CN101753565A - Construction method crossing trust domain and trust relationship in computer network - Google Patents
Construction method crossing trust domain and trust relationship in computer network Download PDFInfo
- Publication number
- CN101753565A CN101753565A CN200910232355A CN200910232355A CN101753565A CN 101753565 A CN101753565 A CN 101753565A CN 200910232355 A CN200910232355 A CN 200910232355A CN 200910232355 A CN200910232355 A CN 200910232355A CN 101753565 A CN101753565 A CN 101753565A
- Authority
- CN
- China
- Prior art keywords
- trust
- user
- domain
- value
- trust domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a construction method crossing trust domain and trust relationship in a computer network, a computer which acts for the trust domain and interacts with a center server, the computer is called as the agent node of the trust domain, and the agent node is connected with the center server. The user registers in at least one trust domain, the center server builds relationship among different identities at different trust domains of the user. When the user sends a trust value query request into another user to the center server, the center server obtains the trust value of the trust domain where the agent nodes are located for the queried user from all the agent nodes of the trust domains. The center server converts the trust value of the queried user in the trust domain into the general trust value, and integrates a plurality of general trust values which correspond to different domains, and calculates the integrated trust value of the user, and realizes the construction of the trust relationship cross the trust domains.
Description
Technical field
The present invention relates to applications of computer network system and safety issue thereof, relate in particular to the construction method of striding the trust domain trusting relationship in a kind of computer network.
Background technology
Expansion along with the range of application of the development of new technology and Internet, various new network application and service have appearred, also brought simultaneously a series of new safety problems, as network fraud, virus and wooden horse etc., these problems have a strong impact on normal network order.Traditional centralized digital certificate system, the symmetry or hard safe practices such as asymmetrical data encryption, Access Control List (ACL) can not satisfy demand for security.
Current, network application system generally adopts faith mechanism effectively the replenishing as the conventional security technology of user and resource.Wherein, user's trust value is meant the tolerance of user's credibility, constitutes a single trust domain by the node of the tolerance that adopts same trust value, is called for short single domain.Existing system all belongs to the single domain system, does not also have cross-domain belief system at present.In many cases, may simultaneously there be different identity respectively in the user in different single domain system applies, and the trust data that is scattered in multiple trusting domains in a large number is actually can be related according to identity.Yet, the user does not also know the incidence relation of these identity, different trust semanteme and computation model are often adopted in different application simultaneously, interoperability is poor between the system, even therefore each system had formed a large amount of trust data already, but it is when the user enters new application system, very difficult used for it in the trust data of other system accumulation.Along with the accumulation of network trust data, the value of cross-domain trust data exchange will improve gradually, and for suppressing the cross-domain malicious act of user, the excitation user keeps good prestige in a plurality of territories, thereby the fail safe that improves whole network has positive role.
At present, the research of setting up the trusting relationship of crossing over multiple trusting domains also is in the starting stage, is badly in need of solving following problem: the authentication of (1) multiple domain user identification relevancy; (2) trust the conversion of estimating between the territory, make the trust in a territory estimate and to be understood by the user of another trust domain.
Summary of the invention
The invention provides the construction method of striding the trust domain trusting relationship in a kind of computer network, this method is provided with this trust domain of agency and the mutual computer of central server at each trust domain, this computer is called the agent node of this trust domain, and agent node links to each other with central server.Each user is at least one trust domain registration, the foundation association of central server between the different identity of this user's different trust domain.When a user when central server is initiated trust value query requests to another user, central server obtains by the trust value of inquiring user at this agent node place trust domain to the agent node of all trust domain.Central server will be converted to general trust value by the trust value of inquiring user in each trust domain, and should carry out comprehensively calculating this user's comprehensive trust value corresponding to a plurality of general trust value of same area not, and the structure of the trusting relationship of trust domain is striden in realization.
The association of above-mentioned user between the different identity of different trust domain set up according to the following steps:
(1) user directly proposes the application for registration of generic identity to central server, proposes the related request between the different identity of this user in a plurality of trust domain;
(2) central server authenticates this related authenticity.
The comprehensive trust value that above-mentioned central server calculates the user adopts following steps:
(1) the users to trust value that obtains from each agent node is carried out preliminary treatment, be converted into the numerical value of [0,1] scope.
(2) trust value of each trust domain is the vector value with at least one component, is mapped as general trust value by matrix operation;
(3) adopt existing single domain to trust computational methods, gather the comprehensive trust value that all general trust values calculate the user.
Advantage of the present invention and remarkable result: the information source of can the value of enhancing trust calculating, improve the accuracy that the users to trust value is calculated; Can better suppress to stride the malicious act of trust domain, guarantee the fail safe of user in a plurality of trust domain mutual.
Description of drawings
Fig. 1 is the organization chart of the structure of cross-domain trusting relationship;
Fig. 2 is for trusting calculation process.
Embodiment
For related trust data, must be clear and definite from the corresponding relation between a plurality of identity of different trust domain.The related passive mode that adopts of identity is promptly initiated the identity association request by the user, and the relevant authentication mode is provided, then central server A
UTMAssociation request authenticates to identity by automatic or manual mode.
The association request that the user submits to comprises:
The generic identity that the applicant applies for the registration of, this application people is in the existing identity 1 in other territories, the authentication way of identity 1, this application people is in the existing identity 2 in other territories, the authentication way of identity 2 ....
The identity association of process authentication is recorded in central server A with the form of identity contingency table
UTMIn, wherein each list item has following content:
Generic identity, associated trust domain identity, associated trust domain,
A plurality of trust domain identity are associated by identical generic identity in the table, and each associated trust domain identity can only have a generic identity.
With reference to Fig. 1 and Fig. 2, A
xThe agent node of expression trust domain X, trust domain 1,2,3 is corresponding trust domain agent node A respectively
1, A
2, A
3Agent node and central server A
UTMSet up communication, the users to trust value in this territory is handed to A
UTMBy service requester to A
UTMInitiate the request of users to trust value, A
UTMHandle this user's request and the trust value inquiry of sending corresponding identity to the agent node of each trust domain that is associated according to the identity contingency table, this agent node returns to A with the trust value of respective identity
UTM
A
UTMThe trust value of receiving is scaled general trust value T (I
x);
If there is related identity in generic identity I at trust domain X, the identification presentation of described association is I
xFrom trust domain X about user I
xTrust data be expressed as T
x(I
x).A
UTMAdopt following steps with trust value T
x(I
x) be converted into general trust value T (I
x):
(1) trust data T (I
x) preliminary treatment
Each component of trust data designs normalization algorithm respectively according to the physical meaning of this component.
Common example has:
(2) A
UTMAccording to the regular M (X) that converts, ask T
x(I
x) general trust value T (I
x)
A
UTMEach trust domain X is manually determined a conversion matrix M (X), has:
T
x(I
x)·M(X)=T(I
x)
For example: T
x(I
x)={ x
1, x
2, x
3,
T (I then
x)={ x
1, 0, x
2, 0, x
2, x
3, (x
1+ x
3)/2}
At last, A
UTMThe general trust value that gathers this all users gathers and calculated population trust value T (I), and I is I
xRelated generic identity.Calculated population trust value T (I) can adopt existing single domain to trust computing formula.As example, introduce a kind of simple accumulation calculating method here:
Wherein, there be the identity related with his generic identity I in the user at least one trust domain, described trust domain add up to n.
Claims (3)
1. stride the construction method of trust domain trusting relationship in the computer network, it is characterized in that: this trust domain of agency and the mutual computer of central server are set at each trust domain, this computer is called the agent node of this trust domain, agent node links to each other with central server, each user is at least one trust domain registration, the foundation association of central server between the different identity of this user's different trust domain, when a user when central server is initiated trust value query requests to another user, central server obtains by the trust value of inquiring user at this agent node place trust domain to the agent node of all trust domain, central server will be converted to general trust value by the trust value of inquiring user in each trust domain, and should carry out comprehensively corresponding to a plurality of general trust value of same area not, calculate this user's comprehensive trust value, the structure of the trusting relationship of trust domain is striden in realization.
2. stride the construction method of trust domain trusting relationship in the computer network according to claim 1, it is characterized in that: the association of user between the different identity of different trust domain set up according to the following steps:
(1) user directly proposes the application for registration of generic identity to central server, proposes the related request between the different identity of this user in a plurality of trust domain;
(2) central server authenticates this related authenticity.
3. stride the construction method of trust domain trusting relationship in the computer network according to claim 1, it is characterized in that: the comprehensive trust value that central server calculates the user adopts following steps:
(1) the users to trust value that obtains from each agent node is carried out preliminary treatment, be converted into the numerical value of [0,1] scope;
(2) trust value of each trust domain is the vector value with at least one component, is mapped as general trust value by matrix operation;
(3) adopt existing single domain to trust computational methods, gather the comprehensive trust value that all general trust values calculate the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910232355A CN101753565A (en) | 2009-12-08 | 2009-12-08 | Construction method crossing trust domain and trust relationship in computer network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910232355A CN101753565A (en) | 2009-12-08 | 2009-12-08 | Construction method crossing trust domain and trust relationship in computer network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101753565A true CN101753565A (en) | 2010-06-23 |
Family
ID=42479968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910232355A Pending CN101753565A (en) | 2009-12-08 | 2009-12-08 | Construction method crossing trust domain and trust relationship in computer network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101753565A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108848074A (en) * | 2018-05-31 | 2018-11-20 | 西安电子科技大学 | The information service entities cross-domain authentication method of trust value is acted on behalf of based on domain |
| CN111262724A (en) * | 2020-01-07 | 2020-06-09 | 中国联合网络通信集团有限公司 | Method and device for confirming trust relationship between domains |
| WO2021068096A1 (en) * | 2019-10-07 | 2021-04-15 | Nokia Shanghai Bell Co., Ltd. | Adaptive mutual trust model for dynamic and diversity multi-domain network |
-
2009
- 2009-12-08 CN CN200910232355A patent/CN101753565A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108848074A (en) * | 2018-05-31 | 2018-11-20 | 西安电子科技大学 | The information service entities cross-domain authentication method of trust value is acted on behalf of based on domain |
| CN108848074B (en) * | 2018-05-31 | 2020-06-16 | 西安电子科技大学 | Information service entity cross-domain authentication method based on domain agent trust value |
| WO2021068096A1 (en) * | 2019-10-07 | 2021-04-15 | Nokia Shanghai Bell Co., Ltd. | Adaptive mutual trust model for dynamic and diversity multi-domain network |
| CN111262724A (en) * | 2020-01-07 | 2020-06-09 | 中国联合网络通信集团有限公司 | Method and device for confirming trust relationship between domains |
| CN111262724B (en) * | 2020-01-07 | 2023-03-24 | 中国联合网络通信集团有限公司 | Method and device for confirming trust relationship between domains |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Knirsch et al. | Privacy-preserving blockchain-based electric vehicle charging with dynamic tariff decisions | |
| TWI694350B (en) | Information supervision method and device based on blockchain | |
| Badr et al. | Smart parking system with privacy preservation and reputation management using blockchain | |
| Du et al. | Distributed data privacy preservation in IoT applications | |
| Li et al. | Privacy leakage via de-anonymization and aggregation in heterogeneous social networks | |
| Chen et al. | A secure content sharing scheme based on blockchain in vehicular named data networks | |
| Hu et al. | A blockchain-based trading system for big data | |
| CN109615021A (en) | A kind of method for protecting privacy based on k mean cluster | |
| WO2019237840A1 (en) | Data set generating method and apparatus | |
| WO2017152640A1 (en) | Insurance actuarial system and method based on keyword search | |
| CN115022089A (en) | Electronic commerce transaction system with data encryption transmission | |
| KR20180089479A (en) | User data sharing method and device | |
| CN101753565A (en) | Construction method crossing trust domain and trust relationship in computer network | |
| Yang et al. | A secure heuristic semantic searching scheme with blockchain-based verification | |
| Bewong et al. | A relative privacy model for effective privacy preservation in transactional data | |
| Gao et al. | BFR‐SE: A Blockchain‐Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine‐Grained Access Control in Cloud Environment | |
| Krishna et al. | Secure socket layer certificate verification: a learning automata approach | |
| di Vimercati et al. | Toward owners’ control in digital data markets | |
| Yang et al. | Service innovation of insurance data based on cloud computing in the era of big data | |
| CN107316223B (en) | Multi-quotation bidding document mobile crowd-sourcing perception incentive method oriented to multi-cooperation tasks | |
| CN115461744A (en) | Processing machine learning modeling data to improve accuracy of classification | |
| Wu et al. | A privacy protection solution based on NLPCA for blockchain supply chain financial system | |
| CN115640305B (en) | Fair and reliable federal learning method based on blockchain | |
| CN109905388A (en) | A kind of processing method and system of the domain name credit based on block chain | |
| Dong et al. | DAON: A decentralized autonomous oracle network to provide secure data for smart contracts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100623 |