CN101136902A - Method of implementing reliable service on complementary structure information network - Google Patents

Method of implementing reliable service on complementary structure information network Download PDF

Info

Publication number
CN101136902A
CN101136902A CNA2006100216919A CN200610021691A CN101136902A CN 101136902 A CN101136902 A CN 101136902A CN A2006100216919 A CNA2006100216919 A CN A2006100216919A CN 200610021691 A CN200610021691 A CN 200610021691A CN 101136902 A CN101136902 A CN 101136902A
Authority
CN
China
Prior art keywords
dpc
information
information content
icp
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2006100216919A
Other languages
Chinese (zh)
Inventor
马建国
孙海峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MA JIANGUO SUN HAIFENG
Original Assignee
MA JIANGUO SUN HAIFENG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MA JIANGUO SUN HAIFENG filed Critical MA JIANGUO SUN HAIFENG
Priority to CNA2006100216919A priority Critical patent/CN101136902A/en
Publication of CN101136902A publication Critical patent/CN101136902A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses method for implementing credible service in complemental configurable information network. The said credible services include the credible service of information transmission from information content provider of No.i (iCP) to Data Process Center (DPC), and the credible service provided by DPC to users. The credible service from iCP to DPC includes functions of digital signature, integrality of information content, security, and anti denial capability etc for information content provided by iCP. Content of the credible service from DPC to user includes integrality and security etc. the disclosed credible services guarantee security and confidence level of complemental configurable information network.

Description

Realize credible service method on the complementary structure information network
Technical field
The present invention proposes the network trusted service method of a kind of realization, especially a kind of foundation structure of utilizing the complementary structure the Internet, but realize credible service method on the complementary structure information network of realization telecommunications services.
Background technology
Because the open characteristics of Internet, anyone can freely connect, and the restriction in not free and space, there is not geographic distance conception, anyone can add Internet whenever and wherever possible, does not have so-called highest authority in network, does not also have control.This makes based on the social total message structure of Internet (military, economical, political, management, and even all aspects such as traffic, communication, medical treatment) have height fragility and risk, thereby make information security threats produce extremely strong destructiveness, also make Internet provide the credibility of service to have a greatly reduced quality for the whole society.How to make the network service more credible, all carried out some correlative studys both at home and abroad, the present invention has utilized complementary structure information network to realize a kind of credible service mechanism.
Summary of the invention
The purpose of this invention is to provide a kind of making and realize credible service method on internet security and the complementary structure information network with a high credibility.
In order to achieve the above object, the present invention adopts following technical scheme: realize credible service method on a kind of complementary structure information network, but but comprise the telecommunications services that the information content provider provides to the user to the telecommunications services and the data processing centre of data processing centre's message transmission, the information content provider to the credible service of data processing centre comprise the information content digital signature, information content integrality, confidentiality, anti-ly deny sexual function, data processing centre to user's credible service content comprises reliability, integrality, the confidentiality of information.
But the realization of described telecommunications services is based on the PKI/CA model, and utilized the UCL descriptor index method to realize index to parameter.
So-called complementary structure information network is exactly as main structure with a kind of network (as Internet), with the network (as Internet) of another different characteristic as its aggregated(particle) structure, the part resource of main structure is shone upon away, service content as aggregated(particle) structure, utilize aggregated(particle) structure that this part content is sent to the user, the user takes as required, if user's information content when obtaining information has arrived the user by aggregated(particle) structure, the content that the user just can acquired information in this locality then, otherwise again by visit Internet net acquired information content.
Main structure (primary) in the double structure (main structure, aggregated(particle) structure) can rely on existing Internet technology, and aggregated(particle) structure (secondary) then can rely on to broadcast deposits network technology.The double structure the Internet is that the Internet increases a kind of secondary structure of propagating the main flow resource that is specifically designed to, and allows the main flow resource user that go directly, makes the main flow resource obtain shunting.Several thousand website mirror images of Internet main flow resource are gone out, and the mechanism by broadcasting directly covers national rural area and cities and towns, just forms the aggregated(particle) structure of the Internet.The present invention has utilized double structure (main structure, aggregated(particle) structure) but a kind of telecommunications services has been realized in the Internet.In complementary structure information network, information content provider iCP (Content Provider of No.i) by other approach such as Internet to the DPC of data processing centre (Data Process Center) transmission information, DPC utilizes aggregated(particle) structure to communicate information to the user, and the credible service of iCP to DPC comprises authentication, information integrity, confidentiality, digital signature and the anti-property denied etc. in the complementary structure information network.DPC comprises data transmission credibility, transfer of data integrality, confidentiality to user's credible service.These credible service guarantees the fail safe and the confidence level of complementary structure information network.
Description of drawings
Fig. 1 is a structural representation of realizing credible service method on the complementary structure information network of the present invention;
Fig. 2 is the information transmission schematic diagram of data processing centre (DPC) to the user;
Fig. 3 is based on the network trusted service model of complementary structure of PKI/CA model;
Fig. 4 is the integrated authentication process that information content provider (iCP) provides the information content;
Fig. 5 is integrality, confidentiality and the digital signature function implementation procedure that information content provider (iCP) provides the information content.
Embodiment
Realize credible service method on a kind of complementary structure information network of the present invention, but but comprise the telecommunications services that the information content provider provides to the user to the telecommunications services and the data processing centre of data processing centre's message transmission, the information content provider to the credible service of data processing centre comprise the information content digital signature, information content integrality, confidentiality, anti-ly deny sexual function, data processing centre to user's credible service content comprises reliability, integrality, the confidentiality of information.But the realization of telecommunications services is based on the PKI/CA model, and utilized the UCL descriptor index method to realize index to parameter, the present invention has utilized existing UCL descriptor index method, is the described UCL descriptor index method of CN1684415, CN1684459, CN1684460 as existing Chinese patent publication number.
In the double structure the Internet, content provider iCP (Content Provider of No.i) by Internet to the DPC of data processing centre (Data Process Center) transmission information, DPC is the data broadcasting form to the transmission of user profile, with single worker's channel information is passed to the user.
Fig. 2 is the information transport model of DPC to the user.
In the credible service model of complementary networks, adopt PKI/CA mechanism, for providing, DPC, iCP and user issue digital certificate, private key and digital certificate retrieval service.
Fig. 3 is based on the network trusted service model of the complementary structure of PKI/CA.
In the UCL of Web index structure, increase by 3 components, be used for information uploading from iCP to DPC.
U ID, the component of the id information of expression iCP;
U Sig_MAC, expression is to the component of the digital signature information of MAC (Message Authentication Code, message authentication code);
U K, the component of the symmetric cryptographic key K after expression is encrypted.
ICP to DPC information content service agreement:
In the network of complementary structure, but the guarantee of telecommunications services can be accomplished from the following aspects.
ICP uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC, uses the private key KR of oneself then ICPSignature carries out digital signature to MAC.Promptly
MAC=Hash(C)
U sig _ MAC = E KR ICP ( MAC )
DPC carries out hash again to the information content C ' that receives earlier and calculates, and obtains MAC ', uses the PKI KP of iCP then ICPTo U Sig_MAC, verify.
MAC′=Hash(C′)
MAC = D K P ICP ( U sig _ MAC )
If MAC=MAC ', the descriptive information content is not illegally modified, and has integrality.
Figure 4 shows that iCP provides the integrated authentication process of the information content.
The information content of receiving owing to DPC has the signing messages of iCP, so also can accomplish authentication and the anti-property denied to iCP.
Confidentiality realizes
ICP selects a strong key K at random for use, uses the private key KR of oneself ICPSignature, the PKI KP of DPC then DPCK encrypted obtain U K, then information content C is encrypted, obtain ciphertext Cs, be sent to DPC.
U K = E K P DPC ( E K P ICP ( K ) )
Cs=E K(C)
DPC successively uses private key of oneself and the PKI KP of iCP ICPDeciphering K is decrypted Cs then and obtains C.
C=D K(C s)
ICP provides integrality, confidentiality and the digital signature function of the information content to realize.
Fig. 5 provides integrality, confidentiality and the digital signature function implementation procedure of the information content for iCP.
ICP selects a strong key K at random for use, uses the private key KR of oneself ICP, signature, the PKI KP of DPC then DPCK encrypted obtain U K
U K = E K P DPC ( E K R ICP ( K ) )
DPC successively uses the private key KR of oneself DPCPKI KP with ICP ICPDeciphering K.
K = D K P ICP ( D K R DPC ( U K ) )
ICP uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC, then MAC is carried out digital signature.Promptly
MAC=Hash(C)
U sig_MAC=E KR(MAC)
Signing messages is attached to the back of the information content, re-uses K and encrypt, obtain ciphertext Cs, be sent to DPC.
Cs = E K [ C | | E K ICP [ H ( C ) ] ]
DPC uses the key K deciphering, obtains information content C ' and signing messages, uses the PKI of iCP to decipher signing messages, obtains MAC.The hash value that recomputates with the information content C ' after the deciphering obtains MAC '=Hash (C ').
As if MAC=MAC ', then realized integrality, confidentiality and the digital signature identification of the information content.
DPC is to user's information content service agreement.
DPC is to the user's data transmission reliability.
Because data broadcasting runs on simplex channel, guarantee the quality services QoS of data broadcasting, the passback affirmation technology that can not rely on two-way channel to adopt usually solves the error control problem.Common solution has, and adopts suitable wheel to broadcast technology, forward error correction technique, data check technology or comprehensive top several method, so that solve the reliable transmission problem of data preferably.For streaming medium content,, can adopt the process of program UCL index, transmission and reception, user's intelligent agent, multimedia buffering and Synchronous Processing, real-time playback to handle according to our achievement in research
DPC is to the user's data transmission integrity.
For file transfer, the user can adopt following method to solve for the file content integrality that receives.
DPC uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC.
MAC=Hash(C)
The user carries out hash again to the information content C ' that receives earlier and calculates, and obtains MAC '.
MAC′=Hash(C′)
If MAC=MAC ', the descriptive information content is not damaged in the process of transmission, has integrality.
Confidentiality.
DPC selects a strong key K at random for use, uses user's PKI KPu that K is encrypted, and obtains U k, then information content C is encrypted, obtain ciphertext Cs and be sent to the user.
U K = E K P U ( K )
Cs=E K(C)
The user at first uses the private key KRu deciphering of oneself to obtain K, Cs is decrypted obtains C then.
K = D K R u ( U K )
C=D K(C s)
Integrality and confidentiality
Some uses the existing property finished requirement, and the confidentiality requirement is also arranged, and its processing method is:
DPC selects a strong key K at random for use, and use user's PKI KPu encrypts K and obtains U K
U K=E KPu(K)
The user uses the private key KRu deciphering K of oneself.
K = D K R u ( U K )
DPC uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC, that is:
MAC=Hash(C)
DPC is attached to the back of the information content with signing messages, re-uses K and encrypts, and obtains ciphertext Cs, is sent to the user.
Cs=E K(C‖MAC)
The user uses the key K deciphering, obtains information content C ' and MAC.The hash value that recomputates with the information content C ' after the deciphering obtains MAC '=Hash (C ').
If MAC=MAC ', the descriptive information content is not illegally modified, and has integrality, has realized the confidentiality requirement in addition.

Claims (2)

1. realize credible service method on a complementary structure information network, it is characterized in that: but but comprise the telecommunications services that the information content provider provides to the user to the telecommunications services and the data processing centre of data processing centre's message transmission, the information content provider to the credible service of data processing centre comprise the information content digital signature, information content integrality, confidentiality, anti-ly deny sexual function, data processing centre to user's credible service content comprises reliability, integrality, the confidentiality of information.
2. realize credible service method on the complementary structure information network according to claim 1, it is characterized in that: but the realization of telecommunications services and has utilized the UCL descriptor index method to realize index to parameter based on the PKI/CA model.
CNA2006100216919A 2006-08-29 2006-08-29 Method of implementing reliable service on complementary structure information network Pending CN101136902A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2006100216919A CN101136902A (en) 2006-08-29 2006-08-29 Method of implementing reliable service on complementary structure information network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2006100216919A CN101136902A (en) 2006-08-29 2006-08-29 Method of implementing reliable service on complementary structure information network

Publications (1)

Publication Number Publication Date
CN101136902A true CN101136902A (en) 2008-03-05

Family

ID=39160735

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006100216919A Pending CN101136902A (en) 2006-08-29 2006-08-29 Method of implementing reliable service on complementary structure information network

Country Status (1)

Country Link
CN (1) CN101136902A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938487A (en) * 2010-09-14 2011-01-05 西南科技大学 Method for realizing network credible service
CN101938475A (en) * 2010-08-30 2011-01-05 清华大学 Identity authentication method of internet information publisher and system thereof
CN106941438A (en) * 2017-04-25 2017-07-11 北京大有中城科技有限公司 A kind of contents management method of Incorporate
CN107732883A (en) * 2017-11-24 2018-02-23 山东理工大学 Distributed feeder fault processing information interacts method of controlling security

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938475A (en) * 2010-08-30 2011-01-05 清华大学 Identity authentication method of internet information publisher and system thereof
CN101938475B (en) * 2010-08-30 2013-08-14 清华大学 Identity authentication method of internet information publisher and system thereof
CN101938487A (en) * 2010-09-14 2011-01-05 西南科技大学 Method for realizing network credible service
CN101938487B (en) * 2010-09-14 2013-07-24 西南科技大学 Method for realizing network credible service
CN106941438A (en) * 2017-04-25 2017-07-11 北京大有中城科技有限公司 A kind of contents management method of Incorporate
CN107732883A (en) * 2017-11-24 2018-02-23 山东理工大学 Distributed feeder fault processing information interacts method of controlling security

Similar Documents

Publication Publication Date Title
CN109559122B (en) Block chain data transmission method and block chain data transmission system
CN101262333B (en) A secure communication method between nodes in vehicular network
WO2021109756A1 (en) Proxy anonymous communication method based on homomorphic encryption scheme
CN102497581B (en) Digital-certificate-based video monitoring data transmission method and system
CN101094394A (en) Method for guaranteeing safe transmission of video data, and video monitoring system
US20110320802A1 (en) Authentication method, key distribution method and authentication and key distribution method
CN101523796B (en) Method and system for enhancing cryptographic capabilities of wireless device using broadcasted random noise
CN102685749B (en) Wireless safety authentication method orienting to mobile terminal
CN1531800A (en) Method and apparatus for security in data processing system
CN113746632B (en) Multi-level identity authentication method for Internet of things system
CN101083530A (en) Method for realizing intra-mobile entity authentication and cipher key negotiation using short message
CN101742508A (en) System and method for transmitting files between WAPI terminal and application server
CN103281191A (en) Method and system for communicating based on car networking
Rahmadika et al. Blockchain-enabled 5G autonomous vehicular networks
CN105516943A (en) Short message encryption system on the basis of domestic commercial crypto chip and realization method thereof
CN112911588A (en) Lightweight narrowband Internet of things secure transmission method and system
Guehguih et al. Blockchain-based privacy-preserving authentication and message dissemination scheme for vanet
CN102404329A (en) Method for validating and encrypting interaction between user terminal and virtual community platform
CN101136902A (en) Method of implementing reliable service on complementary structure information network
Chen et al. An efficient and secure key agreement protocol for sharing emergency events in VANET systems
Zhong et al. Secure edge computing-assisted video reporting service in 5G-enabled vehicular networks
Caparra et al. A key management architecture for GNSS open service navigation message authentication
CN101296107A (en) Safe communication method and device based on identity identification encryption technique in communication network
CN103200563B (en) A kind of subliminal channel anonymous communication method based on authentication code
KR20130042266A (en) Authentification method based cipher and smartcard for wsn

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20080305