CN103840945A - Method for establishing digital certificate trust based on Social Networking Services - Google Patents
Method for establishing digital certificate trust based on Social Networking Services Download PDFInfo
- Publication number
- CN103840945A CN103840945A CN201410103125.7A CN201410103125A CN103840945A CN 103840945 A CN103840945 A CN 103840945A CN 201410103125 A CN201410103125 A CN 201410103125A CN 103840945 A CN103840945 A CN 103840945A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- belief
- degree
- social networks
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for establishing digital certificate trust based on the Social Networking Services. The method comprises the steps that a digital certificate generated by digital certificate management software is issued through the Social Networking Services; the digital certificate is obtained through the Social Networking Services; the digital certificate is verified; the digital certificate is evaluated and the credibility is set for the digital certificate; an evaluation and the credibility which correspond to the verified digital certificate are issued through the Social Networking Services. The method for establishing the digital certificate trust based on the Social Networking Services is constructed. According to the method, an existing trust relationship in the Social Networking Services can be used and mapped to the credibility of the digital certificate and the method has the advantages of being easy to conduct and verify.
Description
Technical field
The present invention relates to information security technology, be specifically related to digital certificate and set up technology.
Background technology
Digital certificate is the data structure of a kind of user bound PKI and user identity.This binding relationship is confirmed by a certificate authority conventionally.Certificate authority is by the content generating digital signature to digital certificate, and the content of confirming digital certificate is believable, and certain PKI belongs to certain user.User obtains after certain digital certificate, and the appended digital signature of checking digital certificate is confirmed the source of certain digital certificate, and trusts certain digital certificate because believing certain CA.Certificate authority need to be responsible for certificate granting, revoke, the work such as certificate content verification, and between different CA, also needed interoperability, therefore set up specially the system that is called Public Key Infrastructure(PKI) and completed these work.
PKI system more complicated, the mode that people have proposed another SPKI/SDSI in practice allows user determine freely the confidence level of certain PKI.In this mode, user's identity represents with PKI, determines the user's of certain PKI representative confidence level by local policy.A difficult problem of this thinking is that user confirms that the binding relationship between PKI and entity that certain is concrete is more difficult.
Perfect secret protection (PGP) system has provided a kind of method of the binding relationship of determining certain PKI and user of system.In PGP, each user can be served as CA self-signing certificate, proves the corresponding relation of certain identity and PKI.The relying party of a PGP is by collecting the certificate about same identity and PKI of different user, and to the certificate distribution of different user signature different put letter grade, thereby calculate intuitively the confidence level of the binding relationship of an identity and PKI.
The solution that password (IBC) system based on identity provides is more direct, and each user's identity is exactly this user's PKI.Therefore, in the time that the relying party of IBC system can confirm certain user's identity, with regard to certain acquisition this user's PKI.But IBC system inconvenience is that the acquisition of above-mentioned benefit has a prerequisite, require exactly relying party and user to be investigated must have a set of open parameter of identical trust, this has limited the ability of IBC system solution trust problem to a certain extent.
The method of these above-mentioned basic solution trust problem mostly appeared at before the more than ten years, and social networks is also very unpopular at that time.But current, almost each people that can surf the Net can both participate in social networks, and everyone carries out with the people of the own circle of being concerned about by platforms such as microblogging, QQ space, micro-letters alternately.Such present situation impels us to consider to set up the trust systems based on digital certificate based on social networks.
Summary of the invention
The object of the invention is to propose a kind of digital certificate Trust Establishment method based on social networks, it can solve in background technology in more complicated, the inconvenience while being related to that break the wall of mistrust, be not easy the problem that realizes.
In order to achieve the above object, the technical solution adopted in the present invention is as follows:
A digital certificate Trust Establishment method based on social networks, it comprises the following steps:
Issue the digital certificate by digital certificate management Software Create by social networks;
Obtain digital certificate by social networks;
Digital certificate is verified;
Degree of belief is evaluated and arranged to digital certificate;
Issue the evaluation corresponding with the digital certificate of verifying and degree of belief by social networks.
Preferably, the source file that the digital certificate of issue is digital certificate or for pointing to the link of source file of described digital certificate.
Preferably, when obtaining digital certificate, also obtain the evaluation corresponding with described digital certificate and degree of belief.Further preferred, if the quantity n of the degree of belief of obtaining, in the time of n=0, degree of belief is shown as 0, and in the time of n >=1, degree of belief shows mean value.
Preferably, described in, be evaluated as the text of any printable character composition.
Preferably, described social networks is one or more in QQ space, micro-letter circle of friends, Sina's microblogging.
The present invention has following beneficial effect:
Compared with prior art, the binding relationship of identity and PKI is by the friend recommendation of own familiar circle, or issue, authenticity is easy to verify by the interaction in circle, and by the mode of evaluating, can make wrong recommendation identified.With the comparison of PKI system, this present invention does not obviously need CA, more simple; Compared with SPKI/SDSI, user of the present invention confirms that the binding of identity and PKI is easy; Compared with PGP, the present invention does not need each user to sign and issue the binding relationship of identity and certificate, and must meet certain standard; Compared with IBC, the present invention does not need the unified believable parameter of the overall situation.
The present invention is applicable to use digital certificate to carry out the field of safeguard protection, comprises the fields such as ecommerce, E-Government, product false proof.
Accompanying drawing explanation
Fig. 1 is the flow chart of the digital certificate Trust Establishment method based on social networks of preferred embodiment of the present invention.
Embodiment
Below, by reference to the accompanying drawings and embodiment, the present invention is described further.
As shown in Figure 1, a kind of digital certificate Trust Establishment method based on social networks, it comprises the following steps:
Issue the digital certificate by digital certificate management Software Create by social networks; Wherein, the source file that the digital certificate of issue is digital certificate or for pointing to the link of source file of described digital certificate;
Obtain digital certificate by social networks; Wherein, when obtaining digital certificate, also obtain the evaluation corresponding with described digital certificate and degree of belief.Further preferred, if the quantity n of the degree of belief of obtaining, in the time of n=0, degree of belief is shown as 0, and in the time of n >=1, degree of belief shows mean value;
Digital certificate is verified;
Degree of belief is evaluated and arranged to digital certificate;
Issue the evaluation corresponding with the digital certificate of verifying and degree of belief by social networks, wherein, described in be evaluated as the text of any printable character composition.
The social networks of the present embodiment is one or more in QQ space, micro-letter circle of friends, Sina's microblogging.
Particularly, user can use the digital certificate of any Software Create oneself.Then user issues the digital certificate of self by social networks.User also can obtain by social networks other user's digital certificate.For digital certificate arbitrarily, user can arrange degree of belief to digital certificate, and can evaluate other user's digital certificate, and user can issue by social networks evaluation and the degree of belief of other customer digital certificate.
When wherein user issues digital certificate, issue digital certificate itself, or issue a link of digital certificate.The digital certificate that the content that user obtains while obtaining other customer digital certificate by social networks comprises other user, the evaluation of other customer digital certificate, and the degree of belief of other customer digital certificate.When user arranges degree of belief to digital certificate, the degree of belief of digital certificate is classification, comprise credible, substantially credible, uncertain, insincere four ranks, with numeral 4,3,2,1 respectively represent.When user evaluates other customer digital certificate, user's evaluation is the text of any printable character composition of inputting of user.When user issues the evaluation of other customer digital certificate and degree of belief, the content of issue comprises other user at unique identity information of social networks and the digest value of other customer digital certificate.
Below, in conjunction with concrete application case (take Sina's microblogging as example), the present embodiment is elaborated.
1. generating digital certificate:
User can come for oneself generates a digital certificate with free certificate management software Kleopatra, and utilizes this software to be published to the server pgp.mit.edu of acquiescence, and user has just had the open link of sensing self certificate like this, for example
http://pgp.mit.edu:11371/pks/lookup?search=0x4304E401。
2. issue digital certificate
User can login the Sina's microblogging account number of oneself, issues above-mentioned link, announces oneself to have an effective digital certificate to the people who pays close attention to oneself.For example: # digital certificate #http: //pgp.mit.edu:11371/pks/lookup search=0x4304E401.
3. obtain digital certificate
Client is used Sina's microblogging account login, obtain the people that user pays close attention in Sina's microblogging, and search for the microblogging that comprises digital certificate link that these people issue and the comment about this microblogging, return to a list, comprise paid close attention to people, digital certificate link, comment, this four item numbers certificate of degree of belief, wherein degree of belief is extracted from comment.For example be evaluated as " digital signature # degree of belief #4 of good authentication ", the degree of belief of extracting from this evaluation is so exactly " 4 ".Suppose that certain digital certificate links the evaluation that comprises n, the degree of belief of extracting in each evaluation may be different, the degree of belief of the digital certificate that user obtains so just need to be calculated from this n different degree of belief, conventional method is exactly the degree of belief using the mean value of this n degree of belief as this digital certificate, also can use numerical value minimum in these degree of beliefs as degree of belief.If certain digital certificate is also without any evaluation, the degree of belief of the digital certificate that user obtains is so set to 0, represent not have can reference evaluation and degree of belief.
4. evaluate digital certificate
For each the digital certificate link obtaining, user makes comments, and the situation that oneself uses this digital certificate is described, for example: use certain digital certificate to verify a good friend's signature.The process of concrete certifying signature is used specified signature verification algorithm in PKI in digital certificate and digital certificate, and whether certifying signature value is correct.
5. degree of belief is set
For each digital certificate link obtaining, if the degree of belief of digital certificate is 0, or user wishes to adjust the degree of belief of certain digital certificate, and user can arrange or adjust degree of belief with the experience of this digital certificate according to oneself so.For example: user Zhang San, from network, obtain Li Si's digital certificate link, degree of belief is 0.Then Zhang San uses this link digital certificate pointed to verify one and claims to be Li Si's signature, after checking is correct, Zhang San is by other credible channel, for example face-to-face or video, whether inquiry Li Si once signed this signature of Zhang San's checking, if Li Si confirms, this digital certificate link " digital certificate link that used and obtained good friend to confirm " exactly so, it is 4 that degree of belief can be set.
6. issue and evaluate and degree of belief
For the link of each digital certificate obtaining, user can issue by the mode of the evaluating microblogging that comprises this link from the degree of belief of the content of evaluating and setting to paid close attention to people is issued.For example " digital signature # degree of belief #4 of good authentication ".
The present invention is based on social networks, constructed the Trust Establishment method of digital certificate, the method can be utilized the trusting relationship having existed in social networks, and this trusting relationship is mapped as to the confidence level of digital certificate, has and is easy to realize, easily the advantage of checking.
For a person skilled in the art, can be according to technical scheme described above and design, make other various corresponding changes and distortion, and these all changes and distortion all should belong to the protection range of the claims in the present invention within.
Claims (6)
1. the digital certificate Trust Establishment method based on social networks, is characterized in that, comprises the following steps:
Issue the digital certificate by digital certificate management Software Create by social networks;
Obtain digital certificate by social networks;
Digital certificate is verified;
Degree of belief is evaluated and arranged to digital certificate;
Issue the evaluation corresponding with the digital certificate of verifying and degree of belief by social networks.
2. the digital certificate Trust Establishment method based on social networks as claimed in claim 1, is characterized in that, the source file that the digital certificate of issue is digital certificate or for pointing to the link of source file of described digital certificate.
3. the digital certificate Trust Establishment method based on social networks as claimed in claim 1, is characterized in that, also obtains the evaluation corresponding with described digital certificate and degree of belief when obtaining digital certificate.
4. the digital certificate Trust Establishment method based on social networks as claimed in claim 3, is characterized in that, if the quantity n of the degree of belief of obtaining, in the time of n=0, degree of belief is shown as 0, and in the time of n >=1, degree of belief shows mean value.
5. the digital certificate Trust Establishment method based on social networks as claimed in claim 1, is characterized in that, described in be evaluated as the text of any printable character composition.
6. the digital certificate Trust Establishment method based on social networks as claimed in claim 1, is characterized in that, described social networks is one or more in QQ space, micro-letter circle of friends, Sina's microblogging.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410103125.7A CN103840945A (en) | 2014-03-19 | 2014-03-19 | Method for establishing digital certificate trust based on Social Networking Services |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410103125.7A CN103840945A (en) | 2014-03-19 | 2014-03-19 | Method for establishing digital certificate trust based on Social Networking Services |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103840945A true CN103840945A (en) | 2014-06-04 |
Family
ID=50804114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410103125.7A Pending CN103840945A (en) | 2014-03-19 | 2014-03-19 | Method for establishing digital certificate trust based on Social Networking Services |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103840945A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888415A (en) * | 2010-06-30 | 2010-11-17 | 创想空间软件技术(北京)有限公司 | Peer-to-peer network user credit system |
| CN102890695A (en) * | 2011-02-10 | 2013-01-23 | 微软公司 | User interfaces for personalized recommendations |
| CN103490884A (en) * | 2012-09-28 | 2014-01-01 | 卡巴斯基实验室封闭式股份公司 | System and method for verification of digital certificates |
| US20140012666A1 (en) * | 2012-07-06 | 2014-01-09 | Opentv, Inc. | Transferring digital media rights in social network environment |
| CN103631898A (en) * | 2013-11-19 | 2014-03-12 | 西安电子科技大学 | Multimedia social network reputation value calculating method based on strong and weak contact feedback |
-
2014
- 2014-03-19 CN CN201410103125.7A patent/CN103840945A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888415A (en) * | 2010-06-30 | 2010-11-17 | 创想空间软件技术(北京)有限公司 | Peer-to-peer network user credit system |
| CN102890695A (en) * | 2011-02-10 | 2013-01-23 | 微软公司 | User interfaces for personalized recommendations |
| US20140012666A1 (en) * | 2012-07-06 | 2014-01-09 | Opentv, Inc. | Transferring digital media rights in social network environment |
| CN103490884A (en) * | 2012-09-28 | 2014-01-01 | 卡巴斯基实验室封闭式股份公司 | System and method for verification of digital certificates |
| CN103631898A (en) * | 2013-11-19 | 2014-03-12 | 西安电子科技大学 | Multimedia social network reputation value calculating method based on strong and weak contact feedback |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Azrour et al. | Internet of things security: challenges and key issues | |
| KR101977109B1 (en) | Large simultaneous digital signature service system based on hash function and method thereof | |
| CN107948143B (en) | Identity-based privacy protection integrity detection method and system in cloud storage | |
| KR101594056B1 (en) | Social network based pki authentication | |
| US10742426B2 (en) | Public key infrastructure and method of distribution | |
| CN109104284B (en) | Block chain anonymous transmission method based on ring signature | |
| CN102035846B (en) | Social network user identity authentication method based on relation statement | |
| CN108933667A (en) | A kind of management method and management system of the public key certificate based on block chain | |
| CN105656859A (en) | Secure online upgrade method and system for tax control equipment software | |
| CN106341232A (en) | Anonymous entity identification method based on password | |
| Chen et al. | Private reputation retrieval in public–a privacy‐aware announcement scheme for VANETs | |
| CN104901804A (en) | User autonomy-based identity authentication implementation method | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| Thiago Moecke et al. | Usable secure email communications: criteria and evaluation of existing approaches | |
| Buccafurri et al. | Social signature: Signing by tweeting | |
| KR20180057468A (en) | Hybrid pki-based drone authentication system and drone management server | |
| CN110945833A (en) | Method and system for multi-mode identification network privacy protection and identity management | |
| KR101635598B1 (en) | Method, device, and system for authentication | |
| Chaurasia et al. | Authentication in cloud computing environment using two factor authentication | |
| JP2015231177A (en) | Device authentication method, device authentication system, and device authentication program | |
| CN103986724A (en) | Real-name authentication method and system for e-mail | |
| CN103840945A (en) | Method for establishing digital certificate trust based on Social Networking Services | |
| JP6122399B2 (en) | Terminal authentication method using client certificate, terminal authentication system, and program | |
| García et al. | Is Europe ready for a pan-European identity management system? | |
| KR20140074791A (en) | System and method for proxy signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140604 |