CN102801524B - Trust-theory-based trusted service system based on trusted authentication system - Google Patents
Trust-theory-based trusted service system based on trusted authentication system Download PDFInfo
- Publication number
- CN102801524B CN102801524B CN201210194306.6A CN201210194306A CN102801524B CN 102801524 B CN102801524 B CN 102801524B CN 201210194306 A CN201210194306 A CN 201210194306A CN 102801524 B CN102801524 B CN 102801524B
- Authority
- CN
- China
- Prior art keywords
- service
- trust
- trusted
- module
- negotiation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a trust-theory-based trusted service system based on a trusted authentication system. The system is characterized by comprising four modules, namely a combined public key (CPK) identity authentication-based trusted authentication module, a trusted computing module in line with temporary service and rapid service reconfiguration, an intelligent agent technology-based autonomous trust negotiation module meeting requirements for service dynamics and an automation degree, and a fuzzy non-homogeneous Markov system and multivariate regression analysis-based service trusted prediction module. Compared with the prior art, the system has the advantages that software can be modeled in an early design stage of software development, and an alleviation scheme is made by unified threatening modeling driving software evaluation according to possible threats, so that the security of the software is greatly improved.
Description
Technical field
The present invention relates to Network Security Service field of engineering technology; Particularly relate to a kind of trusted service platform of service-oriented computing.
Background technology
Service-oriented computing (Service-Oriented Computing, SOC), also service compute (Service Computing) is called for short, its core concept is assembled into one " service network " by the application component be distributed on network, its loosely-coupled feature can produce across tissue and computing platform flexibly, the application of operation flow and agility dynamically.Service under SOC can be supported fast, low cost, interoperable, the application of extendible extensive distribution, these can both meet the needs of current computer application development, also be that Modern service complexity improves constantly the needs with dynamic evolution, the developing direction of software engineering technology especially, represents the latest development direction of Distributed Calculation and software development.
Service-oriented computing environment typically has following characteristics: (1) service has opening, sharing, dynamic, each branch service possibility isomerism and typical distributed nature; (2) also have the changeable and personalization of demand for services to differ greatly, serve and need dynamic realtime to combine and quick service restructuring etc.; (3) also have automaticity high, partial dependency trust negotiation means; (4) in addition, often there is again the individual difference XOR space-time dynamic transition property in information imperfection and asymmetry, concept connotation essence ambiguousness or understanding between service entities, response speed requirement is high.
Obviously, the These characteristics of service-oriented computing environment causes its Dependability Problem to face great challenge.At present, the supplementary specification of some web services is mainly contained, as WS-Security, WS-Security Policy, WS-Security Conversation, WS-Federation, security assertion markup language (SAML), the strategy that conveys a message (XACML), XML Key Management Specification (XKMS), XML encryption and XML digital signature etc. for the safety of serving and Dependability Problem.How WS-Trust normalized definition sends and exchanging safety token, it provides some expansions to WS-Security specification, the issue of special disposal regarding safety tokens, renewing and checking, guarantee that the interoperability of each side participant is in a security data exchange environment trusty.Which kind of authentication mode it just, from interface defines trusting relationship, does not specify to ensure credibility.
In fact, the trusted context under a service-oriented computing environment be unable to do without the traditional rigid safe basic demand of bottom, and it needs the authentic authentication technology of a kind of advanced person to build the authentic authentication system of whole network environment; On the other hand, because the entity in the network of service-oriented computing is all with some subjective factors of people, and be core as a kind of trust of social capital of informal system role in Social Interaction in human society, also can not be substituted.Therefore, mutual between each entity under services computing environment also must the trust decisions of heavy dependence they self
As can be seen here, any hard safe way only relying on traditional safe practice measure, or only relying on the soft safe way based on trusting credible safeguards technique of the theoretical modern times for core, being all worthless, being difficult to meet its omnibearing credible demand.To meet under services computing environment credible demand end to end, then must have the credible safeguards technique for service-oriented computing environment unique characteristics.The trusted service theoretical based on trust only on authentic authentication system basis is only feasible.
The essential characteristic of serving under the present invention is directed to service-oriented computing environment, take trusted service as target, in conjunction with the credible security technology that traditional information security technology and trust theory are core, aim to provide one and can meet the supplier of service and the solution of the omnibearing credible demand of consumer.
Summary of the invention
Based on above-mentioned prior art Problems existing, the present invention proposes the trusted service system theoretical based on trust on a kind of authentic authentication system basis, for the unique characteristics of service-oriented computing environment, propose the credible platform of service in conjunction with the credible security technology of CPK bottom authentication techniques and modern times advanced person, to ensure opening, under dynamic environment, can carry out quick, reliable, safe mutual between entity, belong to security fields.
The invention provides on a kind of authentic authentication system basis based on trusting theoretical trusted service system, this system comprises four modules, namely based on Conbined public or double key CPK identification authentication authentic authentication module, meet transient service and quick service restructuring trust can computing module, meet that service dynamic need and automaticity require, based on the automated trust negotiation module of intelligent agent technology, the credible prediction module of service based on fuzzy nonhomogeneous Markov system and multiple regression analysis, wherein:
Authentic authentication module, for identity authentic authentication, the transmission authentic authentication of data and the dynamic stability maintenance of service of service entities, with the trusted logic of serving and service ID certificate for certification foundation,
Trust can computing module, for transient service layout, the quick trust of dynamic services composition and quick service restructuring produces the factor and excavates, this trust can comprise in the concrete operations in computing module: trusting relationship initialization, based on the quick trust generation mechanism of cognition, the quick trust conceptual model of ontology-driven, the time-space dynamic comprised based on time sequencing coding maps the derivation relationship set up between the generic service Ontological concept collection of service-oriented computing environment and concept, be based upon the quick trust Domain-specific ontology that cognitive frame reasoning draws, comprehensive generic service Ontological concept collection noted earlier and fast trust Domain-specific ontology concept, ontology Integration is carried out to the two, set up the quick trust conceptual model under service-oriented computing network environment on this basis,
Automated trust negotiation module, for service behavior signature analysis, the behavior segmentation relying on trust negotiation, extraction and ontology describing, ontology Integration, the design and implimentation of intelligent agent, the automated trust negotiation based on pre-activity; Concrete operations in this automated trust negotiation module comprise:
Service entities is analyzed in the behavioural characteristic of specific background and event and behavioral requirements, to the formalized description of part employing based on ontology-driven wherein needing dependence trust negotiation, then the Ontological concept in different specific transactions flow process or field is integrated, strictly portray the body matter of automated trust negotiation and credible demand;
According to the method for BDI+ ontology inference, design is applicable to the automated trust negotiation intelligent agent modular structure under service-oriented computing environment, and then develops the intelligent agent satisfied the demands;
On the basis of the authentic authentication of service entities above, authentic authentication is carried out to the intelligent agent of dynamically emerging in large numbers in service compute, ensure that it is satisfied credible demand before execution automated trust negotiation; And after entering into the process of automated trust negotiation, service entities with its representative is carried out man-to-man automatic reliable binding by intelligent agent, meanwhile, entrusting entity the main contents of trust negotiation, trusted policy, trust general knowledge or axiom level to be trusted knowledge, the chain of trust structure of real-time change and the item that should be noted that is injected in intelligent agent;
The mode based on pre-activity is adopted to stimulate each service entities relevant information to exchange; Trusted is taked to consult on there is the factor affecting trust negotiation between the service entities under services computing environment in advance, at utmost meet the information availability of automated trust negotiation, and carry out automated trust negotiation in this, as the Main Basis of respective trust negotiation;
Serve credible prediction module, realize predicting the credibility of service-oriented computing network environment, the concrete operations of the credible prediction module of this service are as follows:
Adopt the method for Optimizing Queries from the credible essential information trusting and retrieve credit database entity to be predicted, and according to time sequencing, they are sorted, build the time series string of research object, analyze this time series, determine the basic parameter of nonhomogeneous Markov system, comprise the parent population parameter and basic parameter that determine transition probability, build the nonhomogeneous Markov system and transition probability matrix thereof of satisfying the demand;
The causality of service entities trust and prestige dynamic change is affected under researching and analysing service compute network environment, excavate the element of service causing this change, and combine the general knowledge of trusting change, design a series of fuzzy inference rule for State Transferring on this basis;
Graph of a relation between the key element of the service credibility transition in analysis of history record and service credibility, determine the quantitative relation formula between these key elements, employing least square method estimates unknown parameter wherein; Intend adopting total regression method, initial setting significance level, statistic software SPSS auxiliary under, determine coefficient and the linear correlation order of each independent variable under given significance level of regression equation, determine the weight of the credible forecast model of each leisure accordingly; The comprehensive fuzzy nonhomogeneous the reasoning results of Markov system and the result of multiple regression analysis, then according to the weighted of each factor, adopt the mode of fuzzy reasoning and convex combination to realize merging superposition to result, so just achieve the credibility prediction of practical requirement; Analysis meter calculates the error of credible prediction and the actual running results, and adopt the method for dynamical feedback to credibility predict the outcome carry out backtracking revise, progressively realize error minimization.
Described ID certificate comprises certificate body and expanded body, in certificate body, and the subjectivity and objectivity attribute of service entities in whole service execution life cycle and the relation between them under Analysis Service computing environment, and Formal specification language and checking are carried out to it; And in expanded body, dynamically portray the identification field of service entities, security domain, service entities is by the Partition of role of the grade classification of authority class, the service entities under special services environment, corresponding private key and relevant parameter.
Compared with prior art, the present invention in the preliminary design phase of software development, can carry out modeling to software, and by unified Threat moulding drive software assessment, and then make mitigation scheme according to the threat that may exist, substantially increase the fail safe of software.
Accompanying drawing explanation
Fig. 1 is of the present invention based on CPK identification authentication and modern trusted service platform of trusting the theoretical advanced trusted technology for core;
Fig. 2 is the quick trust conceptual model under service-oriented computing network environment;
E1: elapsed time-space two-dimensional map after all space lengths; E2: service-conformance;
E3: the service interaction of based role; E4: the voluntary and enthusiasm degree of service entities;
E5: the sharpening degree of service role; E6: the sensitiveness of service entities; E7: service response time;
E8: the reliability of the relevant information of service entities (comprising ISP, service user and network infrastructure) and authenticity;
E9: the degree of uncertainty under special services environment;
E10: the resource intake of service action and degree of risk thereof.
Fig. 3 is that the automated trust negotiation of service-oriented computing network environment realizes;
Fig. 4 is the credible Predicting Technique route of service.
Embodiment
Below in conjunction with accompanying drawing and preferred embodiment, to according to embodiment provided by the invention, structure, feature and effect thereof, be described in detail as follows.
Be illustrated in figure 1 the system configuration schematic diagram of trusted service system of the present invention.
This trusted service platform is divided into four parts, namely based on Conbined public or double key CPK identification authentication authentic authentication module, meet transient service and quick service restructuring trust can computing module, meet that service dynamic need and automaticity require, based on the automated trust negotiation module of intelligent agent technology, based on the credible prediction module of service of fuzzy nonhomogeneous Markov system and multiple regression analysis.
1, under service-oriented computing environment based on the service authentic authentication module of CPK identification authentication
Service under service-oriented computing environment has typical opening, distributed nature, service entities has Dynamic Changes etc., therefore, want to set up the authentic authentication system under services computing environment, in trusted logic and ID certificate two, all must consider the specific demand of services computing environment in credible.Trusted logic is the theoretical foundation realizing authentic authentication system, and ID certificate is the core component realizing trusted logic.The present invention is portrayed by the service constraints on ID certificate and trusted logic, realizes the credible certification of the service entities under service-oriented computing environment.
(1) design of trusted logic, mainly to serve meeting property of realization condition to prove the credibility of service entities in identity and in the data of transmission.The service realization condition intending considering comprises prestige degree need satisfaction, the smoothness of communication for service, the authenticity of service data transfer, the dynamic change of service environment is on the impact of service execution, service entities completes the ability of part or all of calculation services, the conflict of service interaction inter-entity and paradox etc. key element, certification meeting basis is at service registry (Re), the integraty (Ti) of proof that service entities is credible and carrying out based on the interpretability three aspect constraints in logic of the transmission object (data or additional authentication information etc.) of symmetric key.
(2) design of ID certificate, mainly within it structurally research is launched in the aspect such as (i.e. certificate body and expanded body), considers the particularity of services computing environment.On immanent structure, the subjectivity and objectivity attribute of service entities in whole service execution life cycle (comprising all processes such as service registry, service request, service response, service connection, service interaction and service evaluation) and the relation between them under plan labor services computing environment, and Formal specification language and checking are carried out to it; And in expanded body, dynamically portray the identification field of service entities, security domain, service entities is by main contents such as the Partition of role of the grade classification of authority class, the service entities under special services environment, corresponding private key and relevant parameters.
2, the trust meeting transient service and quick service restructuring can computing module
The quick trust generation factor excavation that transient service layout, dynamic services composition and quick service are recombinated need be met.Under service-oriented computing network environment, in order to meet the credibility of the services such as transient service layout, dynamic services composition and quick service restructuring, except the real-time that will ensure response speed in network environment (factor of system that service entities and network response speed etc. are comparatively complicated may be comprised) and required service and dynamic, on the basis of the authentic authentication system particularly crucially set up above, realize the quick trust decisions between service entities (comprising ISP, service user and network infrastructure).The computation model of this module is see Fig. 2.The present invention will set about from the following aspect:
(1) the credible Formal specification language based on the transient service of ontology-driven and quick service restructuring and checking on the one hand, is studied.Analyze the ageing feature of transient service and quick service restructuring, adopt based on time sequencing coding (Temporary Sequential Marker, TSM) time-space dynamic mapping techniques, design surface is to the general ontology concept set of services computing environment, set up the derivation relationship between concept, this is the important prerequisite setting up quick service response;
(2) on the other hand, study the trusting relationship initial method of service-oriented computing network environment and trust generation mechanism fast.Traditional trusting relationship initialization mainly relies on direct interaction, recommendation, historical review etc., but in the face of quick trusting relationship, owing to extremely lacking these information, especially direct interaction and historical record, just seems at a loss what to do.The present invention intends analysing in depth the theoretical research result of trusting in uncertainty, fragility and risk etc. from the angle of social recognition, excavate the initial method of quick trusting relationship and trust generation mechanism fast, quick trust ontology concept finally by service entities is portrayed, and builds the Domain-specific ontology concept of the quick trust in services computing environment;
(3) the general ontology concept set of the space-time two-dimension mapping towards transient service and quick service restructuring comprehensively designed above and the Domain-specific ontology concept of quick trust drawn in cognitive frame reasoning, ontology Integration is carried out to the two, set up the quick trust conceptual model under service-oriented computing network environment on this basis, as shown in Figure 2, the impact of setting up quick trust model relates to the interdependency belonging to service fragility, role pays close attention to intensity and category), belong to the probabilistic complex environment factor of service) and belong to the action of serving risk.The parameter belonging to the sex factor that interdepends has: e1: elapsed time-space two-dimensional map after all space lengths; E2: service-conformance; E3: the service of based role is exchanged; E4: the voluntary and enthusiasm degree of service entities; Belong to the parameter that role pays close attention to intensity factor to have: e
5: the sharpening degree of service role; e
6: the sensitiveness of service entities; The parameter belonging to the category factor has: e
7: service response time; e
8: the reliability of the relevant information of service entities (comprising ISP, service user and network infrastructure) and authenticity; The parameter belonging to the complex environment factor has: e
9: the degree of uncertainty of special services environment; The parameter belonging to action intensity factor has e
10: the resource intake of service action and degree of risk thereof.
(4) Dempster-Shafer evidence theory is expanded to be applicable to quick trust flaw, according to the quick trust conceptual model set up above, the degree of belief initial value under several typical scene is arranged on by quick trusting relationship initial method, consider that each quick trust produces the influence mode of the factor in trusting fast, design one and accurately and effectively matching can trust computing function fast, and adopt minimum some principle in evidence theory to decide the weight allocation problem of each factor of influence, realize the computability of trusting fast, design thus and trust algorithm fast and programming realization,
(5) design a series of service network for the trusting relationship initial value arranged above and trust scene fast, can the emulation tested of computation model and checking to final quick trust, determine its feasibility and validity.
3, based on the automated trust negotiation module of intelligent agent technology
Under service-oriented computing network environment, due to network environment and faced by the property complicated and changeable of service interaction partner, the behavior of service entities has dynamic modificability, complexity high, in most service scenarios, except needing by except the automation means of software program, some needs to rely on trust negotiation.The present invention, dissecting on the basis of the personalized difference of miscellaneous service flow process in time-domain and background etc. in detail, carries out formalized description to the trust negotiation of service, replaces service entities itself to perform automated trust negotiation function with intelligent agent.Overall technology thinking as shown in Figure 3.
Be implemented as follows:
(1) under condition miscellaneous service flow process retrained in special time territory and background etc., from service request, service response, service and decision-making, service execution, the many-side such as service monitoring dissects its service entities behavioural characteristic during this period and behavioral requirements analysis, and then by function automation desirability, type segmentation is carried out to it, to the formalized description of part employing based on ontology-driven wherein needing dependence trust negotiation, then the Ontological concept in different specific transactions flow process or field is integrated, strictly portray the body matter of automated trust negotiation and credible demand.
(2) according to the construction design method of BDI+ ontology inference, design is applicable to the automated trust negotiation intelligent agent modular structure under service-oriented computing environment, and then develops the intelligent agent satisfied the demands.BDI model lays particular emphasis on formal description conviction, hope (desire) and intention (intention), and wherein intelligent agent is made up of sensing module, inference machine, communication module, knowledge base, database, controller and effect module etc.; Its core inference machine describes by BDI model formization trusts correlation factor, and utilizes ontology inference method to carry out information processing and interpretation of result.
(3) on the basis of the authentic authentication of service entities above, authentic authentication is carried out to the intelligent agent of dynamically emerging in large numbers in service compute, ensure that it is satisfied credible demand before execution automated trust negotiation.And after entering into the process of automated trust negotiation, service entities (trust entity) with its representative is carried out man-to-man automatic reliable binding by intelligent agent, meanwhile, entrust entity the main contents of trust negotiation, trusted policy, trust general knowledge or axiom level to be trusted knowledge etc., the chain of trust structure of real-time change and the item etc. that should be noted that to be injected in intelligent agent.
(4) be the unified interface of the open intelligent agent of service entities of all automated trust demands, realized synchronism and the monitoring in real time of automated trust negotiation by centralized management, to meet trust negotiation number of requests demand in large scale.Likely there is poor information between the service entities in addition under service-oriented computing environment, trust the factor that imperfection etc. affects trust negotiation, intend adopting the mode based on pre-activity (proactive) to stimulate each service entities relevant information to exchange, at utmost meet the information availability of automated trust negotiation, and carry out automated trust negotiation as the Main Basis of respective trust negotiation.
4. consider the credible prediction module of service of trusting ambiguity and dynamic
Safeguards technique for trusted service is studied, the credibility prediction of service-oriented computing network environment is the significant challenge that a very complicated difficulty is very large, entirely accurate, can absolutely Forecasting Methodology substantially can not exist, this is mainly because the uncertainty of network environment is 100%, and the entity class related in service interaction life cycle is various, structure inequality, subjectivity in essence and independence etc. make the behavior of these service entities be difficult to expect, sometimes or even milli random.However, add up a large amount of statistical methods and the ability of autonomous learning, serve credible Variance trend sometimes or can predict and obtain.The present invention intends the credibility change of the shift method analog service entity adopting Markov random process, simultaneously based on multiple regression analysis, asymptotic matching is carried out to the tendency of credibility, seasonality and randomness etc., thus instruct user effectively to evade risks of trust.Credible Predicting Technique route is as shown in Figure 4, specific as follows:
(1) adopt the method for Optimizing Queries from the credible essential information trusting and retrieve credit database entity to be predicted, and according to time sequencing, they are sorted, the time series string of tectonic cycle period object, analyze this time series, determine the basic parameter (comprising the parent population parameter and basic parameter that determine transition probability) of nonhomogeneous Markov system, construct the nonhomogeneous Markov system and transition probability matrix thereof of satisfying the demand.
(2) causality of service entities trust and prestige dynamic change is affected under researching and analysing service compute network environment, excavate the element of service causing this change, and combine the general knowledge of trusting change, as a series of fuzzy inference rule for State Transferring of Main Basis design.
(3) graph of a relation between the key element (independent variable) of the service credibility transition in analysis of history record and service credible (dependent variable), determine the quantitative relation formula between these key elements, employing least square method estimates unknown parameter wherein.Intend adopting total regression method, initial setting significance level, SPSS software auxiliary under, determine coefficient and the linear correlation order of each independent variable under given significance level of regression equation, determine the weight of the credible forecast model of each leisure accordingly.
(4) the comprehensive fuzzy nonhomogeneous the reasoning results of Markov system and the result of multiple regression analysis, then according to the weighted of each factor, adopt the mode of fuzzy reasoning and convex combination to realize merging superposition to result, so just achieve the credibility prediction of practical requirement.In order to check the significant degree of credible prediction, analysis meter calculates the error of credible prediction and the actual running results, and adopts the method for dynamical feedback to predict the outcome to credibility to carry out backtracking correction, progressively realize error minimization.
The consumer of service is divided into: interim nonregistered user and registered user.The supplier of service is registered user.The authentic authentication module of this system of the present invention is that all registered users distribute the identification of trusted certificate for inter-entity and the transmitting of data.
Suppose the consumer ClientA served, being gone out by the service-seeking functional inquiry of platform can the set of service CollectionA (comprising the relevant parameter such as price of each service) of practical function FunctionA, the credible prediction module of the service of platform is according to the nonhomogeneous Markov system of the information structuring of set of service CollectionA simultaneously, determine the coefficient of regression equation and the linear correlation order of each independent variable, determine the weight of the credible forecast model of each leisure accordingly.The comprehensive fuzzy nonhomogeneous the reasoning results of Markov system and the result of multiple regression analysis, then according to the weighted of each factor, the mode of fuzzy reasoning and convex combination is adopted to realize merging superposition to result, obtain the credible predicted value of each service in CollectionA, select for ClientA.
ClientA is selected satisfied pre-interactive service ServerA from CollectionA, is connected by the supplier ServerA of authentic authentication module and ServerA;
Authentic authentication module detects whether ClientA is registered user, if A is interim nonregistered user, authentic authentication module is that ClientA distributes a temporary credentials, for setting up reliable connection between ClientA and ServerA.The quick trust of platform can trust the credibility setting up transaction between algorithm evaluation ServerA and ClientA, for providing decision support for ServerA and ClientA according to quick by computing module simultaneously.
If ClientA is registered user, then the automated trust negotiation module of platform provides intelligent agent and ClientA and ServerA to bind one to one, meanwhile, the main contents of trust negotiation, trusted policy, trust general knowledge or axiom level are trusted knowledge etc., the chain of trust structure of real-time change and the item etc. that should be noted that and are injected in respective intelligent agent by ClientA and ServerA.The intelligent agent of ClientA communicates with the unified interface of the intelligent agent of ServerA by intelligent agent, for it carries out trust negotiation, for the foundation of both trusting relationships provides decision support.
Build the sketch plan of software systems, decompose software systems, model that the Key Asset these three of recognition software system jointly realizes helper applications analysis and design personnel can understand major benefit relevant people, Key Asset, Solution Architecture, the system functional model of software systems in the design phase that SDLC is early stage.Identify and modeling software threaten can helper applications analysis and design personnel the design phase that SDLC is early stage understand the software security that produces in the reciprocal process of software systems threaten between relation, this is that follow-up security evaluation has established solid foundation.The threat that software is potential effectively can be found based on attack path assessment software security, then formulate mitigation scheme according to the result of software security assessment and determine its priority, application relaxes the design of improved scheme software systems, relaxes software and threatens, strengthen the fail safe of software systems.
By the work of above six parts, in the preliminary design phase of software development, modeling can be carried out to software, and by unified Threat moulding drive software assessment, and then make mitigation scheme according to the threat that may exist, substantially increase the fail safe of software.
Claims (2)
1. on an authentic authentication system basis based on trusting theoretical trusted service system, it is characterized in that, this system comprises four modules, namely based on Conbined public or double key CPK identification authentication authentic authentication module, meet transient service and quick service restructuring trust can computing module, meet that service dynamic need and automaticity require, based on the automated trust negotiation module of intelligent agent technology, the credible prediction module of service based on fuzzy nonhomogeneous Markov system and multiple regression analysis, wherein:
Authentic authentication module, for identity authentic authentication, the transmission authentic authentication of data and the dynamic stability maintenance of service of service entities, with the trusted logic of serving and service ID certificate for certification foundation,
Trust can computing module, for transient service layout, the quick trust of dynamic services composition and quick service restructuring produces the factor and excavates, this trust can comprise in the concrete operations in computing module: trusting relationship initialization, based on the quick trust generation mechanism of cognition, the quick trust conceptual model of ontology-driven, the time-space dynamic comprised based on time sequencing coding maps the derivation relationship set up between the generic service Ontological concept collection of service-oriented computing environment and concept, be based upon the quick trust Domain-specific ontology that cognitive frame reasoning draws, comprehensive generic service Ontological concept collection noted earlier and fast trust Domain-specific ontology concept, ontology Integration is carried out to the two, set up the quick trust conceptual model under service-oriented computing network environment on this basis,
Automated trust negotiation module, for service behavior signature analysis, the behavior segmentation relying on trust negotiation, extraction and ontology describing, ontology Integration, the design and implimentation of intelligent agent, the automated trust negotiation based on pre-activity; Concrete operations in this automated trust negotiation module comprise:
Service entities is analyzed in the behavioural characteristic of specific background and event and behavioral requirements, to the formalized description of part employing based on ontology-driven wherein needing dependence trust negotiation, then the Ontological concept in different specific transactions flow process or field is integrated, strictly portray the body matter of automated trust negotiation and credible demand;
According to the method for BDI+ ontology inference, design is applicable to the automated trust negotiation intelligent agent modular structure under service-oriented computing environment, and then develops the intelligent agent satisfied the demands;
On the basis of the authentic authentication of service entities above, authentic authentication is carried out to the intelligent agent of dynamically emerging in large numbers in service compute, ensure that it is satisfied credible demand before execution automated trust negotiation; And after entering into the process of automated trust negotiation, service entities with its representative is carried out man-to-man automatic reliable binding by intelligent agent, meanwhile, entrusting entity the main contents of trust negotiation, trusted policy, trust general knowledge or axiom level to be trusted knowledge, the chain of trust structure of real-time change and the item that should be noted that is injected in intelligent agent;
The mode based on pre-activity is adopted to stimulate each service entities relevant information to exchange; Trusted is taked to consult on there is the factor affecting trust negotiation between the service entities under services computing environment in advance, at utmost meet the information availability of automated trust negotiation, and carry out automated trust negotiation in this, as the Main Basis of respective trust negotiation;
Serve credible prediction module, realize predicting the credibility of service-oriented computing network environment, the concrete operations of the credible prediction module of this service are as follows:
Adopt the method for Optimizing Queries from the credible essential information trusting and retrieve credit database entity to be predicted, and according to time sequencing, they are sorted, build the time series string of research object, analyze this time series, determine the basic parameter of nonhomogeneous Markov system, comprise the parent population parameter and basic parameter that determine transition probability, build the nonhomogeneous Markov system and transition probability matrix thereof of satisfying the demand;
The causality of service entities trust and prestige dynamic change is affected under researching and analysing service compute network environment, excavate the element of service causing this change, and combine the general knowledge of trusting change, design a series of fuzzy inference rule for State Transferring on this basis;
Graph of a relation between the key element of the service credibility transition in analysis of history record and service credibility, determine the quantitative relation formula between these key elements, employing least square method estimates unknown parameter wherein; Intend adopting total regression method, initial setting significance level, statistic software SPSS auxiliary under, determine coefficient and the linear correlation order of each independent variable under given significance level of regression equation, determine the weight of the credible forecast model of each leisure accordingly; The comprehensive fuzzy nonhomogeneous the reasoning results of Markov system and the result of multiple regression analysis, then according to the weighted of each factor, adopt the mode of fuzzy reasoning and convex combination to realize merging superposition to result, so just achieve the credibility prediction of practical requirement; Analysis meter calculates the error of credible prediction and the actual running results, and adopt the method for dynamical feedback to credibility predict the outcome carry out backtracking revise, progressively realize error minimization.
2. on authentic authentication system basis as claimed in claim 1 based on trusting theoretical trusted service system, it is characterized in that, described ID certificate comprises certificate body and expanded body, in certificate body, the subjectivity and objectivity attribute of service entities in whole service execution life cycle and the relation between them under Analysis Service computing environment, and Formal specification language and checking are carried out to it; And in expanded body, dynamically portray the identification field of service entities, security domain, service entities is by the Partition of role of the grade classification of authority class, the service entities under special services environment, corresponding private key and relevant parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210194306.6A CN102801524B (en) | 2012-06-13 | 2012-06-13 | Trust-theory-based trusted service system based on trusted authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210194306.6A CN102801524B (en) | 2012-06-13 | 2012-06-13 | Trust-theory-based trusted service system based on trusted authentication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102801524A CN102801524A (en) | 2012-11-28 |
| CN102801524B true CN102801524B (en) | 2015-01-21 |
Family
ID=47200498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210194306.6A Expired - Fee Related CN102801524B (en) | 2012-06-13 | 2012-06-13 | Trust-theory-based trusted service system based on trusted authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102801524B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161036B (en) * | 2016-08-18 | 2019-04-23 | 福建联迪商用设备有限公司 | A kind of mobile station (MS) state transition method and system of credit |
| CN107659654B (en) * | 2017-09-29 | 2019-08-09 | 清华大学 | The efficient method and device of calling to account of cloudy data integrity damage based on prestige |
| CN108521405B (en) * | 2018-03-20 | 2020-12-11 | 咪咕文化科技有限公司 | Risk control method and device and storage medium |
| CN111797431B (en) * | 2020-07-07 | 2023-04-28 | 电子科技大学 | Encrypted data anomaly detection method and system based on symmetric key system |
| CN114021857A (en) * | 2021-12-03 | 2022-02-08 | 武汉绿色网络信息服务有限责任公司 | Agent-based self-trust negotiation prediction method, system and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714100A (en) * | 2009-11-27 | 2010-05-26 | 东南大学 | Trust negotiation constructing method for internetware main body system under dynamic interaction network environment |
-
2012
- 2012-06-13 CN CN201210194306.6A patent/CN102801524B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714100A (en) * | 2009-11-27 | 2010-05-26 | 东南大学 | Trust negotiation constructing method for internetware main body system under dynamic interaction network environment |
Non-Patent Citations (2)
| Title |
|---|
| 许光全,冯志勇,李晓红,陈锦言.基于时间顺序标码的可计算的信任评价模型.《计算机应用》.2010,(第3期),第663-667页、第694页. * |
| 陈洁,许光全.可信软件系统中基于模糊集理论的信任推理模型研究.《天津师范大学学报(自然科学版)》.2008,(第4期),第77-80页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102801524A (en) | 2012-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sasikumar et al. | Blockchain-based trust mechanism for digital twin empowered Industrial Internet of Things | |
| Deebak et al. | Privacy-preserving in smart contracts using blockchain and artificial intelligence for cyber risk measurements | |
| Lee et al. | A reputation and knowledge based trust service platform for trustworthy social internet of things | |
| Moradi et al. | An earned value model with risk analysis for project management under uncertain conditions | |
| CN102801524B (en) | Trust-theory-based trusted service system based on trusted authentication system | |
| Reuter et al. | Artificial neural networks for forecasting of fuzzy time series | |
| Wang et al. | Chatgpt for computational social systems: From conversational applications to human-oriented operating systems | |
| Arabzadeh et al. | Construction cost estimation of spherical storage tanks: artificial neural networks and hybrid regression—GA algorithms | |
| Kaur et al. | Neuro fuzzy—COCOMO II model for software cost estimation | |
| Yousefi et al. | Exploring the role of blockchain technology in improving sustainable supply chain performance: a system-analysis-based approach | |
| Chen et al. | Differentiated security levels for personal identifiable information in identity management system | |
| Singh et al. | A strategic roadmap to overcome blockchain technology barriers for sustainable construction: A deep learning-based dual-stage SEM-ANN approach | |
| Bhowmik et al. | Machine learning and deep learning models for privacy management and data analysis in smart cites | |
| Hou et al. | A study on decentralized autonomous organizations based intelligent transportation system enabled by blockchain and smart contract | |
| Althar et al. | Automated risk management based software security vulnerabilities management | |
| Kumar et al. | Development of a cloud-assisted classification technique for the preservation of secure data storage in smart cities | |
| Silva et al. | Towards federated learning: An overview of methods and applications | |
| Alsina et al. | A neural network approach to find the cumulative failure distribution: Modeling and experimental evidence | |
| Gupta et al. | Evaluation, selection and ranking of software reliability growth models using multi criteria decision making approach | |
| Hemmati et al. | Optimization redundancy allocation problem with nonexponential repairable components using simulation approach and artificial neural network | |
| Nath | Mobilising transformative community-based climate change adaptation | |
| CN114386436A (en) | Text data analysis method, model training device and computer equipment | |
| Manias et al. | AI4Gov: Trusted AI for Transparent Public Governance Fostering Democratic Values | |
| Skare et al. | A large‐scale decision‐making model for the expediency of funding the development of tourism infrastructure in regions | |
| Anyonyi et al. | The Role of AI in IoT Systems: A Semi-Systematic Literature Review |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150121 Termination date: 20210613 |