| 摘要 |
A method and system of providing trustworthiness of communication among a plurality of communication nodes is described. This comprises arranging each of said communication nodes to perform a trustworthiness judging operation on received data elements for judging a received packet to be trustworthy or not, grouping said plurality of communication nodes into a plurality of distinguishable clusters, each cluster comprising at least two of said communication nodes, implementing in each respective cluster an intro-cluster trust mechanism such that trustworthiness of data elements sent by any member node of said respective cluster is judgable within said respective cluster, arranging said clusters such that each of said clusters comprises one or more multi-cluster-member nodes that belong to at least two different of said clusters, and muting inter-cluster traffic through said multi-cluster-member nodes. |
| 主权项 |
1. A method of providing trustworthiness of communication among a plurality of communication nodes configured for transmitting, receiving, and processing data packets that conform to a given protocol, wherein said communication nodes are grouped into a plurality of distinguishable clusters, each cluster comprising at least two of said communication nodes, and at least one cluster comprising at least three of said communication nodes, said method comprising:
at each of said communication nodes, performing a trustworthiness judging operation on received data packets for judging a received data packet to be trustworthy or not, implementing in each respective cluster an intra-cluster trust mechanism such that trustworthiness of data packets that are sent by any member node of said respective cluster and that are sent in conformance with the intra-cluster trust mechanism implemented in said respective cluster is judgable within said respective cluster, wherein each member node of said respective cluster is configured to send data packets in conformance with the intra-cluster trust mechanism implemented in said respective cluster, wherein the intra-cluster trust mechanism implemented in any given cluster comprises a key or key pair that is used to encrypt and decrypt a data packet sent within the given cluster, wherein the data packet is judged as trustworthy or not based on whether a result of decrypting the data packet is verified or not, and wherein a source indicator of the data packet is replaced with a source indicator of a communication node that encrypts the data packet; routing inter-cluster traffic through at least one of a plurality of multi-cluster-member nodes, wherein each of said clusters comprises one or more multi-cluster-member nodes that belong to at least two different of said clusters, and at each of said multi-cluster-member nodes, selecting to act in the capacity of different clusters when sending different data packets to those different clusters, by sending the different data packets in conformance with the different intra-cluster trust mechanisms respectively implemented by the different clusters, wherein each of said multi-cluster member nodes is configured to receive a data packet from a source cluster and to send the data packet to a destination cluster by decrypting the data packet with the key or key pair implemented in the source cluster and encrypting the data packet with the key or key pair implemented in the destination cluster; wherein one or more said communication nodes belong to a virtual network and are hosted by an untrusted physical network node that also hosts a communication node belonging to a different virtual network such that the untrusted physical network node is shared by multiple different virtual network operators. |
