Dynamic key management schemes for access control in a hierarchy

Secure access control in user hierarchy is designed such that users are authorized and classified into different privilege classes. A user belonging to a higher-privileged class will have access rights to messages created or owned by users in a lower-privileged class; while the opposite is not allowed. Methods for generating cryptographic keys to security classes can be categorized as the key assignment approach and the key management approach. In this paper, we shall propose a new hierarchical access control mechanism which possesses the advantages of the two approaches. Dynamic operations, such as class insertions or class deletions and key changes, etc., can be fulfilled efficiently. Resides, it is easy for an ancestor to deduce the key of his descendants which is positioned in a far-lower-privileged class. (C) 1997 Elsevier Science B.V.