CN101136902A - Method of implementing reliable service on complementary structure information network - Google Patents
Method of implementing reliable service on complementary structure information network Download PDFInfo
- Publication number
- CN101136902A CN101136902A CNA2006100216919A CN200610021691A CN101136902A CN 101136902 A CN101136902 A CN 101136902A CN A2006100216919 A CNA2006100216919 A CN A2006100216919A CN 200610021691 A CN200610021691 A CN 200610021691A CN 101136902 A CN101136902 A CN 101136902A
- Authority
- CN
- China
- Prior art keywords
- dpc
- information
- information content
- icp
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses method for implementing credible service in complemental configurable information network. The said credible services include the credible service of information transmission from information content provider of No.i (iCP) to Data Process Center (DPC), and the credible service provided by DPC to users. The credible service from iCP to DPC includes functions of digital signature, integrality of information content, security, and anti denial capability etc for information content provided by iCP. Content of the credible service from DPC to user includes integrality and security etc. the disclosed credible services guarantee security and confidence level of complemental configurable information network.
Description
Technical field
The present invention proposes the network trusted service method of a kind of realization, especially a kind of foundation structure of utilizing the complementary structure the Internet, but realize credible service method on the complementary structure information network of realization telecommunications services.
Background technology
Because the open characteristics of Internet, anyone can freely connect, and the restriction in not free and space, there is not geographic distance conception, anyone can add Internet whenever and wherever possible, does not have so-called highest authority in network, does not also have control.This makes based on the social total message structure of Internet (military, economical, political, management, and even all aspects such as traffic, communication, medical treatment) have height fragility and risk, thereby make information security threats produce extremely strong destructiveness, also make Internet provide the credibility of service to have a greatly reduced quality for the whole society.How to make the network service more credible, all carried out some correlative studys both at home and abroad, the present invention has utilized complementary structure information network to realize a kind of credible service mechanism.
Summary of the invention
The purpose of this invention is to provide a kind of making and realize credible service method on internet security and the complementary structure information network with a high credibility.
In order to achieve the above object, the present invention adopts following technical scheme: realize credible service method on a kind of complementary structure information network, but but comprise the telecommunications services that the information content provider provides to the user to the telecommunications services and the data processing centre of data processing centre's message transmission, the information content provider to the credible service of data processing centre comprise the information content digital signature, information content integrality, confidentiality, anti-ly deny sexual function, data processing centre to user's credible service content comprises reliability, integrality, the confidentiality of information.
But the realization of described telecommunications services is based on the PKI/CA model, and utilized the UCL descriptor index method to realize index to parameter.
So-called complementary structure information network is exactly as main structure with a kind of network (as Internet), with the network (as Internet) of another different characteristic as its aggregated(particle) structure, the part resource of main structure is shone upon away, service content as aggregated(particle) structure, utilize aggregated(particle) structure that this part content is sent to the user, the user takes as required, if user's information content when obtaining information has arrived the user by aggregated(particle) structure, the content that the user just can acquired information in this locality then, otherwise again by visit Internet net acquired information content.
Main structure (primary) in the double structure (main structure, aggregated(particle) structure) can rely on existing Internet technology, and aggregated(particle) structure (secondary) then can rely on to broadcast deposits network technology.The double structure the Internet is that the Internet increases a kind of secondary structure of propagating the main flow resource that is specifically designed to, and allows the main flow resource user that go directly, makes the main flow resource obtain shunting.Several thousand website mirror images of Internet main flow resource are gone out, and the mechanism by broadcasting directly covers national rural area and cities and towns, just forms the aggregated(particle) structure of the Internet.The present invention has utilized double structure (main structure, aggregated(particle) structure) but a kind of telecommunications services has been realized in the Internet.In complementary structure information network, information content provider iCP (Content Provider of No.i) by other approach such as Internet to the DPC of data processing centre (Data Process Center) transmission information, DPC utilizes aggregated(particle) structure to communicate information to the user, and the credible service of iCP to DPC comprises authentication, information integrity, confidentiality, digital signature and the anti-property denied etc. in the complementary structure information network.DPC comprises data transmission credibility, transfer of data integrality, confidentiality to user's credible service.These credible service guarantees the fail safe and the confidence level of complementary structure information network.
Description of drawings
Fig. 1 is a structural representation of realizing credible service method on the complementary structure information network of the present invention;
Fig. 2 is the information transmission schematic diagram of data processing centre (DPC) to the user;
Fig. 3 is based on the network trusted service model of complementary structure of PKI/CA model;
Fig. 4 is the integrated authentication process that information content provider (iCP) provides the information content;
Fig. 5 is integrality, confidentiality and the digital signature function implementation procedure that information content provider (iCP) provides the information content.
Embodiment
Realize credible service method on a kind of complementary structure information network of the present invention, but but comprise the telecommunications services that the information content provider provides to the user to the telecommunications services and the data processing centre of data processing centre's message transmission, the information content provider to the credible service of data processing centre comprise the information content digital signature, information content integrality, confidentiality, anti-ly deny sexual function, data processing centre to user's credible service content comprises reliability, integrality, the confidentiality of information.But the realization of telecommunications services is based on the PKI/CA model, and utilized the UCL descriptor index method to realize index to parameter, the present invention has utilized existing UCL descriptor index method, is the described UCL descriptor index method of CN1684415, CN1684459, CN1684460 as existing Chinese patent publication number.
In the double structure the Internet, content provider iCP (Content Provider of No.i) by Internet to the DPC of data processing centre (Data Process Center) transmission information, DPC is the data broadcasting form to the transmission of user profile, with single worker's channel information is passed to the user.
Fig. 2 is the information transport model of DPC to the user.
In the credible service model of complementary networks, adopt PKI/CA mechanism, for providing, DPC, iCP and user issue digital certificate, private key and digital certificate retrieval service.
Fig. 3 is based on the network trusted service model of the complementary structure of PKI/CA.
In the UCL of Web index structure, increase by 3 components, be used for information uploading from iCP to DPC.
U
ID, the component of the id information of expression iCP;
U
Sig_MAC, expression is to the component of the digital signature information of MAC (Message Authentication Code, message authentication code);
U
K, the component of the symmetric cryptographic key K after expression is encrypted.
ICP to DPC information content service agreement:
In the network of complementary structure, but the guarantee of telecommunications services can be accomplished from the following aspects.
ICP uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC, uses the private key KR of oneself then
ICPSignature carries out digital signature to MAC.Promptly
MAC=Hash(C)
DPC carries out hash again to the information content C ' that receives earlier and calculates, and obtains MAC ', uses the PKI KP of iCP then
ICPTo U
Sig_MAC, verify.
MAC′=Hash(C′)
If MAC=MAC ', the descriptive information content is not illegally modified, and has integrality.
Figure 4 shows that iCP provides the integrated authentication process of the information content.
The information content of receiving owing to DPC has the signing messages of iCP, so also can accomplish authentication and the anti-property denied to iCP.
Confidentiality realizes
ICP selects a strong key K at random for use, uses the private key KR of oneself
ICPSignature, the PKI KP of DPC then
DPCK encrypted obtain U
K, then information content C is encrypted, obtain ciphertext Cs, be sent to DPC.
Cs=E
K(C)
DPC successively uses private key of oneself and the PKI KP of iCP
ICPDeciphering K is decrypted Cs then and obtains C.
C=D
K(C
s)
ICP provides integrality, confidentiality and the digital signature function of the information content to realize.
Fig. 5 provides integrality, confidentiality and the digital signature function implementation procedure of the information content for iCP.
ICP selects a strong key K at random for use, uses the private key KR of oneself
ICP, signature, the PKI KP of DPC then
DPCK encrypted obtain U
K
DPC successively uses the private key KR of oneself
DPCPKI KP with ICP
ICPDeciphering K.
ICP uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC, then MAC is carried out digital signature.Promptly
MAC=Hash(C)
U
sig_MAC=E
KR(MAC)
Signing messages is attached to the back of the information content, re-uses K and encrypt, obtain ciphertext Cs, be sent to DPC.
DPC uses the key K deciphering, obtains information content C ' and signing messages, uses the PKI of iCP to decipher signing messages, obtains MAC.The hash value that recomputates with the information content C ' after the deciphering obtains MAC '=Hash (C ').
As if MAC=MAC ', then realized integrality, confidentiality and the digital signature identification of the information content.
DPC is to user's information content service agreement.
DPC is to the user's data transmission reliability.
Because data broadcasting runs on simplex channel, guarantee the quality services QoS of data broadcasting, the passback affirmation technology that can not rely on two-way channel to adopt usually solves the error control problem.Common solution has, and adopts suitable wheel to broadcast technology, forward error correction technique, data check technology or comprehensive top several method, so that solve the reliable transmission problem of data preferably.For streaming medium content,, can adopt the process of program UCL index, transmission and reception, user's intelligent agent, multimedia buffering and Synchronous Processing, real-time playback to handle according to our achievement in research
DPC is to the user's data transmission integrity.
For file transfer, the user can adopt following method to solve for the file content integrality that receives.
DPC uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC.
MAC=Hash(C)
The user carries out hash again to the information content C ' that receives earlier and calculates, and obtains MAC '.
MAC′=Hash(C′)
If MAC=MAC ', the descriptive information content is not damaged in the process of transmission, has integrality.
Confidentiality.
DPC selects a strong key K at random for use, uses user's PKI KPu that K is encrypted, and obtains U
k, then information content C is encrypted, obtain ciphertext Cs and be sent to the user.
Cs=E
K(C)
The user at first uses the private key KRu deciphering of oneself to obtain K, Cs is decrypted obtains C then.
C=D
K(C
s)
Integrality and confidentiality
Some uses the existing property finished requirement, and the confidentiality requirement is also arranged, and its processing method is:
DPC selects a strong key K at random for use, and use user's PKI KPu encrypts K and obtains U
K
U
K=E
KPu(K)
The user uses the private key KRu deciphering K of oneself.
DPC uses the Hash function that information content C is carried out hash and calculates, and generates message authentication code MAC, that is:
MAC=Hash(C)
DPC is attached to the back of the information content with signing messages, re-uses K and encrypts, and obtains ciphertext Cs, is sent to the user.
Cs=E
K(C‖MAC)
The user uses the key K deciphering, obtains information content C ' and MAC.The hash value that recomputates with the information content C ' after the deciphering obtains MAC '=Hash (C ').
If MAC=MAC ', the descriptive information content is not illegally modified, and has integrality, has realized the confidentiality requirement in addition.
Claims (2)
1. realize credible service method on a complementary structure information network, it is characterized in that: but but comprise the telecommunications services that the information content provider provides to the user to the telecommunications services and the data processing centre of data processing centre's message transmission, the information content provider to the credible service of data processing centre comprise the information content digital signature, information content integrality, confidentiality, anti-ly deny sexual function, data processing centre to user's credible service content comprises reliability, integrality, the confidentiality of information.
2. realize credible service method on the complementary structure information network according to claim 1, it is characterized in that: but the realization of telecommunications services and has utilized the UCL descriptor index method to realize index to parameter based on the PKI/CA model.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2006100216919A CN101136902A (en) | 2006-08-29 | 2006-08-29 | Method of implementing reliable service on complementary structure information network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2006100216919A CN101136902A (en) | 2006-08-29 | 2006-08-29 | Method of implementing reliable service on complementary structure information network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101136902A true CN101136902A (en) | 2008-03-05 |
Family
ID=39160735
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2006100216919A Pending CN101136902A (en) | 2006-08-29 | 2006-08-29 | Method of implementing reliable service on complementary structure information network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101136902A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938487A (en) * | 2010-09-14 | 2011-01-05 | 西南科技大学 | Method for realizing network credible service |
CN101938475A (en) * | 2010-08-30 | 2011-01-05 | 清华大学 | Identity authentication method of internet information publisher and system thereof |
CN106941438A (en) * | 2017-04-25 | 2017-07-11 | 北京大有中城科技有限公司 | A kind of contents management method of Incorporate |
CN107732883A (en) * | 2017-11-24 | 2018-02-23 | 山东理工大学 | Distributed feeder fault processing information interacts method of controlling security |
-
2006
- 2006-08-29 CN CNA2006100216919A patent/CN101136902A/en active Pending
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101938475A (en) * | 2010-08-30 | 2011-01-05 | 清华大学 | Identity authentication method of internet information publisher and system thereof |
CN101938475B (en) * | 2010-08-30 | 2013-08-14 | 清华大学 | Identity authentication method of internet information publisher and system thereof |
CN101938487A (en) * | 2010-09-14 | 2011-01-05 | 西南科技大学 | Method for realizing network credible service |
CN101938487B (en) * | 2010-09-14 | 2013-07-24 | 西南科技大学 | Method for realizing network credible service |
CN106941438A (en) * | 2017-04-25 | 2017-07-11 | 北京大有中城科技有限公司 | A kind of contents management method of Incorporate |
CN107732883A (en) * | 2017-11-24 | 2018-02-23 | 山东理工大学 | Distributed feeder fault processing information interacts method of controlling security |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109559122B (en) | Block chain data transmission method and block chain data transmission system | |
CN101262333B (en) | A secure communication method between nodes in vehicular network | |
WO2021109756A1 (en) | Proxy anonymous communication method based on homomorphic encryption scheme | |
CN102497581B (en) | Digital-certificate-based video monitoring data transmission method and system | |
CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
US20110320802A1 (en) | Authentication method, key distribution method and authentication and key distribution method | |
CN101523796B (en) | Method and system for enhancing cryptographic capabilities of wireless device using broadcasted random noise | |
CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
CN1531800A (en) | Method and apparatus for security in data processing system | |
CN113746632B (en) | Multi-level identity authentication method for Internet of things system | |
CN101083530A (en) | Method for realizing intra-mobile entity authentication and cipher key negotiation using short message | |
CN101742508A (en) | System and method for transmitting files between WAPI terminal and application server | |
CN103281191A (en) | Method and system for communicating based on car networking | |
Rahmadika et al. | Blockchain-enabled 5G autonomous vehicular networks | |
CN105516943A (en) | Short message encryption system on the basis of domestic commercial crypto chip and realization method thereof | |
CN112911588A (en) | Lightweight narrowband Internet of things secure transmission method and system | |
Guehguih et al. | Blockchain-based privacy-preserving authentication and message dissemination scheme for vanet | |
CN102404329A (en) | Method for validating and encrypting interaction between user terminal and virtual community platform | |
CN101136902A (en) | Method of implementing reliable service on complementary structure information network | |
Chen et al. | An efficient and secure key agreement protocol for sharing emergency events in VANET systems | |
Zhong et al. | Secure edge computing-assisted video reporting service in 5G-enabled vehicular networks | |
Caparra et al. | A key management architecture for GNSS open service navigation message authentication | |
CN101296107A (en) | Safe communication method and device based on identity identification encryption technique in communication network | |
CN103200563B (en) | A kind of subliminal channel anonymous communication method based on authentication code | |
KR20130042266A (en) | Authentification method based cipher and smartcard for wsn |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20080305 |