CN101707613B - Authentication system based on trust negotiation and user login and collaboration systems and methods - Google Patents

Authentication system based on trust negotiation and user login and collaboration systems and methods Download PDF

Info

Publication number
CN101707613B
CN101707613B CN 200910242235 CN200910242235A CN101707613B CN 101707613 B CN101707613 B CN 101707613B CN 200910242235 CN200910242235 CN 200910242235 CN 200910242235 A CN200910242235 A CN 200910242235A CN 101707613 B CN101707613 B CN 101707613B
Authority
CN
China
Prior art keywords
user
module
certificate
strategy
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200910242235
Other languages
Chinese (zh)
Other versions
CN101707613A (en
Inventor
蒋文保
刘思征
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN 200910242235 priority Critical patent/CN101707613B/en
Publication of CN101707613A publication Critical patent/CN101707613A/en
Application granted granted Critical
Publication of CN101707613B publication Critical patent/CN101707613B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

An authentication system based on trust negotiation comprises a strategy analyzing module, a strategy processing module, a certificate processing module, a strategy library module, a certificate library module and a consistency checking module. A user login system of the authentication system comprises a user module, a user management module and a server trust negotiation module. A user collaboration system of the authentication system comprises at least two user modules, each of which comprises own user trust negotiation module, and the two user modules are mutually connected by a network. The invention provides the authentication system which increases the safety of such network application systems as network games and the like. The invention also provides the user login system and a user login method which adopt the authentication system and the user collaboration system and a user collaboration method which adopt the authentication system.

Description

The system and method that lands and work in coordination with based on the Verification System and the user of trust negotiation
Technical field
The present invention relates to the broadcast communication field, particularly a kind of Verification System based on trust negotiation adopts system and method that the user of this Verification System lands and the system and method that adopts the user collaborative of this Verification System.
Background technology
Along with comprehensive quickening of development of internet technology and social informatization process, the importance of network and information system strengthens day by day, and information security issue has become the matter of the whole concerning economic development, public interest, social stability, national security.In order to strengthen security assurance information work, need to adopt multiple mode to popularize information security knowledge, improve popular awareness of safety, and try to explore the information security personnel training approach of various ways.Wherein, recreation helps people to obtain security knowledge and raising awareness of safety as a kind of effective supplementary mode, reaches the effect of getting twice the result with half the effort.
More famous both at home and abroad hacker's recreation has uplink, Hack The Game, Uplink series, hacker base series, hacker's recreation of computer newspaper etc.These game developers' thinking is similar; Emphasis is to the cultivation of the concrete application power of hacker's knowledge of player; But form is single; Basically all be that the various password cracking methods of concrete application crack and obtain being open to the custom needed password, very high to the requirement of cryptography knowledge, and the story of a play or opera that otherwise hacker's knowledge is seldom related to and has no.The common problem that these recreation simultaneously exist is that the game player all fights separately; There are not exchanges and communication mutually; So not only greatly reduce the interest of recreation; Simultaneously also be unfavorable for the study of mutually promoting between the player, so the present invention has introduced network cooperating mechanism on the basis of similar recreation.
In addition; Though outside information security field, there is the network cooperating recreation of many other kinds at present; But in the recreation of existing network cooperating, owing to lack corresponding safety prevention measure, user sensitive information leakage, game article and stage property are stolen etc., and dangerous phenomenon happens occasionally; Have a strong impact on the enthusiasm of game user, even caused many legal dispute problems.
Therefore safety problem has become the restriction network and has further developed and the key in application factor now.
At present; The right scheme of widely used being based on " usemame/password " on Internet; This needs each website that one cover user management system is provided; Ask the user of this website service or resource must at first fill in certain personal information, apply for a pair of username and password, adopt the username and password login of having applied for when visiting this website later on.The advantage of this scheme is that realization is simple, direct, therefore uses comparatively extensive.But its shortcoming also is apparent in view: at first, this access control granularity is thicker, can't satisfy the demand of further division; Secondly, the mode of username and password is more or less freely to be stolen, in case stolen username and password then the user is faced with the risk that is stolen at system's canned data, makes security of system can not get ensureing.
The ability that user identity and user are had is further confirmed in the fail safe that number of site has adopted the mode of digital certificate to improve system.Service requester submits to the digital certificate of being held to show the attribute that self possesses to the ISP; Whether ISP's mandate satisfies the pairing access control policy of its access request according to the attribute that is the requestor.But, comprise the information of some sensitiveness in the digital certificate probably, like Bank Account Number information etc.For this type certificate, service requester should be reluctant to submit to blindly before the true identity of confirming the ISP.That is to say that the certificate that contains sensitive attribute information also need be protected.And the requestor of service and supplier should just can carry out mutual after accomplishing two-way checking.Arise at the historic moment at this situation trust negotiation, its implication is the mutual disclosure through digital certificate and access control policy, the service or the requesting party of resource and the provider relation that automatically breaks the wall of mistrust.
Summary of the invention
Defective to above-mentioned prior art; The purpose of this invention is to provide a kind of Verification System that increases network application systems such as online game fail safe, adopt system and method that the user of this Verification System lands and the system and method that adopts the user collaborative of this Verification System based on trust negotiation.
For achieving the above object, the present invention adopts following technical scheme:
A kind of Verification System based on trust negotiation comprises strategy analyzing module, tactful processing module, certificate processing module, policy library module, certificate repository module and consistency check module;
Said policy library module is used for storage policy;
Said certificate repository module is used for Store Credentials;
Said strategy analyzing module is used for the strategy that imports into is resolved, and whether relates to responsive certificate in the determination strategy, relates to then transferring to tactful processing module and handling, and does not relate to then transferring to certificate processing module and handling;
Said tactful processing module is used for accessing corresponding strategy from said policy library module, returns to the requesting party, and the strategy that will provide deposits in the consistency check module; The request that relates to responsive certificate of perhaps sending according to strategy analyzing module accesses protection strategies from the policy library module, return to the requesting party, and the protection strategy that will provide deposits in the consistency check module;
Said certificate processing module is used for from said certificate repository module, accessing certificate and to certificate request side certificate chain being provided according to the sequence described in the strategy, and the certificate chain of receiving is deposited in the consistency check module according to order;
Said consistency check module is used for the certificate chain and tactful consistency that verification is received, unanimity is then informed the success of requesting party's trust negotiation, and to the requesting party corresponding service is provided, otherwise informs the failure of requesting party's trust negotiation, to the requesting party service is not provided.
Verification System based on trust negotiation of the present invention also comprises the sequence sets module in the wherein said consistency check module, said sequence sets module stores certificate chain.
A kind of logging in system by user that adopts above-mentioned Verification System based on trust negotiation comprises line module, user management module and server trust negotiation module;
Said line module sends to the user with self user profile and steps in the administration module, and proposes access request;
Said user management module is carried out verification to user profile, and the verification failure informs that then said line module login failure, verification succeeds then send access request to said server trust negotiation module;
Said server trust negotiation module receives the access request that said user management module is sent, and according to the information such as user gradation in the said user management module, accesses corresponding strategy, returns to said line module, and strategy is preserved;
Said line module receives the strategy that said server trust negotiation module is returned, and requires to search corresponding certificate according to strategy, forms certificate chain, and certificate chain is sent to said server trust negotiation module;
Said server trust negotiation module is preserved certificate chain according to order; And the strategy of this certificate chain and preservation carried out verification, both are consistent, inform that then said line module consults successfully; Said line module can be visited accordingly, otherwise informs said line module login failure.
Logging in system by user of the present invention; Wherein said line module comprises user log-in block and users to trust negotiation module, and said users to trust negotiation module comprises subscriber policy parsing module, subscriber policy processing module, user certificate processing module, subscriber policy library module, user certificate library module and users consistency inspection module; Said user management module comprises user's registration management module, user login management module, user gradation administration module and subscriber information storing module; Said server trust negotiation module comprises server policy parsing module, server policy processing module, server certificate processing module, server policy library module, server certificate library module and server consistency check module;
Said user log-in block sends to the user profile of self in the said user login management module, and sends access request;
Said user login management module is inquired about the user profile in the said subscriber information storing module; And user profile carried out verification; The verification failure informs that then said user log-in block login failure, verification succeeds then send access request to said server policy processing module;
The outpost of the tax office access request that said server policy processing module is sent according to the user login management module; According to the information such as user gradation in the said user gradation administration module; From the server policy library module, access corresponding strategy; Return to the users to trust negotiation module, and strategy is kept in the server consistency check module;
The strategy that subscriber policy parsing module reception server strategy processing module in the said users to trust negotiation module is returned; Give said user certificate processing module; Said user certificate processing module requires from said user certificate library module, to search corresponding certificate according to strategy; Form certificate chain, and certificate chain is sent to said server certificate processing module;
Said server certificate processing module is deposited into certificate chain in the said server consistency check module according to order; Said server consistency check module is carried out verification to the strategy of this certificate chain and preservation; Both are consistent; Inform that then said user log-in block consults successfully, said user log-in block can be visited accordingly, otherwise informs that said user log-in block lands failure.
Logging in system by user of the present invention also comprises server sequence sets module in the wherein said server consistency check module, said server sequence sets module stores certificate chain.
A kind of user collaborative system that adopts above-mentioned Verification System based on trust negotiation comprises at least two line modules, and each line module includes the users to trust negotiation module of oneself, and each line module connects mutually through network;
User's first and user's second connect, and user's second is returned user's first information, and the information that the user's first strategy analyzing module judges second in user's first trust negotiation module is returned is strategy or certificate;
If strategy is then resolved it; See and whether relate to the owned responsive certificate of user's first; If analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first strategy processing module to handle, and user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module; Return to the protection strategy of user's second trust negotiation module about responsive certificate; If the analysis result of user's first strategy analyzing module does not relate to responsive certificate, then user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second; Access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module;
If the information that user's first strategy analyzing module judges second is returned is certificate; Then notify user's first certificate processing module to handle, the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, and whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent; If it is consistent; Both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately; Otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
A kind of login method that adopts the logging in system by user of above-mentioned Verification System based on trust negotiation may further comprise the steps:
User log-in block sends to user profile such as user's its own user name and password in the user login management module, and proposes access request;
User profile in the user login management module searching user's information memory module; User profile is carried out verification; The verification failure informs that then user log-in block login failure, verification succeeds then send access request to the server policy processing module, the access request that the server policy processing module is sent according to the user login management module; According to the information such as user gradation in the user gradation administration module; From the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module;
The strategy that subscriber policy parsing module reception server strategy processing module in the users to trust negotiation module is returned; Give the user certificate processing module; The user certificate processing module requires from the user certificate library module, to search corresponding certificate according to strategy; Form certificate chain, and certificate chain is sent to the server certificate processing module, the server certificate processing module is deposited into certificate chain in the server sequence sets in the server consistency check module according to order;
The strategy that server consistency check module is preserved the certificate chain and the server policy processing module of the preservation of server certificate processing module carries out verification; Both are consistent; Inform that then user log-in block consults successfully; User log-in block can be visited accordingly, otherwise informs that the user lands failure.
A kind of Synergistic method that adopts the user collaborative system of above-mentioned Verification System based on trust negotiation may further comprise the steps:
The information that user's first strategy analyzing module judges second in user's first trust negotiation module is returned is strategy or certificate;
If strategy; User's first strategy analyzing module is resolved it; See and whether relate to the owned responsive certificate of user's first; If analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first strategy processing module to handle, and user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module; Return to the protection strategy of user's second trust negotiation module about responsive certificate; If analysis result does not relate to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second; Access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module;
If certificate; User's first strategy analyzing module notifies user's first certificate processing module to handle, and the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, and whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent; If it is consistent; Both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately; Otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
Trust negotiation can be between the strange network entity of different security domains automatically, the dynamically relation of breaking the wall of mistrust through certificate exchange; Negotiator both sides can protect the sensitiveness resource of oneself through generating strategy, to the other side's the request control that conducts interviews; In the negotiations process, do not need the participation of trusted third party.
Because the present invention has adopted the system and method for trust negotiation authentication, can further carry out authentication, has guaranteed authenticating safety, thereby has increased the fail safe of network cooperating games system.
Description of drawings
Fig. 1 is the system block diagram of a kind of Verification System based on trust negotiation of the present invention;
Fig. 2 is the system block diagram of the network attacking and defending games system of a kind of Verification System based on trust negotiation of the present invention;
Fig. 3 is the user collaborative system block diagram that adopts the Verification System that the present invention is based on trust negotiation;
Fig. 4 is the flow chart of login method that adopts the logging in system by user of the Verification System the present invention is based on trust negotiation;
Fig. 5 is the flow chart of Synergistic method that adopts the user collaborative system of the Verification System the present invention is based on trust negotiation;
Fig. 6 is the negotiations process sketch map of user of the present invention user's first when logining;
Fig. 7 is the negotiations process sketch map of user of the present invention user's second when logining;
Fig. 8 is the negotiations process sketch map of user of the present invention user's first and user's second when consulting;
Fig. 9 is the negotiations process sketch map of user of the present invention user's first and user's second and server when consulting.
Embodiment
Be elaborated below in conjunction with the execution mode of accompanying drawing to the Verification System that the present invention is based on trust negotiation and user's login and collaborative system and method.
Referring to Fig. 1, a kind of Verification System of trust negotiation comprises strategy analyzing module 1, tactful processing module 2, certificate processing module 3, policy library module 4, certificate repository module 5 and consistency check module 6.
Strategy analyzing module 1 is used for the strategy that Requested Party imports into is resolved, and whether relates to responsive certificate in the determination strategy, relates to then transferring to tactful processing module 2 and handling, and does not relate to then transferring to certificate processing module 3 and handling;
Strategy processing module 2 is asked then from policy library module 4, to access corresponding strategy, return to the requesting party, and the strategy that will provide deposits in the consistency check module 6 in; The request that relates to responsive certificate of perhaps sending according to strategy analyzing module 1 accesses protection strategies from policy library module 4, return to the requesting party, and the protection strategy that will provide deposits in the consistency check module 6;
Certificate processing module 3 is used for from certificate repository module 5, accessing certificate and to certificate request side certificate chain being provided according to the sequence described in the strategy, and the certificate chain of receiving is deposited in the sequence sets module 7 in the consistency check module 6 according to order;
Policy library module 4 is used to store corresponding strategy; Comprise access control policy and consulting tactical; Wherein access control policy is the main policies that network security is taken precautions against and protected; Its task is to guarantee Internet resources not by illegal use and unauthorized access, and access control policy of the present invention has been stipulated the required credentials collection that provides of visit locked resource; Consulting tactical is participated in the certificate disclosure rules of the entity of trust negotiation, has expressed a kind of logical relation that entity is followed when accomplishing trust negotiation.Such as, the order that inter-entity message transmits and the various constraints of inter-entity etc.;
Certificate repository module 5 is used to store corresponding certificate; Certificate is the franchise attribute digital certificate of being issued by authoritative institution; The signature that comprises issuing organization; Credentials holder's PKIs etc. are used for main body is authorized, and the certificate major part that is used in the present invention is that the user issues by server;
Sequence sets module 7 is the Store Credentials chain in order;
Consistency check module 6 is used for the certificate chain and tactful consistency that verification is received, unanimity is then informed the success of requesting party's trust negotiation, and to the requesting party corresponding service is provided, otherwise informs the failure of requesting party's trust negotiation, to the requesting party service is not provided.
Referring to Fig. 2, the present invention adopts network attacking and defending games system that user's login system and the user collaborative system that adopts Verification System of the present invention is described.
A kind of network attacking and defending games system of the Verification System based on trust negotiation; Comprise several line modules 10, user management module 20, server trust negotiation module 30, system pass card module 40, network cooperating module 50 and degree of belief evaluation module 80, line module 10 comprises user log-in block 11 and users to trust negotiation module 12; User management module 20 comprises user's registration management module 21, user login management module 22, user gradation administration module 23 and subscriber information storing module 24; System closes card module 40 and comprises knowledge question module 41, Point Management Module 42 and specifically close card module 43; Network cooperating module 50 comprises WEB chat module 51 and online user management module 52.
The present invention adopts the user's login system based on the Verification System of trust negotiation, comprises line module 10, user management module 20 and server trust negotiation module 30, and line module 10 comprises user log-in block 11 and users to trust negotiation module 12; User management module 20 comprises user's registration management module 21, user login management module 22, user gradation administration module 23 and subscriber information storing module 24.
User log-in block 11 is used for the user and registers and login.
User's registration management module 21 is used to receive registration and the login that user log-in block 11 is carried out, and for the user who logins for the first time provides corresponding user's register interface, after the user registration success user profile is stored in the subscriber information storing module 24.
User login management module 22; Be used for user log-in block 11 is comprised username and password in the user profile that login process provides; Carry out verification through the user profile in the searching user's information memory module 14; After the verification succeeds, user profile is offered server trust negotiation module 30 further verify with identity and authority to the user.
User gradation administration module 23, the user gradation after the storage user is open to the custom.
Subscriber information storing module 24 storing subscriber information comprise username and password etc.
After user's registration, when logging in system by user, user log-in block 11 sends to user profile such as its own user name and password in the user login management module 22; And the corresponding outpost of the tax office of request visit, the user profile in the user login management module 22 searching user's information memory modules 24, and user profile carried out verification; User log-in block 11 login failures are then informed in the verification failure, and verification succeeds is then sent outpost of the tax office access request to server policy processing module 302, the outpost of the tax office access request that server policy processing module 302 is sent according to user login management module 22; According to the information such as user gradation in the user gradation administration module 23; From server policy library module 304, access corresponding strategy, return to users to trust negotiation module 12, and strategy is kept in the server consistency check module 306; The strategy that subscriber policy parsing module 121 reception server strategy processing modules 302 in the users to trust negotiation module 12 are returned; Give user certificate processing module 123, user certificate processing module 123 requires from user certificate library module 125, to search corresponding certificate according to strategy, forms certificate chain; And certificate chain sent to server certificate processing module 303; Server certificate processing module 303 is deposited into certificate chain in the server sequence sets 307 in the server consistency check module 306 according to order, and the strategy of server 306 pairs of these certificate chains of consistency check module and preservation carries out verification simultaneously, and both are consistent; Inform that then user log-in block 11 consults successfully; User log-in block 11 can be visited the corresponding outpost of the tax office, otherwise informs user log-in block 11 negotiation failures, and user log-in block 11 does not have the authority at the corresponding outpost of the tax office of visit.
When server consistency check module 306 informs that the user consults success; User log-in block 11 entering systems pass card module 40 is played; System closes card module 40 and comprises knowledge question module 41, Point Management Module 42 and specifically close card module 43; Knowledge question module 41 appears with the mode of multiple-choice question, relate to this outpost of the tax office the corresponding information security technology that will use; Point Management Module 42 is added up with the exercise question number of answering questions to the user's in the knowledge question module 41 answer number altogether, whenever answers questions a topic and gets a point, and statistics is sent in the concrete pass card module 43; The concrete card module 43 that closes is the main bodys of playing, and adopts the form at WEB interface, relates to the information security knowledge of various aspects in the outpost of the tax office, as: encrypting and decrypting, Information Hiding Techniques, the attack of denial of service device and wooden horse principle etc.When the user through concrete close card module 43 after, the information such as user integral and grade of specifically closing after card module is open to the custom the user send in the user gradation administration module 23.
In the process that the user plays; Can take network cooperating module 50 to work in coordination with recreation; Network system module 50 comprises WEB chat module 51 and online user management module 52; WEB chat module 51 is main interfaces of user communication, and it is embedded in the WEB interface of games system, can for the user provide private merely and function such as in the crowd, propaganda directed to communicate.The user also can select font and expression pattern according to self needs simultaneously.The user selects corresponding user and then triggers trust negotiation module separately from online user tabulation, set up basic trusting relationship through the both sides that hold consultation of trust negotiation module separately, and communication exchange is inquired into tackling key problem mode and synergistic operation.
Online user management module 52 is added up for the online user, and just arranges according to their grade, makes things convenient for the user to search and selects appropriate users to obtain to help or synergistic operation.
Degree of belief evaluation module 80 utilizes formula according to the concrete integration record that closes the user in the card module 43: accuracy rate=(user gets the deserved integration number of integration number/user in fact) * 100%.
Calculate user's accuracy rate; And draw user's corresponding credit rating according to the accuracy rate in-scope; Send in the user gradation administration module 23, make things convenient for the server policy processing module 302 in the server trust negotiation module 30 for the user different strategies to be provided according to corresponding credit rating.
Adopt the user collaborative system of the Verification System based on trust negotiation of the present invention, comprise at least two each and every one line modules, each line module contains the trust negotiation module of oneself, and each line module all connects mutually through network.
In conjunction with Fig. 3, be example with user's first trust negotiation module 60 with user's second trust negotiation module 70, specifically describe.
After user's first and the login of user's second, user's first and user's second entering system respectively close in card module 40 and the network cooperating module 50, when user's first is selected user's second and then triggered trust negotiation module separately from online user's tabulation.
At this moment, after user's first connects to the request of user's second, or after user's second connects to the request of user's first, user's first trust negotiation module 60 or user's second trust negotiation module 70 provide user's return information for the other side's trust negotiation module.If user's first is asked user's second; Then user's second is returned to access control policy of user's first; If user's second is asked user's first, then user's first is returned to access control policy of user's second, and illustrate with the course of work of user's first: the information that the user's first strategy analyzing module 601 judges second in user's first trust negotiation module 60 are returned is strategy or certificate; If then explaining user's first, strategy connects to user's second requesting cooperative; The strategy that 601 pairs of user's second of user's first strategy analyzing module trust negotiation module 70 is returned is resolved, and sees whether relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first; Then user's first strategy analyzing module 601 notifies user's first strategy processing module 602 to handle; User's first strategy processing module 602 accesses the protection strategy about responsive certificate in user's first policy library module 604, returns to the protection strategy of user's second trust negotiation module 70 about responsive certificate, if the analysis result of user's first strategy analyzing module 601 does not relate to responsive certificate; Then user's first strategy analyzing module 601 notifies user's first certificate processing module 603 to handle; The access control policy that user's first certificate processing module 603 is sent according to user's second accesses the certificate that strategy that the user's second in user's first certificate repository module 605 sends relates to, and returns to user's second trust negotiation module 70; If the information that user's first strategy analyzing module 601 judges second are returned is certificate; Explain that then user's second connects to the request of user's first, return to 70 1 access control policies of user's second trust negotiation module before user's first trust negotiation module 60, user's second trust negotiation module 70 is accomplished the action that above-mentioned user's first trust negotiation module 60 is accomplished; Return to user's first trust negotiation module 60 certificates; Then user's first strategy analyzing module 601 notifies user's first certificate processing module 603 to handle, and the certificate that user's first certificate processing module 603 is returned user's second is saved in user's first consistency check module 606, and whether the requirement of the strategy that before this certificate of user's first consistency check module 606 verifications and the user's first user's second is proposed is consistent; If it is consistent; Both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately; Otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
Trust voucher through the users to trust negotiation module 12 and the exchange of server trust negotiation module 30; Make the authenticity of 30 couples of users' of server trust negotiation module identity that further affirmation arranged; And give the user corresponding access rights according to the credit vouchers that the user submits to; And, make and to work in coordination with interchange between the user, common tackling key problem through exchange trust voucher between each users to trust negotiation module.
Referring to Fig. 4, a kind of login method that adopts the logging in system by user of the Verification System based on trust negotiation of the present invention may further comprise the steps:
Step 401, user log-in block sends to user profile such as user's its own user name and password in the user login management module, and the corresponding outpost of the tax office of request visit.
Step 402, the user profile in the user login management module searching user's information memory module is carried out verification to user profile, and the verification failure informs that then user log-in block login failure, verification succeeds then send outpost of the tax office access request to the server policy processing module.
Step 403; The outpost of the tax office access request that the server policy processing module is sent according to the user login management module; According to the information such as user gradation in the user gradation administration module; From the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module.
Step 404, the strategy that the subscriber policy parsing module reception server strategy processing module in the users to trust negotiation module is returned is given the user certificate processing module.
Step 405, the user certificate processing module requires from the user certificate library module, to search corresponding certificate according to strategy, forms certificate chain, and certificate chain is sent to the server certificate processing module.
Step 406, the server certificate processing module is deposited into certificate chain in the server sequence sets in the server consistency check module according to order.
Step 407; The strategy that server consistency check module is preserved the certificate chain and the server policy processing module of the preservation of server certificate processing module carries out verification; Both are consistent, inform that then user log-in block consults successfully, and user log-in block can be visited the corresponding outpost of the tax office; Otherwise inform that the user consults failure, the user does not have the authority at the corresponding outpost of the tax office, orientation.
The mode that the server trust negotiation module is verified through the attribute of credit vouchers that user management module is submitted to is further confirmed user identity and the associated rights that the user had, and has improved security of system.
Referring to Fig. 5, a kind of Synergistic method that adopts the user collaborative system of the Verification System based on trust negotiation of the present invention may further comprise the steps:
Step 501, the information that the user's first strategy analyzing module judges second in user's first trust negotiation module is returned is strategy or certificate, if strategy execution in step 502 then, otherwise execution in step 505.
Step 502; The information that user's first strategy analyzing module is returned user's second is resolved, and sees whether to relate to the owned responsive certificate of user's first, if analysis result relates to the owned responsive certificate of user's first; Then execution in step 503, otherwise execution in step 504.
Step 503; User's first strategy analyzing module notifies user's first strategy processing module to handle; User's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module, returns to the protection strategy of user's second trust negotiation module about responsive certificate.
Step 504; User's first strategy analyzing module notifies user's first certificate processing module to handle; The access control policy that user's first certificate processing module is sent according to user's second; Access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module.
Step 505; User's first strategy analyzing module notifies user's first certificate processing module to handle; The certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, and whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent, if unanimity; Then execution in step 506, otherwise execution in step 507.
Step 506, both sides' relation of breaking the wall of mistrust, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately.
Step 507 is informed user's second negotiation failure, and both sides can not set up collaborative the connection.
Describe in the face of some notions among the present invention down:
Digital certificate (digital credential) is the digitization tools that is used for carrying correlated characteristics such as user identity/attribute.Because certificate is being represented user's identity, therefore, certificate must have verifiability and unforgeable.According to the purposes in different system, certificate can be divided into letter of identity and Attribute certificate.
Authentication (authentication) is used for confirming the authenticity of participant identity, through user identity is carried out consistency check, prevents to act as fraudulent substitute for a person the generation of phenomenon.Before trust negotiation begins, confirm whether the identity of communicating pair is legal, be the guarantee that system safety is maintained, also be the prerequisite of inspection subscriber authorisation, certificate exchange and system audit.The method of authentication mainly is whether inspection " user name-password " that the user submitted to is true.For the high system of level of security, then also need from the certificate that the user submits to, to extract the ability that identity information comes identifying user identity and user to be had.
Authorize (authorization) to be meant the certificate that analysis user is submitted to,, be the authority of user's assigns access resource according to the property value on the certificate.Which type of operating right the user has to resource, perhaps can enjoy which type of service, all is embodied in the mandate of system to the user.In trust management system, mainly be the corresponding control operation of excited users to resource to user's mandate based on authentication.
Strategy (policy) is used for resource conservation not by the validated user unauthorized access, thereby the standard validated user is to the operation of resource.Access control policy has determined in automated trust negotiation, to expose the sequencing of which certificate and the exposure of these certificates.Trust negotiation can be divided into service or protection of resources strategy and responsive certificate protection strategy according to the content difference of strategy protection.
According to the complexity of describing, access control policy can be divided into first strategy and compound strategy.Unit's strategy is a basic element of forming compound strategy, and their relation object is similar to the relation of metadata and data.Usually, certain operations is provided in the system, as " ∧/∨/! " realize the composition and the decomposition of compound strategy.
Article one, comprise in first strategy:
The publisher The holder Property Name Property value ...... The term of validity
Principle in the face of trust negotiation describes down:
Trust negotiation is the principle design according to the relation of breaking the wall of mistrust in our daily life.We usually run into the process that breaks the wall of mistrust and concern with the stranger in the daily life.For example we run into traffic police's visiting when driving; The traffic police needs us to show one's driving license; And we are in order to confirm traffic police's true identity; Often need the traffic police to show its police card, treat that the traffic police shows its police and demonstrate,proves the back we just show the driving license of self, a simple process of establishing trusting relationship that Here it is.In computer network, through the mutual disclosure of digital certificate and access control policy, the service or the requesting party of resource and the provider relation that automatically breaks the wall of mistrust.Here it is trust negotiation.
Illustrate the trust negotiation process:
Both sides in the trust negotiation process need to transmit mutually related credentials, after certificate obtains checking, just can visit related resource, for the describing mode of access strategy just like giving a definition:
Definition 1:P RBe the access strategy of related resource, P CAccess strategy for responsive certificate.F R(C1 ... Ck) be the certificate chain of access resources, F C(C1 ... Ck) for visiting the certificate chain of responsive certificate.Work as F RAnd F CThe certificate chain of representative could disclose corresponding resource and responsive certificate during for True.Representation is P R← F R(C1, C2 ..., Ck), P C← F C(C1, C2 ..., Ck).During for false, then underground corresponding resource and responsive certificate.
Definition 2:C1, C2 ... Ck has represented different credentials respectively, between them through logical symbol ∧ (also) and ∨ (or) the composition certificate chain is connected.After certificate chain after connecting obtains consistency check,, then return certificate chain F for what meet the demands ROr F CValue be true, otherwise be false.
F for example R(C1 ∧ C2 ∧ C3) certificate chain for providing to resource has only the C1 of working as, when C2, C3 all satisfy, and F RValue be true, P is arranged R← F R(C1, C2, C3).F and for example C(C1 ∨ C2 ∨ C3) is a certificate chain that provides to responsive certificate, works as C1, C2, have in three certificates of C3 one eligible, F then CValue be true, P is arranged C← F C(C1, C2, C3).
A user's integration situation is that the user understands what the reaction of information security knowledge, has also shown the size of user's capacity of customs clearance simultaneously from the side.Its authenticity through a certain outpost of the tax office of user that integration is high is comparatively credible, and the authenticity of the relatively low user of integration through a certain outpost of the tax office remained more the detection.Pass through formula:
Accuracy rate=(user gets the deserved integration number of integration number/user in fact) * 100%
Obtain user's accuracy rate, obtain following credit rating according to the scope of user's accuracy rate:
Accuracy rate 0%-10% 10%-35% 35%-65% 65%-90% 90%-100%
Credit rating 0 1 2 3 4
In the process of consulting, with credit rating index as a reference, the mode that different strategies is provided to the user of different credit ratings is the adaptive strategy pattern just.Credit rating is high more, and then the strategy in the negotiations process is simple more, and credit rating is low more, and consulting tactical is more complicated.
Instance 1: existing two users have the authority that can directly get into the outpost of the tax office, the 3rd pass, but first and second users' integration is different, and user's first has been answered questions the topic of all knowledge questions fully, and second has then answered all problems wrong.When login, first and second user's negotiations processes are following:
Referring to Fig. 6, the negotiations process of user's first:
User's first: submit username and password to, application obtains the authority of the 3rd pass;
Server: checking username and password, and inquiring user integration provide the tactful P that first can be visited the 3rd pass according to integration Third
User's first: the search certificate, and return F Fthird(C1 ∧ C2 ∧ C3);
Server: behind the certificate that checking user first transmits, inform and consult successfully;
Referring to Fig. 7, the negotiations process of user's second
User's second: submit username and password to, application obtains the authority of the 3rd pass;
Server: the checking username and password, the inquiring user integration provides the tactful P that second can be visited first pass according to integration First
User's second: the search certificate, return certificate F First(C1);
Server: authentication certificate C1, and return the tactful P of the second pass authority Second
User's second: the search certificate, return certificate F Second(C2);
Server: authentication certificate C2, and return the tactful P of the 3rd pass authority Third
User's second: the search certificate, return certificate F Third(C3);
Server: behind the certificate C3 that checking user second transmits, inform and consult successfully;
Here C1, C2 and C3 represent that respectively the user returns to user's corresponding authority certificate through one, two, three passes back system.
Different is that the user not only will hold consultation with server, also will hold consultation with the user to trust negotiation in trust negotiation in the network cooperating process and the login process.Guarantee the credibility of the other side's identity between user and the user through the certificate that self is had alternately, the relation of breaking the wall of mistrust, synergistic operation.
Instance 2: user's first and user's second all arrive the 4th pass, and the integration before two people is full marks, the 4th close require two users obtain respectively by system generate at random 1000 and 1500 with interior prime number, two prime numbers and be the password of being open to the custom.
This process can be explained as follows:
Referring to Fig. 8., Fig. 9, user's first: file an application to user's second, collaborative pipeline is set up in request, and submits the integration of oneself to;
User's second:, return the strategy of setting up communication and require P according to the integration of first Forth← F Forth(C1 ∧ C2 ∧ C3 ∧ C4), and self integration is provided;
User's first: return Credential Chain (C1 ∧ C2 ∧ C3 ∧ C4), and propose tactful P according to the integration of second Forth← F Forth(C1 ∧ C2 ∧ C3 ∧ C4);
User's second: the certificate that the checking first is submitted to, return Credential Chain (C1 ∧ C2 ∧ C3 ∧ C4);
User's first: the certificate that checking user second is submitted to;
Both sides consult success, link up the back decision and obtain 1000 with interior prime number by first, obtain 1500 with interior prime number by second;
Both sides send request to server respectively;
Server produce at random 1000 with interior prime number and 1500 with interior prime number, inform user's first and user's second respectively, and provide the digital certificate C contain this two numbers property value for them FirstAnd C Second
User's first and user's second are informed the numerical value that the other side oneself is had respectively, and exchange digital certificate C FirstAnd C Second
User's first and user's second respectively to server submit to two numbers with;
Server proposes to visit the tactful P of the 5th pass authority respectively to first and second C5← F C5(C First∧ C Second);
User's first and user's second are submitted self certificate Credential Chain (C respectively to First∧ C Second);
The certificate that server authentication two users submit to, and according to prime number property value and that the checking both sides submit to of certificate and whether correct.If correctly send the authority certificate C5 of the 5th pass to two people;
Both sides are open to the custom successfully.
Here C1, C2, C3, C4 and C5 represent the access rights certificate of one to five pass, C respectively FirstAnd C SecondRepresent respectively by server issues and give first and second, contain the certificate of selected random number property value.
Trust negotiation can be between the strange network entity of different security domains automatically, the dynamically relation of breaking the wall of mistrust through certificate exchange; Negotiator both sides can protect the sensitiveness resource of oneself through generating strategy, to the other side's the request control that conducts interviews; In the negotiations process, do not need the participation of trusted third party.
Because the present invention has adopted the system and method for trust negotiation authentication, can further carry out authentication, has guaranteed authenticating safety, thereby has increased the fail safe of network cooperating games system.
Above embodiment describes preferred implementation of the present invention; Be not that scope of the present invention is limited; Design under the prerequisite of spirit not breaking away from the present invention; Various distortion and improvement that the common engineers and technicians in this area make technical scheme of the present invention all should fall in the definite protection range of claims of the present invention.

Claims (8)

1. the Verification System based on trust negotiation is characterized in that, comprises strategy analyzing module (1), tactful processing module (2), certificate processing module (3), policy library module (4), certificate repository module (5) and consistency check module (6);
Said policy library module (4) is used for storage policy;
Said certificate repository module (5) is used for Store Credentials;
Said strategy analyzing module (1) is used for the strategy that imports into is resolved, and whether relates to responsive certificate in the determination strategy, relates to then transferring to tactful processing module (2) and handling, and does not relate to then transferring to certificate processing module (3) and handling;
Said tactful processing module (2) is used for accessing corresponding strategy from said policy library module (4), returns to the requesting party, and the strategy that will provide deposits in the consistency check module (6); The request that relates to responsive certificate of perhaps sending according to strategy analyzing module (1) accesses protection strategies from policy library module (4), return to the requesting party, and the protection strategy that will provide deposits in the consistency check module (6);
Said certificate processing module (3) is used for from said certificate repository module (5), accessing certificate and to certificate request side certificate chain being provided according to the sequence described in the strategy, and the certificate chain of receiving is deposited in the consistency check module (6) according to order;
Said consistency check module (6) is used for the certificate chain and tactful consistency that verification is received, unanimity is then informed the success of requesting party's trust negotiation, and to the requesting party corresponding service is provided, otherwise informs the failure of requesting party's trust negotiation, to the requesting party service is not provided.
2. the Verification System based on trust negotiation according to claim 1 is characterized in that, also comprises sequence sets module (7) in the said consistency check module (6), said sequence sets module (7) Store Credentials chain.
3. the employing logging in system by user based on the Verification System of trust negotiation according to claim 1 or claim 2 is characterized in that, comprises line module (10), user management module (20) and server trust negotiation module (30);
Said line module (10) sends to the user profile of self in the user management module (20), and proposes access request;
Said user management module (20) is carried out verification to user profile, and the verification failure informs that then said line module (10) login failure, verification succeeds then send access request to said server trust negotiation module (30);
Said server trust negotiation module (30) receives the access request that said user management module (20) is sent, and the user gradation information according in the said user management module (20) accesses corresponding strategy, returns to said line module (10), and strategy is preserved;
Said line module (10) receives the strategy that said server trust negotiation module (30) is returned, and requires to search corresponding certificate according to strategy, forms certificate chain, and certificate chain is sent to said server trust negotiation module (30);
Said server trust negotiation module (30) is preserved certificate chain according to order; And the strategy of this certificate chain and preservation carried out verification; Both are consistent; Inform that then said line module (10) consults successfully, said line module (10) can be visited accordingly, otherwise informs said line module (10) login failure.
4. logging in system by user according to claim 3; It is characterized in that; Said line module (10) comprises user log-in block (11) and users to trust negotiation module (12), and said users to trust negotiation module (12) comprises subscriber policy parsing module (121), subscriber policy processing module (122), user certificate processing module (123), subscriber policy library module (124), user certificate library module (125) and users consistency inspection module (126); Said user management module (20) comprises user's registration management module (21), user login management module (22), user gradation administration module (23) and subscriber information storing module (24); Said server trust negotiation module (30) comprises server policy parsing module (301), server policy processing module (302), server certificate processing module (303), server policy library module (304), server certificate library module (305) and server consistency check module (306);
Said user log-in block (11) sends to the user profile of self in the said user login management module (22), and sends access request;
Said user login management module (22) is inquired about the user profile in the said subscriber information storing module (24); And user profile carried out verification; The verification failure informs that then said user log-in block (11) login failure, verification succeeds then send access request to said server policy processing module (302);
The outpost of the tax office access request that said server policy processing module (302) is sent according to user login management module (22); According to the user gradation information in the said user gradation administration module (23); From server policy library module (304), access corresponding strategy; Return to users to trust negotiation module (12), and strategy is kept in the server consistency check module (306);
The strategy that subscriber policy parsing module (121) reception server strategy processing module (302) in the said users to trust negotiation module (12) is returned; Give said user certificate processing module (123); Said user certificate processing module (123) requires from said user certificate library module (125), to search corresponding certificate according to strategy; Form certificate chain, and certificate chain is sent to said server certificate processing module (303);
Said server certificate processing module (303) is deposited into certificate chain in the said server consistency check module (306) according to order; Said server consistency check module (306) is carried out verification to the strategy of this certificate chain and preservation; Both are consistent; Inform that then said user log-in block (11) consults successfully, said user log-in block (11) can be visited accordingly, otherwise informs that said user log-in block (11) lands failure.
5. logging in system by user according to claim 4 is characterized in that, also comprises server sequence sets module (307) in the said server consistency check module (306), said server sequence sets module (307) Store Credentials chain.
6. an employing user collaborative system according to claim 1 or claim 2 based on the Verification System of trust negotiation; It is characterized in that; Comprise at least two line modules, each line module includes the users to trust negotiation module of oneself, and each line module connects mutually through network;
User's first and user's second connect, and user's second is returned user's first information, and the information that user's first strategy analyzing module (601) the judges second in user's first trust negotiation module (60) is returned is strategy or certificate;
If strategy is then resolved it; See and whether relate to the owned responsive certificate of user's first; If analysis result relates to the owned responsive certificate of user's first; Then user's first strategy analyzing module (601) notifies user's first strategy processing module (602) to handle; User's first strategy processing module (602) accesses the protection strategy about responsive certificate in user's first policy library module (604), returns to the protection strategy of user's second trust negotiation module (70) about responsive certificate, if the analysis result of user's first strategy analyzing module (601) does not relate to responsive certificate; Then user's first strategy analyzing module (601) notifies user's first certificate processing module (603) to handle; The access control policy that user's first certificate processing module (603) is sent according to user's second accesses the certificate that strategy that the user's second in user's first certificate repository module (605) sends relates to, and returns to user's second trust negotiation module (70);
If the information that user's first strategy analyzing module (601) judges second is returned is certificate; Then notify user's first certificate processing module (603) to handle, the certificate that user's first certificate processing module (603) is returned user's second is saved in user's first consistency check module (606), and whether the requirement of the strategy that before this certificate of user's first consistency check module (606) verification and the user's first user's second is proposed is consistent; If it is consistent; Both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately; Otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
7. a login method that adopts the logging in system by user of claim 1 or 2 described Verification Systems based on trust negotiation is characterized in that, may further comprise the steps:
User log-in block sends to user profile such as user's its own user name and password in the user login management module, and proposes access request;
User profile in the user login management module searching user's information memory module; User profile is carried out verification; The verification failure informs that then user log-in block login failure, verification succeeds then send access request to the server policy processing module, the access request that the server policy processing module is sent according to the user login management module; According to the user gradation information in the user gradation administration module; From the server policy library module, access corresponding strategy, return to the users to trust negotiation module, and strategy is kept in the server consistency check module;
The strategy that subscriber policy parsing module reception server strategy processing module in the users to trust negotiation module is returned; Give the user certificate processing module; The user certificate processing module requires from the user certificate library module, to search corresponding certificate according to strategy; Form certificate chain, and certificate chain is sent to the server certificate processing module, the server certificate processing module is deposited into certificate chain in the server sequence sets in the server consistency check module according to order;
The strategy that server consistency check module is preserved the certificate chain and the server policy processing module of the preservation of server certificate processing module carries out verification; Both are consistent; Inform that then user log-in block consults successfully; User log-in block can be visited accordingly, otherwise informs that the user lands failure.
8. a Synergistic method that adopts the user collaborative system of claim 1 or 2 described Verification Systems based on trust negotiation is characterized in that, may further comprise the steps:
The information that user's first strategy analyzing module judges second in user's first trust negotiation module is returned is strategy or certificate;
If strategy; User's first strategy analyzing module is resolved it; See and whether relate to the owned responsive certificate of user's first; If analysis result relates to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first strategy processing module to handle, and user's first strategy processing module accesses the protection strategy about responsive certificate in user's first policy library module; Return to the protection strategy of user's second trust negotiation module about responsive certificate; If analysis result does not relate to the owned responsive certificate of user's first, then user's first strategy analyzing module notifies user's first certificate processing module to handle, the access control policy that user's first certificate processing module is sent according to user's second; Access the certificate that strategy that the user's second in user's first certificate repository module sends relates to, return to user's second trust negotiation module;
If certificate; User's first strategy analyzing module notifies user's first certificate processing module to handle, and the certificate that user's first certificate processing module is returned user's second is saved in user's first consistency check module, and whether the requirement of the strategy that before this certificate of user's first consistency check module verification and the user's first user's second is proposed is consistent; If it is consistent; Both sides' relation of breaking the wall of mistrust then, user's second can be worked in coordination with interchange with user's first, understands the sensitive information that has separately; Otherwise inform user's second negotiation failure, both sides can not set up collaborative the connection.
CN 200910242235 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods Expired - Fee Related CN101707613B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200910242235 CN101707613B (en) 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910242235 CN101707613B (en) 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods

Publications (2)

Publication Number Publication Date
CN101707613A CN101707613A (en) 2010-05-12
CN101707613B true CN101707613B (en) 2012-12-12

Family

ID=42377803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910242235 Expired - Fee Related CN101707613B (en) 2009-12-10 2009-12-10 Authentication system based on trust negotiation and user login and collaboration systems and methods

Country Status (1)

Country Link
CN (1) CN101707613B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101951375B (en) * 2010-09-21 2014-02-19 北京信息科技大学 Trust assessment-based adaptive trust negotiation system and method
CN107864159A (en) * 2017-12-21 2018-03-30 有米科技股份有限公司 Communication means and device based on certificate and trust chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1791024A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Authentic remote service heat deploying method
CN1790982A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Method and system for realizing trust identification based on negotiation communication
CN1791117A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Service computing system based on service and underlying resource separation
WO2006056992A3 (en) * 2004-11-28 2008-01-17 Calling Id Ltd Obtaining and assessing objective data relating to network resources

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006056992A3 (en) * 2004-11-28 2008-01-17 Calling Id Ltd Obtaining and assessing objective data relating to network resources
CN1791024A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Authentic remote service heat deploying method
CN1790982A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Method and system for realizing trust identification based on negotiation communication
CN1791117A (en) * 2005-12-26 2006-06-21 北京航空航天大学 Service computing system based on service and underlying resource separation

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
.《一种基于隐藏证书的自动信任协商模型》.《计算机科学》.2006,第33卷(第12期),全文.
.《基于属性的信任协商模型》.《华中科技大学学报(自然科学版)》.2006,第34卷(第5期),全文. *
廖振松等&#1048577
廖振松等􀀁.《一种基于隐藏证书的自动信任协商模型》.《计算机科学》.2006,第33卷(第12期),全文. *

Also Published As

Publication number Publication date
CN101707613A (en) 2010-05-12

Similar Documents

Publication Publication Date Title
US20230216669A1 (en) Systems and methods for communication, storage and processing of data provided by an entity over a blockchain network
CN102959559B (en) For the method producing certificate
CN103856477B (en) A kind of credible accounting system and corresponding authentication method and equipment
Winn Open Systems, Free Markets, and Regulation of Internet Commerce
CN107181765A (en) Network digital identity identifying method based on block chain technology
CN109962890B (en) Block chain authentication service device and node admission and user authentication method
EP3376708A1 (en) Anonymous communication system and method for subscribing to said communication system
Abu-Shanab et al. Security and Fraud Issues of E-banking
CN109688119A (en) In a kind of cloud computing can anonymous traceability identity identifying method
CN108683626A (en) A kind of data access control method and device
WO2018088475A1 (en) Electronic authentication method and program
CN109741800A (en) The method for security protection of medical data intranet and extranet interaction based on block chain technology
KR20060032888A (en) Apparatus for managing identification information via internet and method of providing service using the same
CN102377573A (en) Double-factor authentication method capable of securely updating password
Hsiao et al. Electronic voting systems for defending free will and resisting bribery and coercion based on ring anonymous signcryption scheme
CN103858377A (en) Method for managing and checking data from different identity domains organized into a structured set
CN107248997A (en) Authentication method based on smart card under environment of multi-server
CN101707613B (en) Authentication system based on trust negotiation and user login and collaboration systems and methods
CN103281180A (en) Method of generating bill for protecting user access privacy in network service
Burr et al. Sp 800-63-1. electronic authentication guideline
Lu et al. BEvote: Bitcoin-enabled E-voting scheme with anonymity and robustness
Al Fairuz et al. Multi-channel, Multi-level Authentication for More Secure eBanking.
Pan et al. Enhanced name and vote separated E‐voting system: an E‐voting system that ensures voter confidentiality and candidate privacy
Noam et al. Realizing privacy aspects in blockchain networks
CN108205781A (en) Internet Electronic Finance authentification of message system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121212

Termination date: 20151210

EXPY Termination of patent right or utility model