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cross-domain fine-grained attribute access control method and a system based on a block chain, wherein a task state attribute is introduced into an attribute access control model on the basis of the block chain and the attribute access control method, the authority of a requester can be dynamically allocated according to information such as task state, required conditions and the like, and a method for calculating the trust value of a subject node by using the attribute of the subject node, the environment attribute and the like can help a subject node to judge whether the subject node can access own resources or not, the comprehensive trust value of the subject node can be updated in real time, the authority of the requester is dynamically allocated by using the comprehensive trust value of the subject node, the requester only has the minimum authority for accessing the resources, the attribute-based fine-grained access control is achieved, a malicious requester has no additional authority which can be utilized, and the calculation overhead and space overhead of the cross-domain access control are reduced, meanwhile, the method can well resist unauthorized attack, fake impersonation attack and collusion attack.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based cross-domain fine-grained attribute access control method and system.
Background
As an important technical means for maintaining security of information, data, resources, etc. in the internet, with the development of the internet, many kinds of access control technologies have been proposed, such as the most typical autonomous access control, mandatory access control, role-based access control, but the most important problem of these access controls is that they all belong to static access control and cannot dynamically assign permissions, and some new access control technologies are proposed, such as attribute-based access control, task flow-based access control, trust-based access control, etc.
And as the block chain technology is more mature, the application research of the access control combined with the block chain is more and more. Research cases of access control combined with block chains appear from 2017, which solves the problems of single point of failure, low reliability and difficult reliability of the traditional access control. And then, the intelligent contract is generated, so that the access control is more perfectly realized on the block chain, and the authority management of the access subject is more automatic. The method realizes credible access control by using information interaction between the access host and the access object as transaction information. And with the increasing use of the internet of things and the blockchain in various industries, the scene requirements are more and more complex, and in many cases, the access between organizations is extremely important, and a block chain-based cross-domain data access control strategy is provided. At present, various access control schemes based on block chains exist, but the problems that the granularity of dynamically allocated access control authority is not enough, the security of access control flow is hidden, the management of cross-domain data access authority among multiple domains still needs to be further strengthened and the like still exist in a complex application system.
Nowadays, most domestic and foreign scholars focus on the application of the blockchain, due to the characteristic of decentralized feature of the blockchain, the blockchain is applied to a plurality of fields to solve the problem of single point failure caused by existing centralization in the fields, and the Jason Paul Cruz proposes a role-based access control scheme (RBAC-SC) in the blockchain in 2018. Riabi et al propose a token access control scheme based on a block chain role, the access control of the scheme is realized through a block chain, three roles in the model are a resource owner, a resource requester and a miner, the resource requester needs to be added to an ACL table of the resource owner through application (the ACL table is stored on an intelligent contract), and the access control can be realized only by obtaining a token of the miner. G. Ali et al propose a decentralized internet of things authorization delegation and access control framework-xDBAuth based on block chains, construct a hierarchy of local and global intelligent contracts, and perform authorization delegation and access control for internal and external users/internet of things. Stercury et al propose a cross-domain access control method based on a block chain, which can prevent the behavior of forging tokens according to the processing of tokens in the token generation phase, resist man-in-the-middle attacks according to dynamic verification, prevent malicious nodes from flooding attacks on a system, and prevent the behavior of system abnormity caused by single-point faults from occurring.
However, the following problems exist in view of the existing access control scheme:
in the access control scheme based on the block chain attribute, the access control scheme grants the host the authority of accessing the resource and the related operation which can be carried out by the host through the attribute value of the host and the environment where the host is located. However, due to lack of trust of the subject and the object, the reliability of the subject cannot be judged by the object node in the access control, and an access control scheme with comprehensive consideration of attributes and trust is lacked, so that security threats such as counterfeit and fraud of the subject node cannot be avoided. And most of the resources only consider the environment attribute of the object resource, and lack of consideration on the state of the object node resource, so that the effect of fine-grained access control cannot be achieved, and the problem of insufficient access authority of dynamic allocation exists.
Most of the management of cross-domain data access permissions among multiple domains based on a block chain access control scheme is based on a token and role cross-domain access control scheme, and with frequent application and revocation of roles and tokens of users, roles and tokens are difficult to manage, so that role and token explosion occurs, and a large number of roles and tokens also bring threats to the management and control of permissions.
Disclosure of Invention
The invention aims to overcome the technical problems in the background art and provides a cross-domain fine-grained attribute access control method based on a block chain. The method utilizes the subject attribute, the environment attribute and the like to calculate the algorithm of the subject trust value, introduces the task state attribute into the attribute access control scheme, helps the object to judge whether the subject can access own resources and the running state of the resources, enables the resources not to bear excessive burden, can realize dynamic granting of the subject access authority in combination with the task state attribute, enables the subject to access the resources only with the minimum authority, and improves the efficiency of the access control scheme. And the block chain technology is utilized to realize cross-domain access control, each domain of the access control system is provided with a host trust node which is responsible for managing role values, attribute values and trust values of a subject and an object in the region of the access control system, and a cross-domain access control flow is given.
The specific technical scheme of the invention is as follows:
according to a first technical solution of the present invention, there is provided a block chain-based cross-domain fine-grained attribute access control method, including:
receiving an encrypted identity of a main body node, an area where the main body node is located and a resource request of the main body node, wherein the encrypted identity of the main body node is obtained by encrypting the identity of the main body node by using a corresponding private key;
selecting a random numberNSending the data to the main node;
receiving a secondary encrypted identity of the subject node and a public key of the subject node, wherein the secondary encrypted identity is that the subject node receives a random numberNThen, signing by using a private key to obtain;
verifying whether the random number in the twice encrypted identity is a random numberN;
The random number in the twice-encrypted identity is a random numberNAccording to the public of the subject nodeDecrypting the secondary encrypted identity by using a key to obtain the identity of the main body node, calculating to obtain an address corresponding to the main body node according to the identity of the main body node and a public key of the main body node, then finding out an attribute value of the main body node from a block chain, and calculating a direct trust value with the main body node according to the attribute value of the main body node;
inquiring a comprehensive trust value of the address of the main trust node corresponding to the region on the block chain to the main node according to the region number of the main node, calculating a direct trust value of the main node with the attribute value of the main node and the resource environment attribute, and calculating to obtain a recommended trust value according to the basic trust value and the direct trust value of the main node;
calculating to obtain a comprehensive trust value according to the direct trust value and the recommended trust value;
and when the comprehensive trust value reaches the preset trust value threshold value requirement, checking the state of the task executed by the current resource through the task state attribute, and agreeing with the resource request of the main node under the condition that the state of the task executed by the current resource meets the task state requirement.
Further, the calculating a direct trust value with the subject node according to the attribute value of the subject node includes:
according to the subject attribute of the subject node and the accessed resource environment attribute, calculating the current direct trust of the subject node by the following formula
:
Wherein,
representing the class of the relevant subject attribute of the subject node,
indicating the type of the accessed relevant context attribute,
and with
Is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating the relevance of the subject attributes to the accessed resource,
representing the weight that each subject attribute occupies,
indicating the relevance of the environment attribute to the accessed resource,
represents the weight of each environment attribute, satisfies
,
,
;
Calculating a time decay weight from a time decay function, said time decay function being expressed as
Wherein
Is a constant, takes on the value of [0,1]In the interval range, t represents the time of the interaction distance between the last time and the main node;
calculating a historical trust value by the following formulaHV:
Wherein,
the last access control flow is shown,
represents the latest integrated trust value that was previously interacted with the subject node B;
calculating the direct trust value of the subject node by the following formula:
wherein,
is a constant, takes on the value of [0,1]In the interval range, if the interaction with the main node A is carried out for the first time, the historical trust value does not exist, and only the current trust value exists, so that
I.e. the calculated current trust value is the direct trust value with the subject node a.
Further, the calculating to obtain the recommended trust value according to the basic trust value and the direct trust value of the subject node includes:
calculating the direct trust value of the main trust node of the region to each main node in the region by the following formula:
wherein,
denotes a region number ofiThe direct trust value of the main trust node of the region to the main node of the region is adjusted along with the access times, the access success times and the access failure times,
indicating the number of successes of the subject node to access control,
indicating the number of failures of the subject node to perform access control,
representing the total times of access control of the subject node;
computing base trust values between master trust nodes of different regions
:
If the access of the main node fails, the area main trust node i reduces the basic trust value of the main node in the area, and the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For reducing the factor, the value is [0,1 ]]Within the interval range;
if the access of the main node is successful, increasing a basic trust value, wherein the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For increasing the factor, the value is [0,1 ]]Within the interval range;
calculating a recommended trust value for a subject node
。
Further, calculating a comprehensive trust value according to the direct trust value and the recommended trust value, comprising:
calculating a composite confidence value by the following formulaTV:
Wherein,
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating a direct trust value calculated in the currently ongoing access control flow,RVa trust value is recommended.
According to a second technical scheme of the invention, a cross-domain fine-grained attribute access control system based on a block chain is provided, the system comprises a main trust node, a main body node, an object node, a miner node, a resource node and a key management center,
the main trust node is a node on the block chain, is also the center of each area, is configured to manage the angular color value, the attribute value and the trust value of the main node and the object node in the corresponding areas in a sub-area mode, broadcasts the angular color value, the attribute value and the trust value of the main node and the object node in the areas to the block chain, and stores the angular color value, the attribute value and the trust value into a self trading pool to wait for the miners to take away the trades in the trading pool and issue the trades to the block chain;
the main body node is an initiator of access control and is configured to encrypt the identity of the main body node by using a corresponding private key to obtain an encrypted identity of the corresponding main body node; sending an encryption identity corresponding to a subject node, a region where the subject node is located and a resource request of the subject node to a subject node, and receiving a random number sent by the subject nodeNThen, signing by using a private key to obtain a secondary encrypted identity, and sending the secondary encrypted identity of the subject node and the public key to the object node;
the object node is a party with resources and is configured to receive the encrypted identity of a subject node, the area where the subject node is located and a resource request of the subject node; selecting a random numberNSending the data to the main node; receiving a secondary encrypted identity of the subject node and a public key of the subject node; verifying whether the random number in the twice encrypted identity is a random numberN(ii) a The random number in the twice-encrypted identity is a random numberNUnder the condition, the secondary encrypted identity is decrypted according to a public key of a main body node to obtain the identity of the main body node, an address corresponding to the main body node is obtained through calculation according to the identity of the main body node and the public key of the main body node, then an attribute value of the main body node is found out from a block chain, and a direct trust value with the main body node is calculated according to the attribute value of the main body node; inquiring the comprehensive trust value of the address of the main trust node corresponding to the region on the block chain to the main node according to the region number of the main node, and the attribute value and the resource of the main nodeCalculating a direct trust value of a main body node according to the environment attribute, and calculating to obtain a recommended trust value according to a basic trust value and the direct trust value of the main body node; calculating to obtain a comprehensive trust value according to the direct trust value and the recommended trust value; when the comprehensive trust value reaches the preset trust value threshold value requirement, checking the state of the task executed by the current resource through the task state attribute, and agreeing with the resource request of the main node under the condition that the state of the task executed by the current resource meets the task state requirement;
the resource node is configured to store resources owned by the object node;
the mineworker node is configured to take and distribute transactions in the transaction pools of the master trust nodes of each region to a blockchain;
the key management center is configured to be responsible for key initialization work, key creation and key generation of a main trust node, a main body node, an object node and a miner node in each area.
Further, the subject attribute of the subject node is obtained by the following method:
the main body node proposes a main body attribute registration request: each main body node provides a main body node attribute registration request to a main trust node of the belonging area;
the main trust node generates a main attribute table: each region main trust node firstly verifies the qualification of the main body in the region according to the application information of each main body node, if the main body node is qualified, a main body attribute table is generated according to the application information of the main body
,
Indicating an in-area identity ID of
The subject attribute table of the subject node of (1), wherein
Indicating that the subject node has a k-th subject attribute,
total sharing of presentation system
Different subject attributes are planted, and a subject trust node in a region can locally store an attribute value corresponding to each subject in the region;
the main trust node generates a main attribute transaction of the main node: regional master trust nodeTMDThe form of generating the subject attribute transaction for the subject node is shown as follows:
the transaction is indicated as an address
The subject of (2) has subject attributes
。
Further, the object node resource is obtained by the following method:
an object node with resources makes a resource request to a main trust node of a region to which the object node belongs;
the master trust node generates a resource list: the region host trust node verifies the object resource in the region according to the region object node application information, if the object node has corresponding resource, a corresponding resource list is generated
,
Indicating an identity ID in the area of
Resource list of subject nodeWherein
Indicating that the node ownskThe kind of the resource is selected from the group,
total sharing of presentation system
Different resources are planted, and then the host trust node can locally store one list of each object resource in the area;
the zone master trust node generates a resource list transaction: the transaction form generated by the zone master trust node is shown as the following formula:
indicating an address of
Node of has resources
;
The main trust node correspondingly packs the transaction and puts the transaction into a transaction pool;
resource environment attribute initialization: firstly, an object node with resources generates an environment attribute list of the resources according to the resources of the object node
,
Indicating an in-area identity ID of
A resource environment attribute table of the node of (1),
which represents the kind of the attribute of the environment,
the indication is provided withkAnd the environment attribute and the resource environment attribute are stored locally in the node.
Further, the guest node is further configured to:
according to the subject attribute of the subject node and the accessed resource environment attribute, calculating the current direct trust of the subject node by the following formula
:
Wherein,
representing the class of the relevant subject attribute of the subject node,
indicating the type of the accessed relevant context attribute,
and
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating the relevance of the subject attributes to the accessed resource,
representing the weight that each subject attribute occupies,
indicating the relevance of the environment attribute to the accessed resource,
represents the weight of each environment attribute, satisfies
,
,
;
Calculating a time decay weight from a time decay function, said time decay function being expressed as
Wherein
Is a constant, takes on the value of [0,1]In the interval range, t represents the time of the interaction distance between the last time and the main node;
calculating a historical trust value by the following formulaHV:
Wherein,
the last access control flow is shown,
represents the latest integrated trust value that was previously interacted with the subject node B;
calculating the direct trust value of the subject node by the following formula:
wherein,
is a constant, takes on the value of [0,1]In the interval range, if the interaction with the main node A is carried out for the first time, the historical trust value does not exist, and only the current trust value exists, so that
I.e. the calculated current trust value is the direct trust value with the subject node a.
Further, the guest node is further configured to:
calculating the direct trust value of the main trust node of the region to each main node in the region by the following formula:
wherein,
denotes a region number ofiThe direct trust value of the main trust node of the region to the main node of the region is adjusted along with the access times, the access success times and the access failure times,
indicating the number of successes of the subject node to access control,
indicating the number of failures of the subject node to perform access control,
representing the total times of access control of the subject node;
computing base trust values between master trust nodes of different regions
:
If the access of the main node fails, the area main trust node i reduces the basic trust value of the main node in the area, and the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For reducing the factor, the value is [0,1 ]]Within the interval range;
if the access of the main node is successful, increasing a basic trust value, wherein the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For increasing the factor, the value is [0,1 ]]Within the interval range;
calculating a recommended trust value for a subject node
。
Further, the guest node is further configured to: calculating a composite confidence value by the following formulaTV:
Wherein,
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating a direct trust value calculated in the currently ongoing access control flow,RVa trust value is recommended.
According to the cross-domain fine-grained attribute access control method and system based on the block chain, disclosed by the embodiments of the invention, based on the block chain and the attribute-based access control method, the task state attribute is introduced into the attribute access control model, the authority of a requester can be dynamically allocated according to the information such as the state of a task, required conditions and the like, and the subject node trust value is calculated by using the subject node attribute, the environment attribute and the like, so that the object node can be helped to judge whether the subject node can access own resources, the comprehensive trust value of the subject node can be updated in real time, the authority of the requester is dynamically allocated through the comprehensive trust value of the subject node, and thus the requester only has the minimum authority for accessing the resources, and the attribute-based fine-grained access control is achieved, so that a malicious requester has no extra authority to utilize, the computing overhead and the space overhead of cross-domain access control are reduced, and meanwhile, the unauthorized attack, the fake masquerade attack and the collusion attack can be well resisted.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a system architecture diagram illustrating a block chain-based cross-domain fine-grained attribute access control model according to an embodiment of the present invention.
FIG. 2 illustrates a flow diagram of a method for attribute-based trust value computation in accordance with an embodiment of the present invention.
Fig. 3 shows a flowchart of a block chain-based cross-domain fine-grained attribute access control method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention will now be further described with reference to the accompanying drawings.
The embodiment of the invention provides a cross-domain fine-grained attribute access control system based on a block chain. The system shown in fig. 1 includes six parts, i.e., a visiting host trust node (TMD), a host node (S), an object node (O), a miner node (M), a resource (R), and a key management center (KM), where a user may be both a host and an object, and the host and the object are control terminals of the host node and the object node, respectively, and are operated by the user.
Master trust node (TMD): the main trust node is a node on the block chain and is also the center of each area, the role values, the attribute values and the trust values of the main body and the object in the area are managed in different areas, the role values, the attribute values and the trust values of the main body and the object in the area are broadcasted to the block chain and then stored in a trading pool of the main body and the object, and miners are waited to take the trades in the trading pool and issue the trades to the block chain.
Subject node (S): the main bodies are initiators of access control and access resources required by the main bodies, each main body has a role and an attribute value, the attribute values are used for calculating trust values, and the trust values are used for finally realizing access control and authority distribution.
Guest node (O): the object is a party having the resource, the object requests the resource of the object in the access control flow, and the object determines whether to allow the access request of the object. Each object also has its own attribute value.
Resource (R): the resources owned by the node.
A miner node: miners compete for the accounting right of the block in the same role as miners in the block chain, and the miners competing for the accounting right compete for the main trust node of each area
The transactions in the transaction pool are taken away and published to the blockchain.
Key management center (KM): and the key responsible for the initialization work, the creation and the generation of the key of the main trust node, the auxiliary trust node, the subject, the object and the miner in each area.
In order to describe a specific flow of the access control method of the present invention, the definition of the relevant symbols is given:
According to the system of the embodiment of the invention, the initial operation may include two stages, namely, system initialization and system operation.
Stage one: system initialization
Step 1: user node identity registration
Step 1.1 Each user node in the area is responsible for trusting the node to the areaTMDA registration request is put forward;
step 1.2, the main trust node of the area firstly verifies the qualification of the user node in the area according to the information applied by each node, and if the qualification is passed, the area identity of the node is generated according to the user information
And applies for a key from KM in key management to generate a public key of the user node
And a private key
And generating user node block chain address according to the public key and private key value of user node
;
And 2, step: principal node principal attribute registration
Step 2.1, the main body node provides a main body attribute registration request: each main body node is used for providing main trust node for affiliated areaTMDA main body node attribute registration request is provided;
step 2.2 Master Trust nodeTMDGenerating a main body attribute table: each regional master trust nodeTMDAccording to the application information of each main body node, firstly, the qualification of the main body in the area is verified, if the main body node is qualified, a main body attribute table is generated according to the application information of the main body
,
Indicating an in-area identity ID of
The subject attribute table of the subject node of (1), wherein
Indicating that the subject node has a k-th subject attribute,
total sharing of presentation system
Different subject attributes. Then the main trust node of the regionTMDThe attribute value corresponding to each main body in the region is locally stored.
Step 2.3: master trust nodeTMDThen a subject attribute transaction for the subject node is generated: regional master trust nodeTMDGenerating the transaction form of the subject attribute of the subject node as follows:
the transaction is indicated as an address
The subject of (2) has subject attributes
。
Step 2.4: master trust nodeTMDPackaging the transaction of the node: TMD will combine this transaction with a timestamp and then sign it with its own private key
And packaging the transaction, the signature and the timestamp into a transaction pool of the user.
Step 3, registering object node resources
Step 3.1, the user node with the resource makes a resource request to the main trust node TMD of the region to which the user node belongs;
step 3.2, the master trust node generates a resource list: the region host trust node TMD verifies the object resource in the region according to the region object node application information, if the object node has corresponding resource, a corresponding resource list is generated
,
Indicating an in-area identity ID of
The resource list of the subject node of (1), wherein
Indicating that the node ownskThe kind of the resource is selected from the group,
total sharing of presentation system
A different resource. Then mainThe trust node stores a list of each object resource in the area locally.
Step 3.3 the zone master trust node TMD will then generate a resource list transaction: the region master trust node generates a transaction form as follows:
indicating an address of
Node of has resources
。
Step 3.4, the master trust node TMD packages the transaction and puts the transaction into a transaction pool: TMD will combine this transaction with a timestamp and then sign it with its own private key
And then packaging the transaction, the signature and the timestamp into a transaction pool of the user.
Step 3.5 resource environment attribute initialization: the user node with resources first generates an environment attribute list of the resources according to the resources thereof
,
Indicating an identity ID in the area of
A resource environment attribute table of the node of (1),
which represents the kind of the attribute of the environment,
the indication is provided withkRingAnd the environment attribute of the resource is stored in the local of the node.
Step 3.2 resource task state attribute initialization: an object node with resources initializes the state attribute of the resource task according to the task state attribute of the node when executing some tasks, the task of the resource is in any one or more state attributes, a task state attribute table
,
Indicating an in-area identity ID of
A task state attribute table of the node. The task state attribute has five state attributes, wherein
The state of readiness is indicated and,
the state of activation is indicated and,
the status of the execution is indicated,
a suspend state is indicated in the form of a suspend,
indicating an invalid state. And the resource task state attribute is stored locally in the node.
Step 4 registration of trust value of subject node
Step 4.1 Master Trust node
Generating corresponding trust for each subject according to access control conditions between the subjects in the regionValue attribute list
,
Indicating an in-area identity ID of
Wherein DV represents a direct trust value,
the current direct trust value, HV represents a historical trust value, RV represents a recommended trust value, TV represents a comprehensive trust value, TT represents a threshold value of the trust value, and the regional main trust node locally stores a trust attribute table of the node. Then storing a comprehensive trust value TV of the main body node in the block chain, and forming the comprehensive trust value TV into a transaction of a trust value by the main trust node in the form of:
indicating an address
The master trust node is a pair address
The comprehensive trust value TV generated by the main body node is calculated according to the following formula:
wherein
Is constant and is defined by object node, and its value is in [0,1 ]]Within the range of the interval, the content of the active ingredients,
indicating a direct trust value calculated in the currently ongoing access control flow,RVa trust value is recommended. Direct trust value
And recommending trust valuesRVThe calculation method of (c) is specifically set forth in the examples that follow.
Step 4.2, the main trust node in the area packages the trust value transaction: the master trust node combines the transaction with the timestamp and then signs with the private key of the master trust node
. And then the transaction, the signature and the timestamp are packaged and put into a transaction pool of the user.
Step 5 broadcast transaction
When a new block is generated in the block chain, miners who obtain the block accounting right can check all areas
Then packages the transactions and broadcasts the transactions to nodes on other blockchains, and other nodes achieve consensus through a consensus algorithm.
And a second stage: operation of the system
After the system is initialized, cross-domain fine-grained access control based on block chains can be achieved between nodes in the regions and between the regions. Assuming that the subject node a and the object node B are in different areas, for example, the subject node a is in area 1, the object node B is in area 2, the subject node a and the object node B negotiate a session key K, the session key K is generated by using a symmetric encryption algorithm, and the communication between the subject node a and the object node B is encrypted and decrypted by using the session key. The cross-domain access control specific flow is as shown in fig. 3:
step 1: principal node A will identify
Using a private key
Encrypting and then sending the encrypted identity to the object node B
And the area number where the node is located, and requests the required resources from the guest node B.
Step 2: the object node B receives the encrypted identity of the subject node A
After the region number, a random number is selected
And sent to the subject node a.
And step 3: the main body node A receives the random number
Then, the signature is obtained by using a private key
Then handle
And 4, step 4: the object node B is receiving
And
then verify whether it is a random number
。
And 5: and if the verification is successful, the identity of the subject node A is proved to be true. Then the public key of the subject node A is used by the object node B
Decryption
Get the identity of the principal node A
According to
And the public key of the subject node A
Calculating to obtain the address corresponding to the main node A
And then finding out the attribute value of the main body node A from the blockchain for calculating the current direct trust value.
Step 6: the object node B inquires the area corresponding to the area through the area number sent by the subject node A
Calculating a main body direct trust value DV for the comprehensive trust value TV of the access main body node A, and the main body attribute of A and the resource environment attribute of B; and querying regions of origin
For
The basic trust value of (2) and then calculating the recommended trust value
。
And 7: the object node B passes the direct trust value
And recommending trust values
Calculating a composite trust value
Fig. 2 is a flowchart of an attribute-based trust value calculation method, as shown in fig. 2.
If the integrated trust value
And when the requirement of the trust value threshold TT is met, the object node B checks the state of the task executed by the current resource through the task state attribute, if the requirement of the task state is met, the request of the object node A is allowed, and if the requirement of the task state is not met, the request is rejected.
In some embodiments, as shown in FIG. 2, a direct trust value is calculated for subject node A and guest node B
The method comprises the following steps:
step 1: according to the subject attribute of the subject node A and the environment attribute of the resource accessed by the access object node B, firstly, the object node calculates the current direct trust of the subject node
The calculation formula is as follows
Wherein
Representing the class of subject node-related subject attributes,
representing the kind of the environment attribute related to the object node,
and
is constant and is defined by object nodes, and the values are all [0,1 ]]Within the range of the interval, the content of the active ingredients,
indicating the relevance of the subject attributes to the accessed resource,
representing the weight that each subject attribute occupies,
indicating the relevance of the environment attribute to the accessed resource,
represents the weight of each environment attribute, satisfies
,
,
And the relevance and the weight are distributed by the object node.
Step 2: calculating a time decay weight according to the time decay function:
wherein
Is constant and is defined by object node, and its value is in [0,1 ]]Within the interval.
And representing the interaction distance between the last object node and the host node and the time of the interaction.
And step 3: calculating a historical trust value:
wherein
Indicating the last access control procedure, i.e.
Representing the latest integrated trust value that the subject node a and the guest node B have interacted with before.
And 4, step 4: calculating a direct trust value of a main node:
wherein
Is constant and is defined by object node B, and its value is in [0,1 ]]Within the interval. If the object node B and the subject node A interact for the first time, no historical trust value exists between the object node B and the subject node A, and only the current trust value can enable the object node B and the subject node A to interact with each other
That is, the current trust value calculated by the object node B is the direct trust value between the object node B and the subject node a.
In some embodiments, as shown in FIG. 2, the recommended trust value for principal node A is calculated
The method is adopted, and the area number of the subject node A is assumed to be an i value, and the area of the object node B is assumed to be an areaIf the number is j, the calculation steps of the recommended trust value of the main node A are as follows:
step 1: calculating the direct trust value of each main body node A in the domain by the main trust node in the domain:
wherein
Denotes a region number ofiThe zone master trust node of (1) to the subject node a of the zone. The direct trust value is adjusted with the number of accesses, the number of access successes and access failures,
indicating the number of times the access control by the subject node a was successful,
indicating the number of failures of the subject node a to perform access control,
indicating the total number of times the subject node a performs access control.
Step 2: for calculating different areas
A base trust value of
:
Step 2.1, if the access of the subject node A to the object node B fails, the region host trust node i reduces the basic trust value to the host in the region, and the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For reducing the factor, the value is [0,1 ]]Within the interval.
Step 2.2, if the subject node A successfully accesses the object node B, adding a basic trust value, wherein the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For increasing the factor, the value is [0,1 ]]Within the interval.
And step 3: calculating the recommended trust value of the subject node A:
。
the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (10)
1. A block chain-based cross-domain fine-grained attribute access control method is characterized by comprising the following steps:
receiving an encrypted identity of a main body node, an area where the main body node is located and a resource request of the main body node, wherein the encrypted identity of the main body node is obtained by encrypting the identity of the main body node by using a corresponding private key;
selecting a random number N to send to the subject node;
receiving a secondary encryption identity of the subject node and a public key of the subject node, wherein the secondary encryption identity is obtained by signing the subject node with a private key after receiving the random number N;
verifying whether the random number in the secondary encryption identity is a random number N;
when the random number in the secondary encryption identity is a random number N, decrypting the secondary encryption identity according to a public key of a main body node to obtain the identity of the main body node, calculating to obtain an address corresponding to the main body node according to the identity of the main body node and the public key of the main body node, and then finding out an attribute value of the main body node from a block chain;
inquiring a comprehensive trust value of the address of the main trust node corresponding to the region on the block chain to the main node according to the region number of the main node, calculating a direct trust value of the main node with the attribute value of the main node and the resource environment attribute, and calculating to obtain a recommended trust value according to the basic trust value and the direct trust value of the main node;
updating a comprehensive trust value according to the direct trust value and the recommended trust value;
and when the comprehensive trust value reaches the preset trust value threshold value requirement, checking the state of the task executed by the current resource through the task state attribute, and agreeing with the resource request of the main node under the condition that the state of the task executed by the current resource meets the task state requirement.
2. The method of claim 1, wherein the computing a direct trust value with the subject node based on the attribute value of the subject node comprises:
according to the subject attribute of the subject node and the accessed resource environment attribute, calculating the current direct trust of the subject node by the following formula
:
Wherein,
representing the class of the relevant subject attribute of the subject node,
indicating the type of relevant context attribute of the accessed resource,
and
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active carbon,
indicating the relevance of the subject attributes to the accessed resource,
representing the weight that each subject attribute occupies,
indicating the relevance of the environment attribute to the accessed resource,
represents the weight of each environment attribute, satisfies
,
,
;
Calculating a time decay weight from a time decay function, said time decay function being expressed as
Wherein
Is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
representing the time of the interaction between the last time and the main node;
the historical trust value HV is calculated by the following formula:
wherein,
the last access control flow is shown,
representing the latest integrated trust value that was previously interacted with the subject node;
calculating the direct trust value of the subject node by the following formula:
wherein,
is a constant, takes on the value of [0,1]In the interval range, if the interaction with the main node is carried out for the first time, the historical trust value does not exist, and only the current trust value exists, so that
That is, the calculated current trust value is the direct trust value with the subject node.
3. The method of claim 1 or 2, wherein calculating a recommended trust value from the base trust value and the direct trust value of the subject node comprises:
calculating the direct trust value of the main trust node of the region to each main node in the region by the following formula:
wherein,
the direct trust value of the main trust node of the area with the area number i to the main node of the area is regulated along with the access times, the access success times and the access failure times,
representing subject nodes for access controlThe number of times of success of the manufacturing process,
indicating the number of failures of the subject node to perform access control,
representing the total times of access control of the subject node;
computing base trust values between master trust nodes of different regions
:
If the access of the main node fails, the basic trust value of the zone main trust node i to the zone main trust node j is reduced, and the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
For decreasing the factor, the value is [0,1 ]]Within the interval range;
if the access of the main node is successful, increasing the basic trust value of the area main trust node i to the area main trust node j, wherein the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the range of the interval, the content of the active ingredients,set according to the system, default is
,
For increasing the factor, the value is [0,1 ]]Within the interval range;
calculating a recommended trust value for a subject node
。
4. The method of claim 1, wherein computing a composite trust value from the direct trust value and the recommended trust value comprises:
the integrated trust value TV is calculated by the following formula:
wherein,
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating a direct trust value calculated in the currently ongoing access control flow, RV being the recommended trust value.
5. A cross-domain fine-grained attribute access control system based on a block chain is characterized by comprising a main trust node, a main body node, an object node, a miner node, a resource node and a key management center,
the main trust node is a node on the block chain and is also the center of each area, and is configured to manage the angular color value, the attribute value and the trust value of the main node and the object node in the corresponding areas in a sub-area mode, broadcast the angular color value, the attribute value and the trust value of the main node and the object node in the areas to the block chain and store the angular color value, the attribute value and the trust value into a transaction pool of the main node and the object node in the areas so as to wait for the miner node to take the transaction in the transaction pool and issue the transaction to the block chain;
the main body node is an initiator of access control and is configured to encrypt the identity of the main body node by using a corresponding private key to obtain an encrypted identity of the corresponding main body node; sending an encryption identity corresponding to a subject node, a region where the subject node is located and a resource request of the subject node to the subject node, signing by using a private key after receiving a random number N sent by the subject node to obtain a secondary encryption identity, and sending the secondary encryption identity and a public key of the subject node to the subject node;
the object node is a party with resources and is configured to receive the encrypted identity of a subject node, the area where the subject node is located and a resource request of the subject node; selecting a random number N to send to the subject node; receiving a secondary encrypted identity of the subject node and a public key of the subject node; verifying whether the random number in the secondary encrypted identity is a random number N; when the random number in the secondary encryption identity is a random number N, decrypting the secondary encryption identity according to a public key of a main body node to obtain the identity of the main body node, calculating to obtain an address corresponding to the main body node according to the identity of the main body node and the public key of the main body node, and then finding out an attribute value of the main body node from a block chain; inquiring a comprehensive trust value of the address of the main trust node corresponding to the region on the block chain to the main node according to the region number of the main node, calculating a direct trust value of the main node with the attribute value of the main node and the resource environment attribute, and calculating to obtain a recommended trust value according to the basic trust value and the direct trust value of the main node; updating a comprehensive trust value according to the direct trust value and the recommended trust value; when the comprehensive trust value reaches the requirement of a preset trust value threshold value, checking the state of the task executed by the current resource through the task state attribute, and agreeing with the resource request of the main node under the condition that the state of the task executed by the current resource meets the requirement of the task state;
the resource node is configured to store resources owned by the object node;
the mineworker node is configured to take and distribute transactions in the transaction pools of the master trust nodes of each region to a blockchain;
the key management center is configured to be responsible for key initialization work, key creation and key generation of a main trust node, a main body node, an object node and a miner node in each area.
6. The system of claim 5, wherein the subject attributes of the subject nodes are obtained by:
the main body node proposes a main body attribute registration request: each main body node provides a main body node attribute registration request to a main trust node of the belonging area;
the main trust node generates a main attribute table: each region main trust node firstly verifies the qualification of the main body in the region according to the application information of each main body node, if the main body node is qualified, a main body attribute table is generated according to the application information of the main body
,
Indicating an in-area identity ID of
The subject attribute table of the subject node of (1), wherein
Indicating that the subject node has a subject attribute of type k,
total sharing of presentation system
Different subject attributes are planted, and a subject trust node in a region can locally store an attribute value corresponding to each subject in the region;
the main trust node generates a main attribute transaction of the main node: the master trust node TMD of the region generates the master attribute transaction form of the master node as follows:
the transaction is indicated as an address
The subject of (2) has subject attributes
。
7. The system of claim 5, wherein the guest node resource is obtained by:
an object node with resources makes a resource request to a main trust node of a region to which the object node belongs;
the master trust node generates a resource list: the region host trust node verifies the object resource in the region according to the region object node application information, if the object node has corresponding resource, a corresponding resource list is generated
,
Indicating an identity ID in the area of
The resource list of the subject node of (1), wherein
Indicating that the node owns the kth resource,
total sharing of presentation system
Different resources are planted, and then the host trust node can locally store one list of each object resource in the area;
the zone master trust node generates a resource list transaction: the transaction form generated by the zone master trust node is shown as the following formula:
indicating an address of
Node of has resources
;
The main trust node correspondingly packs the transaction and puts the transaction into a transaction pool;
initializing the resource environment attribute: firstly, an object node with resources generates an environment attribute list of the resources according to the resources of the object node
,
Indicating an in-area identity ID of
A resource environment attribute table of the node of (1),
which represents the kind of the attribute of the environment,
the representation has the kth environment attribute, and the resource environment attribute is stored locally in the node.
8. The system of claim 5, wherein the guest node is further configured to:
according to the subject attribute of the subject node and the accessed resource environment attribute, calculating the current direct trust of the subject node by the following formula:
wherein,
representing the class of the relevant subject attribute of the subject node,
indicating the access-related context attribute category of the resource being accessed,
and
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating the relevance of the subject attributes to the accessed resource,
representing the weight that each subject attribute occupies,
representing environment attributes with accessedThe degree of correlation of the resources of (c),
represents the weight of each environment attribute, satisfies
,
,
;
Calculating a time decay weight from a time decay function, said time decay function being expressed as
In which
Is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
representing the interaction distance between the last time and the subject node and the time of the interaction;
the historical trust value HV is calculated by the formula:
wherein,
the last access control flow is shown,
representing the latest integrated trust value that was previously interacted with the subject node;
calculating the direct trust value of the subject node by the following formula:
wherein,
is a constant, takes on the value of [0,1]In the interval range, if the interaction with the main node is carried out for the first time, the historical trust value does not exist, and only the current trust value exists, so that
I.e. the calculated current trust value is the direct trust value with the subject node.
9. The system of claim 5, wherein the guest node is further configured to:
calculating the direct trust value of the main trust node of the region to each main node in the region by the following formula:
wherein,
the direct trust value of the main trust node of the area with the area number i to the main node of the area is regulated along with the access times, the access success times and the access failure times,
indicating the number of successes of the subject node to access control,
indicating the number of failures of the subject node to perform access control,
representing the total times of access control of the subject node;
computing base trust values between master trust nodes of different regions
:
If the access of the main node fails, the basic trust value of the area main trust node i to the area main trust node j is reduced, and the calculation formula is as follows:
wherein
Take on a value of [0,1]Within the interval range, the setting is performed according to the system and the default is
,
For reducing the factor, the value is [0,1 ]]Within the interval range;
if the access of the main node is successful, increasing the basic trust value of the area main trust node i to the area main trust node j, wherein the calculation formula is as follows:
wherein
Take on a value of [0,1]The interval range is set according to the system,default is to
,
For increasing the factor, the value is [0,1 ]]Within the interval range;
calculating a recommended trust value for a subject node
。
10. The system of claim 5, wherein the guest node is further configured to: the integrated trust value TV is calculated by the following formula:
wherein,
is a constant, takes on the value of [0,1]Within the range of the interval, the content of the active ingredients,
indicating a direct trust value calculated in the currently ongoing access control flow, RV being the recommended trust value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210562634.0A CN114666067B (en) | 2022-05-23 | 2022-05-23 | Cross-domain fine-grained attribute access control method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210562634.0A CN114666067B (en) | 2022-05-23 | 2022-05-23 | Cross-domain fine-grained attribute access control method and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666067A CN114666067A (en) | 2022-06-24 |
| CN114666067B true CN114666067B (en) | 2022-08-16 |
Family
ID=82037399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210562634.0A Active CN114666067B (en) | 2022-05-23 | 2022-05-23 | Cross-domain fine-grained attribute access control method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666067B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114936384B (en) * | 2022-06-21 | 2023-04-07 | 云南财经大学 | Electronic medical record access control method based on intuition fuzzy trust |
| CN116800435B (en) * | 2023-08-21 | 2023-12-19 | 成都信息工程大学 | Access control method, system and storage medium based on zero knowledge proof and cross-chain |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111062807A (en) * | 2019-12-17 | 2020-04-24 | 北京工业大学 | Internet of things data service credit assessment method based on block chain |
| CN113572734A (en) * | 2021-06-24 | 2021-10-29 | 福建师范大学 | Cross-domain access control method based on block chain in mobile edge calculation |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180005235A1 (en) * | 2016-06-29 | 2018-01-04 | Ca, Inc. | Electronic transaction risk assessment based on digital identifier trust evaluation |
| CN108810073B (en) * | 2018-04-05 | 2021-05-04 | 西安电子科技大学 | Block chain-based Internet of things multi-domain access control system and method |
| US20210160056A1 (en) * | 2018-06-01 | 2021-05-27 | Nokia Technologies Oy | Method and apparatus for decentralized trust evaluation in a distributed network |
| CN112000936A (en) * | 2020-07-31 | 2020-11-27 | 天翼电子商务有限公司 | Cross-domain attribute heterogeneous identity service method, medium and equipment |
| CN112487443A (en) * | 2020-11-11 | 2021-03-12 | 昆明理工大学 | Energy data fine-grained access control method based on block chain |
| CN113612754A (en) * | 2021-07-28 | 2021-11-05 | 中国科学院深圳先进技术研究院 | Cross-domain access method and system based on block chain |
| CN114154193A (en) * | 2021-11-26 | 2022-03-08 | 哈尔滨工程大学 | Cross-domain access control method based on block chain |
-
2022
- 2022-05-23 CN CN202210562634.0A patent/CN114666067B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111062807A (en) * | 2019-12-17 | 2020-04-24 | 北京工业大学 | Internet of things data service credit assessment method based on block chain |
| CN113572734A (en) * | 2021-06-24 | 2021-10-29 | 福建师范大学 | Cross-domain access control method based on block chain in mobile edge calculation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666067A (en) | 2022-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gai et al. | Permissioned blockchain and edge computing empowered privacy-preserving smart grid networks | |
| Zhang et al. | Privacy-preserving cloud establishment and data dissemination scheme for vehicular cloud | |
| CN111680324B (en) | Credential verification method, management method and issuing method for blockchain | |
| US8909555B2 (en) | Information security system | |
| Androulaki et al. | Privacy-preserving auditable token payments in a permissioned blockchain system | |
| CN114666067B (en) | Cross-domain fine-grained attribute access control method and system based on block chain | |
| Bird et al. | The kryptoknight family of light-weight protocols for authentication and key distribution | |
| US8589442B2 (en) | Intersystem single sign-on | |
| US8868928B2 (en) | System and method that uses cryptographic certificates to define groups of entities | |
| US7853790B2 (en) | Enhancement to volume license keys | |
| Riabi et al. | A survey on Blockchain based access control for Internet of Things | |
| Zou et al. | Reportcoin: A novel blockchain-based incentive anonymous reporting system | |
| Panda et al. | A blockchain based decentralized authentication framework for resource constrained iot devices | |
| Shehab et al. | Secure collaboration in mediator-free environments | |
| Undercoffer et al. | A secure infrastructure for service discovery and access in pervasive computing | |
| CN108876669A (en) | Course notarization system and method applied to multi-platform shared education resources | |
| Zhang et al. | LIAS: A lightweight incentive authentication scheme for forensic services in IoV | |
| Hong et al. | Service outsourcing in F2C architecture with attribute-based anonymous access control and bounded service number | |
| Song et al. | [Retracted] Digital Identity Verification and Management System of Blockchain‐Based Verifiable Certificate with the Privacy Protection of Identity and Behavior | |
| Wang et al. | Owner-enabled secure authorized keyword search over encrypted data with flexible metadata | |
| CN116582261A (en) | Block chain privacy contract key system, key generation method and use method | |
| CN114168921B (en) | Crowd-sourced task allocation method and system with privacy protection | |
| Zhang et al. | Dynamic Trust-Based Redactable Blockchain Supporting Update and Traceability | |
| He et al. | A key escrow-free KP-ABE scheme and its application in stand-alone authentication in IoT | |
| Liu et al. | Perfect data protection, storage, and reputation management scheme for ride-sharing services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |