CN101257386A - Dynamic accesses control method based on trust model - Google Patents

Dynamic accesses control method based on trust model Download PDF

Info

Publication number
CN101257386A
CN101257386A CNA2008100196651A CN200810019665A CN101257386A CN 101257386 A CN101257386 A CN 101257386A CN A2008100196651 A CNA2008100196651 A CN A2008100196651A CN 200810019665 A CN200810019665 A CN 200810019665A CN 101257386 A CN101257386 A CN 101257386A
Authority
CN
China
Prior art keywords
node
trust
user
value
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2008100196651A
Other languages
Chinese (zh)
Other versions
CN100591015C (en
Inventor
王汝传
王芳
张琳
王海艳
任勋益
王杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN200810019665A priority Critical patent/CN100591015C/en
Publication of CN101257386A publication Critical patent/CN101257386A/en
Application granted granted Critical
Publication of CN100591015C publication Critical patent/CN100591015C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

A dynamic access control method based on the trust model is a security solution of the dynamic access control, which solves the problem how the users screen out the trusty node in the gridding and meets the requirement of the user massive operations by optimized distribution of the mission submitted by users according to the ability of respective resource node. The method applies the trust model and the trust evaluation control mechanism to implement the security protection to the resource provider and resource consumer in the gridding community and provide a quality guarantee to the mission submitted. The method applies the trust model into the access control mechanism and applies trust model to solves the problem how the users screen out the resource node according with the user requirement in the gridding so as to accomplish the emission submitted by users and solve the security of cooperation and resource sharing between the gridding user and gridding entity in the virtual organization and between other virtual organization entities and establish security system structure which authorizes the users in the environment for establishing the gridding computation.

Description

Dynamic accesses control method based on trust model
Technical field
The present invention a kind ofly carries out the solution of trust evaluation to trusted entities under the open grid environment, and be mainly used in and solve the problem how user filters out trusted node in the grid, and then the submission task.Belong to Distributed Calculation safe practice field.
Background technology
Grid computing has developed into a key areas of computer industry, the difference of this field and Distributed Calculation is, grid computing concentrates on resource-sharing and collaborative work and high performance location more, is devoted to solve the problem of relevant resource-sharing between a plurality of individualities or the tissue.The appearance of grid computing and rise, make software systems just from towards sealing, know well user group and relative static form to the addressable and transformation of service mode highly dynamically that open more, public.This transformation makes that the safety analysis of computing system is complicated, while is owing to the extensive property of grid computing environment, isomerism, distributivity, characteristics such as dynamic and opening, traditional safe practice or measure can not well satisfy the needs of grid application.Safe practice and means based on the traditional software system configuration, especially safety certification and licensing scheme, as Access Control List (ACL) (Access ControlList is called for short ACL), some traditional public key certificate systems etc., no longer be applicable to solve the grid computing safety problem.
Traditional certificate system based on public key cryptosyst, as X.509, PGP etc., can not satisfy the demand of grid computing safety well:
(1) authentication center only assures individual marking in general sense, do not go to confirm individual ability or give its authority, just just user's identity is differentiated, and and do not know that whether this user has the ability or authority is operated, this can't guarantee the fail safe of system equally;
(2) rely on authentication center fully, the oneself who has weakened individual trusts, and the authentication center in blindly trusting on a large scale then often can't solve the conflict of interest between individuality;
(3) be difficult to the centralized maintenance certificate revocation list, certificate is abused probably.In addition, rely on individual public key certificate system of carrying out authentication and recommendation,, do not have concentrated trust agent, be applicable to a fairly large user group it is difficult to though have very big flexibility.
Therefore, people press for by the security strategy of grid computing is carried out the research of specialized system, propose a kind of brand-new can adaptive mess calculating etc. the security model of open network environment, and new method and thinking are proposed at the new demand of grid computing.1996, the artificial safety problem that solves the service of Internet network such as M.Blaze has been used the notion of " trust management (trust management) " first, its basic thought is to recognize that the imperfection of security information in the open system, and the security decision of system need rely on the trust third party that additional security information is provided.Trust management is with in the conventional security research, and especially implicit trust concept extraction comes out in the security certificate Mechanism Study, and is studied as the center, for the safety problem that solves application form new in the grid computing environment provides new thinking.Meanwhile, scholars such as A.Adul-Rahman are the notion from trusting then, divides trusting content and trusting degree, and is used for trust evaluation from the subjectivity of the trusting Mathematical Modeling that provides trust of starting with." trust (Trust) ", also can be referred to as " trust and rely property (Trustworthiness) ", be meant a kind of ability that can attentively cause in the legal expectation of finishing other people, trust is the part of morals, also is the crucial precondition of any social being.The authentication mechanism of trusted domain supplementary biography system, traditional authentication is mainly used in the proof identity, illustrate that the entity that has this certificate or token is a legal entity, and this is not equal to (having the ability to carry out fraud can not occur in mutual and the reciprocal process) that this entity of explanation is exactly a trust.But trusting with authentication model is closely to link to each other, and for general reciprocal process, carries out authentication usually earlier, passes judgment on mutual the other side's degree of belief again in conjunction with trust model, authorizes for the other side accordingly according to the other side's trusting degree then.This trusting relationship that is similar in the community network can be good at adapting to open network environment, and the trust model of research network gridding computation environment has become the focus of grid security research.
The proposition of " trust " notion has caused the very big interest of academia and business circles, and in academia, the numerous and confused research that launches trust model of people has proposed various trust models, wherein influence is bigger have two classes: BBK-Scheme and
Figure A20081001966500061
Trust model.
Summary of the invention
Technical problem: the objective of the invention is to propose a kind of dynamic accesses control method based on trust model, solution is under grid computing environment, the cooperative cooperating of the grid entity in grid user and this Virtual Organization and the inter-entity of other Virtual Organization, the fail safe and the dynamic problem of shared resource make up the Security Architecture of in the grid computing environment user being authorized.Utilize trust model and trust evaluation controlling mechanism that resource provider in the grid community and Resource consumers are implemented safeguard protection and it is submitted to the quality assurance of task.
Technical scheme: method of the present invention is a method that can extensively be suitable for and have in the open network environments such as high efficiency grid.Come trust model the design studies grid computing environment from the angle of the history window of using recommendation trust, calculate the degree of belief of entity according to the trust model algorithm, and then when entity during as the resource node in the grid Virtual Organization, organize authorization service mechanism dynamically to be its scheduling and distribution subtask, and its implementation is monitored according to entity trust degree.Its target is to solve how to filter out the resource node that meets the grid user requirement, finishes the job task problem that the user submits to.
Provide the several notions in this model below:
Trust (Trust): be assessment the confidence level of an entity identities and behavior, relevant with reliability, sincerity and the performance of this entity, trust is a subjective concept, depends on experience, we represent the height of reliability rating with trust value, and trust value is dynamic change with the behavior of entity.
Directly trust (Direct Trust): being meant once had directly transaction between two entities, set up a kind of direct trusting relationship between them, and trust value derives from the direct experience that the transaction situation according to both sides draws.
Recommendation trust (Recommended Trust): be meant and do not carry out directly transaction between two entities, but a kind of trusting relationship of setting up according to the recommendation of other entities that the trust value between them is the result that the assessment according to other entities draws.
Directly trust and recommendation trust such as Fig. 4 show.
Autonomous territory (Autonomous Domain): grid is divided into several independently autonomous territories, and each autonomous territory comprises the plurality of grids entity, and management strategy, the security strategy of oneself arranged, and connects by network between the autonomous territory
Trust model algorithm (Algorithm of Trust Model): the evaluation feedback that entity obtains is carried out the employed algorithm of statistical computation.
Estimate main body (Subject of Evaluation): promptly needing other entities are carried out the entity that degree of belief is estimated, also is the user of trust model.
Estimate object (Object of Evaluation): promptly estimate main body and prepare to carry out the evaluation object that degree of belief is estimated, estimating object n is n evaluation object.
Dynamic accesses control method based on trust model of the present invention is that trust model is applied in the access control mechanisms, utilizes the problem of trust model solution dynamic assignment grid user submit job, and is specific as follows:
One, architecture
Fig. 2 is the autonomous domain model dendrogram of the grid of certain user subject, and this dendrogram is divided into 4 layers, and practical structure is more than this routine complexity, and cycle represents the height set.The user be in ground floor be tree root (cycle=1) by that analogy, be cotyledon up to cycle=4.Come for oneself provides service if the user wants to find in the grid all to meet the resource node that oneself requires, then will travel through one by one as destination node, filter out enabled node then with all nodes.
In order to filter out the reliable resource node that meets customer requirements more accurately, this model has been introduced Several Parameters, they are: bang path limit for length, recommendation factor limit, direct trust weight value, recommendation trust weighted value, confidence level limit value, sizes of history window provide specific description below:
Bang path limit for length: when an entity need be known the trust value of another entity in he is to the territory, if two entities have direct trusting relationship then directly to adopt this trust value, if there is not direct trusting relationship, then seek the nominator one by one up to the trust value that finds the entity acquisition recommendation of direct trusting relationship is arranged with it by the height of recommendation grade, according to the community network experience, when trust link long more, the final recommendation trust that then obtains is unreliable more, the recommendation trust value of recommended node all is 0.9 in the middle of supposing, after then recommending through 8 times, the link recommendation value that obtains is 0.9 8=0.43, such recommendation just is difficult to make the requestor believe final result, thereby need limit linkage length.The bang path limit for length of this model sent server to by the user before submit job.
Recommend the factor (limit value): do not have under the contacted prerequisite mutual both sides, entity all tends to use some intermediate entities of oneself relatively trusting to pass judgment on mutual the other side as the nominator, these nominators' recommendation ability can represent that then popularity (Reputation) is defined as an entity can be exercised ability, honesty and the reliability of recommendation activities to another entity a kind of subjective the judge by their popularity.The size of popularity recommends the factor big more, then easy more gaining credit with recommending factor representation usually.Over a period to come, the recommendation factor of entity is presented as metastable usually, thereby can represent by enough mathematical formulaes.
We use Trust a(b) represent the trust value of a to b, dir a(b) expression a is to the direct trust value of b, rec x(y) be the recommendation factor of x to y, the trusting degree of the recommendation information that expression x provides y, wherein y is the nominator of x.
Figure A20081001966500081
Because recommending factor value is between [0,1], and is related to the final trust value of a to b,, filter out resource node trusty so recommend the factor should satisfy the final trusted entities that certain limit value just can reach customer requirements.
Direct trust weight value (recommendation trust weighted value): in our model, each grid entity is abstracted into a grid node.Each node maintenance trusting relationship table has comprised all the territory interior nodes contacted directly had taken place with it in the table, also comprised his all recommended nodes.We may arrive by a more than paths when the ferret out node, in these paths, there is direct trust path that the recommendation trust path is also arranged, but being user subject, final result a trust value to be arranged to destination node, this merges these paths with regard to direct trust weight value of needs and recommendation trust weighted value, obtains the final trust value of a node.
Trus t a ( b ) = M × dir a ( b ) + N × Σ i = 1 w ( rec a ( i 1 ) × rec i 1 ( i 2 ) × · · · × rec i n - 1 ( i n ) × dir i n ( b ) )
M represents direct trust weight value, dir a(b) expression a is to the direct trust value of b, and N represents the recommendation trust weighted value, and i represents i bar recommendation paths, rec x(y) be the recommendation factor of x to y.
The confidence level limit value: the assessment entity needs it is assessed and screens after the final trust that obtains for evaluation object.The method that this system adopts is to set a confidence level limit value t. for the trust that obtains through union operation for the entity that will finish the work each time t b a = Trust a ( b ) If t b a > t , Then entity thinks that evaluation object meets collaborative demand, can participate in collaborative activities; Otherwise entity will be refused evaluation object and work in coordination with.Confidence level limit value size has reflected the strict degree of user for the credible demand of collaboration objects.In Internet software collaboration environment, software entity must have the ability of perception environment and the ability that co-operation is made an appraisal.When a software entity is crossed low being on the hazard owing to the confidence level limit value, must in time improve limit value; Otherwise if limit value is too high, software entity has been refused the collaborative request of most of entity, then should corresponding downward modulation limit value, and make legal collaborative requestor can call service as much as possible.The size of t value and software entity participate in collaborative wish and are inversely proportional to.T is more little, and the easy more participation of entity is collaborative, and its credible guarantee is low more simultaneously; Vice versa.Choosing suitable limit value is one of key factor of software entity operate as normal.Limit value is relevant with concrete application, need be determined on a case-by-case basis.
Sizes of history window: upgrade recommendation trust, can not only depend on the information that the nominator is provided in current collaborative activities, the nominator is carried out the historical information of recommendation activities and also should be used.Different historical informations is different for the influence that the recommendation trust renewal process is produced, the near more influence that historical information produced should be big more, this model uses sliding window to simulate this process. and entity writes down that it provides the situation of recommendation information in nearest n the ω class cooperating process, the principle of employing FIFO first in first out for each nominator among certain class cooperating process ω introduces a sliding window.As Fig. 5, the weights that native system is got each window are respectively
Figure A20081001966500094
Two, method flow
This method applies to trust model in the access control mechanisms, utilizes the trust evaluation model to solve how to filter out the resource node that meets the grid user requirement, finishes the job task problem that the user submits to, and is specific as follows:
Step 1). the client at first generates a local certificate to be signed and issued in this locality, submit certificate to authentication center then, and request is authorized;
Step 2). authentication center judges that the client has lack of competence visit gridding resource, if have authority then authentication center sign the local certificate of sending from client with its private key, if client's lack of competence authentication center then refuses to be its private key signature, and judged result is returned to the user;
Step 3). after the client receives the certificate of having signed and issued, register, and additional own digital certificate is to server to this autonomous domain server;
Step 4). autonomous domain server checking digital certificate, by after Customer ID and password can be kept in the service database of autonomous territory, the client just becomes grid user;
Step 5). when grid user has task to submit to, land autonomous domain server earlier;
Step 6). single sign-on, avoid the user when the cross-domain services request, to land other autonomous domain servers once more;
Step 7). the user submits the trust requirement to the gridding resource node to, comprises weighted value, recommendation factor limit, the trust degree limit value of reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust;
Step 8). above-mentioned parameter being submitted to autonomous territory service database, opening the trust record of this user node in database, is target with all resource nodes of autonomous territory, is the source with user, the search trust path;
Step 9). merge directly trust and recommendation trust by weight after finding all satisfactory nodes, calculate the final trust value of all nodes; For same node direct trust may mulitpath be arranged, recommendation trust is also arranged,
Step 10). the trust degree limit value parameter of submitting to according to the user filters out all trusted node that meet customer requirements, has only degree of belief just to satisfy requirement more than or equal to the node of confidence level limit value, and this result is returned to the user;
Step 11). service operations options such as user's selection is only readable, write only, can revise, service zero-time, termination time, whether the IP matching addresses to be, according to these service request generation strategy documents of user's submission;
Step 12). the generation strategy document, carry out strategy matching, the user submits to autonomous domain server with statement, and by local policy, autonomous domain server judges whether to provide service to the user;
Step 13). the user submits to autonomous domain server with task requests;
Step 14). server is a cpu performance according to the performance of trusted node, operation is divided into the experimental process operation distributes to each trusted node and finish;
Step 15). the result is returned to the user, and task is finished;
Step 16). the user with each resource node carry out mutual after, can produce one this node estimated accordingly, all evaluations all are submitted to autonomous territory service database;
Step 17). according to reliability rating and history window parameter, the final trust value of evaluation calculation resource node, and upgrade the user to this node trusting relationship record, use during for next task requests;
Step 18). upgrade the evaluation accuracy of recommended node in the service database of autonomous territory, promptly recommend the factor; So far, the specific implementation process based on the access control method of trust evaluation model finishes.
The user is the trust requirement to the gridding resource node in the step 7, the weighted value, recommendation factor limit, the trust degree limit value that comprise reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust are submitted to autonomous territory service database, in database, open the trust record of this user node, with all resource nodes of autonomous territory is target, with user is the source, the search trust path, concrete steps are as follows:
Step 71. is opened the trust record of user node, if the user is to the direct trust number=num of other resource node, looking for user from record is all resource node targets in source, the search trust path, be positioned at the ground floor of search tree this moment, represent the level set with cycle, this moment cycle=1;
Step 72. is searched all related with it resource nodes, if not have record then give tacit consent to it be 0.5 to the trust value of all nodes in the grid to this node of num=0, recommending the factor also is 0.5, and traversal finishes;
If step 73. numi=0 then has trust record, represent it is which node in the record with i, require i<=num, begin to judge from i=1 the node that writes down whether this node is destination node; If, recommendation paths and recommendation trust value or direct trust value are noted, continue this destination node in other paths of traversal;
Step 74. judges then that if not destination node this node has or not further trust object, if having, enters down the step judgement;
Whether the recommendation factor of this node of step 75. is greater than recommending limit value, if enter down the step judgement; If not, judge further then whether the i of this node equals num, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
Whether step 76. bang path length if not, enters down step judgement greater than the path limit for length; Whether equal num if then further judge the i value of this node, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
Whether this node of step 77. has appeared in the bang path, if not, enters down the step judgement; Whether equal num if then further judge the i value of this node, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
Recommended node in the middle of this node of step 78. can be used as is searched all related with it resource nodes, enters lower floor's traversal, cycle=cycle+1;
If after having any one condition not satisfy in step 79. step 74~step 77 all to turn back to the upper strata, enter the continuation traversal of next record node; All nodes all travel through one time in grid, EP (end of program);
Step 710. may mulitpath at each node in the grid, direct trust is arranged, recommendation trust is also arranged, it is integrated, merge directly trust and recommendation trust path by direct trust weight value and recommendation trust weighted value, draw the final trust value of user after the weighted average this node;
Step 711. and then filter out the node that meets the demands according to the confidence level limit value, the trust degree limit value parameter of submitting to according to the user filters out all trusted node that meet customer requirements, have only the confidence level of resource node just to satisfy requirement, and this result is returned to the user more than or equal to the confidence level limit value.
Beneficial effect: the inventive method has proposed a kind of the trust evaluation theory to be applied to new method in the access control, be mainly used in the problem that the user controls the gridding resource node visit in the grid community that solves, the method that the application of the invention proposes can be avoided the entity deceptive practices and realize dynamic, can effectively reach in the grid community purpose to the access control of resource node, be a kind of high efficient and convenient new method.Below we provide specific description.
Reliability: the trust model that uses in the inventive method is reliably, can prevent the entity deceptive practices.In grid computing environment, there is the behavior of a kind of forgery entity, entity oneself is registered some entities and oneself is carried out alternately, and gives very high evaluation to these behaviors, improves the degree of belief evaluation of oneself whereby.In this model, only estimate the degree of belief that could improve the opposite end entity from the front of the high entity of degree of belief, because the client submitted to one to recommend limit value before submit job earlier, nominator in the middle of the recommendation factor of having only entity just can be used as during greater than this limit value, and after finishing alternately, user and resource node to do the evaluation accuracy to nominator in the middle of these, the general entity of accuracy is to the almost not influence of degree of belief of opposite end entity, and the very low entity of accuracy estimates even can reduce the degree of belief of end entity to the front of opposite end entity.In this model, the initial trust degree of registering entities is set to 0.5, recommending the factor also is 0.5, the evaluation that this means these entities is little for the influence of other entities, and gap widens gradually along with increasing of interaction times between the node, therefore reliable more node trust value can be more and more higher, and the node trust value that has the malice deceptive practices can be more and more lower, by registering entities and to forge the entity behavior be invalid in this trust model.
Dynamic: according to grid user and the mutual result of resource node, the user can make evaluation to each node, the situation that resource node is finished the work is submitted to autonomous domain server, server is according to reliability rating and history window parameter, calculate the final trust value of estimating object n, and upgrade the evaluation accuracy (the recommendation factor) of user entity trusts relation record and reference entity, and then, the user can grasp the situation of gridding resource dynamically, timely, filters out the adequate resources node.
Reasonability: when introducing feedback information, not only front evaluation and negative evaluation are all introduced in the trust model, and considered feedback information supplier's trust degree in this access control method, make feedback information more reasonable.Along with increasing transaction, this model is also more and more accurate to the assessment of trust value.
Description of drawings
Fig. 1 is the frame diagram of autonomous territory authorization service.
Fig. 2 is the autonomous domain model dendrogram of the grid of a user subject.
Fig. 3 is the trust link figure that search obtains.
Fig. 4 directly trusts and recommendation trust.
Fig. 5 is N sliding window.
Fig. 6 is an overall process flow chart of the present invention.
Fig. 7 is the flow chart of access control method of the present invention.
Embodiment
1, grid user request access resources
If unregistered client, at first should generate a local certificate to be signed and issued in this locality, submit certificate to the CA of authentication center (Certification authority) then, request is authorized, authentication center judges that the client has lack of competence visit gridding resource, if have then authentication center signs the local certificate of sending from client with its private key, and return to the user, after the client receives the certificate of having signed and issued, register to this autonomous domain server, and it sends the digital certificate of oneself, autonomous domain server checking digital certificate, by after Customer ID and password can be kept in the service database of autonomous territory, the client just becomes grid user;
When grid user has task to submit to, land autonomous domain server earlier, single sign-on then, purpose is to avoid the user to land other autonomous domain servers once more when the cross-domain services request, the user submits the trust requirement to the gridding resource node to, comprise reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust weighted value, recommend factor limit, trust degree limit value etc., the gridding resource server determines whether providing service promptly to respond the user by checking user's policy statement.
2, screening grid node
Above-mentioned parameter being submitted to autonomous territory service database, opening the trust record of this user node in database, is target with all resource nodes of autonomous territory, one by one traversal.With user is the source, begins to search for trust path; With Fig. 2 is example, and this process is elaborated:
This dendrogram is divided into 4 layers, and cycle represents the height set.The user be in ground floor be tree root (cycle=1) by that analogy, be cotyledon up to cycle=4.Come for oneself provides service if the user wants to find in the grid all to meet the resource node that oneself requires, then will travel through one by one as destination node, filter out enabled node then with all nodes.
1) at first open user's trust record, if search earlier have the resource node of direct trusting relationship not have direct trust record with the user in the default mesh trust value of all nodes be 0.5, recommending the factor also is 0.5; There is direct trusting relationship in this routine user with (1,2,3) three resource nodes, earlier from node 1, is the source with this 1 node again then if not destination node, carries out degree of depth traversal;
2) decision node 1 has or not further trusting relationship, carries out range traversal, (be cycle=2, return last layer cycle=1) if nothing is then returned last layer.In this example, node 1 has further trusting relationship;
3) whether the recommendation factor of decision node 1 as if less than limit value then this node do not can be used as in the middle of nominator, gets rid of this path greater than recommending limit value, returns the upper strata and continues traversal, otherwise enter next step;
4) whether decision node 1 appears in the bang path, if then cancel this path, avoids deadlock; If recommended node not then in the middle of can be used as continues to search related with it resource node, enter lower floor traversal, cycle++;
5) finish back (find cycle=4 9 till) up to degree of depth traversal and just carry out range, promptly horizontal traversal turns back to the cycle=2 layer, searches node 2, if not destination node, and does not have trust record, then forward to layer next node 3;
6) carry out degree of depth traversal again, all travel through one time EP (end of program) up to all nodes.
7) may mulitpath at each node in the grid, direct trust arranged, recommendation trust is also arranged, it is integrated, merge directly trust and recommendation trust path by direct trust weight value and recommendation trust weighted value, draw the final trust value of user after the weighted average this node.
8) filter out the node that meets the demands and then according to the confidence level limit value.The trust degree limit value parameter of submitting to according to the user filters out all trusted node (more than or equal to parameter value) that meet customer requirements, and this result is returned to the user.
3, submit to task requests and result to return
The user selects service option, comprise servicing rights as: read, write, retouching operation, service time is as zero-time, termination time, whether the IP matching addresses, thereby generation strategy document, carry out strategy matching, the user submits to autonomous domain server with policy statement, pass through local policy, autonomous domain server judges whether to provide service to the user, if by would respond user's request, the user submits to autonomous domain server with task requests, server is according to the performance (as cpu performance) of trusted node, operation is divided into the experimental process operation to be distributed to each trusted node and finishes, after task was finished, all resource nodes returned to autonomous domain server with the result, and server sends to complete results of user after each height result is integrated.
Specific as follows:
Step 1). the client at first generates a local certificate to be signed and issued in this locality, submit certificate to the CA of authentication center (Certification authority) then, and request is authorized;
Step 2). authentication center judges that the client has lack of competence visit gridding resource, and authentication center signs the local certificate of sending from client with its private key if having then, and returns to the user;
Step 3). after the client receives the certificate of having signed and issued, register, and it sends the digital certificate of oneself to this autonomous domain server;
Step 4). autonomous domain server checking digital certificate, by after Customer ID and password can be kept in the service database of autonomous territory, the client just becomes grid user;
Step 5). when grid user has task to submit to, land autonomous domain server earlier;
Step 6). single sign-on, avoid the user when the cross-domain services request, to land other autonomous domain servers once more;
Step 7). the user submits the trust requirement to the gridding resource node to, comprise reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust weighted value, recommend factor limit, trust degree limit value etc.;
Step 8). above-mentioned parameter being submitted to autonomous territory service database, opening the trust record of this user node in database, is target with all resource nodes of autonomous territory, is the source with user, the search trust path;
Step 9). after finding all satisfactory nodes (for same node may mulitpath as shown in Figure 3, direct trust arranged, recommendation trust is arranged also), merge directly trust and recommendation trust by weight, calculate the final trust value of all nodes;
Step 10). the trust degree limit value parameter of submitting to according to the user filters out all trusted node (more than or equal to parameter value) that meet customer requirements, and this result is returned to the user;
Step 11). the user selects service option, comprises servicing rights as reading and writing, retouching operation, service time as: zero-time, termination time, whether the IP matching addresses to be;
Step 12). the generation strategy document, carry out strategy matching, the user submits to autonomous domain server with statement, and by local policy, autonomous domain server judges whether to provide service to the user;
Step 13). the user submits to autonomous domain server with task requests;
Step 14). server is according to the performance (as cpu performance) of trusted node, operation is divided into the experimental process operation distributes to each trusted node and finish;
Step 15). the result is returned to the user, and task is finished;
Step 16). the user with each resource node carry out mutual after, can produce one this node estimated accordingly, all evaluations all are submitted to autonomous territory service database;
Step 17). according to reliability rating and history window parameter, calculate the final trust value of estimating object n, and upgrade the user, use during for next task requests the entity trusts relation record;
Step 18). upgrade the evaluation accuracy (the recommendation factor) of reference entity in the service database of autonomous territory; So far, the specific implementation process based on the access control method of trust evaluation model finishes.
The user is the trust requirement to the gridding resource node in the step 7), comprise reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust weighted value, recommend factor limit, trust degree limit value etc. to be submitted to autonomous territory service database, in database, open the trust record of this user node, with all resource nodes of autonomous territory is target, with user is the source, the search trust path, concrete steps are as follows:
1) open the trust record of user node, establish the direct trust number=num of user to other resource node, looking for user from record is all resource node targets in source, the search trust path, be positioned at the ground floor of search tree this moment, represent the level set with cycle, this moment cycle=1;
2) search all related with it resource nodes, if not have record then give tacit consent to it be 0.5 to the trust value of all nodes in the grid to this node of num=0, recommending the factor also is 0.5, and traversal finishes;
3) if num!=0, trust record is then arranged, with i represent be the record in which node, require i<=num, from the record i=1 node begin the judgement, whether this node is destination node; If, recommendation paths and recommendation trust value or direct trust value are noted, continue this destination node in other paths of traversal;
4) if not destination node, judge that then this node has or not further trust object, if having, enter down the step judgement;
5) whether the recommendation factor of this node is greater than recommending limit value, if enter down the step judgement; If not, judge further then whether the i of this node equals num, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
6) whether bang path length if not, enters down step judgement greater than the path limit for length; Whether equal num if then further judge the i value of this node, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
7) whether this node has appeared in the bang path, if not, enters down the step judgement; Whether equal num if then further judge the i value of this node, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
8) recommended node in the middle of this node can be used as is searched all related with it resource nodes, enters lower floor's traversal, cycle=cycle+1;
9) if step 4)~7) in have any one condition not satisfy all to turn back to the upper strata after, the continuation traversal that enters next record node; All nodes all travel through one time in grid, EP (end of program);
10) may mulitpath at each node in the grid, direct trust arranged, recommendation trust is also arranged, it is integrated, merge directly trust and recommendation trust path by direct trust weight value and recommendation trust weighted value, draw the final trust value of user after the weighted average this node;
11) filter out the node that meets the demands and then according to the confidence level limit value, the trust degree limit value parameter of submitting to according to the user filters out all trusted node that meet customer requirements, have only the confidence level of resource node just to satisfy requirement, and this result is returned to the user more than or equal to the confidence level limit value.
In this process, the user may carry out alternately with tens even up to a hundred resources, the probability that each resource entity has malice is different, behind each mutual end, two mutual entities have corresponding an evaluation to the other side, all evaluations all are submitted to autonomous territory service database, according to reliability rating and history window parameter, estimate the final trust value of object n according to corresponding evaluation calculation by autonomous domain server, and upgrade the user to the entity trusts relation record, use during for next task requests; Also to upgrade the evaluation accuracy (the recommendation factor) of reference entity in the service database of autonomous territory; So far, the specific implementation process based on the access control method of trust evaluation model finishes.

Claims (2)

1. dynamic accesses control method based on trust model, it is characterized in that this method applies to trust model in the access control mechanisms, utilize the trust evaluation model to solve and how to filter out the resource node that meets the grid user requirement, finish the job task problem that the user submits to, specific as follows:
Step 1. client at first generates a local certificate to be signed and issued in this locality, submit certificate to authentication center then, and request is authorized;
Step 2. authentication center judges that the client has lack of competence visit gridding resource, if authority is arranged, then authentication center signs the local certificate of sending from client with its private key, if client's lack of competence, authentication center then refuses to be its private key signature, and judged result is returned to the user;
After step 3. client receives the certificate of having signed and issued, register, and additional own digital certificate is to server to this autonomous domain server;
The autonomous domain server of step 4. checking digital certificate, by after Customer ID and password can be kept in the service database of autonomous territory, the client just becomes grid user;
When step 5. grid user has task to submit to, land autonomous domain server earlier;
Step 6. single sign-on avoids the user to land other autonomous domain servers once more when the cross-domain services request;
Step 7. user submits the trust requirement to the gridding resource node to, comprises weighted value, recommendation factor limit, the trust degree limit value of reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust;
Step 8. is submitted to autonomous territory service database with above-mentioned parameter, opens the trust record of this user node in database, is target with all resource nodes of autonomous territory, is the source with user, the search trust path;
Step 9. merges directly trust and recommendation trust by weight after finding all satisfactory nodes, calculates the final trust value of all nodes; For same node direct trust may mulitpath be arranged, recommendation trust is also arranged,
Step 10. filters out all trusted node that meet customer requirements according to the trust degree limit value parameter that the user submits to, has only degree of belief just to satisfy requirement more than or equal to the node of confidence level limit value, and this result is returned to the user;
Service operations options such as step 11. user selection is only readable, write only, can revise, service zero-time, termination time, whether the IP matching addresses to be, according to these service request generation strategy documents of user's submission;
Step 12. generation strategy document carries out strategy matching, and the user submits to autonomous domain server with statement, and by local policy, autonomous domain server judges whether to provide service to the user;
Step 13. user submits to autonomous domain server with task requests;
Step 14. server is a cpu performance according to the performance of trusted node, operation is divided into the experimental process operation distributes to each trusted node and finish;
Step 15. returns to the user with the result, and task is finished;
Step 16. user with each resource node carry out mutual after, can produce one this node estimated accordingly, all evaluations all are submitted to autonomous territory service database;
Step 17. is according to reliability rating and history window parameter, the final trust value of evaluation calculation resource node, and upgrade the user to this node trusting relationship record, use during for next task requests;
Step 18. is upgraded the evaluation accuracy of recommended node in the service database of autonomous territory, promptly recommends the factor; So far, the specific implementation process based on the access control method of trust evaluation model finishes.
2, the dynamic accesses control method based on trust model according to claim 1, it is characterized in that the user is the trust requirement to the gridding resource node in the step 7, the weighted value, recommendation factor limit, the trust degree limit value that comprise reliability rating, history window, bang path limit for length, the weighted value of directly trusting, recommendation trust are submitted to autonomous territory service database, in database, open the trust record of this user node, with all resource nodes of autonomous territory is target, with user is the source, the search trust path, concrete steps are as follows:
Step 71. is opened the trust record of user node, if the user is to the direct trust number=num of other resource node, looking for user from record is all resource node targets in source, the search trust path, be positioned at the ground floor of search tree this moment, represent the level set with cycle, this moment cycle=1;
Step 72. is searched all related with it resource nodes, if not have record then give tacit consent to it be 0.5 to the trust value of all nodes in the grid to this node of num=0, recommending the factor also is 0.5, and traversal finishes;
If step 73. numi=0 then has trust record, represent it is which node in the record with i, require i<=num, begin to judge from i=1 the node that writes down whether this node is destination node; If, recommendation paths and recommendation trust value or direct trust value are noted, continue this destination node in other paths of traversal;
Step 74. judges then that if not destination node this node has or not further trust object, if having, enters down the step judgement;
Whether the recommendation factor of this node of step 75. is greater than recommending limit value, if enter down the step judgement; If not, judge further then whether the i of this node equals num, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
Whether step 76. bang path length if not, enters down step judgement greater than the path limit for length; Whether equal num if then further judge the i value of this node, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
Whether this node of step 77. has appeared in the bang path, if not, enters down the step judgement; Whether equal num if then further judge the i value of this node, i+1 node do not searched for, finish, return upper layer node and continue traversal if mean this layer range traversal if just do not wait;
Recommended node in the middle of this node of step 78. can be used as is searched all related with it resource nodes, enters lower floor's traversal, cycle=cycle+1;
If after having any one condition not satisfy in step 79. step 74~step 77 all to turn back to the upper strata, enter the continuation traversal of next record node; All nodes all travel through one time in grid, EP (end of program);
Step 710. may mulitpath at each node in the grid, direct trust is arranged, recommendation trust is also arranged, it is integrated, merge directly trust and recommendation trust path by direct trust weight value and recommendation trust weighted value, draw the final trust value of user after the weighted average this node;
Step 711. and then filter out the node that meets the demands according to the confidence level limit value, the trust degree limit value parameter of submitting to according to the user filters out all trusted node that meet customer requirements, have only the confidence level of resource node just to satisfy requirement, and this result is returned to the user more than or equal to the confidence level limit value.
CN200810019665A 2008-03-11 2008-03-11 Dynamic accesses control method based on trust model Expired - Fee Related CN100591015C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810019665A CN100591015C (en) 2008-03-11 2008-03-11 Dynamic accesses control method based on trust model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810019665A CN100591015C (en) 2008-03-11 2008-03-11 Dynamic accesses control method based on trust model

Publications (2)

Publication Number Publication Date
CN101257386A true CN101257386A (en) 2008-09-03
CN100591015C CN100591015C (en) 2010-02-17

Family

ID=39891880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810019665A Expired - Fee Related CN100591015C (en) 2008-03-11 2008-03-11 Dynamic accesses control method based on trust model

Country Status (1)

Country Link
CN (1) CN100591015C (en)

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378318B (en) * 2008-10-08 2010-09-15 南京邮电大学 Identification authentication method of open network based on dynamic credible third-party
CN101997876A (en) * 2010-11-05 2011-03-30 重庆大学 Attribute-based access control model and cross domain access method thereof
CN101729321B (en) * 2009-12-22 2011-11-23 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN102347958A (en) * 2011-11-18 2012-02-08 上海电机学院 Dynamic hierarchical access control method based on user trust
CN101448026B (en) * 2008-12-16 2012-05-23 中国科学技术大学 Method for computing node selection in grid market on the basis of trust filtering
CN102571600A (en) * 2012-02-07 2012-07-11 中山爱科数字科技股份有限公司 Method for scheduling node resources
CN102664915A (en) * 2012-03-23 2012-09-12 李海波 Service selection method based on resource constraint in cloud manufacturing environment
CN101692676B (en) * 2009-09-29 2012-09-19 华中师范大学 Hybrid trust management system and trust evaluation method thereof under open environment
WO2013037329A1 (en) * 2011-09-14 2013-03-21 北京大学 Secure digital content sharing method, device, and system
CN101431361B (en) * 2008-12-10 2013-05-08 南京邮电大学 Method for implementing double-layer satellite trust model based on mobile proxy
CN103118379A (en) * 2013-02-06 2013-05-22 西北工业大学 Node cooperation degree evaluation method facing mobile ad hoc network
CN103188270A (en) * 2013-04-11 2013-07-03 腾讯科技(深圳)有限公司 Method, device and system for accessing recommended server to IP address
CN103237023A (en) * 2013-04-16 2013-08-07 安徽师范大学 Dynamic trust model establishing system
CN103236928A (en) * 2013-04-22 2013-08-07 广东电网公司电力科学研究院 Method and system for safely controlling network resource
CN101729541B (en) * 2009-11-26 2014-08-13 广东宇天科技有限公司 Method and system for accessing resources of multi-service platform
CN104539687A (en) * 2014-12-19 2015-04-22 上海电机学院 Community cloud resource safety sharing method based on trust negotiation
CN105743667A (en) * 2014-12-08 2016-07-06 中国移动通信集团公司 Access control method, device and system
CN106464675A (en) * 2014-04-30 2017-02-22 微软技术许可有限责任公司 Client-side integration framework of services
CN106507354A (en) * 2016-11-29 2017-03-15 中国银联股份有限公司 For preventing the method and device of mobile device malicious registration
CN107342975A (en) * 2016-12-21 2017-11-10 安徽师范大学 Trust computational methods based on domain division under insincere cloud environment
CN107995204A (en) * 2017-12-11 2018-05-04 四川管理职业学院 Hadoop framework method for evaluating trust based on Bayes models
CN108122114A (en) * 2017-12-25 2018-06-05 同济大学 For abnormal repeat business fraud detection method, system, medium and equipment
CN108400989A (en) * 2018-03-01 2018-08-14 北京东方英卡数字信息技术有限公司 A kind of safety certificate equipment of shared resource authentication, method and system
CN109245899A (en) * 2018-09-06 2019-01-18 成都三零嘉微电子有限公司 One kind being based on the novel trust chain design method of SM9 cryptographic algorithm
CN109698818A (en) * 2018-11-13 2019-04-30 视联动力信息技术股份有限公司 A kind of acquisition online user and the method and apparatus across streaming media communication
CN110197062A (en) * 2019-05-29 2019-09-03 轲飞(北京)环保科技有限公司 A kind of virtual machine dynamic accesses control method and control system
CN110506413A (en) * 2017-04-03 2019-11-26 哈曼国际工业有限公司 For network equipment safety and trust the determining system and method for score
CN111431966A (en) * 2020-02-21 2020-07-17 视联动力信息技术股份有限公司 Service request processing method and device, electronic equipment and storage medium
CN111756731A (en) * 2020-06-23 2020-10-09 全球能源互联网研究院有限公司 Credibility measuring method and system for private network
CN112541793A (en) * 2020-12-23 2021-03-23 北京五八信息技术有限公司 Information processing method, information processing device and electronic equipment
CN113205871A (en) * 2021-02-10 2021-08-03 云南财经大学 Medical data access control model based on fuzzy trust prediction and regression analysis
CN114567473A (en) * 2022-02-23 2022-05-31 南通大学 Zero-trust mechanism-based Internet of vehicles access control method

Cited By (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101378318B (en) * 2008-10-08 2010-09-15 南京邮电大学 Identification authentication method of open network based on dynamic credible third-party
CN101431361B (en) * 2008-12-10 2013-05-08 南京邮电大学 Method for implementing double-layer satellite trust model based on mobile proxy
CN101448026B (en) * 2008-12-16 2012-05-23 中国科学技术大学 Method for computing node selection in grid market on the basis of trust filtering
CN101692676B (en) * 2009-09-29 2012-09-19 华中师范大学 Hybrid trust management system and trust evaluation method thereof under open environment
CN101729541B (en) * 2009-11-26 2014-08-13 广东宇天科技有限公司 Method and system for accessing resources of multi-service platform
CN101729321B (en) * 2009-12-22 2011-11-23 北京理工大学 Dynamic cross-domain access control method based on trust valuation mechanism
CN101997876A (en) * 2010-11-05 2011-03-30 重庆大学 Attribute-based access control model and cross domain access method thereof
CN101997876B (en) * 2010-11-05 2014-08-27 重庆大学 Attribute-based access control model and cross domain access method thereof
CN102999710A (en) * 2011-09-14 2013-03-27 北京大学 Method, equipment and system for safely sharing digital content
WO2013037329A1 (en) * 2011-09-14 2013-03-21 北京大学 Secure digital content sharing method, device, and system
CN102999710B (en) * 2011-09-14 2016-09-21 北京大学 A kind of safety shares the method for digital content, equipment and system
CN102347958B (en) * 2011-11-18 2013-12-04 上海电机学院 Dynamic hierarchical access control method based on user trust
CN102347958A (en) * 2011-11-18 2012-02-08 上海电机学院 Dynamic hierarchical access control method based on user trust
CN102571600A (en) * 2012-02-07 2012-07-11 中山爱科数字科技股份有限公司 Method for scheduling node resources
CN102664915B (en) * 2012-03-23 2014-11-19 李海波 Service selection method based on resource constraint in cloud manufacturing environment
CN102664915A (en) * 2012-03-23 2012-09-12 李海波 Service selection method based on resource constraint in cloud manufacturing environment
CN103118379A (en) * 2013-02-06 2013-05-22 西北工业大学 Node cooperation degree evaluation method facing mobile ad hoc network
CN103188270A (en) * 2013-04-11 2013-07-03 腾讯科技(深圳)有限公司 Method, device and system for accessing recommended server to IP address
US9589064B2 (en) 2013-04-11 2017-03-07 Tencent Technology (Shenzhen) Company Limited Method, device and system for recommending access IP address of server, server and storage medium
CN103188270B (en) * 2013-04-11 2015-05-20 腾讯科技(深圳)有限公司 Method, device and system for accessing recommended server to IP address
CN103237023A (en) * 2013-04-16 2013-08-07 安徽师范大学 Dynamic trust model establishing system
CN103237023B (en) * 2013-04-16 2016-01-13 安徽师范大学 A kind of dynamic trust model constructing system
CN103236928A (en) * 2013-04-22 2013-08-07 广东电网公司电力科学研究院 Method and system for safely controlling network resource
CN103236928B (en) * 2013-04-22 2015-11-25 广东电网有限责任公司电力科学研究院 The method and system that network resource security controls
CN106464675A (en) * 2014-04-30 2017-02-22 微软技术许可有限责任公司 Client-side integration framework of services
CN106464675B (en) * 2014-04-30 2019-11-12 微软技术许可有限责任公司 The client-side integrated framework of service
CN105743667A (en) * 2014-12-08 2016-07-06 中国移动通信集团公司 Access control method, device and system
CN105743667B (en) * 2014-12-08 2019-09-03 中国移动通信集团公司 A kind of access management-control method, apparatus and system
CN104539687A (en) * 2014-12-19 2015-04-22 上海电机学院 Community cloud resource safety sharing method based on trust negotiation
CN104539687B (en) * 2014-12-19 2017-12-22 上海电机学院 Community cloud resource security sharing method based on trust negotiation
CN106507354A (en) * 2016-11-29 2017-03-15 中国银联股份有限公司 For preventing the method and device of mobile device malicious registration
CN106507354B (en) * 2016-11-29 2020-01-21 中国银联股份有限公司 Method and device for preventing mobile equipment from being maliciously registered
CN107342975A (en) * 2016-12-21 2017-11-10 安徽师范大学 Trust computational methods based on domain division under insincere cloud environment
CN107342975B (en) * 2016-12-21 2020-03-24 安徽师范大学 Domain division-based trust computing method in untrusted cloud environment
US11425133B2 (en) 2017-04-03 2022-08-23 Harman International Industries, Incorporated System and method for network device security and trust score determinations
CN110506413A (en) * 2017-04-03 2019-11-26 哈曼国际工业有限公司 For network equipment safety and trust the determining system and method for score
CN107995204A (en) * 2017-12-11 2018-05-04 四川管理职业学院 Hadoop framework method for evaluating trust based on Bayes models
CN108122114A (en) * 2017-12-25 2018-06-05 同济大学 For abnormal repeat business fraud detection method, system, medium and equipment
CN108400989B (en) * 2018-03-01 2021-07-30 恒宝股份有限公司 Security authentication equipment, method and system for shared resource identity authentication
CN108400989A (en) * 2018-03-01 2018-08-14 北京东方英卡数字信息技术有限公司 A kind of safety certificate equipment of shared resource authentication, method and system
CN109245899A (en) * 2018-09-06 2019-01-18 成都三零嘉微电子有限公司 One kind being based on the novel trust chain design method of SM9 cryptographic algorithm
CN109245899B (en) * 2018-09-06 2021-03-16 成都三零嘉微电子有限公司 Trust chain design method based on SM9 cryptographic algorithm
CN109698818A (en) * 2018-11-13 2019-04-30 视联动力信息技术股份有限公司 A kind of acquisition online user and the method and apparatus across streaming media communication
CN110197062A (en) * 2019-05-29 2019-09-03 轲飞(北京)环保科技有限公司 A kind of virtual machine dynamic accesses control method and control system
CN111431966A (en) * 2020-02-21 2020-07-17 视联动力信息技术股份有限公司 Service request processing method and device, electronic equipment and storage medium
CN111756731B (en) * 2020-06-23 2022-06-28 全球能源互联网研究院有限公司 Credibility measuring method and system for private network
CN111756731A (en) * 2020-06-23 2020-10-09 全球能源互联网研究院有限公司 Credibility measuring method and system for private network
CN112541793A (en) * 2020-12-23 2021-03-23 北京五八信息技术有限公司 Information processing method, information processing device and electronic equipment
CN112541793B (en) * 2020-12-23 2022-04-26 北京五八信息技术有限公司 Information processing method, information processing device and electronic equipment
CN113205871A (en) * 2021-02-10 2021-08-03 云南财经大学 Medical data access control model based on fuzzy trust prediction and regression analysis
CN114567473A (en) * 2022-02-23 2022-05-31 南通大学 Zero-trust mechanism-based Internet of vehicles access control method
CN114567473B (en) * 2022-02-23 2024-01-09 南通大学 Internet of vehicles access control method based on zero trust mechanism

Also Published As

Publication number Publication date
CN100591015C (en) 2010-02-17

Similar Documents

Publication Publication Date Title
CN100591015C (en) Dynamic accesses control method based on trust model
ur Rehman et al. Trust in blockchain cryptocurrency ecosystem
CN109472596B (en) Alliance's chain common recognition method and system based on transaction assessment
Herrera-Joancomartí Research and challenges on bitcoin anonymity
CN101707594A (en) Single sign on based grid authentication trust model
CN102012989A (en) Threshold and key-based authorization method in software as a service (SaaS)
Chen et al. Development of an access control model, system architecture and approaches for resource sharing in virtual enterprise
DE112021003971T5 (en) SUSTAINABLE TOKENS FOR A PRIVACY PROTECTED PROTOCOL SUPPLY CHAIN
Nogoorani et al. TIRIAC: A trust-driven risk-aware access control framework for Grid environments
Goswami et al. E-Governance: a tendering framework using blockchain with active participation of citizens
Zhang et al. A refined analysis of zcash anonymity
CN101242410B (en) Grid subjective trust processing method based on simple object access protocol
Tariq et al. Trustworthy federated learning: A survey
Chang et al. SLA-based multi-dimensional trust model for fog computing environments
Sabzmakan et al. An improved distributed access control model in cloud computing by blockchain
Khan et al. Blockchain-based applications and energy effective electric vehicle charging–A systematic literature review, challenges, comparative analysis and opportunities
Varnosfaderani et al. A flexible and compatible model for supporting assurance level through a central proxy
Tran et al. Trust and authorization in the grid: a recommendation model
Spagnoletti et al. Securing virtual enterprises: Requirements and architectural choices
Durad et al. A vision for the trust managed grid
Eer et al. Bottom-Up Trust Registry in Self Sovereign Identity
Linwa et al. A GENERIC AND RELIABLE LAND ACQUISITION PROTOCOL AND SOFTWARE ARCHITECTURE FOR SUB-SAHARAN AFRICA COUNTRIES.
Volkmann et al. Privacy in local energy markets: A framework for a self-sovereign identity based P2P-trading authentication system
Heupel et al. Enhancing the security and usability of DUI based collaboration with proof based access control
Udupi et al. Multiagent policy architecture for virtual business organizations

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20080903

Assignee: Jiangsu Nanyou IOT Technology Park Ltd.

Assignor: Nanjing Post & Telecommunication Univ.

Contract record no.: 2016320000217

Denomination of invention: Dynamic accesses control method based on trust model

Granted publication date: 20100217

License type: Common License

Record date: 20161118

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EC01 Cancellation of recordation of patent licensing contract

Assignee: Jiangsu Nanyou IOT Technology Park Ltd.

Assignor: Nanjing Post & Telecommunication Univ.

Contract record no.: 2016320000217

Date of cancellation: 20180116

EC01 Cancellation of recordation of patent licensing contract
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100217

Termination date: 20180311

CF01 Termination of patent right due to non-payment of annual fee