U.S. patent application number 13/619934 was filed with the patent office on 2013-01-24 for network reputation system and its controlling method thereof.
This patent application is currently assigned to Industrial Technology Research Institute. The applicant listed for this patent is Shih-Ying Chang, Shin-Yan Chiou, Ghita Mezzour, Adrian Perrig, Hung-Min Sun. Invention is credited to Shih-Ying Chang, Shin-Yan Chiou, Ghita Mezzour, Adrian Perrig, Hung-Min Sun.
Application Number | 20130024693 13/619934 |
Document ID | / |
Family ID | 42541364 |
Filed Date | 2013-01-24 |
United States Patent
Application |
20130024693 |
Kind Code |
A1 |
Chiou; Shin-Yan ; et
al. |
January 24, 2013 |
Network Reputation System And Its Controlling Method Thereof
Abstract
A network reputation system and its controlling method are
provided. A credential and exchange component permits a user to
generate credentials and exchange matching items with those persons
having a social relationship with the user. A reputation evaluation
component enables other users to make evaluations about an
estimatee via the sharing of social network information. A query
and response component receives a query from a person having a
social relationship with the user for requesting an evaluation
about the estimatee, and responds with an associated evaluation
result to the person having a social relationship with the user,
via the sharing of social network information and the evaluations
made by the other users about the estimatee.
Inventors: |
Chiou; Shin-Yan; (Hsinchu,
TW) ; Chang; Shih-Ying; (Hsinchu, TW) ;
Mezzour; Ghita; (Pittsburgh, PA) ; Perrig;
Adrian; (Pittsburgh, PA) ; Sun; Hung-Min;
(Hsinchu, TW) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Chiou; Shin-Yan
Chang; Shih-Ying
Mezzour; Ghita
Perrig; Adrian
Sun; Hung-Min |
Hsinchu
Hsinchu
Pittsburgh
Pittsburgh
Hsinchu |
PA
PA |
TW
TW
US
US
TW |
|
|
Assignee: |
Industrial Technology Research
Institute
Hsinchu
TW
|
Family ID: |
42541364 |
Appl. No.: |
13/619934 |
Filed: |
September 14, 2012 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
12411396 |
Mar 26, 2009 |
8312276 |
|
|
13619934 |
|
|
|
|
61150324 |
Feb 6, 2009 |
|
|
|
Current U.S.
Class: |
713/171 |
Current CPC
Class: |
G06Q 50/01 20130101;
G06Q 30/06 20130101; G06Q 10/10 20130101; G06Q 30/0282
20130101 |
Class at
Publication: |
713/171 |
International
Class: |
H04L 9/32 20060101
H04L009/32 |
Claims
1. A network reputation system, comprising: an application server
producing master social network information of a user via a social
network, the master social network information including a personal
identity of said user, a service identity that said user registers
with said application server, and a matching key of said user; a
credential generation and exchange unit for generating, sharing and
exchanging social network information of said user with other users
having a social relationship with said user over said social
network, the exchanged social network information being generated
through conversion of said master social network information and
including a matching item computed from a cryptographic hash
function of said matching key by a computer of said user; a
reputation evaluation unit for sending an evaluation submitted by
said user about an estimatee to said application server, said
evaluation including an evaluation value evaluated by said user
about said estimatee, a service identifier of said estimatee and
said matching item of said user; and a query and response unit for
sending a request by one of said other users having said social
relationship with said user to said application server for the
evaluation about said estimatee, the request utilizing a private
matching scheme derived from said matching item of said user,
wherein said application server generates an evaluation result
derived from said request, said matching item of said user, said
evaluation value evaluated by said user, said private matching
scheme, and the evaluation submitted by said user about said
estimatee, replies to said one of said other users with said
evaluation result about said estimatee through said query and
response unit, and said one of said other users obtains said
evaluation value evaluated by said user from said evaluation result
by using said matching item of said user.
2. The network reputation system as claimed in claim 1, wherein
said master social network information further includes a public
key of said user, and a private key of said user.
3. The network reputation system as claimed in claim 2, wherein the
evaluation value of said user inside said evaluation result is
verified by the public key of said user.
4. The network reputation system as claimed in claim 1, wherein
said matching key is a random value chosen by said user.
5. The network reputation system as claimed in claim 1, wherein
said evaluation result about said estimatee is further derived from
evaluation values evaluated by one or more said other users.
6. The network reputation system as claimed in claim 5, wherein
each of said user and the one or more said other users has
respective social network information in said master social network
information and a private key inside the respective social network
information, and the evaluation values evaluated by said user and
the one or more said other users are encrypted by their respective
private keys inside their respective social network
information.
7. The network reputation system as claimed in claim 6, wherein
said evaluation result about said estimatee is a concatenation of a
plurality of parameters including the service identity of said
estimatee, authentication of said user and the one or more said
other users, and scores evaluated on said estimatee by said user
and the one or more said other users.
8. The network reputation system as claimed in claim 1, wherein the
network reputation system is associated with more than one social
network.
9. The network reputation system as claimed in claim 1, wherein the
private matching scheme is selected from HP, AgES or FNP
scheme.
10. The network reputation system as claimed in claim 1, wherein a
communication protocol with private matching and signature bounded
together to achieve user identity's privacy preserving and data
authentication is used in said network reputation system.
11. The network reputation system as claimed in claim 1, wherein a
communication protocol with a sharing bridge identity and a way of
signature to respectively achieve user identity's privacy
preserving and data authentication is used in said network
reputation system.
12. The network reputation system as claimed in claim 1, wherein a
communication protocol with server matching to achieve data
authentication is used in said network reputation system.
13. The network reputation system as claimed in claim 1, wherein
said social network information is chosen from a group of personal
identities of said user, a public key of said user and said
matching item of said user.
14. The network reputation system as claimed in claim 1, wherein
the private matching scheme is a set cardinality private matching.
Description
CROSS-REFERENCES TO RELATED APPLICATIONS
[0001] This is a division of U.S. application Ser. No. 12/411,396,
filed Mar. 26, 2009, which claims the benefit of U.S. Provisional
Application No. 61/150,324, filed Feb. 6, 2009, which is
incorporated by reference.
FIELD
[0002] The disclosure generally relates to a network reputation
system and its controlling method thereof.
BACKGROUND
[0003] The Internet has transformed the world into a global
marketplace. For example, a person anywhere in the world may buy or
sell goods to anyone else. Given such convenience, online
applications such as auctions, multi-player games and social
networks engender a huge potential market and consequently attract
a lot of attention. Unfortunately, malicious behavior, such as
account hijacking and non-delivery of goods in online auctions,
introduces risks.
[0004] To prevent such risks, online applications employ reputation
systems that rely on user-assigned scores to judge on other users'
legitimate behavior. For example, a buyer in an online auction
system may use the seller's score of the reputation system to judge
whether the seller is trustworthy. However, a serious problem of
existing reputation systems is the simplicity to create a highly
trustworthy score by a seller himself or a seller's friend, or vice
versa, create an untrustworthy score for a competitor. Since
adversaries may apply several accounts to complete several faked
transactions, foiling existing reputation systems is often
straightforward.
[0005] Many approaches for addressing these challenges have been
discussed. For example, Zhang et al. and Pandit et al. use a
transaction network model to analyze auction fraud. In their model,
they establish an undirected transaction graph where each node
denotes a registered user and each edge indicates a completed
transaction between the two users. By cooperating with other
mathematical models and algorithms, they may identify potentially
fraudulent users. Kuo et al. use reputation network constructed
from buyer's feedbacks to identify fraudulent users.
[0006] Pujol et al. and Sabater et al. extract reputation by means
of social network. Also, Hogg et al. summarize the reputation
systems constructed via online social network. The online social
network is automatically constructed from any observable internet
interaction, such as the referred web links and emails in the
homepages, and the relationships established in the social
networking websites (e.g., facebook). These online relationships
contribute online social network. This type of reputation system
may enhance the effectiveness of the rating. Swamynathan et al.
also shows that this type of reputation system is more trustful and
satisfied than feedback reputation systems. Besides that, the
notion to evaluate a user using social network may be applicable to
other applications, such as Voice over IP (VoIP), Internet Message
(IM), peer to Peer (P2P) and Reliable Email (RE). RE proposed by
Freeman et al. considers privacy issue.
[0007] Although reputation systems have been proposed for solving
these problems, most reputation systems in applications are still
unreliable. Reputation systems also poses some privacy problems.
For example, they may reveal private information of users. They
would not achieve real reliability or being trustworthy if the
online social relationship is not related to personal social
relationship. Also, a forging problem may be occurred if an online
social relationship is also not cryptographically verifiable. On
the other hand, most of these systems reveal private personal
information.
[0008] Social network represents relationships within a community.
Several types of social network may be established according to
different social relationship such as kinship, friendship,
cooperation, etc.
[0009] Recently, research on private matching receives a lot of
attention and several schemes and applications are proposed.
Assuming there are two databases A and B, one query Q.di-elect
cons.A and one matching protocol computes P=Q.andgate.B. The scheme
is secure and preserving privacy if it satisfies the following
requirements. (1) Privacy: Each party can know only P and it's
input to the matching protocol. Except for this information, each
party learns nothing. (2) Non-spoofable: Items in A and B are
really authorized by item owners. This means that the user may make
query Q only if the owners of these items authorize and give the
user these items. In other words, the user can not generate the
queried items without authorization of the item owners. Besides
that, the user should have some proofs to demonstrate that the item
owner authorizes the user.
[0010] In Hash Protocol (HP), a person, who wants to query the
common items in the other's database, computes hash values of items
in his own database. Then he and the target exchange these hash
values. By this way, they may find the common items without
revealing the information of the un-matched items. On the other
hand, Agrawal et al. proposed AgES which uses commutative
encryption to achieve private matching. Freedman et al. proposed a
polynomial-based private matching scheme. They use the property of
homomorphic encryption to achieve privacy. A variant of their
scheme, set cardinality private matching, let databases A know only
the cardinality of Q.andgate.B, but the actual items in this set.
After that, Kissner and Song extend FNP scheme to support more
functionality. HP, AgES and Freedman et al's schemes are
categorized to asymmetric exchange of information, different from
symmetric exchange which both parties know the same information in
the protocols.
[0011] Besides those, Li et al. proposed Data Ownership Certificate
(DoC) to ensure non-spoofable. If the user does not obtain the item
and the corresponding DoC, he can not make the query and convince
the other.
SUMMARY
[0012] The exemplary embodiments of disclosure may provide a
network reputation system and its controlling method thereof.
[0013] An exemplary embodiment relates to a network reputation
system. The network reputation system is in conjunction with one or
more estimator's social networks and one estimatee's reputation
network, which may comprise: an application server producing master
social network information of a user via a social network, the
master social network information including a personal identity of
said user, a service identity that said user registers with said
application server, and a matching key of said user; a credential
generation and exchange unit for generating, sharing and exchanging
social network information of said user with other users having a
social relationship with said user over said social network, the
exchanged social network information being generated through
conversion of said master social network information and including
a matching item computed from a cryptographic hash function of said
matching key by a computer of said user; a reputation evaluation
unit for sending an evaluation submitted by said user about an
estimatee to said application server, said evaluation including an
evaluation value evaluated by said user about said estimatee, a
service identifier of said estimatee and said matching item of said
user; and a query and response unit for sending a request by one of
said other users having said social relationship with said user to
said application server for the evaluation about said estimatee,
the request utilizing a private matching scheme derived from said
matching item of said user, wherein said application server
generates an evaluation result derived from said request, said
matching item of said user, said evaluation value evaluated by said
user, said private matching scheme, and the evaluation submitted by
said user about said estimatee, replies to said one of said other
users with said evaluation result about said estimatee through said
query and response unit, and said one of said other users obtains
said evaluation value evaluated by said user from said evaluation
result by using said matching item of said user.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] FIG. 1 shows an exemplary reputation system model in a
privacy preserving fashion, consistent with certain disclosed
embodiments of the disclosure.
[0015] FIG. 2 shows an exemplary communication flow of the four
phases, consistent with certain disclosed embodiments of the
disclosure.
[0016] FIG. 3 shows an exemplary communication flow of a
controlling method for a network reputation system, consistent with
certain disclosed embodiments of the disclosure.
[0017] FIG. 4 shows exemplary master social network information for
a user in phase 1, consistent with certain disclosed embodiments of
the disclosure.
[0018] FIG. 5 shows an exemplary matching item exchange in phase 2,
consistent with certain disclosed embodiments of the
disclosure.
[0019] FIG. 6 shows an exemplary provable evaluation in phase 3,
consistent with certain disclosed embodiments of the
disclosure.
[0020] FIG. 7 shows exemplary query and respond in phase 4,
consistent with certain disclosed embodiments of the
disclosure.
[0021] FIG. 8 shows an exemplary schematic view of a protocol
running in four phases for estimatee U_S, consistent with certain
disclosed embodiments of the disclosure.
[0022] FIG. 9 shows an exemplary communication flow of the first
working example, consistent with certain disclosed embodiments of
the disclosure.
[0023] FIG. 10 shows an exemplary communication flow of the second
working example, consistent with certain disclosed embodiments of
the disclosure.
[0024] FIG. 11 shows an exemplary communication flow of the third
working example, consistent with certain disclosed embodiments of
the disclosure.
[0025] FIG. 12 shows an exemplary network reputation system,
consistent with certain disclosed embodiments of the
disclosure.
[0026] FIG. 13 illustrates an exemplary simulation result on
probability of matching for different average number of friends for
a one estimator, average number of reputing users for a one
estimate, and number of users in the system, consistent with
certain disclosed embodiments of the disclosure.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0027] The disclosed exemplary embodiments may provide a network
reputation system and its controlling method thereof, which uses at
least a social network model on a transaction model to prevent
reputation fraud. A user may judge an estimatee by the scores given
by the user's personal social network. The present techniques may
enable users to recognize evaluations submitted by their friends as
these are more trustworthy. The mechanisms may preserve the privacy
of the friendship relationships from the website, and the privacy
of the mapping between the real identity of a user and her online
identity from other users including her friends. For example, the
present techniques may apply private matching methodologies in the
system to prevent the disclosure of private social
relationships.
[0028] In the disclosure, some assumptions are made, for example,
assume that the estimator (say E) is part of a social network
modeled as a graph G=(V, E), where the vertices V denote the users
of the system, and E denotes the relationships of the users. A user
trusts all her contacts. Social network represents relationships
within a community. Several types of social network may be
established according to different social relationship, such as
kinship, friendship, cooperation, etc. In the reputation system,
social network may be built according to aforementioned
relationships except trading relationship. The trading relationship
is employed to build another network, which is called reputation
network.
[0029] FIG. 1 shows an exemplary reputation system model in a
privacy preserving fashion, consistent with certain disclosed
embodiments of the disclosure. As shown in FIG. 1, a social network
may be established according to different social relationship of
the estimator, i.e. the estimator's social network 110. And, a
reputation network is employed, i.e. the estimatee's reputation
network 120, in the reputation system model. There are some common
items, such as item A and item B, between the estimator and the
estimatee. According to the disclosure, every estimator in the
reputation system model recognizes evaluations in a privacy
preserving fashion. The network reputation system of the disclosure
may be implemented in conjunction with one or more social networks
and at least a computer-readable medium.
[0030] In the disclosure, it also assumes that the existence of an
application server (AS) to which users register using a service
identifier (SID). Online auction websites such as E-BAY and YAHOO,
and online gaming sites may play the role of such an application
server. The application server maintains for each dealer, the
evaluations that the users submitted for her. Every user in the
network owns a secret-public key pair (SK, PK). It also assumes the
existence of secure and authenticated channels between a user and
her friends, and between a user and an application server. However,
it is not necessary to assume that the existence of a global public
key infrastructure (PKI).
[0031] The disclosed exemplary embodiments of the disclosure enable
an estimator to recognize evaluations that were submitted for the
estimatee to the application server by her friends, in a privacy
preserving fashion as illustrated in FIG. 1. More specifically,
when the disclosed exemplary embodiments are employed, at least the
following three desired properties may be achieved. (1)
Authenticity of the evaluations. The evaluations appearing to the
estimator as submitted by one of her connections should indeed be
submitted by one of her connections. In other words, it should not
be possible to forge the origin of a review. (2) Privacy of the
social relationships, such as friendship, from the application
server. The application server learns no information about the
social relationships of users. (3) Privacy of the mapping between
the real identity and the online identity of users. The mapping
between the real identity of a user and her online identity is
protected from other users. For simplicity, the social relationship
in the followings will take friendship as an example for
explanation.
[0032] In order to satisfy the desired properties, the protocol
according to the disclosure applies asymmetric HP to protect
privacy due to its efficiency and security. The protocol runs in
four phases, i.e. Initialization (Phase 1), Credential Exchange
(Phase 2), Reputation Evaluation (Phase 3), and Query and Response
(Phase 4). FIG. 2 shows an exemplary communication flow of the four
phases, consistent with certain disclosed embodiments of the
disclosure. Referring to FIG. 2, during the first two phases,
estimator or users generate credentials and exchange matching items
with trustworthy persons, such as their friends. The third phase
runs when a user wants to submit a review about some other user.
The last phase enables an estimator to authenticate evaluations
submitted by the trustworthy persons, such as her friends, about
some estimatee.
[0033] To run the four phases under a network reputation system, an
exemplary embodiment of its controlling method may be illustrated
as in FIG. 3. FIG. 3 shows an exemplary communication flow of a
controlling method for a network reputation system, consistent with
certain disclosed embodiments of the disclosure. An exemplary
reputation system model may be illustrated as in FIG. 1. In the
exemplary communication flow shown in FIG. 3, a user produces
master social network information via the user's social network
(step 310). The user shares social network information with at
least one friend through the conversion of the master social
network information (step 320). The user makes an evaluation about
an estimatee via the social network information (step 330). The at
least one friend requests an application server for the evaluation
about an estimatee (step 340). The application server replies to
the at least one friend with the evaluation about the estimatee, at
least including the evaluation value evaluated by the user (step
350). For example, the application server may reply to the at least
one friend with the evaluation information evaluated by the user
and some others, or all the evaluation information related to the
estimatee.
[0034] In step 340, the request for the evaluation about the
estimatee may be derived from a formula P of social private
matching query, which may utilize the social network information in
the reputation system model. In addition, the application server
may be requested to reply to the evaluation with signature thereon.
In step 350, the replied evaluation of the estimatee from the
application sever may be obtained from another formula Q of social
private matching response, which may utilize the formula P.
Moreover, all of the replied evaluation of the estimatee from the
application sever may have signature thereon. The followings
describe detailed operations for each phase under a reputation
system on networks, consistent with certain disclosed embodiments
of the disclosure.
[0035] In phase 1 (Initialization), each user produces his/her own
parameters (i.e. master social network information). For the
example shown in FIG. 4 , user U may produce parameters pid, sid,
pk, sk, and mk, where pid, the personal ID of user U, may be the
name or nickname by which user U is recognized by her friends. sid,
the service ID, may be the ID by which user U registered in the
application server. (pk, sk) is a pair of public-private keys.
Matching key mk is a random value chosen by the user U. The user U
also computes an item to be used as a matching item. The item may
be computed in different manners. For example,
item=Hash(sid.parallel.mk), or item=Hash(pid|mk), or item=Hash(mk),
or item=mk, where .parallel. denotes concatenation and Hash(.) is a
cryptographic hash function. In practice, these parameters may be
generated through a downloadable application.
[0036] In phase 2 (Credential Exchange), each user sends a triple
to each of her friends via a secure and authenticated channel. For
example, user U sends the triple <pid, pk, item> to each of
her friends via a secure and authenticated channel. In practice,
the credentials may be exchanged via secure email, Bluetooth, SMS,
etc. For the exemplary matching item exchange shown in FIG. 5, the
triples of user U (say Andy) and her friend (say Fran) have been
exchanged with each other via a secure and authenticated channel.
In other words, the triple <pid_Andy, pk_Andy, item_Andy> in
the master social network information for Andy is exchanged with
the triple <pid_Fran, pk_Fran, item_Fran> in the master
social network information for Fran in a private fashion.
[0037] In phase 3 (Reputation Evaluation), assume a user U_J had a
transaction with a user U_S, and wants to submit an evaluation
about the user U_S to the application server. User U_J sends the
evaluation triple <sid_S, item_J, Evalu_S_J> to the
application server, where
Evalu_S_J=sid_S.parallel.scr_S_J.parallel.Sig_sk_J(E_Digst),
Sig_sk_J denotes signature using signing key sk_J, E_Digst is
defined as a hash function of
(sid_S.parallel.item_J.parallel.scr_S_J), and scr_S_J is the score
from user U_J to user U_S. FIG. 6 shows an exemplary provable
evaluation, consistent with certain disclosed embodiments of the
disclosure. Wherein, user U_J (say Buyer Fran) has a transaction
with user U_S (say Seller Simon), and sends the evaluation
Evalu_Simon_Fran about the user U_S (Seller Simon) to the
application server through an auction website. Note that item_J is
not included in Evalu_S_J for privacy. The estimator may retrieve
item_J form its own database if he is a friend of user U_J. Then,
the application server stores the evaluation triple <sid_S,
item_J, Evalu_S_J> in the database.
[0038] Phase 4 (Query and Response) runs when an estimator U_I
wants to recognize the evaluations submitted to the application
server by her friends about an estimatee U_S. Assume estimator U_I
has a set X={x.sub.--1, x_2, . . . , x_ki}, where x.sub.-- is an
item received by estimator U_I from one of her friends during phase
2, and application server has a set Y={y.sub.--1, y.sub.--2, . . .
, y_ks} where y.sub.-- is the item of one of the users that
submitted an evaluation for user U_S. Note that X is a set of
1-distance items. In other words, the holder of the items is a
friend of estimator U_I.
[0039] In phase 4, the communication flow between estimator U_I and
the application server may include the following steps. (1) User
U_I sends a query concatenated with sid_I (service ID) to the
application server to request the evaluation submitted to the
application server by the friends of User U_I about the estimatee
U_S. (2) The application server computes an encryption function H,
for example, H may be the concatenation of a plurality of Hash
functions, such as H=h.sub.--1.parallel.h.sub.--2.parallel. . . .
.parallel.h_ks, where h_I=Hash(y_I), 1.ltoreq.I.ltoreq.ks. (3) The
application server sends the encryption function H concatenated
with a plurality of the evaluations back to the estimator U_I.
[0040] For example, the produced evaluation sent from the
application server may be defined as follows.
H.parallel.Evalu_S.sub.--1.parallel.Evalu_S.sub.--2.parallel. . . .
.parallel.Evalu_S_ks
By using it, only the person who owns/knows the item y_I can
decrypt the value Evalu_S_I and know the score inside Evalu_S_I.
(4) Estimator U_I compares Hash(x_J), 1.ltoreq.J.ltoreq.ki, with
h_L, 1.ltoreq.L.ltoreq.ks. If h_M is matched, estimator U_I
verifies the associated Evalu_S_M by using the public key pk_M
which is obtained in phase 2. As a result, estimator U_I learns the
scores given by his/her friend and then makes a further decision.
However, if none is matched, it means estimator U_I has no friend
who has estimation on estimatee U_S. In this case, estimator U_I
may learn the scores in Evalu_S_S although it may not be
trustworthy.
[0041] In other words, evaluation result about the estimatee may be
obtained via a concatenation of a plurality of parameters, at least
including a service identity of the estimatee, an authentication
from other users, and a score evaluated by other users on the
estimatee. In addition, the authentication may be through a channel
of using signing key with an encrypted function, such as hash
function, of the service identity of the estimatee, each matching
item of each of other users and the score evaluated by the other
users on the estimatee.
[0042] FIG. 7 shows exemplary query and respond in phase 4,
consistent with certain disclosed embodiments of the disclosure.
Wherein, user U_J (say Andy) wants to recognize the evaluation
Evalu_Simon_Fran submitted to the application server by her friend
(say Buyer Fran) about the estimatee U_S (say Seller Simon).
[0043] According to the disclosure, some schema may be taken to
increase the matching rate in the protocol of the disclosed
exemplary embodiments. One exemplary scheme is to accept more
social relationships. If more social relationships are expanded,
then there are more items for matching. For example, people working
in the same organization may exchange their items. Then, the
matching rate may be increased. Another exemplary scheme is to use
the items having greater distance. Since the estimator has more
items for matching, the matching rate obviously increases.
[0044] FIG. 8 shows an exemplary schematic view of a protocol
running in the above-identified four phases for estimatee U_S,
consistent with certain disclosed embodiments of the disclosure. At
first, each user U may produce her/his own parameters pid, sid, pk,
sk and mk, and has an associated item. Then, the credentials for
both two users, such as user U_I and user U_J, may be exchanged.
For example, triple <pid_I, pk_I, item_I> and triple
<pid_J, pk_J, item_J> are exchanged via a secure and
authenticated channel, marked as 820. Assume that user U_J had a
transaction with a user U_S, and wants to submit an evaluation
about the user U_S to the application server. After evaluation
computation 830a, user U_J sends the evaluation triple <sid_S,
item_J, Evalu_S_J> to the application server, marked as 830b.
When user U_I (estimator) wants to recognize the evaluations
submitted to the application server about the user U_S (estimatee),
user U_I may send a query with service ID to the application
server, marked as 840a. The application server may compute an
encryption function H (marked as 840) and send the encryption
function H concatenated with a plurality of the evaluations back to
the estimator U_I, marked as 840b. After the verification (marked
as 850a) for the evaluation result sent by the application server,
user U_I may make a further decision, marked as 850b.
[0045] In practice, estimator U_I may upload the request and
download the result via an application connecting to the server.
The FNP scheme disclosed in "Efficient Private Matching and Set
Intersection" may be chosen over the other private matching
protocols because of its flexibility and extensibility. The
extension schemes will be discussed in the followings.
[0046] The disclosure may be extended to achieving more features.
For example, the first feature is the disclosure may provide
variants of private matching algorithm to protect some
privacy-sensitive transaction, such as set cardinality private
matching which let a user know only the number, instead of who, of
his/her friends that had reputation on estimatee U_S. In this case,
the application server does not send encrypted Evalu_S_I to
estimator U_I for protecting the privacy of the items those link
identities.
[0047] The second feature is the disclosure may provide query by
using n-distance items. For example, n=2, i.e., if the estimator is
a friend's friend, it is possible to match his/her reputation
record without revealing any private information. For example,
assume Andy's friend F receives the item FF (i.e. the item B in
FIG. 1) and the public key pk_FF from F's friend FF, whom Andy does
not know before. F may just send Andy the item FF and the public
key pk_FF from FF without telling Andy who FF is. Therefore, Andy
may use item FF and key pk_FF to match FF's reputation record
without revealing any private relationship between F and FF. This
may be done in Phase 2. However, if FF is Andy's friend, then Andy
will know F and FF are friends.
[0048] In the real world, the strength of relationship may not be
estimated by just "YES" or "NO", that means having relationship or
not. Different relationships may give different weights, which
denote the strength of trust. For example, kinship often has higher
weight than friendship. Of course, users may be able to decide the
weights.
[0049] The third feature is the disclosure may provide group-based
matching. One may choose to generate two or more items and send one
or more of these items to their different friends. The items may be
for public, group, personal or private usage which is used in
different purposes depending on how private they are or how public
they are desired to be revealed. For example, for trades for public
use and trades for private use, different items may be used. This
may prevent private transaction information from disclosing to
unclose friends such as co-workers.
[0050] The followings give some working examples to illustrate the
controlling method for a network reputation system of the
disclosure.
[0051] The first working example may be described as follows. (1)
User B's friend or friend's friend A makes an evaluation about an
estimatee S. (2) User B derives a formula P by using the social
network information of A. (3) User B requests an application server
for the evaluation about estimatee S made by A. (4) Through the
social network information of A, user B gets the evaluation about
the estimatee S from the application server, and verifies its
correctness. FIG. 9 shows an exemplary communication flow of the
first working example, consistent with certain disclosed
embodiments of the disclosure.
[0052] Referring to FIG. 9, the exemplary communication flow may
comprise the following steps. (1) building a master social network
information for a user A (step 910); (2) producing the social
network information of user A through the conversion of the master
social network information (step 920); (3) making an evaluation
about an estimatee S to compute an evaluation value Evalu_S_A, then
sending the evaluation value Evalu_S_A to an application server
(step 930); (4) sharing the social network information of user A
with a friend B (step 940); (5) the friend B deriving a formula P
by using the social network information of user A, and requesting
the application server for the evaluation about the estimatee S by
using the formula P (step 950); (6) the application server replying
to the friend B with another derived formula Q according to the
formula P, the evaluation value Evalu_S_A and other evaluation
values Evalu_S_I, where user I is different from user A (step 960);
and (7) the friend B learning the evaluation value Evalu_S_A
through the formula Q (step 970).
[0053] In the communication protocol of the first working example,
such as private matching scheme may be used to achieve the privacy
preserving for both user identity and social network information.
It may also use a way of signature to achieve the authentication.
In other words, private matching and signature are bounded together
in the communication protocol.
[0054] The first working example gives some features, such as (1)
friend B may learn the evaluation value submitted to the
application server by only the user A about the estimatee S, but
may not learn the evaluation value about the estimatee S from
others, this will protect other strangers' privacy; (2) the
application server learns nothing about the social network of user
A or friend B, therefore, the application server learns nothing
about the relationship between user A and friend B; (3) friend B
may verify the correctness of the evaluation value Evalu_S_A via
the formula Q and the social network information, and guarantee the
contents of the evaluation value not being changed; and (4) no one
may forge any data successfully.
[0055] The second working example may be described as follows. (1)
User B's friend or friend's friend A makes an evaluation about an
estimatee S. (2) User B requests an application server for the
evaluation of the estimatee S made by A. (3) The application server
replies with all evaluations about the estimatee S. (4) User B gets
the evaluation about the estimatee S from the application server by
using A's social network information, and verifies its correctness.
FIG. 10 shows an exemplary communication flow of the second working
example, consistent with certain disclosed embodiments of the
disclosure.
[0056] Referring to FIG. 10, the exemplary communication flow may
comprise the steps 910-940 and the following steps 1050-1070. Step
1050 is that the friend B requests the application server for the
evaluation about the estimatee. Step 1060 is that the application
server replies to the friend B with the evaluation value Evalu_S_A
and other evaluation values Evalu_S_I, where user I is different
from user A. Step 1070 is that the friend B learns the evaluation
value Evalu_S_A through user A's social network information, the
evaluation value Evalu_S_A and other evaluation values
Evalu_S_I.
[0057] In the communication protocol of the second working example,
such as sharing bridge identity may be used to achieve the privacy
preserving for user identity. It may also use a way of signature to
achieve the authentication. The application server may sends
(Bridge ID, Signature)/Bridge ID contained in the entire or partial
evaluation values to friend B to protect the privacy of social
information. In practice, some designs may be employed as follows,
during the initialization, the evaluation submission and the
evaluation retrieval. (1) During the initialization, a user may use
a pseudonym to register at the review site. When exchange
credentials with friends, the user may use real name, and the
public keys are exchanged with and only given to friends. However,
a Bridge ID for the user may be given to both the review site and
friends. (2) During the evaluation submission, a user may submit a
signed evaluation to the review site after a transaction with a
seller. The review site may store the signed evaluation. (3) During
the evaluation retrieval, a user may retrieve all evaluations about
the seller when considering a transaction with the seller, and
distinguish reviews by friends. The privacy of friendship
relationships may be preserved through the Bridge ID.
[0058] The second working example gives some features, such as (1)
friend B may learn all the evaluation values submitted to the
application server about the estimatee S, and the contents of the
evaluation values may also be encrypted by their own private keys
inside their own social network information; (2) the application
server learns nothing about the social network of user A or friend
B, and this will protect the user A's privacy and friend B's
privacy; and (3) friend B may verify the correctness of the
evaluation value Evalu_S_A via the social network information, and
guarantee the contents of the evaluation value not being
changed.
[0059] Compared with the second working example, the major feature
of the third working example is that before the step 1050, friend B
builds or adds a personal social group SG_B via A's social network
information, and allows the application server learn the social
group SG_B. FIG. 11 shows an exemplary communication flow of the
third working example, consistent with certain disclosed
embodiments of the disclosure.
[0060] Referring to FIG. 11, the exemplary communication flow may
comprise the steps 910-940, step 1150, step 1050, and step 1160. In
step 1150, friend B builds or adds a personal social group SG_B via
A's social network information, and allows the application server
to learn the social group SG_B. Step 1160 is that the application
server computes the evaluation about S through the social group
SG_B, the evaluation value Evalu_S_A and other evaluation values
Evalu_S_I, then replies to friend B with the evaluation result. In
the third working example, the application server computes the
evaluation about S made by the social group SG_B. Therefore, the
privacy of the personal ID of users may be protected, which makes a
user learn whether his/her friends had reputation only if the
friends make him/her the same group.
[0061] Continuing now with an exemplary network reputation system
by implementing the network reputation system in conjunction with
one or more estimator's social networks and one estimatee's
reputation network like any of those discussed above, the network
reputation system may comprise a credential exchange component
1201, a reputation evaluation component 1203 and a query and
response component 1205, as shown in FIG. 12. Credential exchange
component 1201 permits a user to generate credential exchange
matching items with those persons having a social relationship with
the user. The credential exchange matching items may be generated
via a secure and authenticated channel. Reputation evaluation
component 1203 enables other users having a transaction with an
estimatee to make evaluations about the estimatee via the sharing
of social network information. Query and response component 1205 is
capable of receiving a query from one person of having a social
relationship with the user for requesting an evaluation about the
estimatee, and responding with an associated evaluation result to
the person having a social relationship with the user via the
sharing of social network information and the evaluations made by
the other users about the estimatee.
[0062] The query may be further sent to an application server via
query and response component 1205, and the associated evaluation
result may be also generated by the application server then sent to
the person via query and response component 1205.
[0063] The exemplary communication protocol depicted in the first
working example of FIG. 9, i.e. private matching and signature are
bounded together to achieve privacy preserving and data
authentication, may be employed in the network reputation system.
Another exemplary communication protocol depicted in the second
working example of FIG. 10, i.e. sharing bridge identity and a way
of signature to respectively achieve privacy preserving and data
authentication, may also be employed in the network reputation
system. In addition, the exemplary communication protocol depicted
in the third working example of FIG. 11, i.e. server matching to
achieve data authentication, may be employed in the network
reputation system.
[0064] The network reputation system may be embodied in a
reputation system model such as depicted in FIG. 1 and in
conjunction with one or more computer-readable medium. The
disclosed exemplary embodiments of the disclosure may be applicable
to many different scenarios like Internet auctions, online games,
social networks, etc. And, the exemplary embodiments of the
disclosure may be partially or wholly implemented on one or more
computer-readable medium having computer-executable instructions
for running the four phases of Initialization, Credential Exchange,
Reputation Evaluation, and Query and Response.
[0065] For estimating the performance of the disclosure, a
simulation is performed by using maplesoft in the 2Gmhz-CPU with
1G-RAN PC environment. FIG. 13 illustrates an exemplary simulation
result on probability of matching for different average number of
friends for a single estimator (f), average number of reputing
users for a single estimatee (t), and number of users in the system
(N), consistent with certain disclosed embodiments of the
disclosure. The result shows that the disclosed network reputation
system of the disclosure may practically work if t and f are
reasonably large. It also shows that the query for 2-distance items
may highly increase the probability of matching since the number of
friends becomes almost f.times.f.
[0066] In summary, the exemplary disclosed embodiments of the
disclosure provide a trustable network reputation system and its
controlling method thereof, which may enable users to recognize
evaluations submitted by those persons having social relationships
with the users. The disclosure may preserve the privacy of the
social relationships from the website and the privacy of the
mapping between the real identity of a user and her online identity
from other users including her friends.
[0067] Although the disclosure has been described with reference to
the exemplary disclosed embodiments, it will be understood that the
invention is not limited to the details described thereof. Various
substitutions and modifications have been suggested in the
foregoing description, and others will occur to those of ordinary
skill in the art. Therefore, all such substitutions and
modifications are intended to be embraced within the scope of the
invention as defined in the appended claims.
* * * * *