This study proposes a mechanism for encrypting SD-JWT (Selective Disclosure JSON Web Token) Disclosures using Attribute-Based Encryption (ABE) to enable flexible access control on the basis of the Verifier's attributes. By integrating Ciphertext-Policy ABE (CP-ABE) into the existing SD-JWT framework, the Holder can assign decryption policies to Disclosures, ensuring information is selectively disclosed. The mechanism's feasibility was evaluated in a virtualized environment by measuring the processing times for SD-JWT generation, encryption, and decryption with varying Disclosure counts (5, 10, 20). Results showed that SD-JWT generation is lightweight, while encryption and decryption times increase linearly with the number of Disclosures. This approach is suitable for privacy-sensitive applications like healthcare, finance, and supply chain tracking but requires optimization for real-time use cases such as IoT. Future research should focus on improving ABE efficiency and addressing scalability challenges.
翻译:本研究提出一种利用属性基加密(ABE)对SD-JWT(选择性披露JSON Web令牌)披露项进行加密的机制,以实现基于验证者属性的灵活访问控制。通过将密文策略ABE(CP-ABE)集成到现有SD-JWT框架中,持有者可为披露项设定解密策略,确保信息的选择性披露。通过在虚拟化环境中测量不同披露项数量(5、10、20)下SD-JWT生成、加密和解密的处理时间,评估了该机制的可行性。结果表明:SD-JWT生成过程轻量,而加密与解密时间随披露项数量线性增长。该方法适用于医疗健康、金融和供应链追踪等隐私敏感场景,但需针对物联网等实时用例进行优化。未来研究应聚焦于提升ABE效率并解决可扩展性挑战。