摘要
针对现有X.509v4属性证书在细粒度出示部分属性后无法验证合法性的情况,提出了一种支持属性细粒度出示的证书方案。该方案由属性权威对证书中所有属性进行预处理,并对预处理结果生成签名;证书拥有者能够根据不同的应用场合移除证书中不相关属性,并计算验证证书必需的额外信息;验证方根据这些额外信息及证书中的签名能有效地验证被出示部分属性的合法性。该方案与现有标准兼容,并具有灵活性好、安全性高及付出额外开销小等特点。
In order to effectively verify X.509v4 attribute certificate after part of attributes is removed,a fine-grained disclosure scheme is proposed.In this scheme,every attribute in certificate is pretreated,and digital signature of the pretreated results was generated by attribute authority.In different scenarios,uncorrelated attributes is removed from certificate and essential validation information is calculated by certification owner.The validation information and digital signature in certificate can be used to validate legitimacy of the attributes disclosed.The scheme has some characteristics as follows:strong compatibility,good flexibility,high security and little additional cost.
出处
《计算机科学》
CSCD
北大核心
2012年第10期94-98,130,共6页
Computer Science
基金
国家863计划项目(2006AA01Z457
2009AA01Z438)
国家973重点基础研究发展计划(2011CB311801)
河南省科技创新人才计划(114200510001)资助
关键词
属性证书
细粒度
双重签名
隐秘特征属性
哈希树
Attribute certificate
Fine-grained
Dual signature
Dark feature attribute
Hash tree