CN101378318A - Identification authentication method of open network base on dynamic credible third-party - Google Patents

Identification authentication method of open network base on dynamic credible third-party Download PDF

Info

Publication number
CN101378318A
CN101378318A CNA200810155720XA CN200810155720A CN101378318A CN 101378318 A CN101378318 A CN 101378318A CN A200810155720X A CNA200810155720X A CN A200810155720XA CN 200810155720 A CN200810155720 A CN 200810155720A CN 101378318 A CN101378318 A CN 101378318A
Authority
CN
China
Prior art keywords
party
trusted
entity
identity authentication
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200810155720XA
Other languages
Chinese (zh)
Other versions
CN101378318B (en
Inventor
王汝传
王海艳
张琳
王杨
李捷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN200810155720XA priority Critical patent/CN101378318B/en
Publication of CN101378318A publication Critical patent/CN101378318A/en
Application granted granted Critical
Publication of CN101378318B publication Critical patent/CN101378318B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

开放网络中基于动态可信第三方的身份认证方法,该方案通过构建包含信任决策库、动态可信第三方及参与网络服务的实体的认证体系结构,使交互实体在进行身份认证时不仅能够获得有关身份认证的必要信息,而且还获得了与其交互实体所依赖的动态可信第三方的信任反馈集,实体能根据该信任反馈集自主选取信任决策函数并计算其可信度,方案由身份认证信息采集、身份认证可信度计算及判别、身份认证信息交互判别及身份认证信息反馈四个阶段组成。本发明不仅实现了开放网络中身份认证实体对可信第三方行为的动态可控性,而且还通过可信度计算及判别阶段的实施提高了身份认证的可靠性。

An identity authentication method based on a dynamic trusted third party in an open network. By constructing an authentication architecture including a trust decision library, a dynamic trusted third party, and entities participating in network services, the interactive entities can not only obtain Necessary information about identity authentication, and also obtained the trust feedback set of the dynamic trusted third party that the interacting entity relies on. The entity can independently select the trust decision function and calculate its credibility according to the trust feedback set. The scheme is determined by identity authentication. It consists of four stages: information collection, identity authentication credibility calculation and judgment, identity authentication information interaction judgment, and identity authentication information feedback. The invention not only realizes the dynamic controllability of the behavior of the trusted third party by the identity authentication entity in the open network, but also improves the reliability of the identity authentication through the implementation of the credibility calculation and judgment stages.

Description

In the open network based on the third-party identity identifying method of dynamic credible
Technical field
The present invention relates to a kind of embodiment that in open network, realizes authentication, mainly utilize distributed computing technology, reliable computing technology and trust management technology to solve the problem of inter-entity authentication in the open network, belong to Distributed Calculation, information security, instant messaging interleaving techniques application.
Background technology
Deeply popularize and the continuous expansion of network impel new application demand and application model to continue to bring out, and are that the open network of main target becomes domestic and international noticeable research field just gradually with resource-sharing, cooperation with service.Open network is more complicated than general networking situation, mainly shows: participate in that entity dynamically changeable, number are numerous, not know each other situation mutually to each other in the majority, the environment isomerism is strong, dynamic change is fast, and the central role of central server is further weakened.Authentication safely and effectively becomes the particularly challenging work in the authentication mechanism of open network security mechanism between the strange entity that how to guarantee to participate in serving.Authentication comprises authentication and two main aspects of behavior authentication, and wherein authentication is the basis of realization behavior authentication, and the behavior authentication is necessity continuity of authentication.Set up rationally, authentication efficiently is the important prerequisite that safety realizes the network service.
Existing security means mainly solves authentication question from following two aspects: be the inter-entity behavior authentication question that is closely connected with trust on the one hand, it be conceived to utilize in different application models according to application demand break the wall of mistrust model, realize that trust metrics and dependent credit administrative skill solve the behavior authentication of inter-entity, be one of focus of Distributed Calculation field research at present.It is by the accumulation of the trust between interworking entity and trust the credibility of recommending or transmitting the decision entity, thereby the realization behavior authenticates, for the network service provides the authorization decision foundation.Be traditional identity identifying technology (encryption, digital signature) on the other hand, it mainly depends on the intervention of trusted third party, realizes the authentication of inter-entity identity by public key cryptography technology.
Though existing authentication techniques are applied to realize that with the trust management technology behavior of inter-entity authenticates, and often all depend on complete believable third party in the solution process of authentication.In traditional identity verification scheme based on PKIX, each entity is all by obtaining the letter of identity realization authentication that a certain CA is issued, thereby cause this CA to become the bottleneck of network service and the object of being attacked easily, cause single point failure, third-party reliability can not effectively be guaranteed; On the other hand, in order to simplify a large sum of expense that certificate is set up and administrative institute brings, people have proposed to be applied to realize authentication based on the cryptography of sign and with it on the basis of PKIX.In this case, though each entity need not by realizing authentication to trusted third party application certificate, but still needing a private key production center serve as complete believable third party, is its calculating and propagation that realizes private key.The private key of all entities in this territory is known in this private key production center, exist malice to pretend to be or read the inter-entity interactive information and entity can't propose the effectively possibility of accusation to its fraud, make entity provide the behavior of service not have controllability trusted third party.Thereby though in cryptographic research field also some scholar proposed the thought that falls into by door and the task of the CA or the private key production center is shared two or colony reach and share or the effect of its function that weakens, but the precondition that these certificate schemes are set up all is to think that the one or more third parties that relied on are believable fully before entity interaction, and they also are believable in whole network service, this static trust is supposed prerequisite and is not met the dynamic characteristic of entity in the open network environment, thereby must consider the credible problem of dynamic behaviour of trusted third party when realizing the inter-entity authentication.
Summary of the invention
Technical problem: the objective of the invention is in open network, to provide in a kind of open network based on the third-party identity identifying method of dynamic credible, based on cryptography theory, fusion reliable computing technology and trust management technology, in open network, make up the third party of dynamic credible, and realize that on this basis inter-entity has the authentication of high reliability, controllability characteristics, to adapt to the open network dynamic characteristic, solve the deficiency of implementation method in the current open network safety identification authentication technology.
Technical scheme: identity identifying method of the present invention is: open network by several toward each other independently the territory form, comprise plurality of network entity and one in each territory and be called as the third-party entity of dynamic credible.Different with other entities, this entity does not participate in the open network service, but only provides telecommunications services for authentication.Each territory has certain independence, entity is applied to the authentication decision-making according to the autonomous trust value of the relevant trusted third party of a kind of trust decisions function calculation of selecting in the trust decisions storehouse in this territory with it in the territory, thereby realizes the safety identification authentication of high reliability, controllability between interworking entity.
One, architecture
Of the present inventionly mainly form by trust decisions storehouse, dynamic credible third party, entity three parts that participate in the network service based on the third-party authentication architecture of dynamic credible.
Be the functional description of these three major parts below:
Trust decisions storehouse: form by several trust decisions functions, each decision function all has input, output two parts, input is a n metasequence, the interworking entity feedback information that obtains after third-party n the participation authentication of a certain dynamic credible of this serial response is output as the third-party current confidence level of this dynamic credible.
The dynamic credible third party: by the unique establishment in territory, certain life cycle is arranged, this entity is responsible for participating in the authentication of all interworking entity in this territory; Remove and have the entity identities of the discriminating true and false, issue its effective letter of identity or finish private key production and propagate outside these conventional func, the also additional function of this dynamic credible third party: i.e. promising its of record institute set up the feedback information of the interworking entity of letter of identity or private key to this trusted third party authentication service behavior, and this trusts is fed back to collect for its behavior confidence level of the follow-up differentiation of other entities provides foundation.
Participate in the entity of network service: be the main body in the open network service, it is responsible for the screening of n metasequence and choosing of trust decisions function, and this entity is realized issuing for it letter of identity or produced the third-party trust feedback of dynamic credible of private key for it; In addition, it is the confidence level calculating and the decision-making of another trusted third party that entity is also born mutual with it entity identities Certificate Authority person, and this result of decision will directly influence this entity and whether participate in follow-up authentication.
Two, authentication embodiment flow process
Authentication embodiment of the present invention is differentiated alternately by authentication information collection, the calculating of authentication confidence level and differentiation, authentication information and authentication information feedback four-stage is formed.
Phase I: authentication information collection
This process refers to that mainly two interworking entity submit to relevant information to pass through its identity to the dynamic credible third party in territory, place separately and differentiate, by its authentication and acquisition letter of identity or corresponding private key, different with existing identity verification scheme is, this process also comprises entity mutual by another dynamic credible third party (cooperation trusted third party) of being relied on its interworking entity, obtains the trust feedback collection of other entities to this trusted third party;
Second stage: the authentication confidence level is calculated and is differentiated
(1) participates in two mutual entities and independently choose wherein according to the trust feedback collection that is obtained separately that n result constitutes the n metasequence respectively;
(2) entity as input, calculates the confidence level of cooperation trusted third party with the n metasequence according in the network service resource request or the situation that is requested independently being selected an information decision function in the information decision storehouse;
(3) entity according to result of calculation autonomous differentiation whether believe this cooperation trusted third party, if there is the either party to deny its cooperation trusted third party, then authentication failure terminating;
Phase III: authentication information is differentiated alternately
This process is similar to identity identifying method commonly used, be that interworking entity provides relevant information to each other, both sides adopt based on cryptological public base theory, differentiate separately the legitimacy of the letter of identity of holding or private key, if each side's discrimination result is very, be that mutual both sides believe that each other the other side has legal identity, then enters next stage; If it is vacation that a certain side differentiates the result, then illustrate have at least among the mutual both sides side do not believe with the opposing party be its alleged validated user, the authentication failure terminating;
Quadravalence section: authentication information feedback
Entity carries out afterwards feedback information to the behavior of trusted third party in the network service in its territory, place, if entity is found this dynamic credible third party and exists malice to pretend to be or steal the possibility of its and other entity interaction information that it will be decided in its sole discretion and feed back a special value to influence the confidence level calculating of this trusted third party after having issued certificate for it or having produced private key.
Under the normal condition (possibility of getting rid of certificate issuance failure or certificate expired, trusted third party's end of life), described based in the third-party identity verification scheme of dynamic credible, the authentication failure has two kinds of possibilities: the one, and occur in authentication information and differentiate the stage alternately, be the failure that the entity authentication information interaction is differentiated, a certain side finds that the information that another partner holds can not illustrate that it is a validated user; Another kind may occur in the authentication confidence level and calculate and the differentiation stage, this is that other existing identity verification scheme are not available, be that entity finds that by subjective differentiation it is insincere or credibility is not enough according to the trust feedback collection of cooperation trusted third party, then refusal carries out authentication with interworking entity.
Beneficial effect: of the present invention based in the third-party authentication embodiment of dynamic credible, the dynamic credible third party who makes up is as the authorized person and the Primary Actor of authentication information needed, can issue letter of identity or produce private key for interworking entity, because additionally having increased record, it trusts the function of feeding back, make each interworking entity to calculate the cooperation dynamic credible third-party confidence level mutual by trusting the feedback collection with it in advance, make decisions on one's own confidence level with its this cooperation trusted third party, thus the reliability of authentication improved; And, entity can carry out feedback information in time to the dynamic credible third party who gives its authentication information, the behavior of trusted third party has strengthened entity to the third-party controllability of the dynamic credible that is relied under the interference and monitoring of entity, realized highly reliable, controlled authentication.Specifically, scheme of the present invention has following beneficial effect:
(1) scheme has improved the reliability of trusted third party in the authentication process.Compare with existing identity verification scheme, though the dynamic credible third party still mainly is responsible for signing and issuing of authentication information, but because of its authentication information of signing and issuing no longer is that unique foundation that the inter-entity authentication is succeedd makes risk that it faces and the attack that may meet with reduce, certificate that acquisition dynamic credible third party signs and issues or private key can not be guaranteed entity fully finally by authentication, thereby have weakened the trust degree of dependence of entity to trusted third party; Moreover the trust feedback information of its storage can not make its main object that becomes attack because final n metasequence choose and trust decisions will independently be realized by interworking entity; In addition, dynamic credible third party in each territory is determined by the territory, certain life cycle is arranged, if this trusted third party's stored feedback information represents that its confidence level is too low, then the territory can redefine a dynamic credible third party, and the reliability that participates in the trusted third party of interactive authentication in the certain hour scope has obtained higher guarantee.
(2) scheme has strengthened interworking entity to the third-party controllability of the dynamic credible of issuing or sign and issue its authentication information.Compare with existing identity verification scheme, this scheme has realized afterwards interference and the monitoring of entity to dynamic credible third party act of authentication, entity is after obtaining the network service, terminal stage in authentication has increased an authentication information feedback stage, by this stage, entity can carry out effective feedback to the dishonest conduct of trusted third party.In addition, because this feedback information is independently selected the trust decisions function by entity and directly is not shown in the trust decisions, can not reach its its intended purposes even cause trusted third party to do the malice change.
(3) scheme has improved the efficient of authentication.This shows that mainly entity pair carries out with it on trust decisions of mutual cooperation trusted third party, have only after the mutual with it cooperation trusted third party that entity relied on of the autonomous decision of entity has passed through the confidence level decision-making, just can enter the phase III of authentication embodiment.
(4) scheme meets the characteristic of open network.Open network has dynamically, the isomery characteristic, and this scheme is independently chosen the trust decisions function by entity according to the trust feedback collection of gained, meets the isomery characteristic of the different management domains of open network; Entity no longer is unconditional trust dynamic credible third party blindly, calculate and the differentiation stage and increased the authentication confidence level, make entity to the trust of trusted third party along with third-party behavior generation dynamic change, static, suppose that the third party must be that believable this precondition is no longer set up fully in advance.
Description of drawings
Fig. 1 is based on the system assumption diagram of the third-party authentication of dynamic credible.
Fig. 2 is based on the four-stage overall procedure schematic diagram that the third-party authentication embodiment of dynamic credible is comprised.
Fig. 3 is based on the detailed process schematic diagram of authentication information acquisition phase in the third-party authentication embodiment of dynamic credible.
Fig. 4 is based on the calculating of authentication confidence level and the detailed process schematic diagram in differentiation stage in the third-party authentication embodiment of dynamic credible.
Embodiment
For authentication embodiment of the present invention is described, we provide following most preferred embodiment, in the more detailed description open network based on the third-party authentication embodiment of dynamic credible.
According among Fig. 1 given authentication system assumption diagram, the interworking entity of supposing to participate in the open network authentication is A and B, wherein: A is the resources requesting party, B is a resource provider, the territory at their places is respectively D aAnd D bAnd, suppose in the certain hour section territory D aSelected dynamic credible third party is designated as C a, territory D bSelected dynamic credible third party is designated as C b, the authentication specific embodiment is between entity A that the present invention sets forth and the B:
Phase I: authentication information collection
(1) entity A and B produce a public private key pair respectively and to C aAnd C bSubmit some essential informations to, so that its identity and relevant attribute separately to be described, as the letter of identity of a unsigned, wherein comprise physical name, PKI and entity add the from date in this territory;
(2) C aAnd C bWhether the information of verifying the entity submission respectively is correct: if situation is true, then its letter of identity is signed, and effective letter of identity is returned to entity, otherwise will not sign and issue letter of identity, authentication can't normally be carried out failure terminating;
(3) it is mutual that entity A and B carry out information gathering, goes on foot according to following six and carry out:
The first step, A submits its letter of identity, timestamp nonce1, a place domain name D to B a, employed dynamic credible third party C aAnd C aPKI;
In second step, B utilizes C aThe authenticity of public key verifications A certificate, if checking do not pass through, then authentication process is with failure terminating, otherwise returns nonce1;
The 3rd step, B and C aCarry out alternately, read it and trust feedback collection S 1
In the 4th step, B submits its letter of identity, another timestamp nonce2, place domain name D to A b, employed dynamic credible third party C bAnd C bPKI;
In the 5th step, A utilizes C bThe authenticity of public key verifications B certificate, if checking do not pass through, then authentication process is with failure terminating, otherwise returns nonce2;
The 6th step, A and C bCarry out alternately, read it and trust feedback collection S 2
Second stage: the authentication confidence level is calculated and is differentiated
(1) B trusts feedback collection S with gained 1In element choose wherein recently that n result constitutes a n metasequence (t 1, t 2, t 3..., t n), 0≤t wherein i≤ 1, like this can be preferably with C aIts creditability measurement is introduced in nearest behavior;
(2) B is according to t in the n metasequence iValue and the purpose of authentication, independently choose this territory D bA decision function in the trust decisions storehouse, as utilize averaging method to calculate the C of cooperation trusted third party aCurrent confidence level t a
(3) B is according to result of calculation t aWhether autonomous differentiation believes the C of this cooperation trusted third party a, as set a door and fall into t 0Be 0.6, if t aT 0, then the C of its cooperation trusted third party is believed in the B decision a, otherwise the authentication failure terminating;
(4) A trusts feedback collection S with gained 2In element choose wherein recently that n result constitutes a n metasequence (t 1', t 2', t 3' ..., t n'), 0≤t wherein i'≤1;
(5) A is according to t in the n metasequence i' value and the purpose of authentication, independently choose this territory D aA decision function in the trust decisions storehouse, as utilize averaging method to calculate the C of cooperation trusted third party bCurrent confidence level t b
(6) A is according to result of calculation t bWhether autonomous differentiation believes the C of this cooperation trusted third party b, as set another door and fall into t 0' be 0.8 (B is a resource provider, can choose than the gate and fall into value to guarantee its credibility), if t bT 0', then the C of its cooperation trusted third party is believed in the A decision b, otherwise the authentication failure terminating;
Phase III: authentication information is differentiated alternately
(1) B produces a random number r b, and it is passed to A;
(2) A utilizes its private key to sign, and the result is returned to B;
(3) after B utilizes the PKI of A to be decrypted the gained result, obtain a value and with it and random number r bCompare, if both are identical, then B believes that the letter of identity that A holds is a legal and valid, otherwise the authentication failure terminating;
(4) A produces a random number r a, and it is passed to B;
(5) B utilizes its private key to sign, and the result is returned to A;
(6) after A utilizes the PKI of B to be decrypted the gained result, obtain a value and with it and random number r aCompare, if both are identical, then A believes that the letter of identity that B holds is a legal and valid, otherwise the authentication failure terminating;
Quadravalence section: authentication information feedback
The letter of identity of believing the other side each other and being held at A and B is a legal and valid, and after it is fulfiled the service of corresponding network, for to the dynamic credible that is relied on separately third-party behavior monitor, guarantee controllability that it is signed and issued behavior behind the valid certificate, A and B are respectively to dynamic credible third party C aAnd C bTrust feedback: if A finds C aPretend to be its validated user identity, then A feeds back to C aA lower trust value is as 0.001, otherwise returns a normal value 0.899, if B finds C bPretend to be its validated user identity, then B feeds back to C bA lower trust value is as 0.001, otherwise returns a normal value 0.899.

Claims (1)

1、一种开放网络中基于动态可信第三方的身份认证方法,其特征在于运用分布式计算方法、可信计算方法及信任管理方法构建包含信任决策库、动态可信第三方及参与网络服务的实体三部分为主要成员的认证体系结构,实体在实施身份认证时能够获得交互方所依赖的动态可信第三方的信任反馈集,并通过信任决策库自主选择可信计算函数,计算该动态可信第三方的可信度,将结果应用于身份认证决策中;另一方面,实体还拥有向自身所依赖的动态可信第三方的行为进行反馈的功能,所述方法具体由以下四个阶段组成:1. An identity authentication method based on a dynamic trusted third party in an open network, characterized in that it uses a distributed computing method, a trusted computing method, and a trust management method to construct a trust decision-making library, a dynamic trusted third party, and participate in network services The three parts of the entity are the main members of the authentication system structure. When implementing identity authentication, the entity can obtain the trust feedback set of the dynamic trusted third party that the interacting parties rely on, and independently select the trusted calculation function through the trust decision library to calculate the dynamic The credibility of the trusted third party is applied to the identity authentication decision; on the other hand, the entity also has the function of feedback to the behavior of the dynamic trusted third party on which it relies. The method is specifically composed of the following four Phase composition: 第一阶段:身份认证信息采集The first stage: identity authentication information collection 该过程主要指两个交互实体向各自所在域的动态可信第三方提交相关信息通过其身份鉴别,被其认证并获得身份证书或相应的私钥,此过程还包含实体通过与其交互实体所依赖的另一动态可信第三方的交互,获取其他实体对该可信第三方的信任反馈集;This process mainly refers to two interactive entities submitting relevant information to the dynamic trusted third party in their respective domains, passing their identity authentication, being authenticated by them and obtaining identity certificates or corresponding private keys. Interaction with another dynamic trusted third party of another entity to obtain the trust feedback set of the trusted third party from other entities; 第二阶段:身份认证可信度计算及判别The second stage: Calculation and identification of identity authentication credibility a.参与交互的两实体分别依据各自所获取的信任反馈集自主选取其中n个结果构成n元序列;a. The two entities participating in the interaction independently select n results to form an n-ary sequence according to the trust feedback sets obtained by them; b.实体根据网络服务中对资源请求或被请求情况在信息决策库中自主选择一个信息决策函数,将n元序列作为输入,计算得出合作可信第三方的可信度;b. The entity independently selects an information decision-making function in the information decision-making library according to the resource request or request in the network service, and uses the n-ary sequence as input to calculate the credibility of the cooperative trusted third party; c.实体根据计算结果自主判别是否相信该合作可信第三方,若有任一方拒绝相信其合作可信第三方,则身份认证失败终止;c. The entity independently judges whether it believes the cooperative trusted third party based on the calculation results. If any party refuses to believe its cooperative trusted third party, the identity authentication fails and terminates; 第三阶段:身份认证信息交互判别The third stage: interactive identification of identity authentication information 该过程与常用的身份认证方法相似,即交互实体彼此间提供相关信息,双方采用基于密码术的公钥基础理论,判别各自所持身份证书或私钥的合法性,若各方判别的结果均为真,即交互双方彼此相信对方拥有合法的身份,则进入下一阶段;若某一方判别结果为假,则说明交互双方中至少有一方不相信与另一方是其所称的合法用户,身份认证失败终止;This process is similar to the commonly used identity authentication method, that is, the interactive entities provide relevant information to each other, and the two parties use the basic theory of public key based on cryptography to judge the legitimacy of their respective identity certificates or private keys. True, that is, the two parties in the interaction believe that the other party has a legal identity, and then enter the next stage; if the judgment result of one party is false, it means that at least one of the two parties in the interaction does not believe that the other party is the legitimate user it claims, and the identity authentication Fail to terminate; 第四阶段:身份认证信息反馈The fourth stage: identity authentication information feedback 实体对其所在域的可信第三方在网络服务中的行为进行事后的信息反馈,若实体发现该动态可信第三方在为其颁发了证书或产生私钥后存在恶意冒充或窃取其与其他实体交互信息的可能性,它将自行决定反馈一个特殊的值以影响该可信第三方的可信度计算。The entity conducts post-event information feedback on the behavior of the trusted third party in its domain in the network service. If the entity finds that the dynamic trusted third party has maliciously impersonated or stolen its information with other parties after issuing a certificate or generating a private key for it The possibility of an entity exchanging information, it will decide at its own discretion to feed back a particular value to affect the trustworthiness calculation of the trusted third party.
CN200810155720XA 2008-10-08 2008-10-08 Identity authentication method based on dynamic trusted third party in open network Expired - Fee Related CN101378318B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810155720XA CN101378318B (en) 2008-10-08 2008-10-08 Identity authentication method based on dynamic trusted third party in open network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810155720XA CN101378318B (en) 2008-10-08 2008-10-08 Identity authentication method based on dynamic trusted third party in open network

Publications (2)

Publication Number Publication Date
CN101378318A true CN101378318A (en) 2009-03-04
CN101378318B CN101378318B (en) 2010-09-15

Family

ID=40421679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810155720XA Expired - Fee Related CN101378318B (en) 2008-10-08 2008-10-08 Identity authentication method based on dynamic trusted third party in open network

Country Status (1)

Country Link
CN (1) CN101378318B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010121474A1 (en) * 2009-04-21 2010-10-28 西安西电捷通无线网络通信有限公司 Platform authentication and management method adapted to ternary-peer authenticating trusted network connection architecture
CN101635624B (en) * 2009-09-02 2011-06-01 西安西电捷通无线网络通信股份有限公司 Introducing an online trusted third-party entity authentication method
CN103069774A (en) * 2010-08-24 2013-04-24 思科技术公司 Securely accessing an advertised service
WO2017059744A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Multi-ttp-based method and device for verifying validity of identity of entity
WO2017059735A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Multi-ttp-based method and device for verifying validity of identity of entity
WO2017059753A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Multi-ttp-based method and device for verifying validity of identity of entity
WO2017059736A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Method and device for verifying validity of identity of entity
CN106571919A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for effectiveness verification of entity identity
CN106571920A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for verifying entity identity validity with multiple TTPs
CN107342975A (en) * 2016-12-21 2017-11-10 安徽师范大学 Trust computational methods based on domain division under insincere cloud environment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6363365B1 (en) * 1998-05-12 2002-03-26 International Business Machines Corp. Mechanism for secure tendering in an open electronic network
CN101242400A (en) * 2007-02-09 2008-08-13 中国电信股份有限公司 System and method for realizing network click dialing capability based on HTTP redirection
CN100591015C (en) * 2008-03-11 2010-02-17 南京邮电大学 A Dynamic Access Control Method Based on Trust Model

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010121474A1 (en) * 2009-04-21 2010-10-28 西安西电捷通无线网络通信有限公司 Platform authentication and management method adapted to ternary-peer authenticating trusted network connection architecture
CN101635624B (en) * 2009-09-02 2011-06-01 西安西电捷通无线网络通信股份有限公司 Introducing an online trusted third-party entity authentication method
CN103069774A (en) * 2010-08-24 2013-04-24 思科技术公司 Securely accessing an advertised service
CN103069774B (en) * 2010-08-24 2015-12-16 思科技术公司 Access the service notified safely
CN106571921A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Entity identity effectiveness verification method and device
CN106571921B (en) * 2015-10-10 2019-11-22 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device thereof
WO2017059753A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Multi-ttp-based method and device for verifying validity of identity of entity
WO2017059736A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Method and device for verifying validity of identity of entity
CN106572063A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Multi-TTP participation entity identity legitimacy verification method and device
CN106571919A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for effectiveness verification of entity identity
WO2017059744A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Multi-ttp-based method and device for verifying validity of identity of entity
CN106572064A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for verifying entity identity validity with multiple TTPs
CN106571920A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for verifying entity identity validity with multiple TTPs
US10681045B2 (en) 2015-10-10 2020-06-09 China Iwncomm Co., Ltd. Multi-TTP-based method and device for verifying validity of identity of entity
CN106572063B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device that more TTP are participated in
CN106571919B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device thereof
CN106572064B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device that more TTP are participated in
WO2017059735A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Multi-ttp-based method and device for verifying validity of identity of entity
US10652029B2 (en) 2015-10-10 2020-05-12 China Iwncomm Co., Ltd. Multi-TTP-based method and device for verifying validity of identity of entity
US10615978B2 (en) 2015-10-10 2020-04-07 China Iwncomm Co., Ltd. Multi-TTP-based method and device for verifying validity of identity of entity
CN107342975B (en) * 2016-12-21 2020-03-24 安徽师范大学 Domain division-based trust computing method in untrusted cloud environment
CN107342975A (en) * 2016-12-21 2017-11-10 安徽师范大学 Trust computational methods based on domain division under insincere cloud environment

Also Published As

Publication number Publication date
CN101378318B (en) 2010-09-15

Similar Documents

Publication Publication Date Title
CN101378318B (en) Identity authentication method based on dynamic trusted third party in open network
Zhang et al. Security and privacy on blockchain
JP5446453B2 (en) Information processing apparatus, electronic signature generation system, electronic signature key generation method, information processing method, and program
Yuan et al. Fedcomm: A privacy-enhanced and efficient authentication protocol for federated learning in vehicular ad-hoc networks
CN110034935A (en) A kind of cross-domain identity identifying method of cloud computing
Bao et al. Bbnp: a blockchain-based novel paradigm for fair and secure smart grid communications
Du et al. Certificateless proxy multi-signature
Zhao et al. A novel decentralized cross‐domain identity authentication protocol based on blockchain
Martucci et al. Self-certified sybil-free pseudonyms
CN116707761A (en) Quantum attack resistant supervision blockchain transaction privacy protection method and system
Jiang et al. Report when malicious: Deniable and accountable searchable message-moderation system
CN106549767A (en) A kind of data authentication with secret protection and tracing system
Lian et al. Periodic $ K $-Times Anonymous Authentication With Efficient Revocation of Violator’s Credential
Shekhawat et al. Quantum-resistance blockchain-assisted certificateless data authentication and key exchange scheme for the smart grid metering infrastructure
Li et al. A new revocable reputation evaluation system based on blockchain
Baker et al. A secure proof of work to enhance scalability and transaction speed in blockchain technology for IoT
Quercia et al. Tata: Towards anonymous trusted authentication
Li et al. A security-enhanced certificateless designated verifier aggregate signature scheme for HWMSNs in the YOSO model
Cheng et al. Cryptanalysis and improvement of a certificateless partially blind signature
Rahman et al. Privacy-friendly secure bidding scheme for demand response in smart grid
Hoogland A distributed public key infrastructure for the IoT
Song et al. Traceable revocable anonymous registration scheme with zero-knowledge proof on blockchain
Priyanka et al. An Efficient and Secure Certificateless Aggregate Signature based Authentication Scheme for Vehicular Ad-Hoc Networks
Zhu et al. tsrCert: Traceable Self-Randomization Certificate and Its Application to Blockchain Supervision
Liu et al. BAST: Blockchain-Assisted Secure and Traceable Data Sharing Scheme for Vehicular Networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090304

Assignee: JIANGSU AISINO TECHNOLOGY Co.,Ltd.

Assignor: NANJING University OF POSTS AND TELECOMMUNICATIONS

Contract record no.: 2013320000170

Denomination of invention: Identification authentication method of open network base on dynamic credible third-party

Granted publication date: 20100915

License type: Exclusive License

Record date: 20130320

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100915

CF01 Termination of patent right due to non-payment of annual fee