|国家科技期刊平台
| 注册
首页|期刊导航|密码学报(中英文)|使用去中心化标识和可验证凭证的基于权能的访问控制

使用去中心化标识和可验证凭证的基于权能的访问控制

李奇华 肖媚燕 黄琼

密码学报(中英文)2025,Vol.12Issue(4):780-803,24.
密码学报(中英文)2025,Vol.12Issue(4):780-803,24.DOI:10.13868/j.cnki.jcr.000794

使用去中心化标识和可验证凭证的基于权能的访问控制

Capability-Based Access Control Using Decentralized Identifiers and Verifiable Credentials

李奇华 1肖媚燕 2黄琼3

作者信息

  • 1. 华南农业大学数学与信息学院,广州 510642||南方报业传媒集团,广州 510699
  • 2. 华南农业大学数学与信息学院,广州 510642||云南财经大学云南省服务计算重点实验室,昆明 650221
  • 3. 广东金融学院,广州 510521||华南农业大学数学与信息学院,广州 510642||广州市智慧农业重点实验室,广州 510642
  • 折叠

摘要

Abstract

Access control is used to ensure the secure interaction of data between the subject and the object.Blockchain has the characteristics of distribution,transaction transparency,and immutability,which can effectively solve the security problems such as single point of failure of traditional centralized access control.Nevertheless,the data in the big data environment has obvious directionality,and the existing access control scheme is mainly based on the traditional identity management scheme that all user identity information is under the control of the service provider.In addition,capability-based access control has the advantages of lightweight and fine-grained,but existing schemes have the prob-lems of"holder"tokens and the tokens do not support delegation and revocation.To solve the above problems,this study proposes a capability-based access control scheme using decentralized identifiers(DID)and verifiable credentials(VC).Combined with blockchain,the scheme uses DID,VC,and verifiable presentation(VP)to realize the decentralization of three elements:subject,authentication,and authorization,so that the user can control the identity information.Zero-knowledge proof,se-cret sharing,accumulator,and other cryptographic techniques are used to ensure the authenticity of the data and prevent the leakage of the information as well as realize the validation and revocation functions of VC.The scheme also optimizes the capability token and its storage structure to support delegation and revocation which makes the storage and management of the token more efficient.

关键词

访问控制/区块链/去中心化标识/可验证凭证/权能令牌

Key words

access control/blockchain/decentralized identifiers/verifiable credentials/capability token

分类

信息技术与安全科学

引用本文复制引用

李奇华,肖媚燕,黄琼..使用去中心化标识和可验证凭证的基于权能的访问控制[J].密码学报(中英文),2025,12(4):780-803,24.

基金项目

国家自然科学基金(62272174) (62272174)

广东省基础与应用基础研究基金(2023A1515011194) (2023A1515011194)

云南省服务计算重点实验室开放课题(YNSC24114)National Natural Science Foundation of China(62272174) (YNSC24114)

Guangdong Basic and Applied Basic Re-search Foundation(2023A1515011194) (2023A1515011194)

Foundation of Yunnan Key Laboratory of Service Computing(YNSC24114) (YNSC24114)

密码学报(中英文)

OA北大核心

2095-7025

访问量0
|
下载量0
段落导航相关论文