Disclosing method for protecting sensitive certificate
-
摘要: 进一步研究了敏感属性证书披露问题,尝试运用密码学机制给出一个属性证书披露方案,增强安全保证,在一定条件下保护资源请求者和提供者双方的权利,该方案实现了以下特点: 资源请求者最终向资源提供方提交所拥有属性证书中的一部分;提供方可以获得这一部分证书但不能获得其余的属性证书;请求者无法得到资源提供方获得(感兴趣)哪些属性证书的任何信息;可根据双方协议,为不同的属性设置特定的限值,对于每一属性只有提供方参与成员(或权限)达到或超过这一值才可以获得或验证这些属性证书,同时保护双方的部分权利和隐私.Abstract: Further investigations on the problem of disclosing sensitive attribute certificate were provided. To enhance its security assurance, cryptographic mechanisms were utilized and a certificate disclosure scheme based on which was proposed, which realized the following characteristics: At last resource demander submits part of all of her attribute certificates to the resource provider; Resource provider can receive that part of attribute certificates and he cannot get any information of the rest; Resource demander cannot get any information on which attribute certificates does the provider really get or interest; With this scheme and according to their realized agreements, they can arrange a set of different bounds for the different attribute. For any attribute, the condition that the attribute certificate can be obtained or validated only when the number of the provider participant (or limit) exceed or equal to the corresponding bound, which can protect part of right and privacy of both sides.
-
[1] Metcalfe B. The next-generation Internet[J]. IEEE Internet Computing, 2000, 4(1): 58-59 [2] Baroody R, Rashid A, Al-Holou N, et al. Next generation vehicle network (NGVN): Internet access utilizing dynamic discovery protocols Proceedings—The IEEE/ACS International Conference on Pervasive Services, ICPS 2004. Beirut: IEEE, 2004:81-88 [3] Oppliger R. Internet security enters the middle ages[J]. Computer, 1995, 28(10): 100-101 [4] Zhu Y, Han J, Liu Y, et al. TruGrid: A self-sustaining trustworthy grid Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshops. Beirut: IEEE, 2005: 815-821 [5] Teacy W T L, Patel J, Jennings N R, et al. TRAVOS: Trust and reputation in the context of inaccurate information sources[J]. Autonomous Agents and Multi-Agent Systems, 2006, 12(2): 183-198 [6] Winslett M, Yu T, Seamons K E, et al. Negotiating trust on the web[J]. IEEE Internet Computing, 2002, 6(6):30-37 [7] Yu T, Winslett M, Seamons K E. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation[J]. ACM Transactions on Information and System Security, 2003, 1(6):1-42 [8] Blaze M, Feigenbaum J, Lacy J. Decentralized trust management Dale J, Dinoh G.Internet Computing. Washington: IEEE Computer Society Press, 1996:164-173 [9] Damiani E, Vimercati S, paraboschi S, et al. A reputation-based approach for choosing reliable resources in peer-to-peer networks Atluri V. Computer and Communications Security. Washington: ACM Press, 2002: 207-216 [10] Dellarocas C. Sanctioning reputation mechanisms in online trading environment with pure moral hazard[J]. Information Systems Research, 2005, 16(2), 209-230 [11] Huai J P, Zhang Y, Li X X, et al. Distributed access control in CROWN groups Feng W C. Parallel Processing. Washington: IEEE Computer Society, 2005: 435-442 [12] Li N, Du W, Boneh D. Oblivious signature based envelope Manku G S. ACM Symposium on Principles of Distributed Computing. New York: ACM Press, 2003:182-189
点击查看大图
计量
- 文章访问数: 2917
- HTML全文浏览量: 145
- PDF下载量: 958
- 被引次数: 0