CN113591051A - Electronic file full life cycle information security system and method - Google Patents

Electronic file full life cycle information security system and method Download PDF

Info

Publication number
CN113591051A
CN113591051A CN202110775201.9A CN202110775201A CN113591051A CN 113591051 A CN113591051 A CN 113591051A CN 202110775201 A CN202110775201 A CN 202110775201A CN 113591051 A CN113591051 A CN 113591051A
Authority
CN
China
Prior art keywords
user
data
electroencephalogram
authentication
preservation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110775201.9A
Other languages
Chinese (zh)
Inventor
荚爱民
张银银
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ANHUI BAOHULU INFORMATION TECHNOLOGY GROUP CO LTD
Original Assignee
ANHUI BAOHULU INFORMATION TECHNOLOGY GROUP CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ANHUI BAOHULU INFORMATION TECHNOLOGY GROUP CO LTD filed Critical ANHUI BAOHULU INFORMATION TECHNOLOGY GROUP CO LTD
Priority to CN202110775201.9A priority Critical patent/CN113591051A/en
Publication of CN113591051A publication Critical patent/CN113591051A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2218/00Aspects of pattern recognition specially adapted for signal processing
    • G06F2218/12Classification; Matching

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Measurement And Recording Of Electrical Phenomena And Electrical Characteristics Of The Living Body (AREA)

Abstract

The invention discloses a system for protecting the whole life cycle information of an electronic file; the system comprises a background management module, a data security module and a personal center module; the system is characterized in that the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification; the method is characterized in that a set password target source is combined with electroencephalogram signal extraction analysis and comprehensive training comparison authentication by combining user registration and user login of the system, the unique electroencephalogram signal is generated by the password target source acquired by an identity authentication system depending on brain biological characteristics, matching authentication is performed, and the unforgeability and the irreproducibility of the electroencephalogram signal increase safety guarantee for the data security system, so that the safety of the information security system is further improved.

Description

Electronic file full life cycle information security system and method
Technical Field
The invention belongs to the field of information preservation, and particularly relates to a system and a method for preserving the full life cycle information of an electronic file.
Background
With the development of the internet era, the cloud computing and big data era comes, and various electronic presentations are on a rapid growth trend in the fields of finance, medical treatment, copyright, administration and the like, but at the same time, electronic data is more and more obvious when being tampered, and the traditional electronic data preservation methods such as right protection can protect data, but easily cause the problems of value transfer, secret leakage and the like, and cannot meet the current electronic protection requirements.
At present, some electronic fingerprints are used for preventing instant fixed telephone on data, a timestamp is added to form an effective digital certificate, and the data are protected, but the existing security system generally guarantees the security of a database through authority memorability endorsement, encryption and the like on the system aiming at the data, but if a data platform goes wrong or data are tampered by artificial malicious login, the data security system is used without any use, and obviously, the protection degree of the security system only used for encrypting and storing electronic data is far from insufficient.
Chinese patent application No. 201710313167.7 discloses a data security method and related system. The method comprises the following steps: the financial service server sends the data of preset security points acquired by the client and the financial service server in the execution service process to a data security pre-system through a data security request; the data security pre-positioned system receives a data security request sent by a financial service server; analyzing preset security point data collected by the client and/or the financial service server in the execution service process contained in the data security request and sending the data to a data security core system; the data security core system signs and encrypts the analyzed data of the security points; storing the signed and encrypted data into a database for solidification; and the data security core system backs up the data solidified in the database to a preset data security back-up system and synchronizes the data to a preset data security mechanism.
In the technical scheme, the security point is signed and encrypted, and the signed and encrypted data are stored in the database for solidification, so that the data security function is achieved to a certain extent, however, artificial malicious login and tampering of system data cannot be eliminated, the login and authentication system of the security system is low in safety coefficient level, and certain risk exists on the security of malicious tampering data.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide an electronic file full life cycle information security system and a method, which combine user registration and user login of the system, adopt a set password target source to combine with electroencephalogram signal extraction analysis and comprehensive training comparison authentication, obtain a system password target source through an identity authentication system depending on brain biological characteristics to generate a unique electroencephalogram signal, generate matching authentication, increase security guarantee for the data security system due to non-forgeability and non-duplicability, and further improve the security of the information security system; when the acquired electroencephalogram signals are stored, the robustness of an electroencephalogram signal storage database is improved by adopting a chain information storage mode, system data are effectively prevented from being maliciously tampered, and the safety of logging in a system and the safety of a security system are further improved.
The invention provides the following technical scheme:
a kind of electronic file full life cycle information security system; the system comprises a background management module, a data security module and a personal center module; the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification;
the data security module comprises single-user data security and multi-user data security; the multi-user data preservation comprises data right transfer preservation and multi-user protocol preservation, wherein the preservation process comprises the steps that a user writes related information of preservation data, a local server of the user automatically generates preservation data and broadcasts the preservation data in a whole network, nodes in the whole network monitor the network, receive the preservation data, verify the preservation data through a node tree algorithm, continue the preservation data without ending the preservation data, and finally perform a consensus mechanism to generate a data preservation certificate;
the user authentication comprises user registration and user login, the user authentication comprises a PC (personal computer) end and a server end, when the user logs in, the user inputs a registered user name, a target source non-target source corresponding to the user name in a database is presented to the user, electroencephalogram signals of the user under stimulation of a plurality of response sources are collected through electroencephalogram equipment, classification labeling, preprocessing and feature extraction are carried out on the electroencephalogram signals, the electroencephalogram signals after preprocessing and feature extraction are authenticated by learning training, and the authentication is passed if the matching is successful.
Preferably, when the user authentication is carried out during user registration, the user selects a user name, at least two target sources are used as passwords, and the two target sources are own head portrait pictures and sounds for shouting own names.
Preferably, when the user registers the user name, after the target source is set, the server randomly selects other non-target sources for stimulation, the user collects electroencephalograms under stimulation of the response source through the head-mounted electroencephalogram equipment, transmits the electroencephalograms to the PC terminal for preprocessing and feature extraction through wireless communication, takes the extracted features as a training set, and stores the feature set and the source label into the database for training.
Preferably, the data security module is divided into four layers: user application layer, system access layer, data management layer, and block layer.
Preferably, the user application layer performs feature extraction and training classification on the electroencephalogram signals of the collected users through electroencephalogram equipment, and compares and identifies user groups with unique identities and based on categories; the system access layer comprises user registration, identification and authentication of user identity, the matching degree of a target source providing a unique identifier and the electroencephalogram signal of the user, and the identity of the user is verified.
Preferably, the data management layer comprises a control engine, the control engine generates a management protocol for receiving and transmitting the analysis result generated by the data block; the block layer comprises block data storage, a block network and network monitoring; and the block layer controls the aggregation of the log and the data index and carries out non-falsifiable data recording.
Preferably, the method for preserving the full life cycle information of the electronic archive comprises the following steps:
a, in the user registration process, performing distributed storage on the acquired electroencephalogram signal feature extracted data;
and b, safely storing the electroencephalogram signal data after the features are extracted, wherein the storage mode is on-chain storage.
c, when the user logs in for authentication, acquiring electroencephalogram signals of the user, preprocessing and performing characteristic processing on the electroencephalogram signals, and generating unique electroencephalogram signals for the user to perform matching authentication aiming at a password target source;
d, when the user requests to access the data, the data processing node detects the user identity, the user identity must be successfully authenticated in the authentication unit, the electroencephalogram authentication information is consistent with the password target source tag, the user processes and provides a data copy in the trusted computing space, a processing result is reported to be uplink, and the safety container is destroyed after the data is operated.
Preferably, in step b, the method for storing on-chain includes: the method comprises the following steps of electroencephalogram information uploading, information preprocessing and feature extraction, information publishing, electronic certificate construction, block publishing, node verification, information chaining and information data safe storage.
Preferably, in the step a, the storing process of the electroencephalogram signals is <1>, the PC terminal calls intelligent contracts such as reading functions and writing functions, and the functions can be used only by meeting matching conditions when called; reading and writing the data into a database, reading data with specified length after electroencephalogram characteristics are extracted, clearing the database at the original position in the database, and writing new data into the position after reading; writing the operation on the database into a disk block, and storing the database modification information in a disk after hash calculation; <4>, connecting the modified database with the block and storing the file in the database; and <5>, returning an intelligent contract, prompting a data result of the database modification and displaying the successful registration.
Preferably, in the step b, in the process of chain storage, an elliptic curve digital signature algorithm specified in an asymmetric algorithm is adopted to complete the signature of the private key to the hash value and the verification of the public key to the signature; uploading information, verifying the information, then issuing the information to a node network, encrypting a plurality of pieces of information, encrypting the information by using an asymmetric algorithm elliptic curve public key cryptographic algorithm in the encryption process, and then generating a summary by using a hash function so as to form a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved.
Preferably, the user needs to input at least three photos of the user and a section of speech for calling the name of the user in the registration process, and meanwhile, a large number of photos of the non-user and a sound source of the name of the non-user are stored in the system. The password set by the user is the head portrait and the sound source of the user, when logging in, the user can generate effective brain wave signals only by seeing the head portrait and hearing the sound source of the user, the user sees and hears the target source of the user when logging in, due to the height characteristic of the brain waves, the brain waves are preprocessed and feature extracted, finally, an integrated learning model and a classifier are adopted to classify and compare and authenticate the brain waves, the identity authentication system depending on the biological characteristics of the brain acquires the password target source to generate unique brain waves, and matching authentication is carried out, so that the unforgeability and the irreproducibility of the identity authentication system increase safety guarantee for the data security system. The system adopts the PC server as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment (Emotiv Epoc +), the login user has fourteen electrode channels, simultaneously transmits acquired electroencephalogram signal data to a controller of a security system, analyzes and identifies results by combining an intelligent algorithm model, and transmits signals to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation, the convenience of login authentication is provided by adopting the method, malicious login tampering of electronic data files is effectively prevented, and the safety of the system is ensured.
In addition, the preprocessing of the acquired electroencephalogram signals comprises the steps of adopting peak-peak amplitude detection, measuring the difference between the maximum value and the minimum value in a detection segment, comparing the peak-peak voltage with the threshold voltage of 75 mu V, reducing the errors of the electroencephalogram signals caused by the distortion of the voltage change of the ocular base line, and improving the sensitivity of artifact correction processing. And the interference of power frequency interference and external stimulation is reduced by iterative averaging through an amplitude averaging method. The signal-to-noise ratio S of the electroencephalogram signal satisfies the condition that S is equal to (delta)1/2/(δ/n)1/2=(n)1/2(ii) a In the formula, delta is the variance of the collected electroencephalogram signals, delta/n is the variance of the average evoked response of n-times superposition, (n)1/2Is the coefficient of signal-to-noise ratio improvement. For theThe method comprises the steps of extracting the characteristics of an electroencephalogram signal, wherein the electroencephalogram signal belongs to a neuroelectrophysiological phenomenon, so that the potential of the electroencephalogram signal caused by stimulation of a target source and a non-target source has obvious amplitude difference from a sampling point, and due to unpredictability of cerebral cortex, the amplitude of each channel and time interval of acquisition equipment is different, so that the potential characteristics are extracted by adopting a method of selecting electroencephalogram channels and time betweenness aiming at a specific object. The extraction process is that the potential variables of the target source and the non-target source are used as two continuous variables, and the following formula is satisfied: y (t) ═ a1a21/2V. (a1+ a2) · (b1(t) -b2(t))/S (t); in the above formula, T is a value range (1, T), T is a feature extraction time length, a1 represents the number of sampling samples of the target source, a2 represents the number of sampling samples of the non-target source, b1(T) represents the potential average value of all target sources at time T, b2(T) represents the potential average value of all non-target sources at time T, s (T) represents the standard deviation at time T, and y (T) is the double-row correlation coefficient at time T. Calculating the y (T) value of each sampling point according to the biserial correlation coefficient, then carrying out iterative averaging on the y (T) value of each sampling point and the sampled y (T) value of 5 points after the sampling point, and extracting the voltage characteristic information of the electroencephalogram signal from the time period when the y (T) value of the sampling point after the superposition averaging is larger than the average value of the y (T) values in the T time length and the duration time interval is larger than 25 sampling points.
After the electroencephalogram signals of the identified user are subjected to feature extraction, classification training processing is carried out on the electroencephalogram signals. The classification training comprises the following steps: a1, obtaining a plurality of electroencephalogram signal sampling sets after characteristic extraction, disordering the sequences of the electroencephalogram signal sampling sets, selecting part of the electroencephalogram signal sampling sets as training sets, and using the rest samples as test sets. Randomly selecting a sample from the training set each time, putting the sample into the sampling set, putting the sample back into the training set, and repeatedly executing the samples with the same number of times as the training set to obtain a new sampling set; a2, repeating the step A1 to obtain a plurality of new sampling sets, selecting a classifier for each new sampling set, then training to obtain a learner, and combining the learners; and A3, combining the output results, voting for classified people, and taking the result with the largest number of votes of the learner as a final result. And after the final result is obtained, matching the classification training result with the logged electroencephalogram signal during logging, wherein if matching is successful, authentication is successful, and if matching is failed, authentication is failed. The unique electroencephalogram signal generated by the password target source is acquired by the identity authentication system depending on the biological characteristics of the brain to serve as the authentication basis, so that the authentication attack of an imposter is effectively prevented, and the electronic data is prevented from being maliciously tampered.
Compared with the prior art, the invention has the following beneficial effects:
(1) the invention relates to a system and a method for preserving the full life cycle information of an electronic file, which combine the user registration and the user login of the system, adopt a set password target source to combine with electroencephalogram signal extraction analysis and comprehensive training comparison authentication, obtain a system password target source to generate a unique electroencephalogram signal by an identity authentication system depending on brain biological characteristics, and generate matching authentication, wherein the forgery and copy incapability of the system increase the safety guarantee for a data preservation system, and further improve the safety of the information preservation system.
(2) According to the system and the method for preserving the full life cycle information of the electronic file, when the acquired electroencephalogram signal is stored, a mode of on-chain information storage is adopted, the robustness of an electroencephalogram signal storage database is improved, system data are effectively prevented from being maliciously tampered, and the safety of a login system and a preservation system is further improved.
(3) The invention relates to a system and a method for preserving the whole life cycle information of an electronic file.A plurality of pieces of information are encrypted by uploading the information, verifying the information and then issuing the information to a node network, and then a hash function is used for generating an abstract, thereby forming a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved.
(4) The invention relates to a system and a method for preserving the full life cycle information of an electronic file, which reduce the interference of power frequency interference and external stimulation by limiting the relation among the signal-to-noise ratio of an electroencephalogram signal, the variance of the electroencephalogram signal and the response variance and by an amplitude averaging method.
(5) According to the system and the method for preserving the full life cycle information of the electronic file, the problem that different amplitudes exist in each channel and time interval of the acquisition equipment is solved by extracting potential parameters, the accuracy of electroencephalogram signals is improved, the subsequent electroencephalogram signals are processed conveniently, the accuracy of subsequent identity authentication is improved, and the safety of the system is improved.
(6) The invention relates to a system and a method for protecting the whole life cycle information of an electronic file, wherein a PC server is used as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment and transmits acquired electroencephalogram signal data to a controller of a protection system, an identification result is analyzed by combining an intelligent algorithm model, and the signal is transmitted to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a block diagram of the system framework of the present invention.
FIG. 2 is a block diagram of an electroencephalogram data saving module according to the present invention.
FIG. 3 is a flow chart of the user identification authentication EEG signal processing of the present invention.
Fig. 4 is a block diagram of a data security management and control platform of the present invention.
FIG. 5 is a flow chart of brain electrical signal storage of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described in detail and completely with reference to the accompanying drawings. It is to be understood that the described embodiments are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The first embodiment is as follows:
as shown in fig. 1, a system for preserving full life cycle information of an electronic file; the system comprises a background management module, a data security module and a personal center module; the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification;
the data security module comprises single-user data security and multi-user data security; the multi-user data preservation comprises data right transfer preservation and multi-user protocol preservation, wherein the preservation process comprises the steps that a user writes related information of preservation data, a local server of the user automatically generates preservation data and broadcasts the preservation data in a whole network, nodes in the whole network monitor the network, receive the preservation data, verify the preservation data through a node tree algorithm, continue the preservation data without ending the preservation data, and finally perform a consensus mechanism to generate a data preservation certificate;
the user authentication comprises user registration and user login, the user authentication comprises a PC (personal computer) end and a server end, when the user logs in, the user inputs a registered user name, a target source non-target source corresponding to the user name in a database is presented to the user, electroencephalogram signals of the user under stimulation of a plurality of response sources are collected through electroencephalogram equipment, classification labeling, preprocessing and feature extraction are carried out on the electroencephalogram signals, the electroencephalogram signals after preprocessing and feature extraction are authenticated by learning training, and the authentication is passed if the matching is successful.
When the user is registered in the user authentication process, the user selects a user name, at least two target sources are used as passwords, and the two target sources are head portrait pictures of the user and sounds for shouting the name of the user.
When a user registers a user name, after a target source is set, the server randomly selects other non-target sources for stimulation, the user collects electroencephalogram signals under stimulation of a response source through head-worn electroencephalogram equipment, transmits the electroencephalogram signals to a PC (personal computer) terminal for preprocessing and feature extraction through wireless communication, the extracted features are used as a training set, and the feature set and a source label are stored in a database for training.
In the registration process, a user needs to input at least three photos of the user and one section of words which yell the name of the user, and meanwhile, a large number of photos of non-users and sound sources of the names of the non-users are stored in the system. The password set by the user is the head portrait and the sound source of the user, when logging in, the user can generate effective brain wave signals only by seeing the head portrait and hearing the sound source of the user, the user sees and hears the target source of the user when logging in, due to the height characteristic of the brain waves, the brain waves are preprocessed and feature extracted, finally, an integrated learning model and a classifier are adopted to classify and compare and authenticate the brain waves, the identity authentication system depending on the biological characteristics of the brain acquires the password target source to generate unique brain waves, and matching authentication is carried out, so that the unforgeability and the irreproducibility of the identity authentication system increase safety guarantee for the data security system. The system adopts the PC server as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment (Emotiv Epoc +), the login user has fourteen electrode channels, simultaneously transmits acquired electroencephalogram signal data to a controller of a security system, analyzes and identifies results by combining an intelligent algorithm model, and transmits signals to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation, the convenience of login authentication is provided by adopting the method, malicious login tampering of electronic data files is effectively prevented, and the safety of the system is ensured.
Example two:
as shown in fig. 4, on the basis of the first embodiment, the data security module is divided into four layers: user application layer, system access layer, data management layer, and block layer.
The user application layer carries out feature extraction and training classification on the electroencephalogram signals of the collected users through electroencephalogram equipment, and compares and identifies user groups with unique identities and based on categories; the system access layer comprises user registration, identification and authentication of user identity, the matching degree of a target source providing a unique identifier and the electroencephalogram signal of the user, and the identity of the user is verified.
The data management layer comprises a control engine, the control engine generates a management protocol for receiving and transmitting analysis results generated by the data blocks; the block layer comprises block data storage, a block network and network monitoring; and the block layer controls the aggregation of the log and the data index and carries out non-falsifiable data recording.
Example three:
as shown in fig. 5, a method for preserving the full life cycle information of an electronic file includes the following steps:
a, in the user registration process, performing distributed storage on the acquired electroencephalogram signal feature extracted data;
and b, safely storing the electroencephalogram signal data after the features are extracted, wherein the storage mode is on-chain storage.
c, when the user logs in for authentication, acquiring electroencephalogram signals of the user, preprocessing and performing characteristic processing on the electroencephalogram signals, and generating unique electroencephalogram signals for the user to perform matching authentication aiming at a password target source;
d, when the user requests to access the data, the data processing node detects the user identity, the user identity must be successfully authenticated in the authentication unit, the electroencephalogram authentication information is consistent with the password target source tag, the user processes and provides a data copy in the trusted computing space, a processing result is reported to be uplink, and the safety container is destroyed after the data is operated.
In step b, the method for on-chain storage comprises: the method comprises the following steps of electroencephalogram information uploading, information preprocessing and feature extraction, information publishing, electronic certificate construction, block publishing, node verification, information chaining and information data safe storage.
In the step a, the storing process of the electroencephalogram signals is <1>, the PC terminal calls intelligent contracts such as reading functions and writing functions, and the functions can be used only by meeting matching conditions when called; reading and writing the data into a database, reading data with specified length after electroencephalogram characteristics are extracted, clearing the database at the original position in the database, and writing new data into the position after reading; writing the operation on the database into a disk block, and storing the database modification information in a disk after hash calculation; <4>, connecting the modified database with the block and storing the file in the database; and <5>, returning an intelligent contract, prompting a data result of the database modification and displaying the successful registration.
In the step b, in the process of chain storage, an elliptic curve digital signature algorithm specified in an asymmetric algorithm is adopted to finish the signature of a private key to a hash value and the verification of a public key to the signature; uploading information, verifying the information, then issuing the information to a node network, encrypting a plurality of pieces of information, encrypting the information by using an asymmetric algorithm elliptic curve public key cryptographic algorithm in the encryption process, and then generating a summary by using a hash function so as to form a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved.
Example four
On the basis of the first embodiment, the preprocessing of the acquired electroencephalogram signals comprises the steps of adopting peak-peak amplitude detection, measuring the difference between the maximum value and the minimum value in a detection segment, comparing the peak-peak voltage with the threshold voltage of 75 mu V, reducing the errors of the electroencephalogram signals caused by the distortion of the voltage change of an ocular baseline, and improving the sensitivity of artifact correction processing. The average value is calculated by an amplitude averaging method, iterative averaging,and the interference of power frequency interference and external stimulation is reduced. The signal-to-noise ratio S of the electroencephalogram signal satisfies the condition that S is equal to (delta)1/2/(δ/n)1/2=(n)1/2(ii) a In the formula, delta is the variance of the collected electroencephalogram signals, delta/n is the variance of the average evoked response of n-times superposition, (n)1/2Is the coefficient of signal-to-noise ratio improvement. For the feature extraction of the electroencephalogram signal, the electroencephalogram signal belongs to a neuroelectrophysiological phenomenon, so that the electroencephalogram signal has obvious amplitude difference from a sampling point due to the stimulation of a target source and a non-target source, and because the amplitude of each channel and time interval of the acquisition equipment is different due to the unpredictability of the cerebral cortex, the potential feature is extracted by adopting a method of selecting an electroencephalogram channel and time betweenness aiming at a specific object. The extraction process is that the potential variables of the target source and the non-target source are used as two continuous variables, and the following formula is satisfied: y (t) ═ a1a21/2V. (a1+ a2) · (b1(t) -b2(t))/S (t); in the above formula, T is a value range (1, T), T is a feature extraction time length, a1 represents the number of sampling samples of the target source, a2 represents the number of sampling samples of the non-target source, b1(T) represents the potential average value of all target sources at time T, b2(T) represents the potential average value of all non-target sources at time T, s (T) represents the standard deviation at time T, and y (T) is the double-row correlation coefficient at time T. Calculating the y (T) value of each sampling point according to the biserial correlation coefficient, then carrying out iterative averaging on the y (T) value of each sampling point and the sampled y (T) value of 5 points after the sampling point, and extracting the voltage characteristic information of the electroencephalogram signal from the time period when the y (T) value of the sampling point after the superposition averaging is larger than the average value of the y (T) values in the T time length and the duration time interval is larger than 25 sampling points.
EXAMPLE five
On the basis of the first embodiment, after the electroencephalogram signals of the identified user are subjected to feature extraction, classification training processing is carried out on the electroencephalogram signals. The classification training comprises the following steps: a1, obtaining a plurality of electroencephalogram signal sampling sets after characteristic extraction, disordering the sequences of the electroencephalogram signal sampling sets, selecting part of the electroencephalogram signal sampling sets as training sets, and using the rest samples as test sets. Randomly selecting a sample from the training set each time, putting the sample into the sampling set, putting the sample back into the training set, and repeatedly executing the samples with the same number of times as the training set to obtain a new sampling set; a2, repeating the step A1 to obtain a plurality of new sampling sets, selecting a classifier for each new sampling set, then training to obtain a learner, and combining the learners; and A3, combining the output results, voting for classified people, and taking the result with the largest number of votes of the learner as a final result. And after the final result is obtained, matching the classification training result with the logged electroencephalogram signal during logging, wherein if matching is successful, authentication is successful, and if matching is failed, authentication is failed. The unique electroencephalogram signal generated by the password target source is acquired by the identity authentication system depending on the biological characteristics of the brain to serve as the authentication basis, so that the authentication attack of an imposter is effectively prevented, and the electronic data is prevented from being maliciously tampered.
The device obtained by the technical scheme is an electronic file full life cycle information security system and a method, a set password target source is combined with electroencephalogram signal extraction analysis and comprehensive training comparison authentication by combining user registration and user login of the system, the password target source is obtained by an identity authentication system depending on brain biological characteristics to generate a unique electroencephalogram signal, matching authentication is generated, and the non-forgeability and the non-duplicability of the system increase security for the data security system and further improve the security of the information security system. When the acquired electroencephalogram signals are stored, the robustness of an electroencephalogram signal storage database is improved by adopting a chain information storage mode, system data are effectively prevented from being maliciously tampered, and the safety of logging in a system and the safety of a security system are further improved. Uploading information, verifying the information, then issuing the information to a node network, encrypting a plurality of pieces of information, encrypting the information by using an asymmetric algorithm elliptic curve public key cryptographic algorithm in the encryption process, and then generating a summary by using a hash function to form a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved. The method reduces the interference of power frequency interference and external stimulation by limiting the relation among the signal-to-noise ratio of the electroencephalogram signal, the variance of the electroencephalogram signal and the response variance, and by means of an amplitude averaging method and iterative averaging. The problem that different amplitudes exist in each channel and time interval of the acquisition equipment is solved by extracting potential parameters, the accuracy of the electroencephalogram signal is improved, the subsequent electroencephalogram signal is processed conveniently, the accuracy of the subsequent identity authentication is improved, and the safety of the system is improved. The PC server is adopted as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment, meanwhile, acquired electroencephalogram signal data are transmitted to a controller of a security system, an identification result is analyzed by combining an intelligent algorithm model, and signals are transmitted to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation.
Other technical solutions not described in detail in the present invention are prior art in the field, and are not described herein again.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention; any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A kind of electronic file full life cycle information security system; the system comprises a background management module, a data security module and a personal center module; the system is characterized in that the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification;
the data security module comprises single-user data security and multi-user data security; the multi-user data preservation comprises data right transfer preservation and multi-user protocol preservation, wherein the preservation process comprises the steps that a user writes related information of preservation data, a local server of the user automatically generates preservation data and broadcasts the preservation data in a whole network, nodes in the whole network monitor the network, receive the preservation data, verify the preservation data through a node tree algorithm, continue the preservation data without ending the preservation data, and finally perform a consensus mechanism to generate a data preservation certificate;
the user authentication comprises user registration and user login, the user authentication comprises a PC (personal computer) end and a server end, when the user logs in, the user inputs a registered user name, a target source non-target source corresponding to the user name in a database is presented to the user, electroencephalogram signals of the user under stimulation of a plurality of response sources are collected through electroencephalogram equipment, classification labeling, preprocessing and feature extraction are carried out on the electroencephalogram signals, the electroencephalogram signals after preprocessing and feature extraction are authenticated by learning training, and the authentication is passed if the matching is successful.
2. The system of claim 1, wherein the user authentication is performed during user registration, wherein the user selects a user name, at least two target sources are used as passwords, and the two target sources are a head portrait picture and a sound for shouting the name of the user.
3. The system of claim 2, wherein the server randomly selects other non-target sources for stimulation after the target source is set when the user registers the user name, the user collects electroencephalogram signals under the stimulation of the response source through the head-mounted electroencephalogram device, transmits the electroencephalogram signals to the PC terminal for preprocessing and feature extraction through wireless communication, uses the extracted features as a training set, and stores the feature set and the source tag into the database for training.
4. The system of claim 1, wherein the data security module is divided into four layers: user application layer, system access layer, data management layer, and block layer.
5. The system of claim 4, wherein the user application layer performs feature extraction and training classification on the electroencephalogram signals of the collected users through electroencephalogram equipment, and compares and identifies user groups with unique identities and categories; the system access layer comprises user registration, identification and authentication of user identity, the matching degree of a target source providing a unique identifier and the electroencephalogram signal of the user, and the identity of the user is verified.
6. The system of claim 4, wherein the data management layer comprises a control engine, the control engine generating a management protocol for receiving and transmitting the analysis result generated by the data block; the block layer comprises block data storage, a block network and network monitoring; and the block layer controls the aggregation of the log and the data index and carries out non-falsifiable data recording.
7. The system for preserving full life-cycle information of electronic files as claimed in claim 1, wherein the method for preserving full life-cycle information of electronic files comprises the following steps:
a, in the user registration process, performing distributed storage on the acquired electroencephalogram signal feature extracted data;
and b, safely storing the electroencephalogram signal data after the features are extracted, wherein the storage mode is on-chain storage.
c, when the user logs in for authentication, acquiring electroencephalogram signals of the user, preprocessing and performing characteristic processing on the electroencephalogram signals, and generating unique electroencephalogram signals for the user to perform matching authentication aiming at a password target source;
d, when the user requests to access the data, the data processing node detects the user identity, the user identity must be successfully authenticated in the authentication unit, the electroencephalogram authentication information is consistent with the password target source tag, the user processes and provides a data copy in the trusted computing space, a processing result is reported to be uplink, and the safety container is destroyed after the data is operated.
8. The method as claimed in claim 7, wherein the step b of storing the electronic file in the chain includes: the method comprises the following steps of electroencephalogram information uploading, information preprocessing and feature extraction, information publishing, electronic certificate construction, block publishing, node verification, information chaining and information data safe storage.
CN202110775201.9A 2021-07-08 2021-07-08 Electronic file full life cycle information security system and method Pending CN113591051A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110775201.9A CN113591051A (en) 2021-07-08 2021-07-08 Electronic file full life cycle information security system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110775201.9A CN113591051A (en) 2021-07-08 2021-07-08 Electronic file full life cycle information security system and method

Publications (1)

Publication Number Publication Date
CN113591051A true CN113591051A (en) 2021-11-02

Family

ID=78246638

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110775201.9A Pending CN113591051A (en) 2021-07-08 2021-07-08 Electronic file full life cycle information security system and method

Country Status (1)

Country Link
CN (1) CN113591051A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254416A (en) * 2021-05-26 2021-08-13 中国科学技术大学 Whole brain data storage method and system, electronic equipment and storage medium
CN116992108A (en) * 2023-09-25 2023-11-03 杭州易康信科技有限公司 Government administration electronic archive processing method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106096444A (en) * 2016-06-12 2016-11-09 杨鹏 A kind of identification based on bio information and social information's recording method and system
US20200153624A1 (en) * 2018-11-13 2020-05-14 Ares Technologies, Inc. Biometric scanner apparatus and methods for its use
CN111831678A (en) * 2020-09-17 2020-10-27 支付宝(杭州)信息技术有限公司 Privacy protection method and device based on block chain and electronic equipment
CN111859422A (en) * 2020-07-10 2020-10-30 郑州信大先进技术研究院 Digital asset deposit certificate system based on block chain
CN113065961A (en) * 2021-03-22 2021-07-02 江苏派智信息科技有限公司 Power block chain data management system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106096444A (en) * 2016-06-12 2016-11-09 杨鹏 A kind of identification based on bio information and social information's recording method and system
US20200153624A1 (en) * 2018-11-13 2020-05-14 Ares Technologies, Inc. Biometric scanner apparatus and methods for its use
CN111859422A (en) * 2020-07-10 2020-10-30 郑州信大先进技术研究院 Digital asset deposit certificate system based on block chain
CN111831678A (en) * 2020-09-17 2020-10-27 支付宝(杭州)信息技术有限公司 Privacy protection method and device based on block chain and electronic equipment
CN113065961A (en) * 2021-03-22 2021-07-02 江苏派智信息科技有限公司 Power block chain data management system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王建宇: "基于区块链的数据保全系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
胡林康: "基于脑电波视听觉范式的身份认证系统", 《中国优秀硕士学位论文全文数据库医药卫生科技辑》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254416A (en) * 2021-05-26 2021-08-13 中国科学技术大学 Whole brain data storage method and system, electronic equipment and storage medium
CN116992108A (en) * 2023-09-25 2023-11-03 杭州易康信科技有限公司 Government administration electronic archive processing method and system
CN116992108B (en) * 2023-09-25 2023-12-19 杭州易康信科技有限公司 Government administration electronic archive processing method and system

Similar Documents

Publication Publication Date Title
Premarathne et al. Hybrid cryptographic access control for cloud-based EHR systems
US9298902B2 (en) System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record
Adler Sample images can be independently restored from face recognition templates
Stefan et al. Robustness of keystroke-dynamics based biometrics against synthetic forgeries
US20190370445A1 (en) Systems and Methods for Biometric Identity and Authentication
WO2021216762A1 (en) Artificial intelligence-based generation of anthropomorphic signatures and use threof
US20170118205A1 (en) User biological feature authentication method and system
CN106503517B (en) A kind of security certification system based on the acquisition of virtual implementing helmet brain line
TW201435640A (en) Method and system for identifying human/machine
CN113591051A (en) Electronic file full life cycle information security system and method
AU2012101558A4 (en) Adaptive device authentication
CN107733636A (en) Authentication method and Verification System
KR20170034618A (en) Method for User Authentication Using Biometirc Information, Authentication Server and Biometric Device for User Authentication
Gobi et al. A secured public key cryptosystem for biometric encryption
CN112002436A (en) Block chain-based medical question answering method, device and medium
El-Yahyaoui et al. An improved framework for biometric Database's privacy
WO2023244602A1 (en) Systems and methods that provide a high level of security for a user
Liu et al. Biohashing for human acoustic signature based on random projection
Onyesolu et al. Enhancing security in a distributed examination using biometrics and distributed firewall system
CN108512815B (en) Anti-theft chain detection method, anti-theft chain detection device and server
CN112272195B (en) Dynamic detection authentication system and method thereof
US20230133033A1 (en) System and method for processing a data subject rights request using biometric data matching
CN213122985U (en) PIS authentication system
Neal et al. Mobile biometrics, replay attacks, and behavior profiling: An empirical analysis of impostor detection
CN108241803B (en) A kind of access control method of heterogeneous system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211102