CN112804088B - Method, system and related product for internet node authentication based on neighbor credibility - Google Patents

Method, system and related product for internet node authentication based on neighbor credibility Download PDF

Info

Publication number
CN112804088B
CN112804088B CN202011630337.2A CN202011630337A CN112804088B CN 112804088 B CN112804088 B CN 112804088B CN 202011630337 A CN202011630337 A CN 202011630337A CN 112804088 B CN112804088 B CN 112804088B
Authority
CN
China
Prior art keywords
node
block chain
internet
neighbor
trust
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011630337.2A
Other languages
Chinese (zh)
Other versions
CN112804088A (en
Inventor
魏明
阮安邦
陈凯
陈旭明
翟东雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Octa Innovations Information Technology Co Ltd
Original Assignee
Beijing Octa Innovations Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Octa Innovations Information Technology Co Ltd filed Critical Beijing Octa Innovations Information Technology Co Ltd
Priority to CN202011630337.2A priority Critical patent/CN112804088B/en
Publication of CN112804088A publication Critical patent/CN112804088A/en
Application granted granted Critical
Publication of CN112804088B publication Critical patent/CN112804088B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method, a device and a related product for internet node authentication based on neighbor credibility, wherein the method comprises the following steps: determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node; and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node. By the authentication method, the reliability of the authentication result of authentication between the internet nodes is effectively improved.

Description

Method, system and related product for authenticating internet node based on neighbor credibility
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an apparatus for performing internet node authentication based on neighbor credibility, and a related product.
Background
The blockchain system (essentially a big data system) is an integrated application mode of technologies such as a distributed data storage system, point-to-point transmission, a consensus mechanism and an encryption algorithm, and can realize trust and value transfer which cannot be realized by the traditional internet on the internet. The blockchain system comprises a plurality of blockchain nodes, and because the blockchain system is a decentralized system, if the normal and safe operation of the blockchain system is ensured, the blockchain nodes (essentially internet nodes) must be authenticated, and the blockchain nodes can participate in the operation only if the state of the blockchain nodes passes the authentication, but in the prior art, the authentication between the blockchain nodes is low in efficiency and poor in reliability.
Disclosure of Invention
Based on the above problems, embodiments of the present application provide a method, an apparatus, and a related product for performing internet node authentication based on neighbor credibility.
In a first aspect, an embodiment of the present application provides a method for performing internet node authentication based on neighbor trust, including:
determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node;
and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
Optionally, in an embodiment of the present application, the internet system is a blockchain system, the first internet node is a first blockchain node, and the second internet node is a second blockchain node.
Optionally, in an embodiment of the present application, a first part of trust credentials is set on the first blockchain node, and a first neighbor trust credential is recorded in the first part of trust credentials; a second part of trust certification is set on the second block chain node, and a second neighbor trust certification is recorded in the second part of trust certification;
correspondingly, the mutually authenticating the first internet node and the second internet node according to the first neighbor reliability certificate in the first internet node and the second neighbor reliability certificate of the second internet node comprises:
analyzing a first part of trust certification on the link point of the first block to obtain a first neighbor trust certification;
analyzing a second part of trust certification on the link point of the second block to obtain a second neighbor trust certification;
and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
Optionally, in an embodiment of the present application, the first block link node and the second block link node are directly adjacent or indirectly adjacent; if the first block chain node and the second block chain link point are indirectly adjacent, the first part of trust certification of the first block chain node is obtained by aggregating the trust certification of the block chain link points directly adjacent to the first block chain node, and the second part of trust certification of the second block chain node is obtained by aggregating the trust certification of the block chain link points directly adjacent to the second block chain node.
In a second aspect, based on the method for performing internet node authentication based on neighbor reliability of the first aspect of the present application, an embodiment of the present application further provides an apparatus for performing internet node authentication based on neighbor reliability, including:
the device comprises a connection establishing unit, a judging unit and a judging unit, wherein the connection establishing unit is used for determining a first internet node and a second internet node which are communicated in an internet system and establishing authentication connection between the first internet node and the second internet node;
and the authentication unit is used for authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
Optionally, in an embodiment of the present application, the internet system is a blockchain system, the first internet node is a first blockchain node, and the second internet node is a second blockchain node.
Optionally, in an embodiment of the present application, a first partial trust certificate is set on the first blockchain node, and a first neighbor trust certificate is recorded in the first partial trust certificate; a second part of trust proof is set on the second block chain node, and a second neighbor trust proof is recorded in the second part of trust proof;
correspondingly, the authentication unit comprises:
the first analysis module is used for analyzing a first part of trust certificates on the link points of the first block to obtain a first neighbor trust degree certificate;
the second analysis module is used for analyzing a second part of trust certificates on the link points of the second block to obtain a second neighbor trust degree certificate;
and the authentication module is used for mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
An embodiment of the present application further provides a block chain system, including: a plurality of block chain nodes, be provided with on every block chain node and carry out the device of internet node authentication based on neighbor credibility, this device of internet node authentication based on neighbor credibility includes:
the system comprises a connection establishing unit, a judging unit and a judging unit, wherein the connection establishing unit is used for determining a first internet node and a second internet node which are communicated in an internet system and establishing authentication connection between the first internet node and the second internet node;
and the authentication unit is used for authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
An embodiment of the present application further provides an electronic device, including: a memory having computer-executable instructions stored thereon and a processor for executing the computer-executable instructions to perform the steps of:
determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node;
and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
An embodiment of the present application further provides a computer storage medium, where computer-executable instructions are stored on the computer storage medium, and when executed, the computer-executable instructions implement the following steps:
determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node;
and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
The application discloses a method, a device and a related product for carrying out internet node authentication based on neighbor credibility, wherein the method comprises the following steps: determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node; and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node. By the authentication method, the reliability of authentication between the block link points is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a flowchart of a method for performing internet node authentication based on neighbor credibility according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an apparatus for performing internet node authentication based on neighbor credibility according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a block chain system according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
It is not necessary for any particular embodiment of the invention to achieve all of the above advantages at the same time.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The first embodiment,
The present embodiment discloses a method for performing internet node authentication based on neighbor reliability, as shown in fig. 1, fig. 1 is a flowchart of a method for performing internet node authentication based on neighbor reliability provided in the present embodiment, where the method for performing internet node authentication based on neighbor reliability includes:
s101, determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node;
s102, according to the first neighbor credibility certification of the first internet node and the second neighbor credibility certification of the second internet node, mutual authentication is conducted between the first internet node and the second internet node.
Optionally, in this embodiment, the internet system may be a big data system, and the internet system is composed of a plurality of internet nodes. For example, the internet system is a blockchain system, and the internet nodes therein are blockchain nodes. Specifically, the block chain system is, for example, a federation chain, a private chain, or a public chain; alternatively, in this embodiment, the block chain link points may be block chain light nodes and block chain full nodes. The block chain whole node is a node which possesses all transaction data of the whole network, and the block chain light node is a node which only possesses the transaction data related to the light node.
It should be noted that, in this embodiment, when a plurality of block chain nodes form a block chain system, the authentication system may be deployed only on the block chain node, where the authentication system includes an authentication kernel, and the first authentication system on the first internet node and the second authentication system on the internet node respectively authenticate each other between the first internet node and the second internet node according to a first neighbor reliability certificate in the first internet node and a second neighbor reliability certificate of the second internet node.
Here, it should be noted that, for the private chain, since the number of blockchain nodes is relatively small, for this reason, in order to ensure the safe operation of the blockchain system, the above authentication system may be deployed on all blockchain nodes. For another example, for a federation chain, the above-described authentication system may be deployed on all blockchain nodes with reference to a private chain. For example, for a private chain, since the number of blockchain nodes is relatively large, to ensure safe operation of the blockchain system, the authentication system may be deployed at some blockchain link points, for example, the authentication system is deployed at all the blockchain nodes, and the authentication system is deployed at some blockchain light nodes; alternatively, the authentication system is deployed on a small number of blockchain full nodes, and the authentication system is deployed on all blockchain light nodes. For this reason, the solution of this embodiment is only for the blockchain node where the authentication system is deployed.
Optionally, in an implementation manner of this embodiment, the internet system is a blockchain system, the first internet node is a first blockchain node, and the second internet node is a second blockchain node.
Optionally, in an implementation manner of this embodiment, a first part of trust proofs is set on a first block chain node, a first neighbor trust degree proof is recorded in the first part of trust proofs, a second part of trust proofs is set on a second block chain node, and a second neighbor trust degree proof is recorded in the second part of trust proofs;
correspondingly, according to the first neighbor credibility certification of the first internet node and the second neighbor credibility certification of the second internet node, the mutual authentication between the first internet node and the second internet node comprises the following steps:
analyzing a first part of trust certificates on the chain link points of the first block to obtain a first neighbor trust certificate;
analyzing a second part of trust certification on the link point of the second block to obtain a second neighbor trust certification;
and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
In this embodiment, the execution subject of the above steps may be an authentication kernel in an authentication system.
Specifically, because the relationship between block chain nodes in the blockchain system is complicated, for example, for a specific block chain node, there may be several block chain nodes having a neighbor relationship with the block chain node, for this purpose, for each pair of neighboring relationships, a partial trust certificate is set, and for facilitating management of multiple partial trust certificates, for each partial trust certificate, an authentication entry is set. Specifically, in this embodiment, the first partial trust certificate may be recorded in the first authentication entry, and the first partial trust certificate may be recorded in the second authentication entry.
Optionally, in an implementation manner of this embodiment, the first block link node and the second block link node are directly adjacent or indirectly adjacent; if the first block chain node and the second block chain link point are indirectly adjacent, the first part of trust certificate of the first block chain node is obtained by aggregating the trust certificates of the block chain link points directly adjacent to the first block chain node, and the second part of trust certificate of the second block chain node is obtained by aggregating the trust certificates of the block chain link points directly adjacent to the second block chain node.
In this embodiment, in order to comprehensively evaluate trust of a certain block chain node in a block chain system, it is considered that, for a block chain link point adjacent to a certain block chain link point, not only directly adjacent but also indirectly adjacent, for this reason, when aggregation is performed, a part of trust certificates of the block chain link point indirectly adjacent to the certain block chain link point are aggregated to the block chain node directly adjacent to the certain block chain link point on the basis of the directly adjacent block chain link point, so that trust transfer is realized, and when the trust transfer idea is applied to a first block chain node and a second block chain node which are in communication, trust evaluation is performed between the two block chain nodes. Here, the more adjacent block chain nodes, the more accurate the confidence evaluation is.
Optionally, in an implementation manner of this embodiment, a first belief propagation module is arranged on a first block chain node, a first part of belief proofs are obtained by aggregating the belief proofs of block link points directly adjacent to the first part of belief proofs based on the first belief propagation module, a second belief propagation module is arranged on a second block chain node, and a second part of belief proofs are obtained by aggregating the belief proofs of block link points directly adjacent to the second part of belief propagation module based on the second belief propagation module.
In this embodiment, for each block link point in the block chain system, a belief propagation module is deployed, and when two block chain nodes communicate with each other, one of the two block chain nodes is a first block chain node, and the other is a second block chain node, the first belief propagation module and the second belief propagation module that are respectively set on the two block chain nodes are used to respectively aggregate the first part of belief proofs to the belief proofs of the block link points directly adjacent to the first part of belief proofs, and the second part of belief proofs are obtained by aggregating the belief proofs of the block link points directly adjacent to the second part of belief proofs, so that the rapid aggregation of the belief proofs is realized, which is essentially equivalent to the realization of the decentralized belief aggregation, and thereby the decentralization of belief is ensured.
Optionally, in an implementation manner of this embodiment, according to a first neighbor reliability certificate in a first internet node and a second neighbor reliability certificate of a second internet node, performing mutual authentication between the first internet node and the second internet node includes:
and the first internet node and the second internet node are mutually authenticated according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node on the basis of the first authentication kernel and the second authentication kernel of the first internet node and the second internet node respectively.
In this embodiment, for each block chain link point in the block chain system, a trust propagation module is deployed, when two block chain nodes communicate, one of the two block chain nodes is a first block chain node, and the other is a second block chain node, authentication kernels respectively arranged on the first block chain node and the second block chain node are a first authentication kernel and a second authentication kernel, and the first authentication kernel and the second authentication kernel respectively record a first neighbor reliability certificate in the first block chain node and a second neighbor reliability certificate in the second block chain node, so that when mutual authentication is performed between the first internet node and the second internet node, the first authentication kernel and the second authentication kernel can execute, thereby ensuring the security of the authentication process and the reliability of the authentication result.
Optionally, in an implementation manner of this embodiment, determining a first internet node and a second internet node that communicate in an internet system includes: whether communication is carried out between the first internet node and the second internet node is monitored through a first monitoring module and a second monitoring module which are respectively arranged on the first internet node and the second internet node.
Optionally, in an implementation manner of this embodiment, monitoring, by a first monitoring module and a second monitoring module respectively disposed on a first internet node and a second internet node, whether to perform communication between the first internet node and the second internet node includes: the first monitoring module and the second monitoring module which are respectively arranged on the first internet node and the second internet node are used for monitoring network flow generated by the first internet node and the second internet node so as to monitor whether communication is carried out between the first internet node and the second internet node.
Optionally, in this embodiment, by monitoring the network traffic, it may be quickly monitored whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or is performed between the two blockchain nodes.
Optionally, in an implementation manner of this embodiment, monitoring network traffic generated by the first internet node and the second internet node through the first monitoring module and the second monitoring module respectively disposed on the first internet node and the second internet node includes: the network flow generated by the first internet node and the second internet node is monitored in a flow interception mode through a first monitoring module and a second monitoring module which are respectively arranged on the first internet node and the second internet node.
Optionally, in this embodiment, by intercepting the network traffic, it may be quickly monitored whether communication is performed between the two blockchain nodes, that is, whether data interaction is about to occur or is being performed between the two blockchain nodes.
The application discloses a method for performing internet node authentication based on neighbor credibility, which comprises the following steps: determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node; and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node. By the authentication method, the reliability of authentication among the internet nodes is effectively improved.
Example II,
Based on the method for performing internet node authentication based on neighbor reliability according to the first embodiment of the present application, an embodiment of the present application further provides a device for performing internet node authentication based on neighbor reliability, as shown in fig. 2, fig. 2 is a schematic structural diagram of the device 20 for performing internet node authentication based on neighbor reliability according to the embodiment of the present application, where the device 20 for performing internet node authentication based on neighbor reliability includes:
a connection establishing unit 201, configured to determine a first internet node and a second internet node that perform communication in an internet system, and establish an authentication connection between the first internet node and the second internet node;
the authentication unit 202 is configured to authenticate the first internet node and the second internet node with each other according to the first neighbor reliability certificate in the first internet node and the second neighbor reliability certificate of the second internet node.
Optionally, in an implementation manner of this embodiment, the internet system is a blockchain system, the first internet node is a first blockchain node, and the second internet node is a second blockchain node.
Optionally, in an implementation manner of this embodiment, a first part of trust credentials is set on a first block chain node, and a first neighbor trust level credential is recorded in the first part of trust credentials; a second part of trust proof is set on the second block chain node, and a second neighbor trust proof is recorded in the second part of trust proof;
correspondingly, the authentication unit 201 includes:
the first analysis module is used for analyzing the first part of trust certificates on the chain link points of the first block to obtain a first neighbor trust degree certificate;
the second analysis module is used for analyzing a second part of trust certificates on the link points of the second block to obtain a second neighbor trust degree certificate;
and the authentication module is used for mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
Specifically, because the relationship between block chain nodes in the blockchain system is complicated, for example, for a specific block chain node, there may be several block chain nodes having a neighbor relationship with the block chain node, for this purpose, for each pair of neighboring relationships, a partial trust certificate is set, and for facilitating management of multiple partial trust certificates, for each partial trust certificate, an authentication entry is set. Specifically, in this embodiment, the first partial trust certificate may be recorded in the first authentication entry, and the first partial trust certificate may be recorded in the second authentication entry.
Optionally, in an implementation manner of this embodiment, the first block link node and the second block link node are directly adjacent or indirectly adjacent; if the first block chain node and the second block chain link point are indirectly adjacent, the first part of trust certificate of the first block chain node is obtained by aggregating the trust certificates of the block chain link points directly adjacent to the first block chain node, and the second part of trust certificate of the second block chain node is obtained by aggregating the trust certificates of the block chain link points directly adjacent to the second block chain node.
In this embodiment, in order to comprehensively evaluate trust of a certain block chain node in a block chain system, it is considered that, for a block chain link point adjacent to a certain block chain link point, not only directly adjacent but also indirectly adjacent, for this reason, when aggregation is performed, a part of trust certificates of the block chain link point indirectly adjacent to the certain block chain link point are aggregated to the block chain node directly adjacent to the certain block chain link point on the basis of the directly adjacent block chain link point, so that trust transfer is realized, and when the trust transfer idea is applied to a first block chain node and a second block chain node which are in communication, trust evaluation is performed between the two block chain nodes. Here, the more adjacent block chain nodes, the more accurate the confidence assessment is.
Optionally, in an implementation manner of this embodiment, a first belief propagation module is disposed on a first block chain node, a first part of belief proofs are obtained by aggregating the belief proofs of the block link points directly adjacent to the first part of belief proofs based on the first belief propagation module, a second belief propagation module is disposed on a second block chain node, and a second part of belief proofs are obtained by aggregating the belief proofs of the block link points directly adjacent to the second part of belief proofs based on the second belief propagation module.
In this embodiment, for each block link point in the block chain system, a trust propagation module is deployed, and when two block chain nodes communicate with each other, one of the two block chain nodes is a first block chain node, and the other one is a second block chain node, the first trust propagation module and the second trust propagation module that are respectively set on the two block chain nodes respectively enable the first part of trust certificates to be obtained by aggregating the trust certificates of the block link points directly adjacent to the first part of trust certificates, and enable the second part of trust certificates to be obtained by aggregating the trust certificates of the block link points directly adjacent to the second part of trust certificates, thereby achieving fast aggregation of the trust certificates, which is essentially equivalent to achieving decentralized trust aggregation, and ensuring decentralized trust.
Optionally, in an implementation of this embodiment, the authenticating unit 202 is further configured to: and the first internet node and the second internet node are mutually authenticated according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node based on the first authentication kernel and the second authentication kernel of the first internet node and the second internet node respectively.
In the embodiment, for each block chain node in the block chain system, a trust propagation module is deployed, when two block chain nodes are in communication, one of the two block chain nodes is a first block chain node, the other one of the two block chain nodes is a second block chain node, authentication kernels respectively arranged on the first block chain node and the second block chain node are a first authentication kernel and a second authentication kernel, and the first authentication kernel and the second authentication kernel respectively record a first neighbor credibility certificate in the first block chain node and a second neighbor credibility certificate in the second block chain node, so that the first authentication kernel and the second authentication kernel can execute the mutual authentication between the first internet node and the second internet node, thereby ensuring the safety of the authentication process and the reliability of the authentication result.
Optionally, in an implementation manner of this embodiment, the apparatus for performing internet node authentication based on neighbor trust further includes: and the communication monitoring enabling unit is used for enabling the first monitoring module and the second monitoring module which are respectively arranged on the first internet node and the second internet node to monitor whether communication is carried out between the first internet node and the second internet node.
Optionally, in an implementation manner of this embodiment, the communication monitoring enabling unit is further configured to monitor network traffic generated by the first internet node and the second internet node by enabling a first monitoring module and a second monitoring module respectively disposed on the first internet node and the second internet node, so as to monitor whether communication is performed between the first internet node and the second internet node.
In this embodiment, by monitoring the network traffic, whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or is being performed between the two blockchain nodes, may be quickly monitored.
Optionally, in an implementation manner of this embodiment, the communication enabling unit further monitors network traffic generated by the first internet node and the second internet node in a traffic interception manner through a first monitoring module and a second monitoring module respectively disposed on the first internet node and the second internet node.
In this embodiment, by means of intercepting network traffic, it may be quickly monitored whether communication is performed between two blockchain nodes, that is, whether data interaction is about to occur or is being performed between the two blockchain nodes.
The embodiment provides a device for performing internet node authentication based on neighbor credibility. The method comprises the following steps: the device comprises a connection establishing unit, a judging unit and a judging unit, wherein the connection establishing unit is used for determining a first internet node and a second internet node which are communicated in an internet system and establishing authentication connection between the first internet node and the second internet node; the authentication unit is used for authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
Example III,
As shown in fig. 3, fig. 3 is a schematic structural diagram of a blockchain system provided in the embodiment of the present application, where the blockchain system includes: a plurality of block chain nodes are provided with the device that carries out internet node authentication based on neighbor credibility on every block chain node, include:
the connection establishing unit is used for determining a first internet node and a second internet node which are communicated in the internet system and establishing authentication connection between the first internet node and the second internet node;
and the authentication unit is used for authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
The present application further provides an electronic device, as shown in fig. 4, fig. 4 is a schematic diagram of a hardware structure of the electronic device provided in the embodiment of the present application, where the hardware structure of the electronic device may include: a processor 401, a communication interface 402, a computer-readable medium 403, and a communication bus 404;
the processor 401, the communication interface 402, and the computer-readable medium 403 are configured to communicate with each other via a communication bus 404;
optionally, the communication interface 402 may be an interface of a communication module, such as an interface of a GSM module;
the processor 401 may be specifically configured to run the executable program stored in the memory, so as to execute all or part of the method of any one of the method embodiments described above.
Processor 401 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The present application further provides a computer storage medium having computer-executable instructions stored thereon that, when executed, perform the steps of:
determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node;
and mutually authenticating the first internet node and the second internet node according to the first neighbor credibility certificate in the first internet node and the second neighbor credibility certificate of the second internet node.
The electronic device of the embodiments of the present application exists in various forms, including but not limited to:
(1) Mobile communication devices, which are characterized by mobile communication functions and are primarily targeted at providing voice and data communications. Such terminals include smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) The ultra-mobile personal computer equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include PDA, MID, and UMPC devices, such as ipads.
(3) Portable entertainment devices such devices may display and play multimedia content. Such devices include audio and video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) The server is similar to a general computer framework, but provides high-reliability service, so that the requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like are high.
(5) And other electronic devices with data interaction functions.
It should be noted that, in the present specification, all the embodiments are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are merely illustrative, and the modules described as separate components may or may not be physically separate, and the components suggested as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement without inventive effort.
The above is only one embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (5)

1. A method for performing internet node authentication based on neighbor credibility is characterized by comprising the following steps:
determining a first internet node and a second internet node which are communicated in an internet system, and establishing an authentication connection between the first internet node and the second internet node;
according to the first neighbor credibility certification of the first internet node and the second neighbor credibility certification of the second internet node, the first internet node and the second internet node are mutually authenticated;
the internet system is a blockchain system, the first internet node is a first blockchain node, the second internet node is a second blockchain node, a first part of trust certificate is arranged on the first blockchain node, and a first neighbor trust certificate is recorded in the first part of trust certificate; a second part of trust proof is set on the second block chain node, and a second neighbor trust proof is recorded in the second part of trust proof;
correspondingly, the mutually authenticating the first internet node and the second internet node according to the first neighbor reliability certificate in the first internet node and the second neighbor reliability certificate of the second internet node comprises: analyzing a first part of trust certification on the chain link point of the first block to obtain a first neighbor trust certification; analyzing a second part of trust certification on the link point of the second block to obtain a second neighbor trust certification; according to a first neighbor credibility certificate in the first block chain node and a second neighbor credibility certificate of the second block chain node, the first block chain link point and the second block chain link point are mutually authenticated;
the first block chain node and the second block chain link node are directly adjacent or indirectly adjacent; if the first block chain node and the second block chain link point are indirectly adjacent, the first part of trust certification of the first block chain node is obtained by aggregating the trust certification of the block chain link points directly adjacent to the first block chain node, and the second part of trust certification of the second block chain node is obtained by aggregating the trust certification of the block chain link points directly adjacent to the second block chain node.
2. An apparatus for performing internet node authentication based on neighbor trust, comprising:
the system comprises a connection establishing unit, a judging unit and a judging unit, wherein the connection establishing unit is used for determining a first internet node and a second internet node which are communicated in an internet system and establishing authentication connection between the first internet node and the second internet node;
the authentication unit is used for authenticating the first internet node and the second internet node according to a first neighbor credibility certificate in the first internet node and a second neighbor credibility certificate of the second internet node;
the internet system is a block chain system, the first internet node is a first block chain node, the second internet node is a second block chain node, a first part of trust certificate is arranged on the first block chain node, and a first neighbor trust certificate is recorded in the first part of trust certificate; a second part of trust certification is set on the second block chain node, and a second neighbor trust certification is recorded in the second part of trust certification;
correspondingly, the authentication unit comprises: the first analysis module is used for analyzing a first part of trust certificates on the link points of the first block to obtain a first neighbor trust degree certificate; the second analysis module is used for analyzing a second part of trust certificates on the link points of the second block to obtain a second neighbor trust degree certificate; the authentication module is used for authenticating the first block chain link point and the second block chain link point according to a first neighbor credibility certificate in the first block chain node and a second neighbor credibility certificate of the second block chain node;
the first block chain node and the second block chain link node are directly adjacent or indirectly adjacent; if the first block chain node and the second block chain link point are indirectly adjacent, the first part of trust certification of the first block chain node is obtained by aggregating the trust certification of the block chain link points directly adjacent to the first block chain node, and the second part of trust certification of the second block chain node is obtained by aggregating the trust certification of the block chain link points directly adjacent to the second block chain node.
3. A blockchain system, comprising: the method comprises the steps that a plurality of block chain nodes are provided, each block chain node is provided with a device for performing internet node authentication based on neighbor credibility, and the device for performing internet node authentication based on neighbor credibility is the device for performing internet node authentication based on neighbor credibility as claimed in claim 2.
4. An electronic device, comprising: a memory having stored thereon computer-executable instructions for executing the computer-executable instructions to perform a method for internet node authentication based on neighbor trustworthiness as recited in claim 1.
5. A computer storage medium having computer-executable instructions stored thereon that, when executed, perform a method for internet node authentication based on neighbor trust as recited in claim 1.
CN202011630337.2A 2020-12-30 2020-12-30 Method, system and related product for internet node authentication based on neighbor credibility Active CN112804088B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011630337.2A CN112804088B (en) 2020-12-30 2020-12-30 Method, system and related product for internet node authentication based on neighbor credibility

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011630337.2A CN112804088B (en) 2020-12-30 2020-12-30 Method, system and related product for internet node authentication based on neighbor credibility

Publications (2)

Publication Number Publication Date
CN112804088A CN112804088A (en) 2021-05-14
CN112804088B true CN112804088B (en) 2022-11-08

Family

ID=75808153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011630337.2A Active CN112804088B (en) 2020-12-30 2020-12-30 Method, system and related product for internet node authentication based on neighbor credibility

Country Status (1)

Country Link
CN (1) CN112804088B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102572823A (en) * 2010-12-16 2012-07-11 中国科学技术大学 Wireless network node adding control method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11196634B2 (en) * 2019-04-05 2021-12-07 Cisco Technology, Inc. Establishing trust relationships of IPv6 neighbors using attestation-based methods in IPv6 neighbor discovery
WO2020206370A1 (en) * 2019-04-05 2020-10-08 Cisco Technology, Inc. Discovering trustworthy devices using attestation and mutual attestation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102572823A (en) * 2010-12-16 2012-07-11 中国科学技术大学 Wireless network node adding control method and system

Also Published As

Publication number Publication date
CN112804088A (en) 2021-05-14

Similar Documents

Publication Publication Date Title
CN110336774B (en) Mixed encryption and decryption method, equipment and system
KR101421329B1 (en) A method for authenticating a trusted platform based on the tri-element peer authentication(tepa)
US20170353435A1 (en) Root of trust of geolocation
CN110874494B (en) Method, device and system for processing password operation and method for constructing measurement trust chain
CN109861828B (en) Node access and node authentication method based on edge calculation
TW202046143A (en) Data storage method, apparatus and device
CN107925663A (en) The technology with threat analysis is proved for anonymous context
CN112202765B (en) Block chain common identification block method, block chain system, electronic device and storage medium
CN112804088B (en) Method, system and related product for internet node authentication based on neighbor credibility
CN112541759A (en) Hidden transaction method and device based on UTXO model in block chain system and related products
Sumra et al. Forming vehicular web of trust in VANET
CN112688960B (en) Method, system and related product for calculating connection strength in internet node authentication
CN112804305B (en) Credible networking method and system of internet node and related product
CN112866343B (en) Trust propagation method and system in internet node and related products
CN112202875B (en) Method and device for safety detection based on block chain node weight and related products
CN111600717B (en) SM 2-based decryption method, system, electronic equipment and storage medium
CN115150086A (en) Identity authentication method and equipment of public key based on biological characteristics of cloud service
CN112788121B (en) Method and system for calculating global reputation value in internet node and related product
CN112580009A (en) Method and device for authenticating user identity in big data system and related products
CN112613050A (en) Data access method and device based on big data system and related products
CN112131602A (en) Method and device for quickly expanding trust relationship between nodes based on trusted computing and related products
CN112565303B (en) Method and device for performing authentication connection between block chain nodes and related product
CN117749528B (en) Terminal equipment communication method, device and system based on TCM
CN112165399B (en) Method and device for processing block link point faults based on credible root metrics and related products
CN111600704B (en) SM 2-based key exchange method, system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant