CN101707613A - Authentication system based on trust negotiation and user login and collaboration systems and methods - Google Patents

Authentication system based on trust negotiation and user login and collaboration systems and methods Download PDF

Info

Publication number
CN101707613A
CN101707613A CN200910242235A CN200910242235A CN101707613A CN 101707613 A CN101707613 A CN 101707613A CN 200910242235 A CN200910242235 A CN 200910242235A CN 200910242235 A CN200910242235 A CN 200910242235A CN 101707613 A CN101707613 A CN 101707613A
Authority
CN
China
Prior art keywords
user
module
certificate
strategy
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910242235A
Other languages
Chinese (zh)
Other versions
CN101707613B (en
Inventor
蒋文保
刘思征
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN 200910242235 priority Critical patent/CN101707613B/en
Publication of CN101707613A publication Critical patent/CN101707613A/en
Application granted granted Critical
Publication of CN101707613B publication Critical patent/CN101707613B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

An authentication system based on trust negotiation comprises a strategy analyzing module, a strategy processing module, a certificate processing module, a strategy library module, a certificate library module and a consistency checking module. A user login system of the authentication system comprises a user module, a user management module and a server trust negotiation module. A user collaboration system of the authentication system comprises at least two user modules, each of which comprises own user trust negotiation module, and the two user modules are mutually connected by a network. The invention provides the authentication system which increases the safety of such network application systems as network games and the like. The invention also provides the user login system and a user login method which adopt the authentication system and the user collaboration system and a user collaboration method which adopt the authentication system.

Description

The system and method that lands and work in coordination with based on the Verification System and the user of trust negotiation
Technical field
The present invention relates to the broadcast communication field, particularly a kind of Verification System based on trust negotiation adopts system and method that the user of this Verification System lands and the system and method that adopts the user collaborative of this Verification System.
Background technology
Along with comprehensive quickening of development of internet technology and social informatization process, the importance of network and information system strengthens day by day, and information security issue has become the matter of the whole concerning economic development, public interest, social stability, national security.In order to strengthen security assurance information work, need to adopt multiple mode to popularize information security knowledge, improve popular awareness of safety, and try to explore the information security personnel training approach of various ways.Wherein, recreation helps people to obtain security knowledge and raising awareness of safety as a kind of effective supplementary mode, reaches the effect of getting twice the result with half the effort.
More famous both at home and abroad hacker's recreation has uplink, Hack The Game, Uplink series, hacker base series, hacker's recreation of computer newspaper etc.These game developers' thinking is similar, emphasis is to the cultivation of the concrete application power of hacker's knowledge of player, but form is single, substantially all be that the various password cracking methods of concrete application crack and obtain being open to the custom needed password, requirement to cryptography knowledge is very high, and to otherwise hacker's knowledge seldom relate to and also without any the story of a play or opera.The common problem that these recreation simultaneously exist is that the game player all fights separately, there are not exchanges and communication mutually, so not only greatly reduce the interest of recreation, also be unfavorable for simultaneously the study of mutually promoting between the player, so the present invention has introduced network cooperating mechanism on the basis of similar recreation.
In addition, though outside information security field, there is the network cooperating recreation of many other kinds at present, but in existing network cooperating recreation, owing to lack corresponding safety prevention measure, dangerous phenomenons such as user sensitive information leakage, game article and stage property are stolen happen occasionally, have a strong impact on the enthusiasm of game user, even caused many legal dispute problems.
Therefore safety problem has become the restriction network and has further developed and the key in application factor now.
At present, the right scheme of widely used being based on " usemame/password " on Internet, this needs each website that one cover user management system is provided, ask the user of this website service or resource must at first fill in certain personal information, apply for a pair of username and password, adopt the username and password login of having applied for when visiting this website later on.The advantage of this scheme is that realization is simple, direct, therefore uses comparatively extensive.But its shortcoming also is apparent in view: at first, this access control granularity is thicker, can't satisfy the demand of further division; Secondly, the mode of username and password is more or less freely to be stolen, in case stolen username and password then the user is faced with the risk that is stolen at system's canned data, makes security of system can not get ensureing.
The ability that user identity and user are had is further confirmed in the fail safe that number of site has adopted the mode of digital certificate to improve system.Service requester submits to the digital certificate of being held to show the attribute that self possesses to the ISP; Whether ISP's mandate satisfies the pairing access control policy of its access request according to the attribute that is the requestor.But, comprise the information of some sensitiveness in the digital certificate probably, as Bank Account Number information etc.For this class certificate, service requester should be reluctant to submit to blindly before the true identity of determining the ISP.That is to say that the certificate that contains sensitive attribute information also needs to be protected.And the requestor of service and supplier should just can carry out after finishing two-way checking alternately.Arise at the historic moment at this situation trust negotiation, its implication is the mutual disclosure by digital certificate and access control policy, the service or the requesting party of resource and the provider relation that automatically breaks the wall of mistrust.
Summary of the invention
Defective at above-mentioned prior art, the purpose of this invention is to provide a kind of Verification System that increases network application systems such as online game fail safe, adopt system and method that the user of this Verification System lands and the system and method that adopts the user collaborative of this Verification System based on trust negotiation.
For achieving the above object, the present invention adopts following technical scheme:
A kind of Verification System based on trust negotiation comprises strategy analyzing module, tactful processing module, certificate processing module, policy library module, certificate repository module and consistency check module;
Described policy library module is used for storage policy;
Described certificate repository module is used for Store Credentials;
Described strategy analyzing module is used for the strategy that imports into is resolved, and whether relates to responsive certificate in the determination strategy, relates to then transferring to tactful processing module and handling, and does not relate to then transferring to certificate processing module and handling;
Described tactful processing module is used for accessing corresponding strategy from described policy library module, returns to the requesting party, and the strategy that will provide deposits in the consistency check module; Perhaps the request that relates to responsive certificate of sending according to strategy analyzing module accesses protection strategies from the policy library module, returns to the requesting party, and the protection strategy that will provide deposits in the consistency check module;
Described certificate processing module is used for accessing certificate and provide certificate chain to certificate request side from described certificate repository module according to the sequence described in the strategy, and the certificate chain of receiving is deposited in the consistency check module according to order;
Described consistency check module is used for certificate chain and the tactful consistency that verification is received, unanimity is then informed the success of requesting party's trust negotiation, and provides corresponding service to the requesting party, otherwise informs the failure of requesting party's trust negotiation, does not provide service to the requesting party.
Verification System based on trust negotiation of the present invention also comprises the sequence sets module in the wherein said consistency check module, described sequence sets module stores certificate chain.
A kind of logging in system by user that adopts above-mentioned Verification System based on trust negotiation comprises line module, user management module and server trust negotiation module;
Described line module sends to the user with self user profile and steps in the administration module, and proposes access request;
Described user management module is carried out verification to user profile, and the verification failure informs that then described line module login failure, verification succeeds then send access request to described server trust negotiation module;
Described server trust negotiation module receives the access request that described user management module is sent, and according to the information such as user gradation in the described user management module, accesses corresponding strategy, returns to described line module, and strategy is preserved;
Described line module receives the strategy that described server trust negotiation module is returned, and requires to search corresponding certificate according to strategy, forms certificate chain, and certificate chain is sent to described server trust negotiation module;
Described server trust negotiation module is preserved certificate chain according to order, and the strategy of this certificate chain and preservation carried out verification, both unanimities inform that then described line module consults successfully, described line module can be visited accordingly, otherwise informs described line module login failure.
Logging in system by user of the present invention, wherein said line module comprises user log-in block and users to trust negotiation module, and described users to trust negotiation module comprises subscriber policy parsing module, subscriber policy processing module, user certificate processing module, subscriber policy library module, user certificate library module and users consistency inspection module; Described user management module comprises user's registration management module, user login management module, user gradation administration module and subscriber information storing module; Described server trust negotiation module comprises server policy parsing module, server policy processing module, server certificate processing module, server policy library module, server certificate library module and server consistency check module;
Described user log-in block sends to the user profile of self in the described user login management module, and sends access request;
Described user login management module is inquired about the user profile in the described subscriber information storing module, and user profile carried out verification, the verification failure informs that then described user log-in block login failure, verification succeeds then send access request to described server policy processing module;
The outpost of the tax office access request that described server policy processing module is sent according to the user login management module, according to the information such as user gradation in the described user gradation administration module, from the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module;
The strategy that subscriber policy parsing module reception server strategy processing module in the described users to trust negotiation module is returned, give described user certificate processing module, described user certificate processing module requires to search corresponding certificate from described user certificate library module according to strategy, form certificate chain, and certificate chain is sent to described server certificate processing module;
Described server certificate processing module is deposited into certificate chain in the described server consistency check module according to order, described server consistency check module is carried out verification to the strategy of this certificate chain and preservation, both unanimities, inform that then described user log-in block consults successfully, described user log-in block can be visited accordingly, otherwise informs that described user log-in block lands failure.
Logging in system by user of the present invention also comprises server sequence sets module in the wherein said server consistency check module, described server sequence sets module stores certificate chain.
A kind of user collaborative system that adopts above-mentioned Verification System based on trust negotiation comprises at least two line modules, and each line module includes the users to trust negotiation module of oneself, and each line module is connected to each other by network;
User's first and user's second connect, and user's second is returned user's first information, and the user's first strategy analyzing module in user's first trust negotiation module judges that the information that user's second is returned is strategy or certificate;
If strategy is then resolved it, see and whether relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first strategy processing module to handle, user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module, return to the protection strategy of user's second trust negotiation module about responsive certificate, if the analysis result of user's first strategy analyzing module does not relate to responsive certificate, then user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second, access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module;
If user's first strategy analyzing module judges that the information that user's second is returned is certificate, then notify user's first certificate processing module to handle, the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent, if it is consistent, both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understand the sensitive information that has separately, otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
A kind of login method that adopts the logging in system by user of above-mentioned Verification System based on trust negotiation may further comprise the steps:
User log-in block sends to user profile such as user's its own user name and password in the user login management module, and proposes access request;
User profile in the user login management module searching user's information memory module, user profile is carried out verification, the user log-in block login failure is then informed in the verification failure, verification succeeds then sends access request to the server policy processing module, the access request that the server policy processing module is sent according to the user login management module, according to the information such as user gradation in the user gradation administration module, from the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module;
The strategy that subscriber policy parsing module reception server strategy processing module in the users to trust negotiation module is returned, give the user certificate processing module, the user certificate processing module requires to search corresponding certificate according to strategy from the user certificate library module, form certificate chain, and certificate chain sent to the server certificate processing module, the server certificate processing module is deposited into certificate chain in the server sequence sets in the server consistency check module according to order;
The strategy that server consistency check module is preserved the certificate chain and the server policy processing module of the preservation of server certificate processing module carries out verification, both unanimities, inform that then user log-in block consults successfully, user log-in block can be visited accordingly, otherwise informs that the user lands failure.
A kind of Synergistic method that adopts the user collaborative system of above-mentioned Verification System based on trust negotiation may further comprise the steps:
User's first strategy analyzing module in user's first trust negotiation module judges that the information that user's second is returned is strategy or certificate;
If strategy, user's first strategy analyzing module is resolved it, see and whether relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first strategy processing module to handle, user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module, return to the protection strategy of user's second trust negotiation module about responsive certificate, if analysis result does not relate to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second, access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module;
If certificate, user's first strategy analyzing module notifies user's first certificate processing module to handle, the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent, if it is consistent, both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understand the sensitive information that has separately, otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
Trust negotiation can be between the strange network entity of different security domains automatically, the dynamically relation of breaking the wall of mistrust by certificate exchange; Negotiator both sides can protect the sensitiveness resource of oneself by generating strategy, to the other side's the request control that conducts interviews; In the negotiations process, do not need the participation of trusted third party.
Because the present invention has adopted the system and method for trust negotiation authentication, can further authenticate, and has guaranteed authenticating safety, thereby has increased the fail safe of network cooperating games system.
Description of drawings
Fig. 1 is the system block diagram of a kind of Verification System based on trust negotiation of the present invention;
Fig. 2 is the system block diagram of the network attacking and defending games system of a kind of Verification System based on trust negotiation of the present invention;
Fig. 3 is the user collaborative system block diagram that adopts the Verification System that the present invention is based on trust negotiation;
Fig. 4 is the flow chart of login method that adopts the logging in system by user of the Verification System the present invention is based on trust negotiation;
Fig. 5 is the flow chart of Synergistic method that adopts the user collaborative system of the Verification System the present invention is based on trust negotiation;
Fig. 6 is the negotiations process schematic diagram of user of the present invention user's first when logining;
Fig. 7 is the negotiations process schematic diagram of user of the present invention user's second when logining;
Fig. 8 is the negotiations process schematic diagram of user of the present invention user's first and user's second when consulting;
Fig. 9 is the negotiations process schematic diagram of user of the present invention user's first and user's second and server when consulting.
Embodiment
Be elaborated below in conjunction with the execution mode of accompanying drawing to the Verification System that the present invention is based on trust negotiation and user's login and collaborative system and method.
Referring to Fig. 1, a kind of Verification System of trust negotiation comprises strategy analyzing module 1, tactful processing module 2, certificate processing module 3, policy library module 4, certificate repository module 5 and consistency check module 6.
Strategy analyzing module 1 is used for the strategy that Requested Party imports into is resolved, and whether relates to responsive certificate in the determination strategy, relates to then transferring to tactful processing module 2 and handling, and does not relate to then transferring to certificate processing module 3 and handling;
Strategy processing module 2 is requested then to access corresponding strategy from policy library module 4, return to the requesting party, and the strategy that will provide deposits in the consistency check module 6 in; Perhaps the request that relates to responsive certificate of sending according to strategy analyzing module 1 accesses protection strategies from policy library module 4, returns to the requesting party, and the protection strategy that will provide deposits in the consistency check module 6;
Certificate processing module 3 is used for accessing certificate and provide certificate chain to certificate request side from certificate repository module 5 according to the sequence described in the strategy, and the certificate chain received is deposited in the sequence sets module 7 in the consistency check module 6 according to order;
Policy library module 4 is used to store corresponding strategy, comprise access control policy and consulting tactical, wherein access control policy is the main policies that network security is taken precautions against and protected, its task is to guarantee that Internet resources are not illegally used and unauthorized access, and access control policy of the present invention has been provided by the required credentials collection that provides of visit locked resource; Consulting tactical participates in the certificate disclosure rules of the entity of trust negotiation, has expressed a kind of logical relation that entity is followed when finishing trust negotiation.Such as, the order that inter-entity message transmits and the various constraints of inter-entity etc.;
Certificate repository module 5 is used to store corresponding certificate, certificate is the franchise attribute digital certificate of being issued by authoritative institution, the signature that comprises issuing organization, credentials holder's PKI etc., be used for main body is authorized, the certificate major part that is used in the present invention is that the user issues by server;
Sequence sets module 7 is the Store Credentials chain in order;
Consistency check module 6 is used for certificate chain and the tactful consistency that verification is received, unanimity is then informed the success of requesting party's trust negotiation, and provides corresponding service to the requesting party, otherwise informs the failure of requesting party's trust negotiation, does not provide service to the requesting party.
Referring to Fig. 2, the present invention adopts network attacking and defending games system that user's login system and the user collaborative system that adopts Verification System of the present invention is described.
A kind of network attacking and defending games system of the Verification System based on trust negotiation, comprise several line modules 10, user management module 20, server trust negotiation module 30, system pass card module 40, network cooperating module 50 and degree of belief evaluation module 80, line module 10 comprises user log-in block 11 and users to trust negotiation module 12; User management module 20 comprises user's registration management module 21, user login management module 22, user gradation administration module 23 and subscriber information storing module 24; System closes card module 40 and comprises knowledge question module 41, Point Management Module 42 and specifically close card module 43; Network cooperating module 50 comprises WEB chat module 51 and online user management module 52.
The present invention adopts the user's login system based on the Verification System of trust negotiation, comprises line module 10, user management module 20 and server trust negotiation module 30, and line module 10 comprises user log-in block 11 and users to trust negotiation module 12; User management module 20 comprises user's registration management module 21, user login management module 22, user gradation administration module 23 and subscriber information storing module 24.
User log-in block 11 is used for the user and registers and login.
User's registration management module 21 is used to receive registration and the login that user log-in block 11 is carried out, and for the user who logins for the first time provides corresponding user's register interface, after the user registration success user profile is stored in the subscriber information storing module 24.
User login management module 22, be used for user log-in block 11 is comprised username and password in the user profile that login process provides, carry out verification by the user profile in the searching user's information memory module 14, after the verification succeeds, user profile is offered server trust negotiation module 30 further verify with identity and authority to the user.
User gradation administration module 23, the user gradation after the storage user is open to the custom.
Subscriber information storing module 24 storing subscriber information comprise username and password etc.
After user's registration, when logging in system by user, user log-in block 11 sends to user profile such as its own user name and password in the user login management module 22, and the corresponding outpost of the tax office of request visit, user profile in the user login management module 22 searching user's information memory modules 24, and user profile carried out verification, user log-in block 11 login failures are then informed in the verification failure, verification succeeds then sends outpost of the tax office access request to server policy processing module 302, the outpost of the tax office access request that server policy processing module 302 is sent according to user login management module 22, according to the information such as user gradation in the user gradation administration module 23, from server policy library module 304, access corresponding strategy, return to users to trust negotiation module 12, and strategy is kept in the server consistency check module 306, the strategy that subscriber policy parsing module 121 reception server strategy processing modules 302 in the users to trust negotiation module 12 are returned, give user certificate processing module 123, user certificate processing module 123 requires to search corresponding certificate according to strategy from user certificate library module 125, form certificate chain, and certificate chain sent to server certificate processing module 303, server certificate processing module 303 is deposited into certificate chain in the server sequence sets 307 in the server consistency check module 306 according to order, the strategy of server 306 pairs of these certificate chains of consistency check module and preservation carries out verification simultaneously, both unanimities, inform that then user log-in block 11 consults successfully, user log-in block 11 can be visited the corresponding outpost of the tax office, otherwise inform user log-in block 11 negotiation failures, user log-in block 11 does not have the authority at the corresponding outpost of the tax office of visit.
When server consistency check module 306 informs that the user consults success, user log-in block 11 enters system's pass card module 40 and plays, system closes card module 40 and comprises knowledge question module 41, Point Management Module 42 and specifically close card module 43, knowledge question module 41 presents in the mode of multiple-choice question, relates to the corresponding information security technology that this outpost of the tax office will be used; Point Management Module 42 is added up at the answer number altogether of the user in the knowledge question module 41 and the exercise question number of answering questions, and whenever answers questions a topic and gets a point, and statistics is sent in the concrete pass card module 43; The concrete card module 43 that closes is the main bodys of playing, and adopts the form at WEB interface, relates to the information security knowledge of various aspects in the outpost of the tax office, as: encrypting and decrypting, Information Hiding Techniques, the attack of denial of service device and wooden horse principle etc.When the user by concrete close card module 43 after, the information such as user integral after card module is open to the custom the user and grade of specifically closing send in the user gradation administration module 23.
In the process that the user plays, can take network cooperating module 50 to work in coordination with recreation, network system module 50 comprises WEB chat module 51 and online user management module 52, WEB chat module 51 is main interfaces of user communication, it is embedded in the WEB interface of games system, can provide private chat and function such as in the group, propaganda directed to communicate for the user. the user also can select font and expression pattern according to self needs simultaneously. and the user selects corresponding user and then triggers separately trust negotiation module from online user's tabulation, set up basic trusting relationship by the both sides that hold consultation of trust negotiation module separately, communication exchange is inquired into tackling key problem mode and synergistic operation.
Online user management module 52 is added up for the online user, and just arranges according to their grade, makes things convenient for the user to search and selects appropriate users to obtain to help or synergistic operation.
Degree of belief evaluation module 80 utilizes formula according to the concrete integration record that closes the user in the card module 43: accuracy rate=(user gets the deserved integration number of integration number/user in fact) * 100%.
Calculate user's accuracy rate, and draw user's corresponding credit rating according to the accuracy rate in-scope, send in the user gradation administration module 23, make things convenient for the server policy processing module 302 in the server trust negotiation module 30 to provide different strategies for the user according to corresponding credit rating.
Adopt the user collaborative system of the Verification System based on trust negotiation of the present invention, comprise at least two each and every one line modules, each line module contains the trust negotiation module of oneself, and each line module all is connected to each other by network.
In conjunction with Fig. 3, be example with user's first trust negotiation module 60 and user's second trust negotiation module 70, specifically describe.
After user's first and the login of user's second, user's first and user's second enter system respectively and close in card module 40 and the network cooperating module 50, when user's first is selected user's second and then triggering trust negotiation module separately from online user's tabulation.
At this moment, after user's first connects to the request of user's second, or after user's second connected to the request of user's first, user's first trust negotiation module 60 or user's second trust negotiation module 70 provided user's return information for the other side's trust negotiation module.If user's first is asked user's second; then user's second is returned to access control policy of user's first; if user's second is asked user's first; then user's first is returned to access control policy of user's second; the course of work with user's first illustrates: the user's first strategy analyzing module 601 in user's first trust negotiation module 60 judges that the information that user's second is returned is strategy or certificate; if then illustrating user's first, strategy connects to user's second requesting cooperative; the strategy that 601 pairs of user's second of user's first strategy analyzing module trust negotiation module 70 is returned is resolved; see and whether relate to the owned responsive certificate of user's first; if analysis result relates to the owned responsive certificate of user's first; then user's first strategy analyzing module 601 notifies user's first strategy processing module 602 to handle; user's first strategy processing module 602 accesses the protection strategy about responsive certificate in user's first policy library module 604; return to the protection strategy of user's second trust negotiation module 70 about responsive certificate; if the analysis result of user's first strategy analyzing module 601 does not relate to responsive certificate; then user's first strategy analyzing module 601 notifies user's first certificate processing module 603 to handle; the access control policy that user's first certificate processing module 603 is sent according to user's second; access the certificate that strategy that the user's second in user's first certificate repository module 605 sends relates to; return to user's second trust negotiation module 70; if user's first strategy analyzing module 601 judges that the information that user's second is returned is certificate; illustrate that then user's second connects to the request of user's first; return to 70 1 access control policies of user's second trust negotiation module before user's first trust negotiation module 60; user's second trust negotiation module 70 is finished the action that above-mentioned user's first trust negotiation module 60 is finished; return to user's first trust negotiation module 60 certificates; then user's first strategy analyzing module 601 notifies user's first certificate processing module 603 to handle; the certificate that user's first certificate processing module 603 is returned user's second is saved in user's first consistency check module 606; whether the requirement of the strategy that before this certificate of user's first consistency check module 606 verifications and the user's first user's second is proposed is consistent; if it is consistent; both sides' relation of breaking the wall of mistrust then; user's second can be worked in coordination with interchange with user's first; understand the sensitive information that has separately; otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
Trust voucher by the users to trust negotiation module 12 and the exchange of server trust negotiation module 30, make the authenticity of 30 couples of users' of server trust negotiation module identity that further affirmation arranged, and give the user corresponding access rights according to the credit vouchers that the user submits to, and by exchange trust voucher between each users to trust negotiation module, make and can work in coordination with interchange between the user, common tackling key problem.
Referring to Fig. 4, a kind of login method that adopts the logging in system by user of the Verification System based on trust negotiation of the present invention may further comprise the steps:
Step 401, user log-in block sends to user profile such as user's its own user name and password in the user login management module, and the corresponding outpost of the tax office of request visit.
Step 402, the user profile in the user login management module searching user's information memory module is carried out verification to user profile, and the verification failure informs that then user log-in block login failure, verification succeeds then send outpost of the tax office access request to the server policy processing module.
Step 403, the outpost of the tax office access request that the server policy processing module is sent according to the user login management module, according to the information such as user gradation in the user gradation administration module, from the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module.
Step 404, the strategy that the subscriber policy parsing module reception server strategy processing module in the users to trust negotiation module is returned is given the user certificate processing module.
Step 405, the user certificate processing module requires to search corresponding certificate according to strategy from the user certificate library module, form certificate chain, and certificate chain is sent to the server certificate processing module.
Step 406, the server certificate processing module is deposited into certificate chain in the server sequence sets in the server consistency check module according to order.
Step 407, the strategy that server consistency check module is preserved the certificate chain and the server policy processing module of the preservation of server certificate processing module carries out verification, both unanimities, inform that then user log-in block consults successfully, user log-in block can be visited the corresponding outpost of the tax office, otherwise inform that the user consults failure, the user does not have the authority at the corresponding outpost of the tax office, orientation.
The mode that the server trust negotiation module is verified by the attribute of credit vouchers that user management module is submitted to is further confirmed user identity and the associated rights that the user had, and has improved security of system.
Referring to Fig. 5, a kind of Synergistic method that adopts the user collaborative system of the Verification System based on trust negotiation of the present invention may further comprise the steps:
Step 501, user's first strategy analyzing module in user's first trust negotiation module judge that the information that user's second is returned is strategy or certificate, if strategy execution in step 502 then, otherwise execution in step 505.
Step 502, the information that user's first strategy analyzing module is returned user's second is resolved, and sees whether to relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first, then execution in step 503, otherwise execution in step 504.
Step 503; user's first strategy analyzing module notifies user's first strategy processing module to handle; user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module, returns to the protection strategy of user's second trust negotiation module about responsive certificate.
Step 504, user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second, access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module.
Step 505, user's first strategy analyzing module notifies user's first certificate processing module to handle, the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent, if it is consistent, then execution in step 506, otherwise execution in step 507.
Step 506, both sides' relation of breaking the wall of mistrust, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately.
Step 507 is informed user's second negotiation failure, and both sides can not set up collaborative the connection.
Below some notions among the present invention are described:
Digital certificate (digital credential) is the digitization tools that is used for carrying correlated characteristics such as user identity/attribute.Because certificate is being represented user's identity, therefore, certificate must have verifiability and unforgeable.According to the purposes in different system, certificate can be divided into letter of identity and Attribute certificate.
Authentication (authentication) is used for confirming the authenticity of participant identity, by user identity is carried out consistency check, prevents to act as fraudulent substitute for a person the generation of phenomenon.Before trust negotiation begins, determine whether the identity of communicating pair is legal, be the guarantee that system safety is maintained, also be the prerequisite of checking subscriber authorisation, certificate exchange and system audit.The method of authentication mainly is to check whether " user name-password " that the user submitted to be true.For the high system of level of security, then also need from the certificate that the user submits to, to extract the ability that identity information comes identifying user identity and user to be had.
Authorize (authorization) to be meant the certificate that analysis user is submitted to,, be the authority of user's assigns access resource according to the property value on the certificate.Which type of operating right the user has to resource, perhaps can enjoy which type of service, all is embodied in the mandate of system to the user.In trust management system, mainly be the corresponding control operation of excited users to resource to user's mandate based on authentication.
Strategy (policy) is used for resource conservation not by the validated user unauthorized access, thereby the standard validated user is to the operation of resource.Access control policy has determined to expose the sequencing of which certificate and the exposure of these certificates in automated trust negotiation.Trust negotiation can be divided into service or protection of resources strategy and responsive certificate protection strategy according to the content difference of strategy protection.
According to the complexity of describing, access control policy can be divided into first strategy and compound strategy.Unit's strategy is a basic element of forming compound strategy, and their relation object is similar to the relation of metadata and data.Usually, provide certain operations in the system, as " ∧/∨/! " realize the composition and the decomposition of compound strategy.
Article one, comprise in first strategy:
The publisher The holder Property Name Property value …… The term of validity
Principle to trust negotiation describes below:
Trust negotiation is the principle design according to the relation of breaking the wall of mistrust in our daily life.We usually run into the process that breaks the wall of mistrust and concern with the stranger in the daily life.For example we run into traffic police's visiting when driving, the traffic police needs us to show one's driving license, and we are in order to confirm traffic police's true identity, often need the traffic police to show its police's card, treat that the traffic police shows its police and demonstrate,proves the back we just show the driving license of self, a simple process of establishing trusting relationship that Here it is.In computer network, by the mutual disclosure of digital certificate and access control policy, the service or the requesting party of resource and the provider relation that automatically breaks the wall of mistrust.Here it is trust negotiation.
Illustrate the trust negotiation process:
Both sides in the trust negotiation process need to transmit mutually related credentials, after certificate is verified, just can visit related resource, for the describing mode of access strategy just like giving a definition:
Definition 1:P RBe the access strategy of related resource, P CAccess strategy for responsive certificate.F R(Cl ... Ck) be the certificate chain of access resources, F C(C1 ... Ck) for visiting the certificate chain of responsive certificate.Work as F RAnd F CThe certificate chain of representative could disclose corresponding resource and responsive certificate during for True.Representation is P R← F R(C1, C2 ..., Ck), P C← F C(C1, C2 ..., Ck).During for false, then underground corresponding resource and responsive certificate.
Definition 2:C1, C2 ... Ck has represented different credentials respectively, between them by logical symbol ∧ (also) and ∨ (or) the composition certificate chain is connected.After certificate chain after connecting obtains consistency check,, then return certificate chain F for what meet the demands ROr F CValue be true, otherwise be false.
F for example R(C1 ∧ C2 ∧ C3) certificate chain for providing at resource has only the C1 of working as, when C2, C3 all satisfy, and F RValue be true, P is arranged R← F R(C1, C2, C3).F and for example C(C1 ∨ C2 ∨ C3) for a certificate chain that provides at responsive certificate, works as C1, C2, have in three certificates of C3 one eligible, F then CValue be true, P is arranged C← F C(C1, C2, C3).
A user's integration situation is that the user understands what the reaction of information security knowledge, has also shown the size of user's capacity of customs clearance simultaneously from the side.Its authenticity by a certain outpost of the tax office of user that integration is high is comparatively credible, and the authenticity of the relatively low user of integration by a certain outpost of the tax office remained more the detection.Pass through formula:
Accuracy rate=(user gets the deserved integration number of integration number/user in fact) * 100%
Obtain user's accuracy rate, obtain following credit rating according to the scope of user's accuracy rate:
Accuracy rate ??0%-10% ??10%-35% ??35%-65% ??65%-90% ??90%-100%
Credit rating ??0 ??1 ??2 ??3 ??4
In the process of consulting, as the reference index, the mode that provides different strategy at the user of different credit ratings is the adaptive strategy pattern just with credit rating.Credit rating is high more, and then the strategy in the negotiations process is simple more, and credit rating is low more, and consulting tactical is complicated more.
Example 1: existing two users have can directly enter the 3rd authority of closing the outpost of the tax office, but first and second users' integration is different, and user's first has been answered questions the topic of all knowledge questions fully, and second has then answered all problems wrong.When login, first and second user's negotiations processes are as follows:
Referring to Fig. 6, the negotiations process of user's first:
User's first: submit username and password to, application obtains the 3rd authority of closing;
Server: checking username and password, and inquiring user integration provide first according to integration and can visit the 3rd tactful P that closes Third
User's first: the search certificate, and return F Fthird(C1 ∧ C2 ∧ C3);
Server: behind the certificate that checking user first transmits, inform and consult successfully;
Referring to Fig. 7, the negotiations process of user's second
User's second: submit username and password to, application obtains the 3rd authority of closing;
Server: the checking username and password, the inquiring user integration provides second according to integration and can visit the first tactful P that closes First
User's second: the search certificate, return certificate F First(C1);
Server: authentication certificate C1, and return the tactful P of the second pass authority Second
User's second: the search certificate, return certificate F Second(C2);
Server: authentication certificate C2, and return the tactful P of the 3rd pass authority Third
User's second: the search certificate, return certificate F Third(C3);
Server: behind the certificate C3 that checking user second transmits, inform and consult successfully;
Here C1, C2 and C3 represent that respectively the user returns to user's corresponding authority certificate by one, two, three passes back system.
Different is that the user not only will hold consultation with server, also will hold consultation with the user to trust negotiation in trust negotiation in the network cooperating process and the login process.Guarantee the credibility of the other side's identity between user and the user by the certificate that self is had alternately, the relation of breaking the wall of mistrust, synergistic operation.
Example 2: user's first and user's second all arrive the 4th pass, and the integration before two people is full marks, the 4th close require two users obtain respectively by system generate at random 1000 and 1500 with interior prime number, two prime numbers and be the password of being open to the custom.This process can be expressed as follows:
Referring to Fig. 8., Fig. 9, user's first: file an application to user's second, collaborative pipeline is set up in request, and submits the integration of oneself to;
User's second:, return the strategy of setting up communication and require P according to the integration of first Forth← F Forth(C1 ∧ C2 ∧ C3 ∧ C4), and self integration is provided;
User's first: return Credential Chain (C1 ∧ C2 ∧ C3 ∧ C4), and propose tactful P according to the integration of second Forth← F Forth(C1 ∧ C2 ∧ C3 ∧ C4);
User's second: the certificate that the checking first is submitted to, return Credential Chain (C1 ∧ C2 ∧ C3 ∧ C4);
User's first: the certificate that checking user second is submitted to;
Both sides consult success, link up the back decision and obtain 1000 with interior prime number by first, obtain 1500 with interior prime number by second;
Both sides send request to server respectively;
Server produce at random 1000 with interior prime number and 1500 with interior prime number, inform user's first and user's second respectively, and provide the digital certificate C contain this two numbers property value for them FirstAnd C Second
User's first and user's second are informed the numerical value that the other side oneself is had respectively, and exchange digital certificate C FirstAnd C Second
User's first and user's second respectively to server submit to two numbers and;
Server proposes to visit the tactful P of the 5th pass authority respectively to first and second C5← F C5(C First∧ C Second);
User's first and user's second are submitted self certificate Credential Chain (C respectively to First∧ C Second);
The certificate that server authentication two users submit to, and according to prime number property value and that the checking both sides submit to of certificate and whether correct.If correctly send the 5th authority certificate C5 that closes to two people;
Both sides are open to the custom successfully.
Here C1, C2, C3, C4 and C5 represent one to the five access rights certificate that closes, C respectively FirstAnd C SecondRepresent respectively by server issues and give first and second, contain the certificate of selected random number property value.
Trust negotiation can be between the strange network entity of different security domains automatically, the dynamically relation of breaking the wall of mistrust by certificate exchange; Negotiator both sides can protect the sensitiveness resource of oneself by generating strategy, to the other side's the request control that conducts interviews; In the negotiations process, do not need the participation of trusted third party.
Because the present invention has adopted the system and method for trust negotiation authentication, can further authenticate, and has guaranteed authenticating safety, thereby has increased the fail safe of network cooperating games system.
Above embodiment is described preferred implementation of the present invention; be not that scope of the present invention is limited; design under the prerequisite of spirit not breaking away from the present invention; various distortion and improvement that the common engineers and technicians in this area make technical scheme of the present invention all should fall in the definite protection range of claims of the present invention.

Claims (8)

1. the Verification System based on trust negotiation is characterized in that, comprises strategy analyzing module (1), tactful processing module (2), certificate processing module (3), policy library module (4), certificate repository module (5) and consistency check module (6);
Described policy library module (4) is used for storage policy;
Described certificate repository module (5) is used for Store Credentials;
Described strategy analyzing module (1) is used for the strategy that imports into is resolved, and whether relates to responsive certificate in the determination strategy, relates to then transferring to tactful processing module (2) and handling, and does not relate to then transferring to certificate processing module (3) and handling;
Described tactful processing module (2) is used for accessing corresponding strategy from described policy library module (4), returns to the requesting party, and the strategy that will provide deposits in the consistency check module (6); The perhaps request that relates to responsive certificate of sending according to strategy analyzing module (1) accesses protection strategies from policy library module (4), return to the requesting party, and the protection strategy that will provide deposits in the consistency check module (6);
Described certificate processing module (3) is used for accessing certificate and provide certificate chain to certificate request side from described certificate repository module (5) according to the sequence described in the strategy, and the certificate chain of receiving is deposited in the consistency check module (6) according to order;
Described consistency check module (6) is used for certificate chain and the tactful consistency that verification is received, unanimity is then informed the success of requesting party's trust negotiation, and provides corresponding service to the requesting party, otherwise informs the failure of requesting party's trust negotiation, does not provide service to the requesting party.
2. the Verification System based on trust negotiation according to claim 1 is characterized in that, also comprises sequence sets module (7) in the described consistency check module (6), described sequence sets module (7) Store Credentials chain.
3. a logging in system by user that adopts the Verification System based on trust negotiation as claimed in claim 1 or 2 is characterized in that, comprises line module (10), user management module (20) and server trust negotiation module (30);
Described line module (10) sends to the user with self user profile and steps in the administration module (20), and proposes access request;
Described user management module (20) is carried out verification to user profile, and the verification failure informs that then described line module (10) login failure, verification succeeds then send access request to described server trust negotiation module (30);
Described server trust negotiation module (30) receives the access request that described user management module (20) is sent, according to the information such as user gradation in the described user management module (20), access corresponding strategy, return to described line module (10), and strategy is preserved;
Described line module (10) receives the strategy that described server trust negotiation module (30) is returned, and requires to search corresponding certificate according to strategy, forms certificate chain, and certificate chain is sent to described server trust negotiation module (30);
Described server trust negotiation module (30) is preserved certificate chain according to order, and the strategy of this certificate chain and preservation carried out verification, both unanimities, inform that then described line module (10) consults successfully, described line module (10) can be visited accordingly, otherwise informs described line module (10) login failure.
4. logging in system by user according to claim 3, it is characterized in that, described line module (10) comprises user log-in block (11) and users to trust negotiation module (12), and described users to trust negotiation module (12) comprises subscriber policy parsing module (121), subscriber policy processing module (122), user certificate processing module (123), subscriber policy library module (124), user certificate library module (125) and users consistency inspection module (126); Described user management module (20) comprises user's registration management module (21), user login management module (22), user gradation administration module (23) and subscriber information storing module (24); Described server trust negotiation module (30) comprises server policy parsing module (301), server policy processing module (302), server certificate processing module (303), server policy library module (304), server certificate library module (305) and server consistency check module (306);
Described user log-in block (11) sends to the user profile of self in the described user login management module (22), and sends access request;
Described user login management module (22) is inquired about the user profile in the described subscriber information storing module (24), and user profile carried out verification, the verification failure informs that then described user log-in block (11) login failure, verification succeeds then send access request to described server policy processing module (302);
The outpost of the tax office access request that described server policy processing module (302) is sent according to user login management module (22), according to the information such as user gradation in the described user gradation administration module (23), from server policy library module (304), access corresponding strategy, return to users to trust negotiation module (12), and strategy is kept in the server consistency check module (306);
The strategy that subscriber policy parsing module (121) reception server strategy processing module (302) in the described users to trust negotiation module (12) is returned, give described user certificate processing module (123), described user certificate processing module (123) requires to search corresponding certificate from described user certificate library module (125) according to strategy, form certificate chain, and certificate chain is sent to described server certificate processing module (303);
Described server certificate processing module (303) is deposited into certificate chain in the described server consistency check module (306) according to order, described server consistency check module (306) is carried out verification to the strategy of this certificate chain and preservation, both unanimities, inform that then described user log-in block (11) consults successfully, described user log-in block (11) can be visited accordingly, otherwise informs that described user log-in block (11) lands failure.
5. logging in system by user according to claim 4 is characterized in that, also comprises server sequence sets module (307) in the described server consistency check module (306), described server sequence sets module (307) Store Credentials chain.
6. user collaborative system that adopts the Verification System based on trust negotiation as claimed in claim 1 or 2, it is characterized in that, comprise at least two line modules, each line module includes the users to trust negotiation module of oneself, and each line module is connected to each other by network;
User's first and user's second connect, and user's second is returned user's first information, and the user's first strategy analyzing module (601) in user's first trust negotiation module (60) judges that the information that user's second is returned is strategy or certificate;
If strategy is then resolved it, see and whether relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module (601) notifies user's first strategy processing module (602) to handle, user's first strategy processing module (602) accesses the protection strategy about responsive certificate in user's first policy library module (604), return to the protection strategy of user's second trust negotiation module (70) about responsive certificate, if the analysis result of user's first strategy analyzing module (601) does not relate to responsive certificate, then user's first strategy analyzing module (601) notifies user's first certificate processing module (603) to handle, the access control policy that user's first certificate processing module (603) is sent according to user's second, access the certificate that strategy that the user's second in user's first certificate repository module (605) sends relates to, return to user's second trust negotiation module (70);
If user's first strategy analyzing module (601) judges that the information that user's second is returned is certificate, then notify user's first certificate processing module (603) to handle, the certificate that user's first certificate processing module (603) is returned user's second is saved in user's first consistency check module (606), whether the requirement of the strategy that before this certificate of user's first consistency check module (606) verification and the user's first user's second is proposed is consistent, if it is consistent, both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understand the sensitive information that has separately, otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
7. a login method that adopts the logging in system by user of claim 1 or 2 described Verification Systems based on trust negotiation is characterized in that, may further comprise the steps:
User log-in block sends to user profile such as user's its own user name and password in the user login management module, and proposes access request;
User profile in the user login management module searching user's information memory module, user profile is carried out verification, the user log-in block login failure is then informed in the verification failure, verification succeeds then sends access request to the server policy processing module, the access request that the server policy processing module is sent according to the user login management module, according to the information such as user gradation in the user gradation administration module, from the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module;
The strategy that subscriber policy parsing module reception server strategy processing module in the users to trust negotiation module is returned, give the user certificate processing module, the user certificate processing module requires to search corresponding certificate according to strategy from the user certificate library module, form certificate chain, and certificate chain sent to the server certificate processing module, the server certificate processing module is deposited into certificate chain in the server sequence sets in the server consistency check module according to order;
The strategy that server consistency check module is preserved the certificate chain and the server policy processing module of the preservation of server certificate processing module carries out verification, both unanimities, inform that then user log-in block consults successfully, user log-in block can be visited accordingly, otherwise informs that the user lands failure.
8. a Synergistic method that adopts the user collaborative system of claim 1 or 2 described Verification Systems based on trust negotiation is characterized in that, may further comprise the steps:
User's first strategy analyzing module in user's first trust negotiation module judges that the information that user's second is returned is strategy or certificate;
If strategy, user's first strategy analyzing module is resolved it, see and whether relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first strategy processing module to handle, user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module, return to the protection strategy of user's second trust negotiation module about responsive certificate, if analysis result does not relate to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second, access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module;
If certificate, user's first strategy analyzing module notifies user's first certificate processing module to handle, the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent, if it is consistent, both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understand the sensitive information that has separately, otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
CN 200910242235 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods Expired - Fee Related CN101707613B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200910242235 CN101707613B (en) 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910242235 CN101707613B (en) 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods

Publications (2)

Publication Number Publication Date
CN101707613A true CN101707613A (en) 2010-05-12
CN101707613B CN101707613B (en) 2012-12-12

Family

ID=42377803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910242235 Expired - Fee Related CN101707613B (en) 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods

Country Status (1)

Country Link
CN (1) CN101707613B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101951375A (en) * 2010-09-21 2011-01-19 北京信息科技大学 Trust assessment-based adaptive trust negotiation system and method
CN107864159A (en) * 2017-12-21 2018-03-30 有米科技股份有限公司 Communication means and device based on certificate and trust chain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL165416A0 (en) * 2004-11-28 2006-01-15 Objective data regarding network resources
CN100493089C (en) * 2005-12-26 2009-05-27 北京航空航天大学 Service computing system based on service and underlying resource separation
CN100353713C (en) * 2005-12-26 2007-12-05 北京航空航天大学 Authentic remote service heat deploying method
CN100399739C (en) * 2005-12-26 2008-07-02 北京航空航天大学 Method and system for realizing trust identification based on negotiation communication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101951375A (en) * 2010-09-21 2011-01-19 北京信息科技大学 Trust assessment-based adaptive trust negotiation system and method
CN101951375B (en) * 2010-09-21 2014-02-19 北京信息科技大学 Trust assessment-based adaptive trust negotiation system and method
CN107864159A (en) * 2017-12-21 2018-03-30 有米科技股份有限公司 Communication means and device based on certificate and trust chain

Also Published As

Publication number Publication date
CN101707613B (en) 2012-12-12

Similar Documents

Publication Publication Date Title
Dimitriou Efficient, coercion-free and universally verifiable blockchain-based voting
CN102959559B (en) For the method producing certificate
Winn Open Systems, Free Markets, and Regulation of Internet Commerce
EP4254857A2 (en) Systems and methods for communication, storage and processing of data provided by an entity over a blockchain network
CN109962890B (en) Block chain authentication service device and node admission and user authentication method
CN107181765A (en) Network digital identity identifying method based on block chain technology
KR102120882B1 (en) Block chain based contest system and method for contesting
US20090320101A1 (en) System and method for authenticating users in a social network
EP3376708A1 (en) Anonymous communication system and method for subscribing to said communication system
Brunner et al. SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain.
Abu-Shanab et al. Security and Fraud Issues of E-banking
CN101546407A (en) Electronic commerce system and management method thereof based on digital certificate
CN109688119A (en) In a kind of cloud computing can anonymous traceability identity identifying method
WO2018088475A1 (en) Electronic authentication method and program
KR20060032888A (en) Apparatus for managing identification information via internet and method of providing service using the same
Lee et al. A study of the security of Internet banking and financial private information in South Korea
CN110298152A (en) It is a kind of protection privacy of user and system safety line on identity management method
CN106506165A (en) Fictitious assets anonymity sort method based on homomorphic cryptography
CN102377573A (en) Double-factor authentication method capable of securely updating password
Hsiao et al. Electronic voting systems for defending free will and resisting bribery and coercion based on ring anonymous signcryption scheme
CN103858377A (en) Method for managing and checking data from different identity domains organized into a structured set
CN101707613B (en) Authentication system based on trust negotiation and user login and collaboration systems and methods
CN109697368A (en) Method, equipment and system that user information data safety uses, storage medium
Al Fairuz et al. Multi-channel, Multi-level Authentication for More Secure eBanking.
Lu et al. BEvote: Bitcoin-enabled E-voting scheme with anonymity and robustness

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121212

Termination date: 20151210

EXPY Termination of patent right or utility model