FIELD: physics.
SUBSTANCE: invention relates to a system for organizing a decentralized trusted communication. To determine the level of trust between nodes, a chain of serially signed by the domain controller of certificates is used. A new domain is added to the system by creating a new domain certificate for a network node (NEN), which temporarily takes the role of the head node (HN) and is selected based on the specified criteria, and its certificate is signed by the certificate of the superior domain in manual or automated mode, then this NEN requests a new domain address of a node (DAN) from a higher domain, which generates an address and enters into its own addressing table. When adding a new NEN, if the certificate and identifier of this node is not in the list of compromised nodes of the domain controller, NEN sends its own certificate at the link level to the terminal node (TN) already operating in the network, which in turn sends a request to add a new node for signature to a domain controller, and in case of availability, the domain controller verifies the validity of the certificate data of the new NEN and signs it through a third-party trusted channel, and in case of unavailability of domain controller, addition of new node is interrupted and delay for reconnection is set to avoid network attack. When the NEN is blocked, the HN sends an updated list of compromised nodes to all trusted NENs of the domain. In case of failure of system connectivity with the root domain controller, the authentication procedure is carried out within the isolated system segment, if the authenticated NEN was previously registered in any of the system domains, and any of the domain controller certificates from the trust list can be verified by the domain controller.
EFFECT: high efficiency of identifying and authenticating network devices in decentralized networks with possible disruption of connectivity.
10 cl, 10 dwg
