Summary of the invention
For solving the problem, the object of the present invention is to provide a kind of article with identification information using the method for secret protection in analyzing, the article realizing having identification information are using and in analytic process, can protect the privacy of user.
The invention provides a kind of article with identification information and using the method for secret protection in analyzing, comprising:
Article distribute or purchasing process:
Step 1, system server obtains user's information of article identification information and these article and stores;
Step 2, does Hash to described article identification information and verifies and produce system check code;
Step 3, binds user's information of described system check code and described article;
Article use analytic process:
Step 4, handheld terminal obtains described article identification information;
Step 5, Usage data collection device gathers the usage data of article, and carries out public key encryption to it;
Step 6, binds described article identification information and the described article usage data through public key encryption process, and is transferred to described system server;
Step 7, described system server is decrypted described article usage data, obtains data decryption;
Step 8, article operating specification in described data decryption and described system server is contrasted, described data decryption is analyzed, judge whether it meets described operating specification, if meet, then directly read and decipher next article usage data, if do not meet, the identification information corresponding to the article usage data not meeting specification carries out Hash verification, contrasts with described system check code, searches described article user;
Step 9, display does not meet article identification information and user's list of specification.
Wherein, step 1 specifically comprises:
Step 101, article distributor scans described article identification information with described handheld terminal;
Step 102, described handheld terminal transmits described article identification information to described system server;
Step 103, its information inputs and is stored in the database in described system server by article user;
Step 104, described system server identifies described article identification information, decodes, and result is stored in the database.
Wherein, in step 2, Hash verification adopts Secure Hash Algorithm SHA-1, specifically comprises the steps:
Step 201, increases filler to described article identification information: on the right of message, increase some bits, make its length and 448 mould 512 congruences, first of filling bit is 1, and other is 0;
Step 202, additional message length value: by the length of 64 bit representation origination message x, and after being attached to step 201 acquired results;
Step 203, initialization buffer zone;
Step 204, with 512 be grouped into processed in units message;
Step 204, exports the system check code of described article identification information.
Wherein, step 3 specifically comprises the steps:
Step 301, described system server reads described system check code;
Step 302, described system server sets up the hyperlink of the sensing described article user information using described system check code as parameter;
Step 303, adds extended description information in order to describe additional information.
Wherein, step 5 specifically comprises the steps:
Step 501, before the described article usage data of collection, described system server is each described Usage data collection device predistribution key;
Step 502, described Usage data collection device obtains described article usage data, and encrypts with RSA public key algorithm.
Wherein, step 6 specifically comprises the steps:
Step 601, sets up hyperlink bind corresponding with it for the described identification information collected between the described article usage data of encryption;
Step 602, judges whether data acquisition scene has network to connect, if having, carry out step 603, if do not have, then carry out step 604;
Step 603, is online transferred to described system server by described identification information and described article usage data;
Step 604, is stored in described handheld terminal and described Usage data collection device inside in this locality respectively by described identification information and described article usage data, uploads to described system server by managerial personnel.
Wherein, in step 8, when described data decryption is the numeral of concrete deciphering, then described operating specification is a numerical range, and the concrete steps of step 8 are:
Step 801, before the described usage data of collection, in the system server described in two of described data area end values m, n successively being inputted;
Step 802, described data decryption and described data area set up hyperlink;
Step 803, judges that the numerical value of described data decryption is whether in described numerical range, if in described numerical range, then meets described operating specification, carry out step 804, otherwise, carry out step 805;
Step 804, described system server reads and deciphers the numerical value of next described article usage data;
Step 805, the identification information that described system server is corresponding to the described usage data not meeting specification carries out Hash verification, contrasts with described system check code, searches described article user;
Wherein m, n are real number, and m≤n.
Further, in step 8, when described data decryption is picture or the video information of deciphering, then described operating specification is a liberal normalization, and the concrete steps of step 8 are:
Step 811, before the described usage data of collection, by the system server described in described liberal normalization input;
Step 812, described deciphering picture or video information and described liberal normalization set up hyperlink;
Step 813, adopts image recognition technology to analyze described deciphering picture or video information, output character analysis result;
Step 814, judges whether described character analysis result meets described liberal normalization, if met, carry out step 815, otherwise, carry out step 816;
Step 815, described system server reads and deciphers picture or the video of next described article usage data;
Step 816, the identification information that described system server is corresponding to the described usage data not meeting described liberal normalization carries out Hash verification, contrasts with described system check code, searches described article user.
Compared with prior art, beneficial effect of the present invention is: (1) does Hash verification to being distributed article identification information, do not need to be encrypted decrypt operation specially, and only need the Hash verification again of the same hash function of a part of data according to analysis result, and contrast whether check code is identical just can reach the object comparing and search, alleviate system operations amount and store pressure, improve efficiency.(2) during binding data using the check code of identification information directly as parameter link to the data message of user, to realize the binding of the two information, both maintained the independence of each self-information like this with the form of hyperlink, the two can be made again to produce association.(3) during binding data, the check code of identification information and user's data are bound; even if there is people to get the identification information of article with bad object like this; owing to there is no hash function; the Hash check code of this identification information cannot be obtained; also cannot learn user's information of binding with these article, improve the security for user's secret protection.(4) when collector gathers article service condition data; in real time public key encryption is carried out to image data; in data transmission procedure; all transmit with ciphertext form; when system Water demand usage data; just with public key decryptions, achieve the secret protection of the article use habit to user like this.(5) the use analysis with the article of identification information is completed by system, only carries out Hash verification to the identification information of the usage data not meeting specification, and contrasts with the Hash proof test value in system,
Find out the user's information using and do not meet the article of specification; and direct Output rusults; unlicensed operation personnel only know the article identification information and user's information thereof that do not meet operating specification, but cannot know concrete usage data, also strengthen the secret protection to user.
Embodiment
Also by reference to the accompanying drawings the present invention is described in further detail below by specific embodiment.
As shown in Figure 1, the article that the present invention has identification information are using the process flow diagram of the method for secret protection in analyzing, and the article with identification information, when distributing or bought by user, comprise following process:
Step 1, system server obtains user's information of article identification information and these article and stores; User's information can be at least one combination in the name of user and identification card number, address, work unit or cell-phone number;
Step 2, does Hash to described article identification information and verifies and produce system check code;
Step 3, binds user's information of described system check code and described article.
Analyze in the use of article and comprise following process:
Step 4, handheld terminal obtains described article identification information;
Step 5, Usage data collection device gathers the usage data of article, and carries out public key encryption to it, and Usage data collection device herein can gather article photo in use, video recording or other use records; Directly carry out real-time encrypted while image data, article usage data can be allowed to store in this locality or in transmitting procedure, exist with ciphertext form, protection user use habit privacy.
Step 6, binds described article identification information and the described article usage data through public key encryption process, and is transferred to described system server;
Step 7, described system server is decrypted described article usage data, obtains data decryption, after the identification information that system server receives article and article usage data, is decrypted article usage data with the private key corresponding with terminal public key.
Step 8, article operating specification in data decryption and system server is contrasted, described data decryption is analyzed, judge whether it meets described operating specification, if meet, then directly read and decipher next article usage data, if do not meet, the identification information corresponding to the article usage data not meeting specification carries out Hash verification, contrast with described system check code, search described article user, in this step, the operating specification of article is input in system server in advance, the method of carrying out analyzing for data decryption is mainly based on image recognition technology and electronics tracing technology, in addition, Hash verification is not all carried out again to the corresponding identification information of all usage datas analyzed.To the data not meeting operating specification, with the hash function identical with step 2, Hash is done to its identification information and verify, contrast with system check code, find out user's data that the article that do not meet operating specification with this are bound.To reduce system works amount, increase work efficiency.Result only exports the identification information and user's information list that do not meet specification, does not directly show the concrete data that association user uses article, to reach the protection to user's individual privacy.
Step 9, display does not meet identification information and user's list of specification.
In above-mentioned steps; the use analysis with the article of identification information is completed by system; only Hash verification is carried out to the identification information of the usage data not meeting specification; and contrast with the Hash proof test value in system; find out the user's information using and do not meet the article of specification, and direct Output rusults, unlicensed operation personnel only know the article identification information and user's information thereof that do not meet operating specification; but cannot know concrete usage data, also strengthen the secret protection to user.
As shown in Figure 2, step 1 specifically comprises:
Step 101, article distributor scans described article identification information with described handheld terminal;
Step 102, described handheld terminal transmits described article identification information to described system server;
Step 103, its information inputs and is stored in the database in described system server by article user;
Step 104, described system server identifies described article identification information, decodes, and result is stored in the database.
In step 2, Hash verification adopts Secure Hash Algorithm SHA-1, specifically comprises the steps:
Step 201, increases filler to described identification information: on the right of message, increase some bits, make its length and 448 mould 512 congruences, first of filling bit is 1, and other is 0;
Step 202, additional message length value: by the length of 64 bit representation origination message x, and after being attached to step 201 acquired results;
Step 203, initialization buffer zone;
Step 204, with the grouping of 512 (16 words) for unit processing messages;
Step 204, exports the system check code of described identification information.
Identification information Secure Hash Algorithm SHA-1 is verified, reaches user in the process using tape identification information goods, even if unauthorized personnel obtains identification information, also cannot obtain user's information easily by identification information.
Step 3 specifically comprises the steps:
Step 301, described system server reads described system check code;
Step 302, described system server sets up the hyperlink of the sensing described article user information using described system check code as parameter;
Step 303, adds extended description information in order to describe additional information.
The system check code of the identification information in step 2 and user's information are produced incidence relation, to realize unique user that each article have it to bind by a kind of explicit data correlating method in Web service by above-mentioned steps.During binding data using the check code of identification information directly as parameter link to the data message of user, to realize the binding of the two information, both maintained the independence of each self-information like this with the form of hyperlink, the two can be made again to produce association.During binding data, the check code of identification information and user's information are bound; even if there is people to get the identification information of article with bad object like this; owing to there is no hash function; the Hash check code of this identification information cannot be obtained; also cannot learn user's information of binding with these article, improve the security for user's secret protection.
Step 5 specifically comprises the steps:
If each Usage data collection device is the node of a communications, then each node has unique mark ID (sequence number as Usage data collection device), is carrying out following steps in such cases:
Step 501, before the described article usage data of collection, described system server is each Usage data collection device predistribution key;
Step 502, described Usage data collection device obtains described article usage data, and encrypts with RSA public key algorithm.
As shown in Figure 3, it is the concrete steps of step 6, comprising:
Step 601, sets up hyperlink bind corresponding with it for the described identification information collected between the described article usage data of encryption;
Step 602, judges whether data acquisition scene has network to connect, if having, carry out step 603, if do not have, then carry out step 604;
Step 603, is online transferred to described system server by described identification information and described article usage data;
Step 604, is stored in described handheld terminal and described Usage data collection device inside in this locality respectively by described identification information and described article usage data, uploads to described system server by managerial personnel.
If identification information is RFID and there is network transmission signal at scene, then the electronic labeling information of article directly will be transferred to system server with the relevant data collected; Otherwise this locality is stored in handheld terminal and Usage data collection device inside respectively, submits storage facilities to, then be responsible for uploading data to system server by keeper by collector.This avoid data when data acquisition field network interrupts and cannot be submitted to the problem of server; Different according to the configuration of Usage data collection device, as Usage data collection device does not possess built-in storage area, then can stick into the storage of row data by external storage SD.
As shown in Figure 4, in step 8, when described data decryption is the numeral of concrete deciphering, then described operating specification is a numerical range, and the concrete steps of step 8 are:
Step 801, before the described usage data of collection, in the system server described in two of described data area end values m, n successively being inputted;
Step 802, described data decryption and described data area set up hyperlink;
Step 803, judges that the numerical value of described data decryption is whether in described numerical range, if in described numerical range, then meets described operating specification, carry out step 804, otherwise, carry out step 805;
Step 804, described system server reads and deciphers the numerical value of next described article usage data;
Step 805, the identification information that described system server is corresponding to the described described usage data not meeting specification carries out Hash verification, contrasts, search described article user with described system check code;
Wherein m, n are real number, and m≤n.
As shown in Figure 5, in step 8, when described data decryption is picture or the video information of deciphering, then described operating specification is a liberal normalization, and the concrete steps of step 8 are:
Step 811, before the described usage data of collection, by the system server described in described liberal normalization input;
Step 812, described deciphering picture or video information and described liberal normalization set up hyperlink;
Step 813, adopts image recognition technology to analyze described deciphering picture or video information, output character analysis result;
Step 814, judges whether described character analysis result meets described liberal normalization, if met, carry out step 815, otherwise, carry out step 816;
Step 815, described system server reads and deciphers picture or the video of next described article usage data;
Step 816, the identification information that described system server is corresponding to the described usage data not meeting described liberal normalization carries out Hash verification, contrasts with described system check code, searches described article user.
For when usage data be picture or video information time, image recognition technology is adopted to analyze the picture of deciphering or video, such as, distributing article is the degradable garbage bags being printed on identification information, this refuse bag can only be used for filling a class rubbish, and (refuse classification is: rubbish from cooking, recyclable rubbish, Harmful Waste, Other Waste), then in system server, input following liberal normalization in advance:
(1) the concrete kind of all kinds of rubbish
Rubbish from cooking: comprise the foodstuff refuses such as leftovers leftovers, bone, dish green tops, pericarp;
Recyclable rubbish: comprise the large class of waste paper, plastics, glass, metal and cloth five;
Harmful Waste: comprise battery, fluorescent tube, bulb, mercury thermometer, paint kettle, household appliances, Expired drug, expired cosmetics etc.;
Other Waste: do not belong to above-mentioned three kinds of situations.
(2) each degradable garbage bags can only load onto the rubbish stating a kind, as filled rubbish from cooking, or can only fill recyclable rubbish, or can only Harmful Waste be filled, or can only Other Waste be filled, if rubbish is not classified and loads in mixture, then not meet operating specification.
The picture of deciphering or video and this liberal normalization are carried out hyperlink, and utilizing image recognition technology to analyze, rubbish in refuse bag is no belongs to a class, result is exported, contrast with above-mentioned liberal normalization, if belong to a class, then system server reads and deciphers picture or the video information of the use of next refuse bag, if do not belong to a class, then do not meet operating specification, then system server carries out Hash verification to the identification information of this refuse bag, contrast with system check code, search the user of this refuse bag.
Identification information to be changed into Hash proof test value by hash algorithm and binds with article user information by the present invention; in process article used and analyze; article usage data is also with the transmission of public key encryption form, thus real realization uses the secret protection in analyzing to having identification information article.
These are only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.