Information O&M service knowledge sharing method based on big data trust computing
Technical field
The present invention relates to Information Sharing Technology field, in particular to information O&M based on big data trust computing
Service knowledge sharing method.
Background technology
Information O&M service knowledge sharing method in correlation technique can not realize safely and efficiently depositing of information of sharing
Storage and the issue of shared information so that promptness and safety that information O&M service knowledge is shared are poor.
Trust computing is to calculate and trust computing based on hardware security module support under is widely used in communication system
Platform, the safety overall to improve system.Information security has four sides: equipment safety, data safety, content safety with
Behavior safety.Behavior safety includes: the confidentiality of behavior, the integrity of behavior, the feature such as verity of behavior.Trust computing is
Behavior safety and give birth to.
Summary of the invention
It is an object of the invention to provide information O&M service knowledge sharing method based on big data trust computing, to solve
The most above-mentioned problem.
The purpose of the present invention realizes by the following technical solutions:
Information O&M service knowledge sharing method based on big data trust computing, it includes that information O&M knowledge security is deposited
Storage, information O&M knowledge security access and credible evaluation;
Described information O&M knowledge security storage comprises the following steps:
When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body
Part carries out safety verification;
Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis
Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition
And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image;
Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types
Method encodes, and described custom coding method is as follows:
(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag
M the attribute contained is S1,S2,…,Sm;
(2) attribute of coded object is chosen, particularly as follows:
1) n constraints of attribute is set as R1,R2,…,Rn, according to attribute and constraints thereof, obtain attribute weight because of
Submatrix W:
In formula, aijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute SmMeet restriction condition
RnDegree, span is [0,1];
2) defined attribute weight wi:
Attribute weight is normalized and obtains normalization attribute weight wi':
3) attribute weight threshold value T is set1, defined attribute Selection of Function Xi:
4) set up attribute and choose Optimized model:
5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses;
(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data;
Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped
Make system virtualization;
Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code;
Described information O&M knowledge security accesses and comprises the following steps:
When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body
Part carries out safety verification;
When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically
For:
(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two
Individual class internal information O&M service knowledge Z1And Z2, definition distance function D:
D(Z1,Z2)=Y
In formula, Y represents Z1And Z2The number that the attribute of optimum option is identical, sets threshold value T2If, D >=T2, the most no matter look into
Inquiry information O&M service knowledge Z1Or Z2, all to information O&M service knowledge Z1And Z2Prefetch, wherein threshold value T2Value
Scope is [m/2,3m/4];
(2) concrete information O&M service knowledge positional information is obtained according to cluster index;
(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.
Preferably, described to access user identity carry out safety verification, particularly as follows:
(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if
Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes
Business device certification end, if incorrect, returns error reporting;
(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext
The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so
After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user
Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously
Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge
Server authentication end preserves identity and association key simultaneously;If there is not this user record, knowledge services device certification in system
Hold and provide terminal to return error reporting to local service;
(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side
After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user
Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity
It is sent to knowledge services device certification end after being encrypted with the finger print information of input;If it is incorrect, to knowledge services device certification end
Send illegal report;
(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption
The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base
Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal
Report.
Preferably, described to storage user identity carry out safety verification, particularly as follows:
(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user will be stored defeated
The fingerprint entered and identity are sent to knowledge store certification end after being encrypted;
(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption,
And the fingerprint that would correspond to identity extracts in data base and compares with the fingerprint storing user's input, if the two
Identical, it is determined that this storage user is legal storage user, for the virtual resource that legal storage user's configuration is corresponding with storage request
Pond, if incorrect, provides terminal to return error reporting to local service.
Preferably, described credible evaluation comprises the steps of
Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards
Solve as sub-attribute;
Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations
Mark is evaluated from different sides to credible attribute or sub-attribute;
Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four:
Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index
Which rank of evaluation criterion property or sub-attribute have reached;
Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template,
And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.
The present invention can include following beneficial effect:
1, information O&M service knowledge is encoded, facilitate Back ground Information and realize with all kinds of business information accessible common
Enjoy;
2, according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, subtracts
Lack EMS memory occupation, improve data call speed;
3, to storage user carry out safety verification time, User Identity and finger print information the most encrypted after transmit,
Not havinging plaintext version, knowledge store certification end is just true after verifying the User Identity after encryption and finger print information
Whether fixed be that storage user's configuration asks corresponding virtual resource pond with storage, limits the illegal storage of disabled user, and tests
Card speed is fast, further increases the safety that information O&M service knowledge is shared on the premise of ensureing convenience;
4, to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number is all with close
Literary composition form is transmitted, and does not haves plaintext version;Meanwhile, according to symmetry and the one-way hash function feature of user key,
Via the user profile ciphertext of passage transmission, there is unipolarity, even data are intercepted and captured, be intended to it is cracked the most highly difficult,
When taking precautions against transmission with this, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increase information O&M service and know
Know the safety shared.
5, protect the data storage area specified, prevent opponent from implementing certain types of physical access;Impart all
Calculate the code that performs on platform to prove that it is not tampered with in environment, at one, the ability run, from the angle of broad sense, credible
Calculating platform is that the network user provides a security context the broadest, and it describes safety from the angle of security system and asks
Topic, it is ensured that the secure execution environments of user, breaks through Passive Defence patch installing mode.
It should be appreciated that it is only exemplary that above general description and details hereinafter describe, can not be limited this
Open.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the information O&M knowledge security storage of the present invention;
Fig. 2 is the method flow diagram of the information O&M knowledge security access of the present invention
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention
Example, and for explaining the principle of the present invention together with description.
Detailed description of the invention
Below by specific embodiment and combine accompanying drawing the present invention is described in further detail.
Embodiment 1
See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including
The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation;
Described information O&M knowledge security storage comprises the following steps:
When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body
Part carries out safety verification;
Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis
Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition
And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image;
Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types
Method encodes;
Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped
Make system virtualization;
Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code;
Described information O&M knowledge security accesses and comprises the following steps:
When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body
Part carries out safety verification;
When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically
For:
(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two
Individual class internal information O&M service knowledge Z1And Z2, definition distance function D:
D(Z1,Z2)=Y
In formula, Y represents Z1And Z2The number that the attribute of optimum option is identical, sets threshold value T2If, D >=T2, the most no matter look into
Inquiry information O&M service knowledge Z1Or Z2, all to information O&M service knowledge Z1And Z2Prefetch;
(2) concrete information O&M service knowledge positional information is obtained according to cluster index;
(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.
Preferably, described credible evaluation comprises the steps of
Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards
Solve as sub-attribute;
Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations
Mark is evaluated from different sides to credible attribute or sub-attribute;
Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four:
Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index
Which rank of evaluation criterion property or sub-attribute have reached;
Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template,
And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.
Information O&M service knowledge is encoded by the present embodiment, facilitates Back ground Information and realizes nothing with all kinds of business information
Obstacle is shared;According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, subtracts
Lack EMS memory occupation, improve data call speed;Protect the data storage area specified, prevent opponent from implementing certain types of
Physical access;Impart all codes performed on calculating platform to prove that it is at an energy being not tampered with in environment operation
Power, from the angle of broad sense, credible calculating platform is that the network user provides a security context the broadest, and it is from safety body
The angle of system describes safety problem, it is ensured that the secure execution environments of user, breaks through Passive Defence patch installing mode.
Embodiment 2
See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including
The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation;
Described information O&M knowledge security storage comprises the following steps:
When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body
Part carries out safety verification;
Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis
Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition
And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image;
Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types
Method encodes;
Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped
Make system virtualization;
Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code;
Described information O&M knowledge security accesses and comprises the following steps:
When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body
Part carries out safety verification;
When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically
For:
(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two
Individual class internal information O&M service knowledge Z1And Z2, definition distance function D:
D(Z1,Z2)=Y
In formula, Y represents Z1And Z2The number that the attribute of optimum option is identical, sets threshold value T2If, D >=T2, the most no matter look into
Inquiry information O&M service knowledge Z1Or Z2, all to information O&M service knowledge Z1And Z2Prefetch;
(2) concrete information O&M service knowledge positional information is obtained according to cluster index;
(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.
Wherein, the custom coding method of the present embodiment is as follows:
(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag
M the attribute contained is S1,S2,…,Sm;
(2) attribute of coded object is chosen, particularly as follows:
1) n constraints of attribute is set as R1,R2,…,Rn, according to attribute and constraints thereof, obtain attribute weight because of
Submatrix W:
In formula, aijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute SmMeet restriction condition
RnDegree, span is [0,1];
2) defined attribute weight wi:
Attribute weight is normalized and obtains normalization attribute weight wi':
3) attribute weight threshold value T is set1, defined attribute Selection of Function Xi:
4) set up attribute and choose Optimized model:
5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses;
(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data;
Preferably, described credible evaluation comprises the steps of
Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards
Solve as sub-attribute;
Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations
Mark is evaluated from different sides to credible attribute or sub-attribute;
Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four:
Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index
Which rank of evaluation criterion property or sub-attribute have reached;
Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template,
And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.
Information O&M service knowledge is encoded by the present embodiment, facilitates Back ground Information and realizes nothing with all kinds of business information
Obstacle is shared;According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, subtracts
Having lacked EMS memory occupation, improve data call speed, the present embodiment sets threshold value T2Value be m/2, data call speed carries
High by 0.5%;Protect the data storage area specified, prevent opponent from implementing certain types of physical access;Impart all
Calculate the code that performs on platform to prove that it is not tampered with in environment, at one, the ability run, from the angle of broad sense, credible
Calculating platform is that the network user provides a security context the broadest, and it describes safety from the angle of security system and asks
Topic, it is ensured that the secure execution environments of user, breaks through Passive Defence patch installing mode.
Embodiment 3
See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including
The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation;
Described information O&M knowledge security storage comprises the following steps:
When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body
Part carries out safety verification;
Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis
Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition
And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image;
Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types
Method encodes, and described custom coding method is as follows:
(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag
M the attribute contained is S1,S2,…,Sm;
(2) attribute of coded object is chosen, particularly as follows:
1) n constraints of attribute is set as R1,R2,…,Rn, according to attribute and constraints thereof, obtain attribute weight because of
Submatrix W:
In formula, aijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute SmMeet restriction condition
RnDegree, span is [0,1];
2) defined attribute weight wi:
Attribute weight is normalized and obtains normalization attribute weight wi':
3) attribute weight threshold value T is set1, defined attribute Selection of Function Xi:
4) set up attribute and choose Optimized model:
5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses;
(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data;
Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped
Make system virtualization;
Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code;
Described information O&M knowledge security accesses and comprises the following steps:
When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body
Part carries out safety verification;
When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically
For:
(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two
Individual class internal information O&M service knowledge Z1And Z2, definition distance function D:
D(Z1,Z2)=Y
In formula, Y represents Z1And Z2The number that the attribute of optimum option is identical, sets threshold value T2If, D >=T2, the most no matter look into
Inquiry information O&M service knowledge Z1Or Z2, all to information O&M service knowledge Z1And Z2Prefetch, wherein threshold value T2Value
Scope is [m/2,3m/4];
(2) concrete information O&M service knowledge positional information is obtained according to cluster index;
(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.
Wherein, described to access user identity carry out safety verification, particularly as follows:
(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if
Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes
Business device certification end, if incorrect, returns error reporting;
(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext
The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so
After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user
Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously
Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge
Server authentication end preserves identity and association key simultaneously;If there is not this user record, knowledge services device certification in system
Hold and provide terminal to return error reporting to local service;
(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side
After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user
Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity
It is sent to knowledge services device certification end after being encrypted with the finger print information of input;If it is incorrect, to knowledge services device certification end
Send illegal report;
(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption
The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base
Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal
Report.
Preferably, described credible evaluation comprises the steps of
Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards
Solve as sub-attribute;
Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations
Mark is evaluated from different sides to credible attribute or sub-attribute;
Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four:
Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index
Which rank of evaluation criterion property or sub-attribute have reached;
Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template,
And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.
The present embodiment to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number
All transmit with ciphertext form, do not have plaintext version;Meanwhile, according to symmetry and the one-way hash function of user key
Feature, has unipolarity via the user profile ciphertext of passage transmission, even data are intercepted and captured, is intended to crack it the most very
Difficulty, when taking precautions against transmission with this, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increases information O&M clothes
The safety of business knowledge sharing;Information O&M service knowledge is encoded, facilitates Back ground Information real with all kinds of business information
Existing accessible shared;According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is adjusted
Degree, decreases EMS memory occupation, improves data call speed, and the present embodiment sets threshold value T2Value be 9m/16, data call
Speed improves 0.7%;Protect the data storage area specified, prevent opponent from implementing certain types of physical access;Impart
All calculating the codes that perform on platform to prove that it is not tampered with in environment, at one, the ability run, from the angle of broad sense
Degree, credible calculating platform is that the network user provides a security context the broadest, and it is retouched from the angle of security system
State safety problem, it is ensured that the secure execution environments of user, break through Passive Defence patch installing mode.
Embodiment 4
See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including
The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation;
Described information O&M knowledge security storage comprises the following steps:
When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body
Part carries out safety verification;
Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis
Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition
And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image;
Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types
Method encodes, and described custom coding method is as follows:
(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag
M the attribute contained is S1,S2,…,Sm;
(2) attribute of coded object is chosen, particularly as follows:
1) n constraints of attribute is set as R1,R2,…,Rn, according to attribute and constraints thereof, obtain attribute weight because of
Submatrix W:
In formula, aijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute SmMeet restriction condition
RnDegree, span is [0,1];
2) defined attribute weight wi:
Attribute weight is normalized and obtains normalization attribute weight wi':
3) attribute weight threshold value T is set1, defined attribute Selection of Function Xi:
4) set up attribute and choose Optimized model:
5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses;
(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data;
Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped
Make system virtualization;
Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code;
Described information O&M knowledge security accesses and comprises the following steps:
When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body
Part carries out safety verification;
When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically
For:
(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two
Individual class internal information O&M service knowledge Z1And Z2, definition distance function D:
D(Z1,Z2)=Y
In formula, Y represents Z1And Z2The number that the attribute of optimum option is identical, sets threshold value T2If, D >=T2, the most no matter look into
Inquiry information O&M service knowledge Z1Or Z2, all to information O&M service knowledge Z1And Z2Prefetch, wherein threshold value T2Value
Scope is [m/2,3m/4];
(2) concrete information O&M service knowledge positional information is obtained according to cluster index;
(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.
Wherein, described to access user identity carry out safety verification, particularly as follows:
(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if
Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes
Business device certification end, if incorrect, returns error reporting;
(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext
The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so
After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user
Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously
Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge
Server authentication end preserves identity and association key simultaneously;If there is not this user record, knowledge services device certification in system
Hold and provide terminal to return error reporting to local service;
(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side
After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user
Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity
It is sent to knowledge services device certification end after being encrypted with the finger print information of input;If it is incorrect, to knowledge services device certification end
Send illegal report;
(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption
The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base
Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal
Report.
Wherein, described to storage user identity carry out safety verification, particularly as follows:
(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user will be stored defeated
The fingerprint entered and identity are sent to knowledge store certification end after being encrypted;
(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption,
And the fingerprint that would correspond to identity extracts in data base and compares with the fingerprint storing user's input, if the two
Identical, it is determined that this storage user is legal storage user, for the virtual resource that legal storage user's configuration is corresponding with storage request
Pond, if incorrect, provides terminal to return error reporting to local service.
Preferably, described credible evaluation comprises the steps of
Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards
Solve as sub-attribute;
Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations
Mark is evaluated from different sides to credible attribute or sub-attribute;
Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four:
Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index
Which rank of evaluation criterion property or sub-attribute have reached;
Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template,
And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.
The present embodiment to storage user carry out safety verification time, User Identity and finger print information the most encrypted after carry out
Transmission, does not haves plaintext version, and the User Identity after encryption and finger print information are verified by knowledge store certification end
Rear just determine whether to ask corresponding virtual resource pond for storage user's configuration with storage, limit illegally depositing of disabled user
Storage, and verifying speed is fast, further increases the safety that information O&M service knowledge is shared on the premise of ensureing convenience,
And to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number is all entered with ciphertext form
Row transmission, does not haves plaintext version;Meanwhile, according to symmetry and the one-way hash function feature of user key, via passage
The user profile ciphertext of transmission has unipolarity, even data are intercepted and captured, is intended to crack it the most highly difficult, takes precautions against with this
During transmission, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increases what information O&M service knowledge was shared
Safety;Information O&M service knowledge is encoded, facilitates Back ground Information and realize accessible sharing with all kinds of business information;
According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, decreases internal memory and account for
With, improve data call speed, the present embodiment sets threshold value T2Value be 5m/8, data call speed improves 0.9%;
Protect the data storage area specified, prevent opponent from implementing certain types of physical access;Impart all calculating on platform
Perform code with prove it one be not tampered with in environment run ability, from the angle of broad sense, credible calculating platform is
The network user provides a security context the broadest, and it describes safety problem from the angle of security system, it is ensured that use
The secure execution environments at family, breaks through Passive Defence patch installing mode.
Embodiment 5
See Fig. 1, Fig. 2, the present embodiment information based on big data trust computing O&M service knowledge sharing method, including
The storage of information O&M knowledge security, information O&M knowledge security access and credible evaluation;
Described information O&M knowledge security storage comprises the following steps:
When Step 101 stores the storage request that user submits O&M information knowledge security service knowledge to, to storage user's body
Part carries out safety verification;
Step 102 carries out pretreatment to information O&M service knowledge data, and information O&M service knowledge is divided into basis
Knowledge and professional knowledge two types data, described rudimentary knowledge includes the text that can reflect information O&M service basic condition
And image, described professional knowledge includes the text relevant to each business in the service of information O&M and image;
Pretreated information O&M service knowledge data are used custom coding respectively by Step 103 according to classified types
Method encodes, and described custom coding method is as follows:
(1) using pretreated information O&M service knowledge data as coded object, if information O&M service knowledge Z bag
M the attribute contained is S1,S2,…,Sm;
(2) attribute of coded object is chosen, particularly as follows:
1) n constraints of attribute is set as R1,R2,…,Rn, according to attribute and constraints thereof, obtain attribute weight because of
Submatrix W:
In formula, aijFor weight factor, wherein, i=1,2 ..., m, j=1,2 ..., n, represent attribute SmMeet restriction condition
RnDegree, span is [0,1];
2) defined attribute weight wi:
Attribute weight is normalized and obtains normalization attribute weight wi':
3) attribute weight threshold value T is set1, defined attribute Selection of Function Xi:
4) set up attribute and choose Optimized model:
5) choose Optimized model according to attribute, the attribute of coded object is optimized and chooses;
(3) attribute of optimum option is encoded, obtain the final code of information O&M service knowledge data;
Hardware store Resource Abstract is concentrated by Step 104, is mapped to a complete unified resource pool, and user is grasped
Make system virtualization;
Information O&M service knowledge data are stored in resource pool by Step 105 with the form of final code;
Described information O&M knowledge security accesses and comprises the following steps:
When Step 201 accesses the access request that user submits O&M information knowledge security service knowledge to, to accessing user's body
Part carries out safety verification;
When Step 202 responds access request, read the information O&M service knowledge data being stored on resource pool, specifically
For:
(1) K-means clustering method is used all kinds of business in information O&M service knowledge to be divided, to any two
Individual class internal information O&M service knowledge Z1And Z2, definition distance function D:
D(Z1,Z2)=Y
In formula, Y represents Z1And Z2The number that the attribute of optimum option is identical, sets threshold value T2If, D >=T2, the most no matter look into
Inquiry information O&M service knowledge Z1Or Z2, all to information O&M service knowledge Z1And Z2Prefetch, wherein threshold value T2Value
Scope is [m/2,3m/4];
(2) concrete information O&M service knowledge positional information is obtained according to cluster index;
(3) according to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling.
Wherein, described to access user identity carry out safety verification, particularly as follows:
(1) provide the password code of terminal authentication access user's input and identity the most correct in local service, if
Correctly, access request, password code and identity are encrypted, form ciphertext collection, and ciphertext collection is sent to knowledge clothes
Business device certification end, if incorrect, returns error reporting;
(2), after knowledge services device certification end receives described ciphertext collection, correspondence is concentrated to access the password of user's input ciphertext
The ciphertext of password and identity is decrypted calculating, extracts password code and the value of identity accessing user's input, so
After find identity relative recording that password is decrypted calculating in authentication database, if system exist this access user
Record, and the password decrypted is consistent with the password code that family inputs, then judge that described access user, as validated user, will simultaneously
Fingerprint collecting instruction, ciphertext collection, this session key and an encryption session random number are sent to knowledge request user side, knowledge
Server authentication end preserves identity and association key simultaneously;If there is not this user record, knowledge services device certification in system
Hold and provide terminal to return error reporting to local service;
(3) instruction of described fingerprint collecting, ciphertext collection, this session key and an encryption are received when resource request user side
After session random number, verify that this session key and an encryption session random number are the most correct, if correctly, send out to accessing user
Go out finger print information input instruction, this session key and encryption session random number are decrypted calculating, simultaneously by identity
It is sent to knowledge services device certification end after being encrypted with the finger print information of input;If it is incorrect, to knowledge services device certification end
Send illegal report;
(4) during the finger print information of the identity after knowledge services device certification end receives encryption and input, after encryption
The finger print information of identity and input be decrypted calculating, and the fingerprint that would correspond to identity extracts in data base
Out the finger print information with input compares, if the two is identical, then responds access request, if the two differs, returns illegal
Report.
Wherein, described to storage user identity carry out safety verification, particularly as follows:
(1), when local service provides terminal to receive fingerprint and the identity storing user's input, user will be stored defeated
The fingerprint entered and identity are sent to knowledge store certification end after being encrypted;
(2) knowledge store certification end is decrypted calculating to fingerprint and the identity of the storage user's input after encryption,
And the fingerprint that would correspond to identity extracts in data base and compares with the fingerprint storing user's input, if the two
Identical, it is determined that this storage user is legal storage user, for the virtual resource that legal storage user's configuration is corresponding with storage request
Pond, if incorrect, provides terminal to return error reporting to local service.
Preferably, described credible evaluation comprises the steps of
Step 1: definition is for every credible attribute of assessment, and credible attribute is classification, and credible attribute can be divided downwards
Solve as sub-attribute;
Step 2: for each credible attribute or sub-attribute, extract the evaluation index to it, can refer to these evaluations
Mark is evaluated from different sides to credible attribute or sub-attribute;
Step 3: for each credible attribute or sub-attribute, define the evaluation criterion to it, evaluation criterion is divided into level Four:
Excellent, good, in, poor, evaluation criterion, based on evaluation index, i.e. determines credible genus according to the valued combinations of each evaluation index
Which rank of evaluation criterion property or sub-attribute have reached;
Step 4: before carrying out credible evaluation activity, according to the difference of assessment emphasis, forms different credible evaluation template,
And it is movable to carry out credible evaluation based on this template, so that credible evaluation is more targeted, the result of assessment is more accurate.
The present embodiment to storage user carry out safety verification time, User Identity and finger print information the most encrypted after carry out
Transmission, does not haves plaintext version, and the User Identity after encryption and finger print information are verified by knowledge store certification end
Rear just determine whether to ask corresponding virtual resource pond for storage user's configuration with storage, limit illegally depositing of disabled user
Storage, and verifying speed is fast, further increases the safety that information O&M service knowledge is shared on the premise of ensureing convenience,
And to access user carry out safety verification time, the information such as user name, password, fingerprint and session random number is all entered with ciphertext form
Row transmission, does not haves plaintext version;Meanwhile, according to symmetry and the one-way hash function feature of user key, via passage
The user profile ciphertext of transmission has unipolarity, even data are intercepted and captured, is intended to crack it the most highly difficult, takes precautions against with this
During transmission, user data is divulged a secret, and privacy of user can obtain guarantee, thus further increases what information O&M service knowledge was shared
Safety;Information O&M service knowledge is encoded, facilitates Back ground Information and realize accessible sharing with all kinds of business information;
According to cluster result and information O&M service knowledge positional information, information O&M service knowledge is scheduling, decreases internal memory and account for
With, improve data call speed, the present embodiment sets threshold value T2Value be 11m/16, data call speed improves
1.2%;Protect the data storage area specified, prevent opponent from implementing certain types of physical access;Impart all calculating
On platform perform code with prove it one be not tampered with in environment run ability, from the angle of broad sense, trust computing
Platform is that the network user provides a security context the broadest, and it describes safety problem from the angle of security system,
Guarantee the secure execution environments of user, break through Passive Defence patch installing mode.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies
Change, equivalent, improvement etc., should be included within the scope of the present invention.