| Summary: | 碩士 === 國立成功大學 === 電信管理研究所 === 104 === Safety and convenience are two key factors of the access control systems. In semi-open environments, it’s difficult to manage access control due to the variety of users. In this case, multilayered delegation provides flexibility in access control systems. But in past access control systems, keys revocation is the major issue. So an ideal access control system require four characteristics: safe, convenient unlocking, convenient revocation and delegation ability.
However, there are disadvantages in all of related works, such as the demand of Internet, no multilayered delegation, the lack of key life cycle and incomplete revocation. To improve the weaknesses of related works, provide administrators facilitation to manage keys and opearte the model in all scenarios. This study proposes Multilayered Delegable Access Control Model (MDAC), which combines the features of semi-offline architecture and multi-level authorization mechanism. It’s designed by RSA encryption, a chain of binding hardware serial numbers, and the system architecture can be applied to multi-level delegation. This work can not only effectively avoid key copying, tampering and other security risks, but execute delegation ability without going through the server. Furthermore, it’s possible to unlock the doors and revoke the key when smartphones are offline, and has the feature of key life cycle management including key valid period and access times control. User’s key is always limited by the life cycle whenever he/she is unlocking the door or delegating the key to someone. Our proposal provides administrators facilitation to manage keys and is able to apply to all access control scenarios.
|
|---|
