CN105453510B

CN105453510B - The method and apparatus that evidence for enhancing privacy is assessed

Info

Publication number: CN105453510B
Application number: CN201380078694.4A
Authority: CN
Inventors: 闫峥
Original assignee: Nokia Technologies Oy
Current assignee: Nokia Technologies Oy
Filing date: 2013-08-20
Publication date: 2018-08-31
Anticipated expiration: 2033-08-20

Abstract

It is a kind of for enhance privacy evidence assessment method may include：It will be sent to first network entity from requesting node for the request of Pre-Evaluation information related with the proof data of target object；In response to requesting node described in the good authentication at the second network entity, the Pre-Evaluation information is obtained from first network entity；And the Pre-Evaluation information is based at least partially on to calculate the evidence assessment of the target object, the wherein described Pre-Evaluation information includes the proof data of the re-encrypted of the target object associated with one or more time slots, and wherein, by using the re-encrypted key from the second network entity, based in part on the encrypted proof data for the target object collected from one or more evidence providers in association time slot by first network entity, the proof data of the re-encrypted of the target object at the association time slot is obtained.

Description

The method and apparatus that evidence for enhancing privacy is assessed

Technical field

The present invention relates generally to social communications.More particularly, the present invention relate to enhance the side of the evidence of privacy assessment Method and device.

Background technology

Modem communications era has had resulted in the very big extension of communication network.Communication service provider and equipment manufacturers face The continuing challenge faced is to deliver value and facility to consumer for example, by providing noticeable network service, application and content Property.The exploitation of the communication technology facilitates the expectation to the The Insatiable of new function.One interested field is exploitation for branch It is accredited according to assessment or trust evaluation service and technology, in order to provide calculate and group network system in trust information.Current Method for evaluating trust commonly used various theories polymerize the trust evidence collected from each side and evaluator itself or trust data, For use in calculating trust value.In the case of social networking, a large amount of social data is collected to assess to each social activity The degree of belief of entity, for reliable social networking and communication.However, polymerization or the collected data of processing may influence original The privacy of beginning data providing or evaluated people.This is because the privacy about people can be found by excavating collected clear data Clue, such as daily routines, preference or interest, in many cases system or service user this possibly can not be received, thus Greatly affect the final success of credit system or computing system or service.Preferably, collected data be encrypted and Handled in a manner of encrypted, and authorized party can access final process result, for enhance all sides of data or with received The privacy of the relevant entity of data of collection.

Invention content

This specification describes the solution for protecting the evidence of privacy to assess.Term " evidence " herein can be with Including related target object (for example, consignee, by watcher or by assessment entity (such as service, application, event, user or group Net node)) knowledge, wherein such knowledge may include for example：About target object performance and quality feedback, seen Observe about the factor of target object, other entities to the recommendation of target object or opinion, the correlation handled for target object Information or data, statistical data related with target object, a kind of voting (such as " liking it "), etc. to target object.

According to the first aspect of the invention, it provides a method comprising：It will be for the proof data with target object The request of related Pre-Evaluation information is sent to first network entity from requesting node；In response to the success at the second network entity The requesting node is verified, the Pre-Evaluation information is obtained from first network entity；And it is based at least partially on described pre- comment Information is estimated to calculate the evidence assessment of the target object, wherein the Pre-Evaluation information includes and one or more time slot phases The proof data of the re-encrypted of the associated target object, and wherein, by using the weight from the second network entity New encryption key is collected in association time slot from one or more evidence providers based in part on by first network entity The target object encrypted proof data, obtain it is described association time slot at the target object the re-encrypted Proof data.

According to the second aspect of the invention, a kind of device is provided comprising：At least one processor；And including meter At least one processor of calculation machine program code, at least one processor and the computer program code be configured as with At least one processor makes described device at least together：It will be for Pre-Evaluation related with the proof data of target object The request of information is sent to first network entity；In response to the good authentication described device at the second network entity, from the first net Network entity obtains the Pre-Evaluation information；And the Pre-Evaluation information is based at least partially on to calculate the target object Evidence is assessed, wherein the Pre-Evaluation information includes adding again for the target object associated with one or more time slots Close proof data, and wherein, by using the re-encrypted key from the second network entity, based in part on by The encrypted evidence for the target object that first network entity is collected at association time slot from one or more evidence providers Data obtain the proof data of the re-encrypted of the target object at the association time slot.

According to the third aspect of the invention we, a kind of computer program product is provided comprising carry and be embodied in wherein Computer-readable medium for the computer program code being used together with computer, the computer program code include： For first network will to be sent to from requesting node for the request of Pre-Evaluation information related with the proof data of target object The code of entity；For in response to requesting node described in the good authentication at the second network entity, being obtained from first network entity The code of the Pre-Evaluation information；And the target object is calculated for being based at least partially on the Pre-Evaluation information The code of evidence assessment, wherein the Pre-Evaluation information includes the target object associated with one or more time slots The proof data of re-encrypted, and wherein, by using the re-encrypted key from the second network entity, at least partly According to the encryption for the target object collected from one or more evidence providers in association time slot by first network entity Proof data, obtain it is described association time slot at the target object the re-encrypted proof data.

According to the fourth aspect of the invention, a kind of device is provided comprising：Send component, for will for target The request of the related Pre-Evaluation information of proof data of object is sent to first network entity；Obtain component, in response to Good authentication described device at second network entity obtains the Pre-Evaluation information from first network entity；And component is calculated, The evidence assessment of the target object is calculated for being based at least partially on the Pre-Evaluation information, wherein the Pre-Evaluation Information includes the proof data of the re-encrypted of the target object associated with one or more time slots, and wherein, leads to It crosses using the re-encrypted key from the second network entity, time slot is being associated with based in part on by first network entity The encrypted proof data for the target object collected from one or more evidence providers, obtains at the association time slot The proof data of the re-encrypted of the target object.

Accoding to exemplary embodiment, one or more of evidence providers may include the requesting node.For institute The request for stating Pre-Evaluation information may include the voucher for verifying the requesting node.In the exemplary embodiment, exist May include from the encrypted proof data of the target object of corresponding evidence provider collection at association time slot：By described Corresponding evidence provider uses the encrypted card of the target object obtained from the encryption key from the second network entity According to data.In a further exemplary embodiment, be based at least partially on homomorphic encryption scheme, can first network entity everywhere Manage the encrypted evidence number for the target object collected from one or more of evidence providers at the association time slot According to.

Accoding to exemplary embodiment, in the proof data for being associated with the re-encrypted of the target object at time slot May include：By using the public keys of the requesting node obtain it is described association time slot at the target object plus Close proof data.For example, the evidence assessment of the target object can be calculated by following：It is asked by using described The private cipher key for seeking node decrypts the proof data of the re-encrypted of the target object；And it is based at least partially on The decrypted result of the proof data of the re-encrypted of the target object estimates that the evidence of the target object is commented Estimate.Optionally, described in the local evidence record of the target object can be used for being based at least partially at the requesting node Pre-Evaluation information is assessed to calculate the evidence of the target object.In the exemplary embodiment, can by the requesting node from First network entity obtains the statistical information for the association time slot, and the evidence to calculate the target object is commented Estimate.

According to the fifth aspect of the invention, it provides a method comprising：By first network entity assembles and one or The encrypted proof data of multiple associated target objects of time slot；In response to from requesting node receive for the target The request is forwarded to the second network reality by the request of the related Pre-Evaluation information of proof data of object from first network entity Body；In response to requesting node described in the good authentication at the second network entity, re-encrypted key is received from the second network entity； And the Pre-Evaluation information is sent to the requesting node, to calculate the evidence assessment of the target object, wherein institute The proof data that Pre-Evaluation information includes the re-encrypted of the target object associated with one or more of time slots is stated, And wherein, by using the re-encrypted key, based in part at association time slot from one or more evidences The encrypted proof data for the target object that provider collects obtains the institute of the target object at the association time slot State the proof data of re-encrypted.

According to the sixth aspect of the invention, a kind of device is provided comprising：At least one processor；And including meter At least one processor of calculation machine program code, at least one processor and the computer program code be configured as with At least one processor makes described device at least together：Collect target object associated with one or more time slots Encrypted proof data；In response to being received from requesting node for Pre-Evaluation related with the proof data of the target object The request of information forwards the request to another device；In response to asking section described in the good authentication at another device Point receives re-encrypted key from another device；And the Pre-Evaluation information is sent to the requesting node, so as to Calculate the evidence assessment of the target object, wherein the Pre-Evaluation information includes associated with one or more of time slots The target object re-encrypted proof data, and wherein, by using the re-encrypted key, at least partly Ground is obtained according to the encrypted proof data for the target object collected from one or more evidence providers at association time slot To the proof data of the re-encrypted of the target object at the association time slot.

According to the seventh aspect of the invention, a kind of computer program product is provided comprising carry and be embodied in wherein Computer-readable medium for the computer program code being used together with computer, the computer program code include： Code for the encrypted proof data by first network entity assembles target object associated with one or more time slots； For in response to receiving the request for Pre-Evaluation information related with the proof data of the target object from requesting node, The request is forwarded to the code of the second network entity from first network entity；For in response at the second network entity at Work(verifies the requesting node, and the code of re-encrypted key is received from the second network entity；And it is used for the Pre-Evaluation Information is sent to the requesting node to calculate the code that the evidence of the target object is assessed, wherein the Pre-Evaluation letter Breath includes the proof data of the re-encrypted of the target object associated with one or more of time slots, and wherein, By using the re-encrypted key, collected from one or more evidence providers based in part at association time slot The target object encrypted proof data, obtain it is described association time slot at the target object the re-encrypted Proof data.

According to the eighth aspect of the invention, a kind of device is provided comprising：Collect component, for collect with one or The encrypted proof data of multiple associated target objects of time slot；Forwarding component, in response to being received from requesting node Request for Pre-Evaluation information related with the proof data of the target object, forwards the request to another device； Receiving member, in response to requesting node described in the good authentication at another device, weight to be received from another device New encryption key；And send component, for the Pre-Evaluation information to be sent to the requesting node, to calculate the mesh Mark the evidence assessment of object, wherein the Pre-Evaluation information includes the target associated with one or more of time slots The proof data of the re-encrypted of object, and wherein, by using the re-encrypted key, based in part on closing The encrypted proof data for joining the target object collected from one or more evidence providers at time slot, obtains in the pass Join the proof data of the re-encrypted of the target object at time slot.

Accoding to exemplary embodiment, the device in six/eighth aspect of the present invention may include first network entity, And another device in six/eighth aspect of the present invention may include the second network entity.Accoding to exemplary embodiment, It is based at least partially on homomorphic encryption scheme, can be associated at time slot from one or more in processing at first network entity The encrypted proof data for the target object that a evidence provider collects.Particularly, the mesh at the association time slot The proof data of the re-encrypted for marking object may include：By using the public keys of the requesting node obtain The encrypted proof data of the target object at the association time slot.

Accoding to exemplary embodiment, it by first network entity keeping track and can be carried for the statistical information of the association time slot The requesting node is supplied, to calculate the evidence assessment of the target object.For example, the statistical information can indicate The number of evidence provider, wherein first network entity is collected at the association time slot from the evidence provider of the number The encrypted proof data of the target object.

According to the ninth aspect of the invention, it provides a method comprising：It receives from first network entity and is forwarded to the The request of two network entities, wherein it is described request initiated by requesting node, so as to from first network entity obtain and target object The related Pre-Evaluation information of proof data；It is based at least partially on the request, is asked described in verification at the second network entity Seek node；And in response to requesting node described in good authentication, re-encrypted key is sent to first from the second network entity Network entity；Wherein, the Pre-Evaluation information includes adding again for the target object associated with one or more time slots Close proof data, and the Pre-Evaluation information be used to calculate the evidence assessment of the target object, and wherein, pass through Using the re-encrypted key, based in part at association time slot by first network entity from one or more evidences The encrypted proof data for the target object that provider collects obtains the institute of the target object at the association time slot State the proof data of re-encrypted.

According to the tenth aspect of the invention, a kind of device is provided comprising：At least one processor；And including meter At least one processor of calculation machine program code, at least one processor and the computer program code be configured as with At least one processor makes described device at least together：The request that described device is forwarded to from another device is received, Described in ask to be initiated by requesting node, to obtain pre- comment related with the proof data of target object from another device Estimate information；It is based at least partially on the request, the requesting node is verified at described device；And in response to good authentication Re-encrypted key is sent to another device by the requesting node；Wherein, the Pre-Evaluation information include with one or The proof data of the re-encrypted of multiple associated target objects of time slot, and the Pre-Evaluation information be used to calculate The evidence of the target object is assessed, and wherein, by using the re-encrypted key, based in part on being associated with The encrypted proof data for the target object collected from one or more evidence providers by another device at time slot, Obtain the proof data of the re-encrypted of the target object at the association time slot.

According to the eleventh aspect of the invention, a kind of computer program product is provided comprising carry and be embodied in it In computer program code for being used together with computer computer-readable medium, the computer program code packet It includes：Code for receiving the request for being forwarded to the second network entity from first network entity, wherein the request is saved by request Point is initiated, to obtain Pre-Evaluation information related with the proof data of target object from first network entity；For at least portion Divide ground to be based on the request, the code of the requesting node is verified at the second network entity；And in response to successfully testing The requesting node is demonstrate,proved, re-encrypted key is sent to the code of first network entity from the second network entity；Wherein, described Pre-Evaluation information includes the proof data of the re-encrypted of the target object associated with one or more time slots, and institute The evidence assessment that Pre-Evaluation information be used to calculate the target object is stated, and wherein, it is close by using the re-encrypted Key, based in part on the mesh collected from one or more evidence providers by first network entity at association time slot The encrypted proof data for marking object obtains the evidence number of the re-encrypted of the target object at the association time slot According to.

According to the twelfth aspect of the invention, a kind of device is provided comprising：Receiving member, for receiving from another Device is forwarded to the request of described device, wherein the request is initiated by requesting node, so as to from another device obtain with The related Pre-Evaluation information of proof data of target object；Device is verified, for being based at least partially on the request, described The requesting node is verified at device；And sending device, it is used in response to requesting node described in good authentication, by re-encrypted Key is sent to another device；Wherein, the Pre-Evaluation information includes the mesh associated with one or more time slots The proof data of the re-encrypted of object is marked, and the evidence that the Pre-Evaluation information be used to calculate the target object is commented Estimate, and wherein, by using the re-encrypted key, based in part at association time slot by another device The encrypted proof data for the target object collected from one or more evidence providers, obtains at the association time slot The proof data of the re-encrypted of the target object.

Accoding to exemplary embodiment, the device in the tenth/the 12nd aspect of the present invention may include the second network reality Body, and another device in the tenth/the 12nd aspect of the present invention may include first network entity.According to exemplary reality Example is applied, the encrypted proof data for the target object collected from corresponding evidence provider at association time slot can be with Including：The target object obtained using the encryption key from the second network entity by the corresponding evidence provider Encrypted proof data.For example, the encryption key from the second network entity may include the public of the second network entity Key.

In an exemplary embodiment of the present invention, the method, apparatus and computer program product provided can be provided in Evidence assesses the privacy enhancing in (trust evaluation in such as credit system).Particularly, the solution proposed is by answering With homomorphic cryptography and the re-encrypted based on agency can support the evidence assessment of protection privacy.Itd is proposed solution is used, Opinion/experience of the individual evidence provider to target object can be hidden by encrypting, this greatly protects evidence provider Privacy.In addition, by applying the re-encrypted based on agency, encrypted Pre-Evaluation result is only capable of being accessed by authorized party, this into One step improves security of system and privacy.

Description of the drawings

When read in conjunction with the accompanying drawings, by reference to below to the detailed description of embodiment come be best understood it is of the invention this Body, preferred occupation mode and further purpose, in the accompanying drawings：

Fig. 1 is the flow chart for illustrating the method that the evidence for enhancing privacy is assessed, and according to an embodiment of the invention may be used Implement the method with the proof data for target object at requesting node；

Fig. 2 is the flow chart for illustrating the method that the evidence for enhancing privacy is assessed, and according to an embodiment of the invention may be used To implement the method at first network entity；

Fig. 3 is the flow chart for illustrating the method that the evidence for enhancing privacy is assessed, and according to an embodiment of the invention may be used To implement the method at the second network entity；

Fig. 4 shows exemplary system architecture according to the ... of the embodiment of the present invention；

Fig. 5 shows the example process of the trust evaluation of protection privacy according to the ... of the embodiment of the present invention；

Fig. 6 is adapted for the simplified block diagram of the various devices used in realizing exemplary embodiment of the present invention.

Specific implementation mode

The embodiment of the present invention is described in detail with reference to the accompanying drawings.Throughout the specification, feature, advantage or similar is referred to Language do not imply that the whole feature and advantage that can be realized with the present invention should or just in arbitrary single embodiment of the invention In.On the contrary, the language for being related to feature and advantage is interpreted as in conjunction with the embodiments described specific features, advantage or characteristic packet Containing at least one embodiment of the present invention.Further, feature, advantage described in the invention and characteristic can be at one Or it is combined in any suitable manner in multiple embodiments.Various equivalent modifications will recognize can be without specific The present invention is realized in the case of the specific features of embodiment or one or more in advantage.It under other circumstances, can be with The additional feature and advantage being not present in whole embodiments of the present invention are identified in a particular embodiment.

Trust management can relate to：Collect the information made needed for trusting relationship judgement；Assessment and the relevant standard of trusting relationship Then；It monitors and reappraises existing trusting relationship；And ensures the trusting relationship of dynamic change and make the process automation.Letter Appoint and credit mechanism has been widely studied in the distributed system of every field, such as moves ad hoc (specific) network (MANET), reciprocity (P2P) system, grid computing, infiltration type calculating etc..Many mechanism are developed to support calculating section Trusted communications in point and cooperation.Example is FuzzyTrust (fuzzy to trust) system, PeerTrust (equity is trusted) system It unites, for the objective trust management framework (OTMF) etc. of MANET.A few thing is trusted based on social networks to assess.At these In research, can model, calculate and thus with value come express trust.Trust evaluation is the importance in trust management.This Be for digital processing expression trust technical method, wherein can by be referred to as the continuous or discrete real number of trust value come Assessment influences the factor trusted.Embedded trust valuation mechanism is to calculate and provided in group network system necessary to trust information institute. Trust evaluation is the main aspect in the research for trust this purpose for digitlization.

In general, being trusted to assess the evidence of the confidence of consignee based on consigner is shown.The evidence can contain About the knowledge of consignee, such as about the feeding back of the performance of consignee and quality, observed factor about consignee, Other entities are to the recommendation of consignee or opinion, etc..In many application scenarios or system, from different entity assembles data, To carry out trust evaluation by a side (such as consigner).For example, reputation server is collected about entity (such as from many users Mobile application, film or service or networking node) individual feedback, voting or opinion, to assess the letter about the entity Ren Du.It can pass through in the infiltration type social activity networking (PSN) based on internet or the MANET of self-organizing according to another example All nodes collect Social behaviors and/or feedback to generate social prestige, to assess the letter of each social activity side from network Ren Du.In the example of Internet of Things (IoT), sensed from " object "/observing/data being collected into will be further transmitted to compared with High level side is to be handled.Handling result is provided to some users in order to provide information service.However, about trust In most of work of Prestige Management, the trust evidence privacy during seldom focusing on evidence-gathering and handling.It is logical Often, clear data is collected and processed for generating trust value.Not yet in order to protect system and user in current credit system Privacy and carefully studied about the data provided privacy and personal information safety the problem of.For example, from difference Entity assembles data may influence the privacy of these entities, and the data provided by those entities are provided may disclose it Personal information, thus lead to risk or bring danger for initial data provider or people being evaluated.How to enhance Trust/prestige or the privacy of evidence assessment become important problem, which may greatly influence credit system, calculate system The success of system or service, and user's acceptance in actual practice.

The multi-party calculating (SMC) of safety is such example：The data of each side are remained secret and are carried to calculate by it For private data, so as to some function of their common interests of assessment.The result of calculating is set to can be used for all each side.SMC makes The overall situation function of their private data can collaboratively be calculated by obtaining each side with private data, without leaking the data.Peace Complete multi-party calculate allows each side with similar background to minimize related publicity to their private data result of calculation It threatens.The surprising growth of the exponential increasing and internet that need the sensitive data transmitted on networking computer has been cooperation meter Calculation facilitates huge chance, and wherein each side is together to promote to calculate and obtain mutually beneficial conclusion；Thirst for protecting simultaneously Hold their private data safety.These calculate general requirement and are completed between competitor, and competitor is obviously to respective meaning Figure is lost interest in.SMC has not only catered to the demand of each side, but also additionally provides reliable solution and asked to for various Topic each tissue, such as protection privacy data base querying, protect privacy scientific algorithm, protect privacy intrusion detection and Privacy-preserving data mining.

In accordance with an exemplary embodiment of the present invention, it is proposed that a kind of, in evidence assessment, (trust in such as credit system is commented Estimate) in support privacy enhancing new solution.More generally, the solution proposed realize protection privacy (or increase Strong privacy) evidence assessment, especially in social network environment.Accoding to exemplary embodiment, such as devolution (AP) and Two network entities of assessment side (EP) can be applied to the evidence assessment to the protection privacy of one or more target objects.Example Such as, AP and EP can be two independent parties, they according to specified rules or business motive and due to without carrying out Collusion.AP can be responsible for generating data re-encrypted key to encryption data, and EP is (for example, by cloud service provider (CSP) Or other suitable service providers provide) processing can be responsible for from multiple evidence providers (node, terminal in such as network Or user) collect data.Illustrate the more thin of proposed solution by way of example below with regard to attached drawing Section.

Fig. 1 is the flow chart for illustrating the method that the evidence for enhancing privacy is assessed, and according to an embodiment of the invention may be used Proof data to be directed to target object at requesting node implements the method.Method shown in Fig. 1 can be applied to logical Communication network, such as MANET, PSN system, mesh network, P2P networks and other any networks suitable for evidence-gathering and assessment. It is contemplated that the requesting node described here for proof data may include being connected to service network (such as internet, shifting Dynamic network calculates network or is adapted to provide for or supporting evidence is collected and any other system of assessment) any device.It is described Device can be any kind of mobile terminal, fixed terminal or portable terminal, including cell phone, platform, unit, set Standby, multimedia computer, multimedia tablet, the Internet nodes, communicator, desktop PC, laptop computer, notebook Computer, netbook computer, tablet computer, PCS Personal Communications System (PCS) equipment, personal navigation equipment, individual digital help Manage (PDA), audio/video player, digital cameras/video cameras, positioning device, television receiver, radio reception Mechanical, electrical philosophical works equipment, game station or its arbitrary combination, include the attachment and peripheral hardware of these equipment, or any combination thereof.Herein The target object of description may include for example by watcher, consignee or by assessment entity, such as service, application, event, user Or networking node.Particularly, it is also believed that requesting node is target object, can be provided by other sides or node or table The certainly relevant evidence data of target object.

Accoding to exemplary embodiment, requesting node can will believe Pre-Evaluation related with the proof data of target object The request of breath is sent to first network entity (such as EP), as shown in the frame 102 of Fig. 1.For example, asking for Pre-Evaluation information It may include voucher for verifying the requesting node to ask.Received request can be forwarded to by first network entity Two network entities (such as AP) are for verifying the requesting node.In the exemplary embodiment, requesting node can for example pass through Its public keys is provided during system setting up procedure and its own is registered to the second network entity.After a successful registration, Second network entity can be by its public keys together with the public affairs of the requesting node of the private cipher key signature by the second network entity Cipher key distribution is to requesting node altogether.Therefore, the voucher in the request may include for example：The public keys of requesting node, or The public keys for the requesting node being signed that person was previously provided by the second network entity.Thus, the second network entity can be down to Received request is at least partly based on to implement the verification to requesting node.In response to successfully being tested at the second network entity Requesting node is demonstrate,proved, requesting node can obtain the Pre-Evaluation information from first network entity, as shown in block 104.As combined Described in Fig. 2, based in part on the mesh collected to first network entity evidence provider different from network The processing for marking the encryption proof data of object, can obtain the Pre-Evaluation information.

In frame 106, it is at least partially based on the Pre-Evaluation information, requesting node can calculate the card of the target object According to assessment, wherein the Pre-Evaluation information may include the target object associated with one or more time slots again Encrypted proof data.In the exemplary embodiment, one or more of time slots can be related to time window, wherein can The range of the time window is pre-defined or negotiated between requesting node and first network entity.For example, can be advance Definition：The Pre-Evaluation information provided by first network entity will contain receives request in first network entity from requesting node The proof data of the re-encrypted of the associated target object of the time slot of reasonable number before.The time slot of reasonable number can be with Including：In view of several time slots of business or communication capacity；Or from the first time slot to first network entity receive for The range of the last one time slot before the request of Pre-Evaluation information related with the target object, wherein first network entity Start to collect the encrypted proof data of the target object in first time slot.Optionally, requesting node can be in institute It states instruction in request and needs Pre-Evaluation information corresponding with certain number of time slot, wherein can be based at least partially on and ask Node is asked to obtain the time of previous Pre-Evaluation information from first network entity to determine the certain number of time slot.In example Property embodiment in, by using the re-encrypted key from the second network entity, based in part on by first network reality The encrypted proof data for the target object that body is collected at association time slot from one or more evidence providers, can obtain To the proof data of the re-encrypted of the target object at the association time slot.In this way using the re-encrypted based on agency Concept only allow authorized requesting node to be able to access that and decrypt Pre-Evaluation information, to obtain the card of the target object According to assessment.On the other hand, encryption (the encryption evidence number of such as target object of the collected information from evidence provider According to) personal information that enables at least hide first network entity evidence provider, this is because first network entity It can not know the plaintext text of collected information, and the privacy of evidence provider can not be tracked.Furthermore, it is contemplated that the first net Network entity (such as EP) and the second network entity (such as AP) will not be conspired, and the second network entity is also impossible to know above-mentioned collection Information.In the exemplary embodiment, the identity information of the target object provided by evidence provider can also be encrypted, And be hiding for first network entity, even if thus first network entity it extract about the target object Also such identity information is unable to get when Pre-Evaluation information.

In the exemplary embodiment, the target object collected from corresponding evidence provider at association time slot adds Close proof data may include：The institute that encryption key from the second network entity obtains is used by corresponding evidence provider State the encrypted proof data of target object.For example, corresponding evidence provider can decide by vote or collect about target object Evidence, and in order to protect its individual privacy, corresponding evidence provider can be with the shared keys of the second network entity (such as Public keys) come encrypt its collection the evidence about target object.Then, first network entity can be carried from different evidences Supplier collects the encryption proof data of the target object.Particularly, by first network entity adding for target object is collected from it One or more of evidence providers of close proof data may include requesting node.In this case, requesting node can Be not enough to the final evidence of assessment target object to think it to the local voting of target object, thus it need by ask come It polymerize the cooperation opinion for the target object from other evidence providers from the Pre-Evaluation information of first network entity.

Accoding to exemplary embodiment, it is based at least partially on homomorphic encryption scheme, can be handled at first network entity The encrypted proof data for the target object collected from one or more of evidence providers at association time slot.It is logical Often, homomorphic encryption scheme can solve SMC (wherein multi-party secret accesses the owning side of public database and database to accessing Information is counted) in thing about statistical problem.In the exemplary embodiment, it by using homomorphic cryptography, can hide Each evidence provider greatly protects the privacy of evidence provider to opinion/experience of target object, because by The Pre-Evaluation information that one network entity calculates will not disclose individual information.Below with reference to Fig. 2 by way of example for The more details of bright homomorphic encryption scheme.In the exemplary embodiment of application homomorphic encryption scheme, from institute at association time slot Polymerized form can be treated as by stating the encrypted proof data for the target object that one or more evidence providers collect Encrypted proof data, for example, the encrypted summation of the proof data of the target object from different evidence providers, such as It is illustrated in conjunction with Fig. 2 and Fig. 5.Then, first network entity can with the re-encrypted key from the second network entity come Re-encrypted homomorphic cryptography as a result, the re-encrypted to obtain the target object proof data.In exemplary embodiment In, the proof data of the re-encrypted of the target object may include at association time slot：By using requesting node Public keys obtain association time slot at the target object encrypted proof data.Thus, when first network entity It is sent to the request for being authorized to decrypt the result using re-encrypted result as at least part of the Pre-Evaluation information When node, the requesting node can calculate the evidence assessment of the target object with corresponding key.For example, can lead to The following evidence to calculate the target object is crossed to assess：By using the private cipher key of the requesting node, the mesh is decrypted Mark the proof data of the re-encrypted of object；And be based at least partially on the re-encrypted of the target object The decrypted result of proof data estimates the evidence assessment of the target object.

Accoding to exemplary embodiment, it can also be obtained from first network entity for the certain of particular time-slot by requesting node Statistical information, the evidence for calculating the target object are assessed.The statistical information can indicate the number of evidence provider, Middle first network entity collects the encrypted of the target object at the particular time-slot from the evidence provider of the number Proof data.In the exemplary embodiment, requesting node can obtain information to indicate in the target from first network entity Incidence relation in the proof data of the re-encrypted of object, the statistical information and one or more of time slots.It is optional Ground, the local evidence record of the target object can be used for being based at least partially on the Pre-Evaluation information at requesting node To calculate the evidence assessment of the target object.For example, the local evidence record of the target object can be at requesting node Including：Evidence by requesting node in the target object locally provided is assessed (for example, from itself and the target object Social interactive experience), or in response to the previous request of requesting node, it is based at least partially on and is obtained from first network entity Previous Pre-Evaluation information and the evidence assessment of the target object calculated.Additionally or alternatively, by requesting node meter In the evidence assessment for calculating the target object, it is also contemplated that some potential attacks to evidence assessment, such as speak ill and assist Make the attack of formula malicious remark, break-make attack (on-off attack) and conflict behavior attack, such as combines Fig. 5 illustrated.Thus, root According to exemplary embodiment, requesting node can with the evidence (such as trust value) of computational entity, such as by decrypted result, by The other relevant informations (such as statistical information) and/or locally accumulating in requesting node that one network entity (such as EP) provides Data are polymerize.In this way it is possible to the reliable evidence assessment to target object be realized, and at the same time can protect The privacy of shield evidence provider can hide the individual opinion or body to target object this is because after homomorphic cryptography It tests.

Fig. 2 is the flow chart for illustrating the method that the evidence for enhancing privacy is assessed, and according to an embodiment of the invention may be used To implement the method at first network entity.It is contemplated that first network entity described here may include energy Enough implement any device of evidence-gathering and processing.Described device can be any kind of assessment side, equipment, node, service Device, control centre, service platform.First network entity can by the suitable service providers of CSP or other Lai It provides.Corresponding to the description as described in Fig. 1, first network entity can collect target object associated with one or more time slots Encrypted proof data, as shown in the frame 202 of Fig. 2.For example, first network entity can be either periodically or in response to thing Part (for example, according to request) collects the encrypted proof data of target object from one or more evidence providers.In association May include from the encrypted proof data of the target object of corresponding evidence provider collection at gap：By corresponding evidence Provider uses the encrypted proof data of the target object obtained from the encryption key from the second network entity.According to Exemplary embodiment, first network entity (such as EP) and the second network entity (such as AP) can be according to specified rule or Person business motive and due to without collusion two independent parties.One or more of evidence providers may include request Node, as discussed in connection with fig. 1.Optionally, for the requesting node of Pre-Evaluation information related with the proof data of target object (such as prestige center) can not serve as evidence provider.Optionally, for the corresponding statistics of one or more of time slots Information can come under observation at first network entity and be provided to requesting node, and the evidence for calculating the target object is commented Estimate.For example, the statistical information can indicate the number of evidence provider, wherein by first network entity in association time slot The encrypted proof data of the target object is collected from the evidence provider of the number.The statistical information can also include Collection and/or the target object with the encrypted proof data of the target object evidence assessment calculating it is relevant its Its data.

Accoding to exemplary embodiment, it is based at least partially on homomorphic encryption scheme, can be handled at first network entity The encrypted proof data for the target object collected from one or more of evidence providers at association time slot.Showing In example property homomorphic encryption scheme, for example, according to encryption function E, evidence can be encrypted using homomorphic cryptography key (such as pk) The private data (the trust evidence such as provided by node) of provider.Thus, E (pk, a1), E (pk, a2) ... ..., E (pk, An it) can indicate to want the respective encrypted result of encrypted data (such as a1, a2 ... ..., an).Particularly, it can utilize herein The specific feature of homomorphic encryption iunctions, may be expressed as：

E (pk, a1) × E (pk, a2)=E (pk, a1+a2) (1)

Due to the attribute of associative law, can derive：

E (pk, a1+a2+ ...+an)=E (pk, a1) × E (pk, a2) × ... × E (pk, an) (2)

Wherein E (ai) ≠ 0 and i=1,2 ..., n.Therefore, if sk is the corresponding secret or private cipher key of pk, D is tool There is the decryption function of decruption key sk, then may be expressed as to the decryption of data a1 and a2：

D (E (pk, a1) × E (pk, a2) × ... × E (pk, an))=a1+a2+ ...+an (3)

Similarly, it is to be appreciated that：

E (pk, a × c)=E (pk, a) × c (4)

D (E (pk, a) × c)=a × c (5)

Using homomorphic encryption scheme, by calculating the encrypted proof data for the target object collected from evidence provider, First network entity can for example calculate the evidence for the target object decided by vote by these evidences provider using equation (2) The encrypted result of the summation of data.In this way, the individual evidence about the target object is still privately owned, this is because from card For first network entity be encrypted always according to information collected by provider, and cannot by first network entity with Track.

In response to being received from requesting node for Pre-Evaluation information related with the proof data of the target object Request, first network entity can forward the request to the second network entity, as shown in frame 204.Pre-Evaluation is believed Breath the request may include：For checking request node voucher (for example, the public keys of the requesting node, or The requesting node provided by the second network entity during the requesting node is registered to the second network entity is signed Public keys).In block 206, in response to requesting node described in the good authentication at the second network entity, first network entity Re-encrypted key can be received from the second network entity.Accoding to exemplary embodiment, by using the re-encrypted key, First network entity can export or obtain the proof data of the re-encrypted of the target object at association time slot, can be with Adding for the target object collected from one or more evidence providers at the association time slot is resulted from least partly Close proof data.Then, Pre-Evaluation information can be sent to requesting node by first network entity, for calculating the target The evidence of object is assessed, and as shown in frame 208, and the Pre-Evaluation information may include and one or more of time slot phases The proof data of the re-encrypted of the associated target object.

Encrypted evidence to target object collected by first network entity can be applied to by acting on behalf of re-encrypted scheme Data carry out re-encrypted.For example, example agent re-encrypted scheme may be expressed as (it is possible that probabilistic) multinomial Tuple (the KG of time algorithm；RG；E；R；D), wherein KG indicates that key schedule, RG indicate that re-encrypted key generates and calculate Method, E indicate Encryption Algorithm, and R indicates re-encrypted algorithm, and D indicates decipherment algorithm.Thus, (KG；E；D it is) for basis The standard key generation of public-key cryptography scheme, algorithms for encryption and decryption.Specifically, for input security parameter, KG outputs Public and private cipher key pair (pk_A for entity A；sk_A)；Ciphertext is exported for input public keys pk_A and data m, E CA=E (pk_A；m)；Clear data m=D (sk_A are exported for input private cipher key sk_A and ciphertext CA, D；CA)；For defeated Enter (pk_A；Sk_A, pk_B), the RG outputs of re-encrypted key schedule are for agent entity (such as according to exemplary implementation Example serves as the second network entity of AP) re-encrypted key rk_A → B；And for input rk_A → B and ciphertext CA, again Encryption function R output R (rk_A → B；CA)=E (pk_B；M)=CB can be decrypted it using private cipher key sk_B, Wherein (pk_B；Sk_B) it is public and private cipher key pair for entity B, and CB is under public keys pk_B for counting According to the ciphertext of m.It will thus be seen that act on behalf of re-encrypted scheme can generate ciphertext encryption key and thus change correspond to Ciphertext (for example, from pk_A to pk_B, and from CA to CB) without exposing clear data.

Using re-encrypted scheme is acted on behalf of, the second network entity accoding to exemplary embodiment can so that first network is real Body can by re-encrypted by the encrypted proof data of the target object of first network entity assembles come change for The encryption of the collected encryption proof data of the target object, so that requesting node can utilize requesting node itself Key decrypt the proof data of the re-encrypted of the target object, even if the target pair collected from evidence provider The proof data of elephant is with the encryption key (such as public keys) of the second network entity come encrypted.In exemplary embodiment In, the proof data of the re-encrypted of the target object may include at association time slot：By using the requesting node Public keys obtain it is described association time slot at the target object encrypted proof data.In this case, it asks Ask node can with the private cipher key of the requesting node come decrypt it is described association time slot at the target object again plus Close proof data.Therefore, it is based at least partially on the decrypted result of the proof data of the re-encrypted of the target object, it can To calculate the evidence assessment of the target object by requesting node.

Fig. 3 is the flow chart for illustrating the method that the evidence for enhancing privacy is assessed, and according to an embodiment of the invention may be used To implement the method at the second network entity.It is contemplated that the second network entity described here may include can be real It applies the verification to requesting node and generates any device of re-encrypted key.Described device can be any kind of mandate generation Reason, equipment, node, server, control centre, service platform.Corresponding to the description for Fig. 1 and Fig. 2, Two network entities (such as AP or other suitable authorized entities) can receive that (such as EP or other is suitable from first network entity The assessment entity of conjunction) forwarding request, as shown in the frame 302 of Fig. 3, and it is described request initiated by requesting node, for from First network entity obtains Pre-Evaluation information related with the proof data of target object.As discussed in connection with fig. 1, such as in system During setting up procedure or other information exchange process, requesting node can be registered to the second network entity.According to exemplary implementation Example, the request for the Pre-Evaluation information may include the voucher for checking request node.In block 304, the second network Entity can be based at least partially on the request and carry out checking request node.For example, the second network entity can be with checking request section The validity of the public keys and access rights of point.In response to requesting node described in good authentication, the second network entity can incite somebody to action Re-encrypted key is sent to first network entity, as shown in block 306.In this way, as explained in connection with fig.2, agency can be utilized Re-encrypted scheme, to support the evidence assessment of protection privacy.For example, being based at least partially at association time slot by first Network entity is collected described from one or more evidence providers (it may include requesting node or does not include requesting node) The encrypted proof data of target object, first network entity can be generated by using re-encrypted key in the association The proof data of the corresponding re-encrypted of the target object at time slot.In the exemplary embodiment, association time slot at from The encrypted proof data for the target object that corresponding evidence provider collects may include：It is carried by the corresponding evidence Supplier uses the target that the encryption key (for example, public keys of the second network entity) from the second network entity obtains The encrypted proof data of object.Therefore, the proof data of the re-encrypted of the target object can wrap at association time slot It includes：By using the encrypted evidence for the target object that the security key (such as public keys) of the requesting node obtains Data.Similarly, first network entity can generate the weight for including the target object associated with one or more time slots The Pre-Evaluation information of new encrypted proof data can be used for calculating the card of the target object by the requesting node According to assessment, as in conjunction with shown in Fig. 1-2.

Various frame blocks shown in Fig. 1-3 can be considered as the operation of method and step and/or computer program code and cause Operation and/or be configured to realize correlation function multiple coupled logic circuit elements.Above-mentioned schematic flow diagram is generally It is illustrated as logical flow chart.In this way, tool of the step of discribed sequence and label for illustrating proposed method Body embodiment.It is contemplated that being equivalent to one or more steps of the method or part thereof in function, logic or effect Other steps and method.In addition, the sequence that ad hoc approach occurs may or may not and strictly observe shown corresponding steps Sequentially.

Solution provided by the present invention can enable evidence evaluation mechanism to support to protect the evidence-gathering of privacy And processing, this can greatly enhance the success of credit system or computing system or service and the customer acceptance in actual practice Degree.It will recognize, although being described in conjunction with some exemplary embodiments for being related to trusting relationship, trust management and trust evaluation The evidence of the enhancing privacy of this paper is assessed, but the solution proposed applies also for needing to provide in data source or information The group network data of the evidence as target object or other feelings of statistical information are handled or summarized in the case of the secret protection of side Condition.Accoding to exemplary embodiment, business motive and due to without collusion two independent parties can be applied to evidence assessment Or trust evaluation.One AP for being responsible for generating encrypted data data re-encrypted key.The other is for handling The EP (for example, being provided by cloud service provider) for the data being collected into from multiple trust evidence providers (such as user).Example Such as, it can encrypt the data by the public keys of the public disclosed AP of application (it can be wrapped trusting evidence provider place Include evidence or some trust informations about entity).EP can handle collected encryption data, for example, by using homomorphism Technology, to obtain encrypted trust evaluation result or Pre-Evaluation result.When the user for sending out request assesses from EP requests are (pre-) When as a result, EP can forward this request to AP.In the exemplary embodiment, AP can check the access plan for requesting party Slightly, and if it is affirmative to check, AP can be generated is used as response for the re-encrypted key of requesting party.EP can be with With re-encrypted key come re-encrypted (pre-) assessment result, and sends it to and be authorized to use the private cipher key of itself to solve The requesting party of the close result.Requesting party can thus pass through the result to decryption, the EP other relevant informations provided and/or local The data of accumulation are polymerize to calculate the trust value of the entity.Particularly, using homomorphism technology to be based at least partially on At EP trust evaluation or Pre-Evaluation are realized from the encryption data of multiple trust evidence providers collections.In addition, based on agency Re-encrypted be also used for only allow authorized user can decrypt (pre-) assessment result from EP.For example, it is contemplated that calculating The current techniques of complexity and homomorphism technology limit, can by by from EP decrypted result and other information be aggregated in one It rises, the final trust value of target entity is calculated at each user for sending out request.

Fig. 4 shows exemplary system architecture according to the ... of the embodiment of the present invention.Although Fig. 4 is illustrated only in PSN contexts In system structure, it can be appreciated that, the solution proposed accoding to exemplary embodiment is also applied to suitable for society Hand over any other system of networking and/or evidence assessment.Fig. 4 schematically shows PSN systems, which is related to three kinds Different types of entity：(all node x) as shown in Figure 4, can be interactively with each other instant or online to carry out for PSN nodes Social communication；First network entity (assessment side (EP) such as shown in Fig. 4), can be by service provider (such as CSP) needle Service is provided to protecting the calculating of privacy；And second network entity (centralized devolution (AP) such as shown in Fig. 4), It is generated for access strategy management and re-encrypted key.In addition, being based in part on the data processing for protecting privacy at EP As a result the data and at PSN nodes locally accumulated and the other statistical informations provided by EP, PSN nodes can be assessed other The evidence or degree of belief of entity.

In exemplary system architecture shown in Fig. 4, node (label is x in Fig. 4) may include social communication mould Block, trust manager, and include optionally data set.In the exemplary embodiment, social communication module can be responsible at least It is based in part on the PSN or other networking activities of internet or self-organizing ad hoc networks.The module can be replaced as propping up Hold other modules of other application situation.Alternatively, multiple application modules can be embedded in intra-node for supporting different answer With or service.In a further exemplary embodiment, trust manager can be applied to collect, protection credentials it is according to this and (such as logical Cross trust evidence transmission device) by trust evidence travel to can handle or pre-process it is encrypted trust evidence EP, for card According to the purpose of/trust evaluation.Particularly, (pre-) assessment result processor, which can be deployed at node, is obtained with just decrypting from EP (pre-) assessment result.Trust evaluation device at node can be by polymerizeing above-mentioned decrypted result, local information and from EP's Statistical information carrys out the trust value of computational entity.Data set can for example in a secured manner at node storage with function module/ The relevant data of element/unit.

EP shown in Fig. 4 may include data computation module and data statistics module.Accoding to exemplary embodiment, data meter The encrypted data collected from different nodes can be handled by calculating module.Data statistics module can be to the statistical data of trust evidence It is counted, for example, how many evidences are collected for assessing the degree of belief of the entity in particular time-slot, while statistical data The privacy of each evidence provider (such as PSN nodes) will not be disclosed.AP shown in Fig. 4 may include re-encrypted device and key Manager.Accoding to exemplary embodiment, re-encrypted device can be applied to check the access rights of request of data side and generate weight New encryption key, so that (pre-) assessment result that EP is provided can only be accessed by authorized user.Key management unit can be used for The key (such as homomorphism key pair) used in the system is managed, to realize the trust evaluation of protection privacy.Meanwhile in number At computing module, EP can also re-encrypted target object associated with one or more time slots encrypted evidence number According to obtain Pre-Evaluation information (such as (pre-) assessment result) and to make authorization requests side that it is decrypted.System shown in Fig. 4 System structure and various assemblies are merely exemplary and are not intended to imply that any purposes about invention described herein embodiment Or the limitation of the range of function.It is appreciated that can add, delete or replace by those of relative to Fig. 4 component Some components, or realize system shown in Fig. 4 and corresponding function by combining or further dividing the function of those components.

Fig. 5 shows the example process of the trust evaluation of protection privacy according to the ... of the embodiment of the present invention.Protect privacy If the process of trust evaluation can be related to stem algorithm and/or process, for example, trusting evidence, collection and processing encryption for encrypting Trust evidence, and credentials are factually applied homomorphic cryptography and decryption, etc..Table 1 is summarized for exemplary illustration system Be arranged and protect privacy trust evaluation process some concepts.

Table 1：Denotational description

As shown in figure 5, during system is arranged, AP can generate the public and private cipher key pair of their own：PK_AP and SK_AP is used for homomorphic cryptography and decryption.Assuming that (node x) such as shown in fig. 5 can have to be tieed up the node in PSN by itself The public keys and private cipher key for the their own held.For the sake of safety and secret protection, node x can for example pass through offer Its public keys PK_x oneself will be registered to AP, and AP can respond successful registration, for example, by issuing it The public keys PK_AP and PK_x being signed according to Sign (SK_AP, PK_x) form.As trust evidence provider, node It is according to this and for example te_ (x, y) to y votings that x, which can be collected about the credentials of node y,.In order to hide its individual to node y Opinion, node x can encrypt te_ (x, y) with PK_AP, and by E (PK_AP, te_ (x, y)) and optionally by node y Identity (it can also be encrypted with PK_AP) be sent to EP.It is understood that simultaneously all nodes of non-participating networking Can trust evidence provider, thus node x not necessarily may have any individual opinion to node y and send it to EP, especially when node x does not have any interact with node y.EP can be in time slot t from multiple node (such as x₁, x₂..., x_n) encrypted trust evidence of the collection about node y.When having collected all encrypted credentials about node y in time slot t According to later, such as E (PK_AP, te_ (x₁, y)), E (PK_AP, te_ (x₂, y)) ..., E (PK_AP, te_ (x_n, y)), EP can It is (pre-) to assess and calculate encrypted proof data E (PK_AP, te_y), wherein te_y=te_ (x₁, y) and+te_ (x₂, y)+...+te_ (x_n, y), and the statistical data (s_y) of the evidence to node y counts.In the exemplary embodiment, at least partly ground In homomorphic cryptography, EP can be as follows by calculating by multiple node (such as x₁, x₂..., x_n) provide the encryption about node y Evidence come calculate about node y trust evidence encryption summation.

E (PK_AP, te_y)=E (PK_AP, (te_ (x₁,y)+te_(x₂,y)+…+te_(x_n,y))

=E (PK_AP, te_ (x₁,y))×E(PK_AP,te_(x₂,y))×…×E(PK_AP,te_(x_n,y)) (6)

If node x want from the trust Pre-Evaluation of EP requesting nodes y as a result, if node x can provide its PK_x and The identity of node y.EP can forward this request to AP.AP can verify the validity of PK_x and the access rights of node x.Such as Fruit verification is affirmative, then AP can generate effective re-encrypted key (such as rk_AP->X) and EP, EP are sent it to It is as follows to obtain E (PK_x, te_y) to carry out re-encrypted E (PK_AP, te_y) using re-encrypted key：

E (PK_x, te_y)=E (PK_x, (te_ (x₁,y)+te_(x₂,y)+…+te_(x_n,y)) (7)

Then E (PK_x, te_y), t, s_y can be sent back node x by EP, node x can decrypt E (PK_x, te_y) with It obtains te_y and assesses the degree of belief of node y, for example, (all as described below by using specified trust evaluation function F F1 or F2).In view of EP can collect the encrypted trust evidence about node y, such as t={ t in several time slots₁, t₂..., t_k, the encrypted trust evidence that EP can be with re-encrypted about node y, to obtain about time slot t_kIt is (pre-) assessment As a result as follows：

er_k_ y=E (PK_x, (te_k_(x₁,y)+te_k_(x₂,y)+…+te_k_(x_n,y)) (8)

When different time slots obtains (pre-) assessment result from EP, Er_y={ er can be expressed as₁_ y, er₂_ Y ..., er_k_ y }, node x can carry out the final trust evaluation about node y.In addition, in the trust evaluation about node y It is also contemplated that by the statistical data of the evidence of the EP node y counted, such as s_y={ s in several time slots₁_ y, s₂_ y ..., s_k_ y}.Two kinds of situations of trust evaluation are described herein according to exemplary embodiment.

In the first case, node x has the destination node y of assessment the opinion of their own.For example, node x can be There is the PSN nodes of social interactive experience with node y, thus node x there is it locally to trust opinion node y.Optionally or Additionally, node x can have the first trust value derived from the Pre-Evaluation result provided in the early time according to EP about node y.Section The first or local trust value of point y may be expressed as Tv ' _ y.Exemplary algorithm I, which can be used for carrying out trusting at node x, to be commented Estimate.Assuming that multiple Pre-Evaluation results about node y can be obtained by node x from EP, can be accumulated in different time-gap, Such as in time slot t shown in equation (8)_kThe Pre-Evaluation result of accumulation.By inputting some parameters, such as Er_y={ er₁_ y, er₂_ y ..., er_k_ y }, t={ t₁, t₂..., t_k, s_y={ s₁_ y, s₂_ y ..., s_k_ y } and Tv ' _ y, algorithm I can export section The trust value of point y is Tv_y.For example, node x can decrypt Er_y with its private cipher key SK_x, to obtain in different time-gap The trust evidence of one group of polymerization of the node y of calculating is as follows：

Te_y={ te₁_y,te₂_y,...,te_k_y} (9)

Wherein in time slot t_kThe trust evidence of the polymerization of the node y of calculating can be expressed as：

te_k_ y=te_k_(x₁,y)+te_k_(x₂,y)+…+te_k_(x_n,y) (10)

Then for example can come at node x to calculate by the function of Tv_y (tc)=F1 (te_y, s_y, Tv ' _ y, tc) The trust value of node y, wherein tc are the current times of the trust value of calculate node y, and F1 be can be by considering in t_k's Trust statistical information, the evidence-gathering time t of evidence_kWith trust evidence summation come the specific function that designs.For example, if s_k_ Y is in time slot t_kThe evidence number of collection, and te_k_ y is in time slot t_kBy trust evidence provider provide voting summation, So trust evaluation function F1 can be described as：

Wherein α, β are the weight parameters that can be predefined as needed and alpha+beta=1, K is to have collected to add during this period The sum of those of close trust evidence time slot, θ (s_k_ y) it is to be used to be directed to integer s_kInfluences of _ the y to prestige is modeled Rayleigh cumulative distribution function, and

Wherein, σ>0 is to control s on the contrary_k_ y has how fast influence θ (s_k_ y) increased parameter.Parameter σ can be set For from 0 to theoretic ∞, to capture the characteristic under different situations.τ is the parameter to decay for control time.Here, examining Influence of the number for trusting evidence contributor to trust evaluation is considered, and application time decays to avoid diving to trust evaluation In attack (such as break-make attack and conflict behavior attack).Meanwhile deciding by vote deviationIt is also applied to pair Anti- malicious remark attack of speaking ill and cooperate.It is commented in this manner it is achieved that credible trust may be implemented in the solution proposed Estimate and at the same time protect the privacy for trusting evidence provider, this is because after homomorphic cryptography, to node can be hidden Body opinion or experience.

In a second situation, node x has no objection to the destination node y of assessment.For example, node x can not had with node y There are the PSN prestige center of social interactive experience or node x not to have derived from the Pre-Evaluation result provided in the early time according to EP to save The first trust value of point y.In this case, Tv ' _ y is unavailable, and exemplary algorithm II can be used to carry out at node x Trust evaluation.Assuming that multiple Pre-Evaluation about node y can be obtained as a result, it can tire out in different time-gap from EP by node x Product, such as in time slot t shown in equation (8)_kThe Pre-Evaluation result of accumulation.Similar to algorithm I, by inputting some parameters, Such as Er_y={ er₁_ y, er₂_ y ..., er_k_ y }, t={ t₁, t₂..., t_kAnd s_y={ s₁_ y, s₂_ y ..., s_k_ y }, algorithm II can be using the trust value of output node y as Tv_y.For example, node x can decrypt Er_y with its private cipher key SK_x, so as to The trust evidence for obtaining one group of polymerization of the node y calculated in different time-gap, as shown in equation (9) and (10).

It is then possible to for example by the trust value of Tv_y (tc)=F2 (te_y, s_y, tc) calculate node y at node x, Wherein tc is the current time of the trust value of calculate node y, and F2 be can be by considering in t_kTrust evidence statistics Information, evidence-gathering time t_kAnd the summation of evidence is trusted the specific function that designs.For example, if s_k_ y is in time slot t_k The evidence number of collection, and te_k_ y is in time slot t_kBy the summation for the voting that trust evidence provider provides, commented then trusting Estimating function F2 can be described as：

Parameter (such as K and τ) wherein in equation (13) and function (such as θ (s_k_ y)) definition and equation (11) in It is identical.It will thus be seen that the trust that the trust evaluation function F2 used in algorithm II can be considered as using in algorithm I is commented The special circumstances of function F1 are estimated, wherein the item and α therefore about Tv ' _ y, β weight parameter items are omitted from F1.

Lot of advantages can be obtained by the solution presented accoding to exemplary embodiment.For example, in secret protection side Face, the solution proposed can support the card of protection privacy by application homomorphic cryptography and based on the re-encrypted of agency According to/trust evaluation.Using homomorphic cryptography, individual can be hidden and trust opinion/experience of the evidence provider to consignee, thus pole The earth protects its privacy, this is because (pre-) assessment result of the polymerization calculated by EP will not disclose individual information.In addition, passing through Using the re-encrypted based on agency, this encrypted (pre-) assessment result can only be accessed by authorized party.This is further increased Security of system and privacy.It is collected to trust what proof data and (pre-) encrypted result were always encrypted at EP, because And EP has no idea to know their plaintext text and can not possibly track the privacy of evidence provider.Since EP and AP be not total Scheme, therefore AP can not also know above- mentioned information.The identity information of the entity (such as target consignee) provided by evidence provider It can also be encrypted, and be hiding to EP, thus when EP extracts (pre-) assessment result about the entity, it can not be obtained Such cleartext information.By this method, the identity information of the target consignee provided by evidence provider can also be hidden to EP It hides.Although applying homomorphic cryptography to calculate encrypted data, the solution proposed comments trust by overcoming Estimate some potential attacks (such as malicious remark is attacked, break-make attack and conflict behavior attack) of mechanism and remains to obtain credible letter Appoint assessment.The evidence that trust node is provided trust evaluation and calculate when can finally be fully considered, especially with mesh Marking consignee's node has at the node of direct local interaction experience.Thus, the solution proposed can ensure that evidence is commented The safety estimated and robustness.

In terms of scalability, compatibility and flexibility, the solution proposed can be supported to assess any system reality The degree of belief of body.Trust evidence can be collected from separate sources and according to the experience in different application scene.Particularly, not only Can support PSN, and can support with such as conventional system model (wherein, system node by about other nodes plus Close credentials are reported to EP, and EP carries out Pre-Evaluation to collected encryption data) other application situation.If being System node asks encrypted result locally to carry out final trust evaluation to goal systems node, then EP will pass through inquiry The approval for managing the AP of access strategy carrys out result described in re-encrypted.The solution proposed is current with homomorphic cryptography technology Development compatibility.If more calculating operations can obtain the support of homomorphic cryptography technology at EP, the system of the present invention is still It can work.For example, EP can undertake the heavy computational load provided by CSP.In addition, the solution proposed can prop up It holds to assess at system node or concentration side and trust, whether there is the direct experience with the node of assessment but regardless of it.

Fig. 6 is suitable for the simplified block diagram of the various devices used when realizing exemplary embodiment of the present invention.In Fig. 6 In, requesting node 630 (such as terminal, equipment, platform or prestige center) may be adapted to in social networking other nodes and/or One or more network entities (such as first network entity 610 and the second network entity 620) are communicated.First network entity 610 (such as EP is adapted for evidence-gathering and other devices of assessment) and the second network entity 620 (such as AP or suitable for into Other authorization devices that the management of row access strategy and re-encrypted key generate) it may be adapted to for (Fig. 6 does not show with target object Go out) related (pre-) the assessment information of evidence and with communicated each other or with requesting node (such as requesting node 630).

In the exemplary embodiment, first network entity 610 may include that at least one processor is (all as shown in Figure 6 Data processor (DP) 610A) and including computer program code (all program (PROG) 610C as shown in Figure 6) At least one processor (all memory (MEM) 610B as shown in Figure 6).At least one processor and the computer Program code can be configured to that first network entity 610 is made to implement that Fig. 1-5 is combined to describe together at least one processor Operation and/or function.In the exemplary embodiment, first network entity 610 can optionally include transceiver appropriate 610D, for being carried out with the device of such as the second network entity 620, requesting node 630 or other network entities (Fig. 6 is not shown) Communication.

In the exemplary embodiment, the second network entity 620 may include that at least one processor is (all as shown in Figure 6 Data processor (DP) 620A) and including computer program code (all program (PROG) 620C as shown in Figure 6) At least one processor (all memory (MEM) 620B as shown in Figure 6).At least one processor and the computer Program code can be configured to that the second network entity 620 is made to implement that Fig. 1-5 is combined to describe together at least one processor Operation and/or function.In the exemplary embodiment, the second network entity 620 can include selectively transceiver appropriate 620D, for being carried out with such as device of first network entity 610, requesting node 630 or other network entities (Fig. 6 is not shown) Communication.

In the exemplary embodiment, requesting node 630 may include at least one processor (all numbers as shown in Figure 6 According to processor (DP) 630A) and including computer program code (all program (PROG) 630C as shown in Figure 6) at least One memory (all memory (MEM) 630B as shown in Figure 6).At least one processor and the computer program Code can be configured to that requesting node 630 is made to implement the operation for combining Fig. 1-5 to describe together at least one processor And/or function.In the exemplary embodiment, requesting node 630 can optionally include transceiver 630D appropriate, for it is all Such as first network entity 610, the device of the second network entity 620, social networking node or other network entities (Fig. 6 is not shown) It is communicated.

For example, at least one of transceiver 610D, 620D, 630D can be for emitting and/or receiving signal and disappear The integrated package of breath.Optionally, at least one of transceiver 610D, 620D, 630D may include separated component to distinguish Support sends and receives signal/information.Corresponding DP 610A, 620A and 630A can be used to handle these signals and message.

Alternatively, or in addition, first network entity 610, the second network entity 620 and requesting node 630 may include using In the various components and/or component of the function of realizing abovementioned steps and method in Fig. 1-5.In the exemplary embodiment, first Network entity 610 may include：Component is collected, for collecting the encrypted of target object associated with one or more time slots Proof data；Forwarding component, in response to from requesting node (such as requesting node 630) receive for the target pair The request is transmitted to the second network entity by the request of the related Pre-Evaluation information of proof data of elephant from first network entity (such as the second network entity 620)；Receiving member, in response to asking to save described in the good authentication at the second network entity Point receives re-encrypted key from the second network entity；And send component, it is described for the Pre-Evaluation information to be sent to Requesting node, so as to calculate the target object evidence assessment, wherein the Pre-Evaluation information include with it is one or more The proof data of the re-encrypted of a associated target object of time slot, and wherein, by using the re-encrypted Key, based in part on the encryption for the target object collected from one or more evidence providers at association time slot Proof data, obtain it is described association time slot at the target object the re-encrypted proof data.

In the exemplary embodiment, the second network entity 620 may include：Receiving member, for receiving from first network The request of entity (such as first network entity 610) forwarding, wherein the request is sent out by requesting node (such as requesting node 630) It rises, for obtaining Pre-Evaluation information related with the proof data of target object from first network entity；Verify component, for extremely It is at least partly based on the request, the requesting node is verified at the second network entity；Send component, in response to success The requesting node is verified, re-encrypted key is sent to first network entity from the second network entity, wherein is described pre- to comment Estimate the proof data that information includes the re-encrypted of the target object associated with one or more time slots, and described pre- Assessment information be used to calculate the evidence assessment of the target object, and wherein, by using the re-encrypted key, until Partially according to the target pair collected from one or more evidence providers by first network entity at association time slot The encrypted proof data of elephant obtains the proof data of the re-encrypted of the target object at the association time slot.

In the exemplary embodiment, requesting node 630 may include：Send component, for by for target object The request of the related Pre-Evaluation information of proof data is sent to first network entity (such as first network entity 610)；Obtain structure Part is used in response to requesting node described in the good authentication at the second network entity (such as the second network entity 620), from first Network entity obtains the Pre-Evaluation information；And component is calculated, by being based at least partially on based on the Pre-Evaluation information comes Calculate the evidence assessment of the target object, wherein the Pre-Evaluation information includes associated with one or more time slots described The proof data of the re-encrypted of target object, and wherein, by using the re-encrypted key from the second network entity, Based in part on the target collected from one or more evidence providers in association time slot by first network entity The encrypted proof data of object obtains the evidence number of the re-encrypted of the target object at the association time slot According to.

Make when being executed by related DP assuming that at least one of PROG 610C, 620C and 630C include program instruction Obtaining device can operate as described above accoding to exemplary embodiment.That is, example embodiments of the present invention can be with At least partially through DP 610A of first network entity 610, the DP 620A and requesting node of the second network entity 620 The computer software or realized by hardware or by the combination of software and hardware that 630 DP 630A can perform.

MEM 610B, 620B and 630B can be suitble to any type of local technical environment and can be used arbitrarily suitably Data storage technology realize that such as the storage device based on semiconductor, flash memory, magnetic storage apparatus and system, optical storage set Standby and system, fixed memory and removable memories.As non-limiting example, DP 610A, 620A and 630A can be It is suitble to any type of local technical environment, and may include one of the following or multiple：All-purpose computer, special meter Calculation machine, microprocessor, digital signal processor (DSP) and the processor based on multi-core processor framework.

Generally speaking, various example embodiments can be real in hardware or special circuit, software, logic or its arbitrary combination It applies.For example, some aspects can be implemented within hardware, and other aspects can be can be by controller, microprocessor or other calculating Implement in software or firmware that equipment executes, although the invention is not limited thereto.Although exemplary embodiment of the present invention is each A aspect can be depicted and described as block diagram, flow chart or be indicated using some other drawing, however as non-limiting implementation Example, it is possible to understand that these frame block, device, system, technology or methods described herein can be in hardware, software, firmware, Special electrics Either implement in logic, common hardware or controller or other computing devices or its certain combination on road.

It should be understood that at least some aspects of exemplary embodiment of the present may be embodied in computer executable instructions In, such as in by one or more computers or one or more program modules of miscellaneous equipment execution.In general, program module Including routine, program, object, component, data structure etc., when being executed by the processor in computer or miscellaneous equipment, they Implement particular task or realizes specific abstract data type.Computer executable instructions are storable in computer-readable medium On, such as hard disk, CD, storage medium, solid-state memory and random access memory (RAM) can be loaded and unloaded etc..Such as this field skill As art personnel will recognize, the function of program module can be combined or be distributed in various embodiments like that as desired. In addition, the function can be entirely or partially embodied in firmware or hardware equivalents, such as integrated circuit, field-programmable Gate array (FPGA) etc..

Although specific embodiments of the present invention have been disclosed, it will be understood to those of skill in the art that not departing from this hair In the case of bright spirit and scope, specific embodiment can be changed.The scope of the present invention is not thereby limited to specifically Embodiment, and be intended to appended claims cover fall within the scope of the present invention arbitrary and all such application, modification and Embodiment.

Claims

1. a kind of method for evidence assessment comprising：

It will be sent to first network from requesting node for the request of Pre-Evaluation information related with the proof data of target object Entity；

It is successfully tested in response to being based at least partially at the second network entity from the request that first network entity receives The requesting node is demonstrate,proved, the Pre-Evaluation information is obtained from first network entity by the requesting node；And

It is based at least partially on the evidence assessment that the Pre-Evaluation information is calculated the target object by the requesting node, In, the Pre-Evaluation information includes the evidence number of the re-encrypted of the target object associated with one or more time slots According to, and

Wherein, first network entity is by using the re-encrypted key from the second network entity, based in part on by The encrypted evidence for the target object that first network entity is collected at association time slot from one or more evidence providers Data obtain the proof data of the re-encrypted of the target object at the association time slot.

2. according to the method described in claim 1, wherein, one or more of evidence providers include the requesting node.

3. according to the method described in claim 1, wherein, being associated at time slot from the institute of corresponding evidence provider collection described The encrypted proof data for stating target object includes：Adding from the second network entity, is used by the corresponding evidence provider The encrypted proof data for the target object that key obtains.

4. according to the method described in claim 1, wherein, homomorphic encryption scheme is based at least partially on, in first network entity The encryption for the target object that place's processing is collected at the association time slot from one or more of evidence providers Proof data.

5. according to the method described in claim 1, wherein, the re-encrypted of the target object at the association time slot Proof data include：The target pair at the association time slot obtained by using the public keys of the requesting node The encrypted proof data of elephant.

6. according to the method described in claim 1, wherein, the requesting node calculates the institute of the target object by following State evidence assessment：

By using the private cipher key of the requesting node, the proof data of the re-encrypted of the target object is decrypted； And

It is based at least partially on the decrypted result of the proof data of the re-encrypted of the target object, estimates the target The evidence of object is assessed.

7. according to the method described in claim 1, wherein, the mesh is calculated being based at least partially on the Pre-Evaluation information When marking the evidence assessment of object, the requesting node uses the local evidence of the target object at the requesting node Record.

8. according to the method described in claim 1, wherein, being obtained from first network entity by the requesting node and being directed to the pass The statistical information for joining time slot, the evidence for calculating the target object are assessed.

9. according to the method described in claim 8, wherein, the statistical information indicates the number of evidence provider, wherein by First network entity collects the encryption of the target object at the association time slot from the evidence provider of the number Proof data.

10. according to the method described in claim 1, wherein, the request for the Pre-Evaluation information includes for verifying The voucher of the requesting node.

11. a kind of device for evidence assessment comprising：

At least one processor；And

At least one processor including computer program code,

At least one processor and the computer program code are configured as making together at least one processor Obtain described device at least：

First network entity will be sent to for the request of Pre-Evaluation information related with the proof data of target object；

It is successfully tested in response to being based at least partially at the second network entity from the request that first network entity receives Described device is demonstrate,proved, the Pre-Evaluation information is obtained from first network entity；And

The Pre-Evaluation information is based at least partially on to calculate the evidence assessment of the target object, wherein the Pre-Evaluation Information includes the proof data of the re-encrypted of the target object associated with one or more time slots, and

12. according to the devices described in claim 11, wherein one or more of evidence providers include described device.

13. according to the devices described in claim 11, wherein collected from corresponding evidence provider at the association time slot The encrypted proof data of the target object includes：It is used from the second network entity by the corresponding evidence provider The encrypted proof data for the target object that encryption key obtains.

14. according to the devices described in claim 11, wherein homomorphic encryption scheme is based at least partially on, in first network reality Add described in the target object that processing is collected at the association time slot from one or more of evidence providers at body Close proof data.

15. according to the devices described in claim 11, wherein at the association time slot described in the target object again plus Close proof data includes：The target object at the association time slot obtained by using the public keys of described device Encrypted proof data.

16. according to the devices described in claim 11, wherein described device is calculated by following described in the target object Evidence is assessed：

By using the private cipher key of described device, the proof data of the re-encrypted of the target object is decrypted；And

17. according to the devices described in claim 11, wherein calculated being based at least partially on the Pre-Evaluation information described When the evidence assessment of target object, described device is recorded using the local evidence of the target object at described device.

18. according to the devices described in claim 11, wherein obtained from first network entity by described device and be directed to the association The statistical information of time slot, the evidence for calculating the target object are assessed.

19. device according to claim 18, wherein the statistical information indicates the number of evidence provider, wherein It is collected from the evidence provider of the number in the association time slot by first network entity and is added described in the target object Close proof data.

20. according to the devices described in claim 11, wherein the request for the Pre-Evaluation information includes for verifying The voucher of described device.

21. a kind of computer program product comprising carry the computer for being embodied in and wherein being used to be used together with computer The computer-readable medium of program code, the computer program code include：

For first will to be sent to from requesting node for the request of Pre-Evaluation information related with the proof data of target object The code of network entity；

For being asked in response to being based at least partially on received from first network entity described at the second network entity Work(verifies the requesting node, obtains the code of the Pre-Evaluation information from first network entity by the requesting node；And

The evidence that the target object is calculated for being based at least partially on the Pre-Evaluation information by the requesting node is commented The code estimated, wherein the Pre-Evaluation information includes adding again for the target object associated with one or more time slots Close proof data, and

22. computer program product according to claim 21, wherein it is based at least partially on homomorphic encryption scheme, The target pair that processing is collected at the association time slot from one or more of evidence providers at first network entity The encrypted proof data of elephant.

23. computer program product according to claim 21, wherein the target object at the association time slot The proof data of the re-encrypted includes：By using the public keys of the requesting node obtain in the association time slot Locate the encrypted proof data of the target object.

24. computer program product according to claim 21, wherein the requesting node is calculated described by following The evidence of target object is assessed：

25. a kind of device for evidence assessment comprising：

Send component, for the first net will to be sent to for the request of Pre-Evaluation information related with the proof data of target object Network entity；

Component is obtained, in response to being based at least partially at the second network entity from described in the reception of first network entity It asks and good authentication described device, the Pre-Evaluation information is obtained from first network entity；And

Component is calculated, the evidence assessment of the target object is calculated for being based at least partially on the Pre-Evaluation information, In, the Pre-Evaluation information includes the evidence number of the re-encrypted of the target object associated with one or more time slots According to, and

26. a kind of method for evidence assessment comprising：

By the encrypted proof data of first network entity assembles target object associated with one or more time slots；

In response to receiving the request for Pre-Evaluation information related with the proof data of the target object from requesting node, Second network entity is forwarded the request to by first network entity；

In response to requesting node described in the good authentication at the second network entity, connect from the second network entity by first network entity Receive re-encrypted key；And

The Pre-Evaluation information is sent to the requesting node by first network entity, the card for calculating the target object According to assessment, wherein the Pre-Evaluation information include the target object associated with one or more of time slots again Encrypted proof data, and

Wherein, first network entity is by using the re-encrypted key, based in part at association time slot from one The encrypted proof data for the target object that a or multiple evidence providers collect, obtains described at the association time slot The proof data of the re-encrypted of target object.

27. according to the method for claim 26, wherein one or more of evidence providers include the request section Point.

28. according to the method for claim 26, wherein collected from corresponding evidence provider at the association time slot The encrypted proof data of the target object includes：It is used from the second network entity by the corresponding evidence provider The encrypted proof data for the target object that encryption key obtains.

29. according to the method for claim 26, wherein homomorphic encryption scheme is based at least partially on, in first network reality Add described in the target object that processing is collected at the association time slot from one or more of evidence providers at body Close proof data.

30. according to the method for claim 26, wherein add again described in the target object at the association time slot Close proof data includes：The target at the association time slot obtained by using the public keys of the requesting node The encrypted proof data of object.

31. according to the method for claim 26, wherein real by first network for the statistical information of the association time slot Body monitors, and is provided to the requesting node and is assessed for calculating the evidence of the target object.

32. according to the method for claim 31, wherein the statistical information indicates the number of evidence provider, wherein It is collected from the evidence provider of the number in the association time slot by first network entity and is added described in the target object Close proof data.

33. according to the method for claim 26, wherein the request for the Pre-Evaluation information includes for verifying The voucher of the requesting node.

34. a kind of device for evidence assessment comprising：

At least one processor；And

At least one processor including computer program code,

Collect the encrypted proof data of target object associated with one or more time slots；

In response to receiving the request for Pre-Evaluation information related with the proof data of the target object from requesting node, Forward the request to another device；

In response to requesting node described in the good authentication at another device, it is close to receive re-encrypted from another device Key；And

The Pre-Evaluation information is sent to the requesting node, the evidence for calculating the target object is assessed, wherein institute The proof data that Pre-Evaluation information includes the re-encrypted of the target object associated with one or more of time slots is stated, And

Wherein, described device is by using the re-encrypted key, based in part at association time slot from one or The encrypted proof data for the target object that multiple evidence providers collect, obtains the target at the association time slot The proof data of the re-encrypted of object.

35. device according to claim 34, wherein one or more of evidence providers include the request section Point.

36. device according to claim 34, wherein collected from corresponding evidence provider at the association time slot The encrypted proof data of the target object includes：It is used from another device by the corresponding evidence provider The encrypted proof data for the target object that encryption key obtains.

37. device according to claim 34, wherein homomorphic encryption scheme is based at least partially on, at described device Handle the described encrypted of the target object collected from one or more of evidence providers at the association time slot Proof data.

38. device according to claim 34, wherein at the association time slot described in the target object again plus Close proof data includes：The target at the association time slot obtained by using the public keys of the requesting node The encrypted proof data of object.

39. device according to claim 34, wherein supervised by described device for the statistical information of the association time slot Depending on, and be provided to the requesting node and assessed for calculating the evidence of the target object.

40. device according to claim 39, wherein the statistical information indicates the number of evidence provider, wherein By described device the described encrypted of the target object is collected from the evidence provider of the number in the association time slot Proof data.

41. device according to claim 34, wherein the request for the Pre-Evaluation information includes for verifying The voucher of the requesting node.

42. a kind of computer program product comprising carry the computer for being embodied in and wherein being used to be used together with computer The computer-readable medium of program code, the computer program code include：

For the encrypted proof data by first network entity assembles target object associated with one or more time slots Code；

For in response to being received from requesting node for Pre-Evaluation information related with the proof data of the target object Request, the code of the second network entity is forwarded the request to by first network entity；

For in response to requesting node described in the good authentication at the second network entity, by first network entity from the second network reality Body receives the code of re-encrypted key；And

For the Pre-Evaluation information to be sent to the requesting node by first network entity to calculate the target object Evidence assessment code, wherein the Pre-Evaluation information includes the target associated with one or more of time slots The proof data of the re-encrypted of object, and

43. computer program product according to claim 42, wherein it is based at least partially on homomorphic encryption scheme, The target pair that processing is collected at the association time slot from one or more of evidence providers at first network entity The encrypted proof data of elephant.

44. computer program product according to claim 42, wherein the target object at the association time slot The proof data of the re-encrypted includes：By using the public keys of the requesting node obtain in the association time slot Locate the encrypted proof data of the target object.

45. computer program product according to claim 42, wherein for it is described association time slot statistical information by First network entity keeping track, and be provided to the requesting node and assessed for calculating the evidence of the target object.

46. a kind of device for evidence assessment comprising：

Component is collected, the encrypted proof data for collecting target object associated with one or more time slots；

Forwarding component, for pre- being commented for related with the proof data of the target object in response to being received from requesting node The request for estimating information forwards the request to another device；

Receiving member, in response to requesting node described in the good authentication at another device, being connect from another device Receive re-encrypted key；And

Send component, for the Pre-Evaluation information to be sent to the requesting node to calculate the evidence of the target object Assessment, wherein the Pre-Evaluation information includes adding again for the target object associated with one or more of time slots Close proof data, and

47. a kind of method for evidence assessment comprising：

The request for being forwarded to the second network entity from first network entity is received, wherein the request is initiated by requesting node, is used In obtaining related with the proof data of target object Pre-Evaluation information from first network entity；

It is based at least partially on the request, the requesting node is verified at the second network entity；And

In response to requesting node described in good authentication, re-encrypted key is sent to first network reality from the second network entity Body；

Wherein, the Pre-Evaluation information includes the card of the re-encrypted of the target object associated with one or more time slots According to data, and the Pre-Evaluation information be used to calculate the evidence assessment of the target object, and

Wherein, first network entity is by using the re-encrypted key, based in part at association time slot by the The encrypted proof data for the target object that one network entity is collected from one or more evidence providers, obtains described It is associated with the proof data of the re-encrypted of the target object at time slot.

48. according to the method for claim 47, wherein one or more of evidence providers include the request section Point.

49. according to the method for claim 47, wherein collected from corresponding evidence provider at the association time slot The encrypted proof data of the target object includes：It is used from the second network entity by the corresponding evidence provider The encrypted proof data for the target object that encryption key obtains.

50. according to the method for claim 49, wherein the encryption key includes the public keys of the second network entity.

51. according to the method for claim 47, wherein the request for the Pre-Evaluation information includes for verifying The voucher of the requesting node.

52. a kind of device for evidence assessment comprising：

At least one processor；And

At least one processor including computer program code,

Receive the request that described device is forwarded to from another device, wherein the request is initiated by requesting node, is used for from described Another device obtains Pre-Evaluation information related with the proof data of target object；

It is based at least partially on the request, the requesting node is verified at described device, and

In response to requesting node described in good authentication, re-encrypted key is sent to another device；

Wherein, another device is by using the re-encrypted key, based in part at association time slot by institute The encrypted proof data for stating the target object that another device is collected from one or more evidence providers, obtains described It is associated with the proof data of the re-encrypted of the target object at time slot.

53. device according to claim 52, wherein one or more of evidence providers include the request section Point.

54. device according to claim 52, wherein collected from corresponding evidence provider at the association time slot The encrypted proof data of the target object includes：Encryption from described device is used by the corresponding evidence provider The encrypted proof data for the target object that key obtains.

55. device according to claim 54, wherein the encryption key includes the public keys of described device.

56. device according to claim 52, wherein the request for the Pre-Evaluation information includes for verifying The voucher of the requesting node.

57. a kind of computer program product comprising carry the computer for being embodied in and wherein being used to be used together with computer The computer-readable medium of program code, the computer program code include：

Code for receiving the request for being forwarded to the second network entity from first network entity, wherein the request is saved by request Point is initiated, for obtaining Pre-Evaluation information related with the proof data of target object from first network entity；

For being based at least partially on the request, the code of the requesting node is verified at the second network entity；And

For in response to requesting node described in good authentication, re-encrypted key to be sent to first network from the second network entity The code of entity；

58. computer program product according to claim 57, wherein carried from corresponding evidence at the association time slot The encrypted proof data of the target object that supplier collects includes：It is used by the corresponding evidence provider and comes from second The encrypted proof data for the target object that the encryption key of network entity obtains.

59. computer program product according to claim 58, wherein the encryption key includes the second network entity Public keys.

60. a kind of device for evidence assessment comprising：

Receiving member, for receiving the request for being forwarded to described device from another device, wherein the request is sent out by requesting node It rises, for obtaining Pre-Evaluation information related with the proof data of target object from another device；

Verify component verifies the requesting node for being based at least partially on the request at described device；And

Send component, in response to requesting node described in good authentication, re-encrypted key to be sent to another device；