Credential protection handling method facing service

Abstract

The invention discloses a protective treatment method for trust certificate faced service. Wherein, the user terminal builds a security communication channel with network server and uploads agent certificate and cipher and security parameter all generated by it self; the server generates and enciphers agent trust certificate to preserve with security parameter; the terminal visits the certificate library and provides cipher; the server checks and validates the cipher, if pass, generates a new agent trust certificate to send to terminal. This invention fuses trust certificate into WSRF frame, and enhances flexibility for protection.

Description

technical field [0001] The invention relates to a service-oriented trust certificate protection processing method, in particular to a method for realizing service-oriented trust certificate protection processing through proxy trust certificates in a grid environment, and a method for uploading trust certificates in a grid environment A method for attesting to the implementation of service-oriented credential-protected processing. Background technique [0002] Since the grid computing (Grid Computing) technology realizes resource sharing and collaborative work in a wide-area network environment, with the increasing development of the Internet, the grid computing technology is also increasingly widely used. [0003] The core content of grid computing is to regard the virtual resource processing grid (Virtual Organization (VO) for short) as infrastructure (Infrastructure) such as computer terminals, and create and maintain it. Since resource sharing is cross-organizational, th...

AI Technical Summary

Problems solved by technology

On the one hand, when other systems comply with the WSRF specification, the protection of the trust certificate adopts the C / S mode, which brings unnecessary difficulties for other systems to manage the trust certificate; on the other hand, due to the new technology They are all service-oriented, and the trust certificate protection still insists on using the C / S mode, so it is inconvenient to adopt new technologies in the system that realizes the trust certificate protection, such as secure communication technology; more importantly, since the C / S mode, Server Proxy for new certificates, when there is a large amount of visits, bottlenecks are prone to occur;

[0017] 2. The secure communication mechanism of the MyProxy system is not flexible

In the MyProxy system, the secure communication between the client and the server is realized through the Secure Socket Layer (Secure socket layer, SSL for short) protocol, which is not configurable, difficult to expand and compatible

This is because secure communication is a basic function, and many existing control systems have secure communication mechanisms that provide corresponding functions. If only to increase the protection and management functions of trust certificates, a SSL secure communication has to be introduced. Mechanism is not conducive to the integration of the system, and it is a kind of duplication; moreover, if some control systems have high requirements for secure communication, such as the resource sharing system of the security department, or special mechanisms must be adopted, such as requiring the use of For a control system that combines multiple security technologies, it is difficult to realize the protection of the trust certificate through the MyProxy system

[0018] 3. The protection of the certificate of trust is too simple

[0019] To sum up, in the existing technical solutions, there is no flexible and service-oriented method for realizing trust certificate protection processing in the grid environment.

Images