CN106156640A - Information O&M service knowledge sharing method based on big data trust computing - Google Patents

Abstract

The invention provides information O&M service knowledge sharing method based on big data trust computing; the method is to have a kind of reliability assessment mechanism of structure in the feature base such as protecting function, certification and integrity measurement and trusted relationships pass through mechanism, accessing and credible evaluation including the storage of information O&M knowledge security, information O&M knowledge security；Described information O&M knowledge security storage comprises the following steps: (1) carries out safety verification to storage user identity；(2) information O&M service knowledge data are carried out pretreatment；(3) encode；(4) hardware store Resource Abstract is concentrated, be mapped to a complete unified resource pool, and operating system of user is virtualized；(5) information O&M service knowledge data are stored in resource pool with the form of final code；Described information O&M knowledge security accesses and comprises the following steps: (1) carries out safety verification to accessing user identity；(2) the information O&M service knowledge data being stored on resource pool are read.The present invention can realize accessible sharing, and decreases EMS memory occupation, improves data call speed, and improves the safety that information O&M service knowledge is shared on the premise of ensureing convenience.

Description

Information O&M service knowledge sharing method based on big data trust computing

Technical field

The present invention relates to Information Sharing Technology field, in particular to information O&M based on big data trust computing Service knowledge sharing method.

Background technology

Information O&M service knowledge sharing method in correlation technique can not realize safely and efficiently depositing of information of sharing Storage and the issue of shared information so that promptness and safety that information O&M service knowledge is shared are poor.

Trust computing is to calculate and trust computing based on hardware security module support under is widely used in communication system Platform, the safety overall to improve system.Information security has four sides: equipment safety, data safety, content safety with Behavior safety.Behavior safety includes: the confidentiality of behavior, the integrity of behavior, the feature such as verity of behavior.Trust computing is Behavior safety and give birth to.

Summary of the invention

It is an object of the invention to provide information O&M service knowledge sharing method based on big data trust computing, to solve The most above-mentioned problem.

The purpose of the present invention realizes by the following technical solutions:

Information O&M service knowledge sharing method based on big data trust computing, it includes that information O&M knowledge security is deposited Storage, information O&M knowledge security access and credible evaluation；

Described information O&M knowledge security storage comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body Part carries out safety verification；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types Method encodes, and described custom coding method is as follows:

(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag M the attribute contained is S₁,S₂,…,S_m；

(2) attribute of coded object is chosen, particularly as follows:

1) n constraints of attribute is set as R₁,R₂,…,R_n, according to attribute and constraints thereof, obtain attribute weight because of Submatrix W:

In formula, a_ijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute S_mMeet restriction condition R_nDegree, span is [0,1]；

2) defined attribute weight w_i:

$w_i={\mathrm{\Σ}}_{j=1}^n{a}_{ij}$

Attribute weight is normalized and obtains normalization attribute weight w_i':

$w_i^{\′}=\frac{w_i}{{\mathrm{\Σ}}_{i=1}^m{w}_i}$

3) attribute weight threshold value T is set₁, defined attribute Selection of Function X_i:

$X_i=\left\{\begin{array}{cc}1,& w_i^{\&prime;}\&GreaterEqual;T_1\\ 0,& w_i^{\&prime;}<T_1\end{array}\right.$

4) set up attribute and choose Optimized model:

$Z={\&Sigma;}_{i=1}^m{S}_i{X}_i$

5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses；

(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped Make system virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

Described information O&M knowledge security accesses and comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body Part carries out safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically For:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two Individual class internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter look into Inquiry information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch, wherein threshold value T₂Value Scope is [m/2,3m/4]；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Preferably, described to access user identity carry out safety verification, particularly as follows:

(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes Business device certification end, if incorrect, returns error reporting；

(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge Server authentication end preserves identity and association key simultaneously；If there is not this user record, knowledge services device certification in system Hold and provide terminal to return error reporting to local service；

(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity It is sent to knowledge services device certification end after being encrypted with the finger print information of input；If it is incorrect, to knowledge services device certification end Send illegal report；

(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal Report.

Preferably, described to storage user identity carry out safety verification, particularly as follows:

(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user will be stored defeated The fingerprint entered and identity are sent to knowledge store certification end after being encrypted；

(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption, And the fingerprint that would correspond to identity extracts in data base and compares with the fingerprint storing user's input, if the two Identical, it is determined that this storage user is legal storage user, for the virtual resource that legal storage user's configuration is corresponding with storage request Pond, if incorrect, provides terminal to return error reporting to local service.

Preferably, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards Solve as sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations Mark is evaluated from different sides to credible attribute or sub-attribute；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index Which rank of evaluation criterion property or sub-attribute have reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.

The present invention can include following beneficial effect:

1, information O&M service knowledge is encoded, facilitate Back ground Information and realize with all kinds of business information accessible common Enjoy；

2, according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, subtracts Lack EMS memory occupation, improve data call speed；

3, to storage user carry out safety verification time, User Identity and finger print information the most encrypted after transmit, Not havinging plaintext version, knowledge store certification end is just true after verifying the User Identity after encryption and finger print information Whether fixed be that storage user's configuration asks corresponding virtual resource pond with storage, limits the illegal storage of disabled user, and tests Card speed is fast, further increases the safety that information O&M service knowledge is shared on the premise of ensureing convenience；

4, to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number is all with close Literary composition form is transmitted, and does not haves plaintext version；Meanwhile, according to symmetry and the one-way hash function feature of user key, Via the user profile ciphertext of passage transmission, there is unipolarity, even data are intercepted and captured, be intended to it is cracked the most highly difficult, When taking precautions against transmission with this, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increase information O&M service and know Know the safety shared.

5, protect the data storage area specified, prevent opponent from implementing certain types of physical access；Impart all Calculate the code that performs on platform to prove that it is not tampered with in environment, at one, the ability run, from the angle of broad sense, credible Calculating platform is that the network user provides a security context the broadest, and it describes safety from the angle of security system and asks Topic, it is ensured that the secure execution environments of user, breaks through Passive Defence patch installing mode.

It should be appreciated that it is only exemplary that above general description and details hereinafter describe, can not be limited this Open.

Accompanying drawing explanation

Fig. 1 is the method flow diagram of the information O&M knowledge security storage of the present invention；

Fig. 2 is the method flow diagram of the information O&M knowledge security access of the present invention

Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention Example, and for explaining the principle of the present invention together with description.

Detailed description of the invention

Below by specific embodiment and combine accompanying drawing the present invention is described in further detail.

Embodiment 1

See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation；

Described information O&M knowledge security storage comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body Part carries out safety verification；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types Method encodes；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped Make system virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

Described information O&M knowledge security accesses and comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body Part carries out safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically For:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two Individual class internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter look into Inquiry information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Preferably, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards Solve as sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations Mark is evaluated from different sides to credible attribute or sub-attribute；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index Which rank of evaluation criterion property or sub-attribute have reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.

Information O&M service knowledge is encoded by the present embodiment, facilitates Back ground Information and realizes nothing with all kinds of business information Obstacle is shared；According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, subtracts Lack EMS memory occupation, improve data call speed；Protect the data storage area specified, prevent opponent from implementing certain types of Physical access；Impart all codes performed on calculating platform to prove that it is at an energy being not tampered with in environment operation Power, from the angle of broad sense, credible calculating platform is that the network user provides a security context the broadest, and it is from safety body The angle of system describes safety problem, it is ensured that the secure execution environments of user, breaks through Passive Defence patch installing mode.

Embodiment 2

See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation；

Described information O&M knowledge security storage comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body Part carries out safety verification；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types Method encodes；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped Make system virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

Described information O&M knowledge security accesses and comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body Part carries out safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically For:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two Individual class internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter look into Inquiry information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Wherein, the custom coding method of the present embodiment is as follows:

(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag M the attribute contained is S₁,S₂,…,S_m；

(2) attribute of coded object is chosen, particularly as follows:

1) n constraints of attribute is set as R₁,R₂,…,R_n, according to attribute and constraints thereof, obtain attribute weight because of Submatrix W:

In formula, a_ijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute S_mMeet restriction condition R_nDegree, span is [0,1]；

2) defined attribute weight w_i:

$w_i={\mathrm{\&Sigma;}}_{j=1}^n{a}_{ij}$

Attribute weight is normalized and obtains normalization attribute weight w_i':

$w_i^{\&prime;}=\frac{w_i}{{\mathrm{\&Sigma;}}_{i=1}^m{w}_i}$

3) attribute weight threshold value T is set₁, defined attribute Selection of Function X_i:

$X_i=\left\{\begin{array}{cc}1,& w_i^{\&prime;}\&GreaterEqual;T_1\\ 0,& w_i^{\&prime;}<T_1\end{array}\right.$

4) set up attribute and choose Optimized model:

$Z={\&Sigma;}_{i=1}^m{S}_i{X}_i$

5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses；

(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data；

Preferably, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards Solve as sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations Mark is evaluated from different sides to credible attribute or sub-attribute；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index Which rank of evaluation criterion property or sub-attribute have reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.

Information O&M service knowledge is encoded by the present embodiment, facilitates Back ground Information and realizes nothing with all kinds of business information Obstacle is shared；According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, subtracts Having lacked EMS memory occupation, improve data call speed, the present embodiment sets threshold value T₂Value be m/2, data call speed carries High by 0.5%；Protect the data storage area specified, prevent opponent from implementing certain types of physical access；Impart all Calculate the code that performs on platform to prove that it is not tampered with in environment, at one, the ability run, from the angle of broad sense, credible Calculating platform is that the network user provides a security context the broadest, and it describes safety from the angle of security system and asks Topic, it is ensured that the secure execution environments of user, breaks through Passive Defence patch installing mode.

Embodiment 3

See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation；

Described information O&M knowledge security storage comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body Part carries out safety verification；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types Method encodes, and described custom coding method is as follows:

(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag M the attribute contained is S₁,S₂,…,S_m；

(2) attribute of coded object is chosen, particularly as follows:

1) n constraints of attribute is set as R₁,R₂,…,R_n, according to attribute and constraints thereof, obtain attribute weight because of Submatrix W:

In formula, a_ijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute S_mMeet restriction condition R_nDegree, span is [0,1]；

2) defined attribute weight w_i:

$w_i={\mathrm{\&Sigma;}}_{j=1}^n{a}_{ij}$

Attribute weight is normalized and obtains normalization attribute weight w_i':

$w_i^{\&prime;}=\frac{w_i}{{\mathrm{\&Sigma;}}_{i=1}^m{w}_i}$

3) attribute weight threshold value T is set₁, defined attribute Selection of Function X_i:

$X_i=\left\{\begin{array}{cc}1,& w_i^{\&prime;}\&GreaterEqual;T_1\\ 0,& w_i^{\&prime;}<T_1\end{array}\right.$

4) set up attribute and choose Optimized model:

$Z={\&Sigma;}_{i=1}^m{S}_i{X}_i$

5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses；

(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped Make system virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

Described information O&M knowledge security accesses and comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body Part carries out safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically For:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two Individual class internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter look into Inquiry information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch, wherein threshold value T₂Value Scope is [m/2,3m/4]；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Wherein, described to access user identity carry out safety verification, particularly as follows:

(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes Business device certification end, if incorrect, returns error reporting；

(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge Server authentication end preserves identity and association key simultaneously；If there is not this user record, knowledge services device certification in system Hold and provide terminal to return error reporting to local service；

(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity It is sent to knowledge services device certification end after being encrypted with the finger print information of input；If it is incorrect, to knowledge services device certification end Send illegal report；

(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal Report.

Preferably, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards Solve as sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations Mark is evaluated from different sides to credible attribute or sub-attribute；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index Which rank of evaluation criterion property or sub-attribute have reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.

The present embodiment to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number All transmit with ciphertext form, do not have plaintext version；Meanwhile, according to symmetry and the one-way hash function of user key Feature, has unipolarity via the user profile ciphertext of passage transmission, even data are intercepted and captured, is intended to crack it the most very Difficulty, when taking precautions against transmission with this, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increases information O&M clothes The safety of business knowledge sharing；Information O&M service knowledge is encoded, facilitates Back ground Information real with all kinds of business information Existing accessible shared；According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is adjusted Degree, decreases EMS memory occupation, improves data call speed, and the present embodiment sets threshold value T₂Value be 9m/16, data call Speed improves 0.7%；Protect the data storage area specified, prevent opponent from implementing certain types of physical access；Impart All calculating the codes that perform on platform to prove that it is not tampered with in environment, at one, the ability run, from the angle of broad sense Degree, credible calculating platform is that the network user provides a security context the broadest, and it is retouched from the angle of security system State safety problem, it is ensured that the secure execution environments of user, break through Passive Defence patch installing mode.

Embodiment 4

See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation；

Described information O&M knowledge security storage comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body Part carries out safety verification；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types Method encodes, and described custom coding method is as follows:

(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag M the attribute contained is S₁,S₂,…,S_m；

(2) attribute of coded object is chosen, particularly as follows:

1) n constraints of attribute is set as R₁,R₂,…,R_n, according to attribute and constraints thereof, obtain attribute weight because of Submatrix W:

In formula, a_ijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute S_mMeet restriction condition R_nDegree, span is [0,1]；

2) defined attribute weight w_i:

$w_i={\mathrm{\&Sigma;}}_{j=1}^n{a}_{ij}$

Attribute weight is normalized and obtains normalization attribute weight w_i':

$w_i^{\&prime;}=\frac{w_i}{{\mathrm{\&Sigma;}}_{i=1}^m{w}_i}$

3) attribute weight threshold value T is set₁, defined attribute Selection of Function X_i:

$X_i=\left\{\begin{array}{cc}1,& w_i^{\&prime;}\&GreaterEqual;T_1\\ 0,& w_i^{\&prime;}<T_1\end{array}\right.$

4) set up attribute and choose Optimized model:

$Z={\&Sigma;}_{i=1}^m{S}_i{X}_i$

5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses；

(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped Make system virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

Described information O&M knowledge security accesses and comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body Part carries out safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically For:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two Individual class internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter look into Inquiry information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch, wherein threshold value T₂Value Scope is [m/2,3m/4]；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Wherein, described to access user identity carry out safety verification, particularly as follows:

(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes Business device certification end, if incorrect, returns error reporting；

(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge Server authentication end preserves identity and association key simultaneously；If there is not this user record, knowledge services device certification in system Hold and provide terminal to return error reporting to local service；

(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity It is sent to knowledge services device certification end after being encrypted with the finger print information of input；If it is incorrect, to knowledge services device certification end Send illegal report；

(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal Report.

Wherein, described to storage user identity carry out safety verification, particularly as follows:

(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user will be stored defeated The fingerprint entered and identity are sent to knowledge store certification end after being encrypted；

(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption, And the fingerprint that would correspond to identity extracts in data base and compares with the fingerprint storing user's input, if the two Identical, it is determined that this storage user is legal storage user, for the virtual resource that legal storage user's configuration is corresponding with storage request Pond, if incorrect, provides terminal to return error reporting to local service.

Preferably, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards Solve as sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations Mark is evaluated from different sides to credible attribute or sub-attribute；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index Which rank of evaluation criterion property or sub-attribute have reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.

The present embodiment to storage user carry out safety verification time, User Identity and finger print information the most encrypted after carry out Transmission, does not haves plaintext version, and the User Identity after encryption and finger print information are verified by knowledge store certification end Rear just determine whether to ask corresponding virtual resource pond for storage user's configuration with storage, limit illegally depositing of disabled user Storage, and verifying speed is fast, further increases the safety that information O&M service knowledge is shared on the premise of ensureing convenience, And to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number is all entered with ciphertext form Row transmission, does not haves plaintext version；Meanwhile, according to symmetry and the one-way hash function feature of user key, via passage The user profile ciphertext of transmission has unipolarity, even data are intercepted and captured, is intended to crack it the most highly difficult, takes precautions against with this During transmission, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increases what information O&M service knowledge was shared Safety；Information O&M service knowledge is encoded, facilitates Back ground Information and realize accessible sharing with all kinds of business information； According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, decreases internal memory and account for With, improve data call speed, the present embodiment sets threshold value T₂Value be 5m/8, data call speed improves 0.9%； Protect the data storage area specified, prevent opponent from implementing certain types of physical access；Impart all calculating on platform Perform code with prove it one be not tampered with in environment run ability, from the angle of broad sense, credible calculating platform is The network user provides a security context the broadest, and it describes safety problem from the angle of security system, it is ensured that use The secure execution environments at family, breaks through Passive Defence patch installing mode.

Embodiment 5

See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation；

Described information O&M knowledge security storage comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body Part carries out safety verification；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types Method encodes, and described custom coding method is as follows:

(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag M the attribute contained is S₁,S₂,…,S_m；

(2) attribute of coded object is chosen, particularly as follows:

1) n constraints of attribute is set as R₁,R₂,…,R_n, according to attribute and constraints thereof, obtain attribute weight because of Submatrix W:

In formula, a_ijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute S_mMeet restriction condition R_nDegree, span is [0,1]；

2) defined attribute weight w_i:

$w_i={\mathrm{\&Sigma;}}_{j=1}^n{a}_{ij}$

Attribute weight is normalized and obtains normalization attribute weight w_i':

$w_i^{\&prime;}=\frac{w_i}{{\mathrm{\&Sigma;}}_{i=1}^m{w}_i}$

3) attribute weight threshold value T is set₁, defined attribute Selection of Function X_i:

$X_i=\left\{\begin{array}{cc}1,& w_i^{\&prime;}\&GreaterEqual;T_1\\ 0,& w_i^{\&prime;}<T_1\end{array}\right.$

4) set up attribute and choose Optimized model:

$Z={\&Sigma;}_{i=1}^m{S}_i{X}_i$

5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses；

(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped Make system virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

Described information O&M knowledge security accesses and comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body Part carries out safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically For:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two Individual class internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter look into Inquiry information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch, wherein threshold value T₂Value Scope is [m/2,3m/4]；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Wherein, described to access user identity carry out safety verification, particularly as follows:

(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes Business device certification end, if incorrect, returns error reporting；

(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge Server authentication end preserves identity and association key simultaneously；If there is not this user record, knowledge services device certification in system Hold and provide terminal to return error reporting to local service；

(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity It is sent to knowledge services device certification end after being encrypted with the finger print information of input；If it is incorrect, to knowledge services device certification end Send illegal report；

(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal Report.

Wherein, described to storage user identity carry out safety verification, particularly as follows:

(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user will be stored defeated The fingerprint entered and identity are sent to knowledge store certification end after being encrypted；

(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption, And the fingerprint that would correspond to identity extracts in data base and compares with the fingerprint storing user's input, if the two Identical, it is determined that this storage user is legal storage user, for the virtual resource that legal storage user's configuration is corresponding with storage request Pond, if incorrect, provides terminal to return error reporting to local service.

Preferably, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards Solve as sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations Mark is evaluated from different sides to credible attribute or sub-attribute；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index Which rank of evaluation criterion property or sub-attribute have reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.

The present embodiment to storage user carry out safety verification time, User Identity and finger print information the most encrypted after carry out Transmission, does not haves plaintext version, and the User Identity after encryption and finger print information are verified by knowledge store certification end Rear just determine whether to ask corresponding virtual resource pond for storage user's configuration with storage, limit illegally depositing of disabled user Storage, and verifying speed is fast, further increases the safety that information O&M service knowledge is shared on the premise of ensureing convenience, And to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number is all entered with ciphertext form Row transmission, does not haves plaintext version；Meanwhile, according to symmetry and the one-way hash function feature of user key, via passage The user profile ciphertext of transmission has unipolarity, even data are intercepted and captured, is intended to crack it the most highly difficult, takes precautions against with this During transmission, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increases what information O&M service knowledge was shared Safety；Information O&M service knowledge is encoded, facilitates Back ground Information and realize accessible sharing with all kinds of business information； According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, decreases internal memory and account for With, improve data call speed, the present embodiment sets threshold value T₂Value be 11m/16, data call speed improves 1.2%；Protect the data storage area specified, prevent opponent from implementing certain types of physical access；Impart all calculating On platform perform code with prove it one be not tampered with in environment run ability, from the angle of broad sense, trust computing Platform is that the network user provides a security context the broadest, and it describes safety problem from the angle of security system, Guarantee the secure execution environments of user, break through Passive Defence patch installing mode.

The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (4)

1. information O&M service knowledge sharing method based on big data trust computing, it is characterised in that include that information O&M is known Know credible and secure storage, the credible and secure access of information O&M knowledge and credible evaluation；

The described information credible and secure storage of O&M knowledge comprises the following steps:

When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, storage user identity is entered The credible and secure checking of row；

Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into rudimentary knowledge With professional knowledge two types data, described rudimentary knowledge includes text and the figure that can reflect information O&M service basic condition Picture, described professional knowledge includes the text relevant to each business in the service of information O&M and image；

Pretreated information O&M service knowledge data are used custom coding method respectively by Step 103 according to classified types Encoding, described custom coding method is as follows:

(1) using pretreated information O&M service knowledge data as coded object, if what information O&M service knowledge Z comprised M attribute is S₁,S₂,…,S_m；

(2) attribute of coded object is chosen, particularly as follows:

1) n constraints of attribute is set as R₁,R₂,…,R_n, according to attribute and constraints thereof, obtain attribute weight factor square Battle array W:

In formula, a_ijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute S_mMeet restriction condition R_n's Degree, span is [0,1]；

2) defined attribute weight w_i:

$w_i={\mathrm{\&Sigma;}}_{j=1}^n{a}_{ij}$

Attribute weight is normalized and obtains normalization attribute weight w '_i:

$w_i^{\&prime;}=\frac{w_i}{{\mathrm{\&Sigma;}}_{i=1}^m{w}_i}$

3) attribute weight threshold value T is set₁, defined attribute Selection of Function X_i:

$X_i=\left\{\begin{array}{cc}1,& w_i^{\&prime;}\&GreaterEqual;T_1\\ 0,& w_i^{\&prime;}<T_1\end{array}\right.$

4) set up attribute and choose Optimized model:

$Z={\mathrm{\&Sigma;}}_{i=1}^m{S}_i{X}_i$

5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses；

(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data；

Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and by user operation system System virtualization；

Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code；

The described information credible and secure access of O&M knowledge comprises the following steps:

When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, enter accessing user identity Row safety verification；

When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, particularly as follows:

(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two class Internal information O&M service knowledge Z₁And Z₂, definition distance function D:

D(Z₁,Z₂)=Y

In formula, Y represents Z₁And Z₂The number that the attribute of optimum option is identical, sets threshold value T₂If, D >=T₂, the most no matter Query Information O&M service knowledge Z₁Or Z₂, all to information O&M service knowledge Z₁And Z₂Prefetch, wherein threshold value T₂Span be [m/2,3m/4]；

(2) concrete information O&M service knowledge positional information is obtained according to cluster index；

(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.

Information O&M service knowledge sharing method based on big data trust computing the most according to claim 1, its feature Be, described to access user identity carry out credible and secure checking, particularly as follows:

(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if correctly, Access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge services device recognizes Card end, if incorrect, returns error reporting；

(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password code of user's input ciphertext It is decrypted calculating with the ciphertext of identity, extracts password code and the value of identity accessing user's input, then exist Find identity relative recording that password is decrypted calculating in authentication database, if system exists this accesses user's note Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will refer to simultaneously Stricture of vagina acquisition instructions, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, and knowledge takes Business device certification end preserves identity and association key simultaneously；If there is not this user record, knowledge services device certification end in system Terminal is provided to return error reporting to local service；

(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption session are received when resource request user side After random number, verify that this session key and an encryption session random number are the most correct, if correctly, send finger to accessing user The input instruction of stricture of vagina information, is decrypted calculating, simultaneously by identity with defeated to this session key and encryption session random number The finger print information entered is sent to knowledge services device certification end after being encrypted；If incorrect, send to knowledge services device certification end Illegal report；

(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, to the body after encryption Part mark is decrypted calculating with the finger print information of input, and the fingerprint that would correspond to identity extracts in data base Compare with the finger print information of input, if the two is identical, then respond access request, if the two differs, return illegal report.

Information O&M service knowledge sharing method based on big data trust computing the most according to claim 1, its feature Be, described to storage user identity carry out credible and secure checking, particularly as follows:

(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user's input will be stored Fingerprint and identity are sent to knowledge store certification end after being encrypted；

(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption, and will Extract in data base corresponding to the fingerprint of identity and compare with the fingerprint storing user's input, if the two phase With, it is determined that this storage user is legal storage user, configures the virtual resource pond corresponding with storage request for legal storage user, If incorrect, terminal is provided to return error reporting to local service.

Information O&M service knowledge sharing method based on big data trust computing the most according to claim 1, its feature Being, described credible evaluation comprises the steps of

Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be decomposed into downwards Sub-attribute；

Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can with these evaluation indexes from Credible attribute or sub-attribute are evaluated by different sides；

Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four: excellent, Good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible attribute according to the valued combinations of each evaluation index Or which rank of evaluation criterion sub-attribute has reached；

Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template, and base Carrying out credible evaluation in this template movable, so that credible evaluation is more targeted, the result of assessment is more accurate.