CN113591051A - Electronic file full life cycle information security system and method - Google Patents
Electronic file full life cycle information security system and method Download PDFInfo
- Publication number
- CN113591051A CN113591051A CN202110775201.9A CN202110775201A CN113591051A CN 113591051 A CN113591051 A CN 113591051A CN 202110775201 A CN202110775201 A CN 202110775201A CN 113591051 A CN113591051 A CN 113591051A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- electroencephalogram
- authentication
- preservation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
- G06F2218/12—Classification; Matching
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Measurement And Recording Of Electrical Phenomena And Electrical Characteristics Of The Living Body (AREA)
Abstract
The invention discloses a system for protecting the whole life cycle information of an electronic file; the system comprises a background management module, a data security module and a personal center module; the system is characterized in that the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification; the method is characterized in that a set password target source is combined with electroencephalogram signal extraction analysis and comprehensive training comparison authentication by combining user registration and user login of the system, the unique electroencephalogram signal is generated by the password target source acquired by an identity authentication system depending on brain biological characteristics, matching authentication is performed, and the unforgeability and the irreproducibility of the electroencephalogram signal increase safety guarantee for the data security system, so that the safety of the information security system is further improved.
Description
Technical Field
The invention belongs to the field of information preservation, and particularly relates to a system and a method for preserving the full life cycle information of an electronic file.
Background
With the development of the internet era, the cloud computing and big data era comes, and various electronic presentations are on a rapid growth trend in the fields of finance, medical treatment, copyright, administration and the like, but at the same time, electronic data is more and more obvious when being tampered, and the traditional electronic data preservation methods such as right protection can protect data, but easily cause the problems of value transfer, secret leakage and the like, and cannot meet the current electronic protection requirements.
At present, some electronic fingerprints are used for preventing instant fixed telephone on data, a timestamp is added to form an effective digital certificate, and the data are protected, but the existing security system generally guarantees the security of a database through authority memorability endorsement, encryption and the like on the system aiming at the data, but if a data platform goes wrong or data are tampered by artificial malicious login, the data security system is used without any use, and obviously, the protection degree of the security system only used for encrypting and storing electronic data is far from insufficient.
Chinese patent application No. 201710313167.7 discloses a data security method and related system. The method comprises the following steps: the financial service server sends the data of preset security points acquired by the client and the financial service server in the execution service process to a data security pre-system through a data security request; the data security pre-positioned system receives a data security request sent by a financial service server; analyzing preset security point data collected by the client and/or the financial service server in the execution service process contained in the data security request and sending the data to a data security core system; the data security core system signs and encrypts the analyzed data of the security points; storing the signed and encrypted data into a database for solidification; and the data security core system backs up the data solidified in the database to a preset data security back-up system and synchronizes the data to a preset data security mechanism.
In the technical scheme, the security point is signed and encrypted, and the signed and encrypted data are stored in the database for solidification, so that the data security function is achieved to a certain extent, however, artificial malicious login and tampering of system data cannot be eliminated, the login and authentication system of the security system is low in safety coefficient level, and certain risk exists on the security of malicious tampering data.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide an electronic file full life cycle information security system and a method, which combine user registration and user login of the system, adopt a set password target source to combine with electroencephalogram signal extraction analysis and comprehensive training comparison authentication, obtain a system password target source through an identity authentication system depending on brain biological characteristics to generate a unique electroencephalogram signal, generate matching authentication, increase security guarantee for the data security system due to non-forgeability and non-duplicability, and further improve the security of the information security system; when the acquired electroencephalogram signals are stored, the robustness of an electroencephalogram signal storage database is improved by adopting a chain information storage mode, system data are effectively prevented from being maliciously tampered, and the safety of logging in a system and the safety of a security system are further improved.
The invention provides the following technical scheme:
a kind of electronic file full life cycle information security system; the system comprises a background management module, a data security module and a personal center module; the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification;
the data security module comprises single-user data security and multi-user data security; the multi-user data preservation comprises data right transfer preservation and multi-user protocol preservation, wherein the preservation process comprises the steps that a user writes related information of preservation data, a local server of the user automatically generates preservation data and broadcasts the preservation data in a whole network, nodes in the whole network monitor the network, receive the preservation data, verify the preservation data through a node tree algorithm, continue the preservation data without ending the preservation data, and finally perform a consensus mechanism to generate a data preservation certificate;
the user authentication comprises user registration and user login, the user authentication comprises a PC (personal computer) end and a server end, when the user logs in, the user inputs a registered user name, a target source non-target source corresponding to the user name in a database is presented to the user, electroencephalogram signals of the user under stimulation of a plurality of response sources are collected through electroencephalogram equipment, classification labeling, preprocessing and feature extraction are carried out on the electroencephalogram signals, the electroencephalogram signals after preprocessing and feature extraction are authenticated by learning training, and the authentication is passed if the matching is successful.
Preferably, when the user authentication is carried out during user registration, the user selects a user name, at least two target sources are used as passwords, and the two target sources are own head portrait pictures and sounds for shouting own names.
Preferably, when the user registers the user name, after the target source is set, the server randomly selects other non-target sources for stimulation, the user collects electroencephalograms under stimulation of the response source through the head-mounted electroencephalogram equipment, transmits the electroencephalograms to the PC terminal for preprocessing and feature extraction through wireless communication, takes the extracted features as a training set, and stores the feature set and the source label into the database for training.
Preferably, the data security module is divided into four layers: user application layer, system access layer, data management layer, and block layer.
Preferably, the user application layer performs feature extraction and training classification on the electroencephalogram signals of the collected users through electroencephalogram equipment, and compares and identifies user groups with unique identities and based on categories; the system access layer comprises user registration, identification and authentication of user identity, the matching degree of a target source providing a unique identifier and the electroencephalogram signal of the user, and the identity of the user is verified.
Preferably, the data management layer comprises a control engine, the control engine generates a management protocol for receiving and transmitting the analysis result generated by the data block; the block layer comprises block data storage, a block network and network monitoring; and the block layer controls the aggregation of the log and the data index and carries out non-falsifiable data recording.
Preferably, the method for preserving the full life cycle information of the electronic archive comprises the following steps:
a, in the user registration process, performing distributed storage on the acquired electroencephalogram signal feature extracted data;
and b, safely storing the electroencephalogram signal data after the features are extracted, wherein the storage mode is on-chain storage.
c, when the user logs in for authentication, acquiring electroencephalogram signals of the user, preprocessing and performing characteristic processing on the electroencephalogram signals, and generating unique electroencephalogram signals for the user to perform matching authentication aiming at a password target source;
d, when the user requests to access the data, the data processing node detects the user identity, the user identity must be successfully authenticated in the authentication unit, the electroencephalogram authentication information is consistent with the password target source tag, the user processes and provides a data copy in the trusted computing space, a processing result is reported to be uplink, and the safety container is destroyed after the data is operated.
Preferably, in step b, the method for storing on-chain includes: the method comprises the following steps of electroencephalogram information uploading, information preprocessing and feature extraction, information publishing, electronic certificate construction, block publishing, node verification, information chaining and information data safe storage.
Preferably, in the step a, the storing process of the electroencephalogram signals is <1>, the PC terminal calls intelligent contracts such as reading functions and writing functions, and the functions can be used only by meeting matching conditions when called; reading and writing the data into a database, reading data with specified length after electroencephalogram characteristics are extracted, clearing the database at the original position in the database, and writing new data into the position after reading; writing the operation on the database into a disk block, and storing the database modification information in a disk after hash calculation; <4>, connecting the modified database with the block and storing the file in the database; and <5>, returning an intelligent contract, prompting a data result of the database modification and displaying the successful registration.
Preferably, in the step b, in the process of chain storage, an elliptic curve digital signature algorithm specified in an asymmetric algorithm is adopted to complete the signature of the private key to the hash value and the verification of the public key to the signature; uploading information, verifying the information, then issuing the information to a node network, encrypting a plurality of pieces of information, encrypting the information by using an asymmetric algorithm elliptic curve public key cryptographic algorithm in the encryption process, and then generating a summary by using a hash function so as to form a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved.
Preferably, the user needs to input at least three photos of the user and a section of speech for calling the name of the user in the registration process, and meanwhile, a large number of photos of the non-user and a sound source of the name of the non-user are stored in the system. The password set by the user is the head portrait and the sound source of the user, when logging in, the user can generate effective brain wave signals only by seeing the head portrait and hearing the sound source of the user, the user sees and hears the target source of the user when logging in, due to the height characteristic of the brain waves, the brain waves are preprocessed and feature extracted, finally, an integrated learning model and a classifier are adopted to classify and compare and authenticate the brain waves, the identity authentication system depending on the biological characteristics of the brain acquires the password target source to generate unique brain waves, and matching authentication is carried out, so that the unforgeability and the irreproducibility of the identity authentication system increase safety guarantee for the data security system. The system adopts the PC server as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment (Emotiv Epoc +), the login user has fourteen electrode channels, simultaneously transmits acquired electroencephalogram signal data to a controller of a security system, analyzes and identifies results by combining an intelligent algorithm model, and transmits signals to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation, the convenience of login authentication is provided by adopting the method, malicious login tampering of electronic data files is effectively prevented, and the safety of the system is ensured.
In addition, the preprocessing of the acquired electroencephalogram signals comprises the steps of adopting peak-peak amplitude detection, measuring the difference between the maximum value and the minimum value in a detection segment, comparing the peak-peak voltage with the threshold voltage of 75 mu V, reducing the errors of the electroencephalogram signals caused by the distortion of the voltage change of the ocular base line, and improving the sensitivity of artifact correction processing. And the interference of power frequency interference and external stimulation is reduced by iterative averaging through an amplitude averaging method. The signal-to-noise ratio S of the electroencephalogram signal satisfies the condition that S is equal to (delta)1/2/(δ/n)1/2=(n)1/2(ii) a In the formula, delta is the variance of the collected electroencephalogram signals, delta/n is the variance of the average evoked response of n-times superposition, (n)1/2Is the coefficient of signal-to-noise ratio improvement. For theThe method comprises the steps of extracting the characteristics of an electroencephalogram signal, wherein the electroencephalogram signal belongs to a neuroelectrophysiological phenomenon, so that the potential of the electroencephalogram signal caused by stimulation of a target source and a non-target source has obvious amplitude difference from a sampling point, and due to unpredictability of cerebral cortex, the amplitude of each channel and time interval of acquisition equipment is different, so that the potential characteristics are extracted by adopting a method of selecting electroencephalogram channels and time betweenness aiming at a specific object. The extraction process is that the potential variables of the target source and the non-target source are used as two continuous variables, and the following formula is satisfied: y (t) ═ a1a21/2V. (a1+ a2) · (b1(t) -b2(t))/S (t); in the above formula, T is a value range (1, T), T is a feature extraction time length, a1 represents the number of sampling samples of the target source, a2 represents the number of sampling samples of the non-target source, b1(T) represents the potential average value of all target sources at time T, b2(T) represents the potential average value of all non-target sources at time T, s (T) represents the standard deviation at time T, and y (T) is the double-row correlation coefficient at time T. Calculating the y (T) value of each sampling point according to the biserial correlation coefficient, then carrying out iterative averaging on the y (T) value of each sampling point and the sampled y (T) value of 5 points after the sampling point, and extracting the voltage characteristic information of the electroencephalogram signal from the time period when the y (T) value of the sampling point after the superposition averaging is larger than the average value of the y (T) values in the T time length and the duration time interval is larger than 25 sampling points.
After the electroencephalogram signals of the identified user are subjected to feature extraction, classification training processing is carried out on the electroencephalogram signals. The classification training comprises the following steps: a1, obtaining a plurality of electroencephalogram signal sampling sets after characteristic extraction, disordering the sequences of the electroencephalogram signal sampling sets, selecting part of the electroencephalogram signal sampling sets as training sets, and using the rest samples as test sets. Randomly selecting a sample from the training set each time, putting the sample into the sampling set, putting the sample back into the training set, and repeatedly executing the samples with the same number of times as the training set to obtain a new sampling set; a2, repeating the step A1 to obtain a plurality of new sampling sets, selecting a classifier for each new sampling set, then training to obtain a learner, and combining the learners; and A3, combining the output results, voting for classified people, and taking the result with the largest number of votes of the learner as a final result. And after the final result is obtained, matching the classification training result with the logged electroencephalogram signal during logging, wherein if matching is successful, authentication is successful, and if matching is failed, authentication is failed. The unique electroencephalogram signal generated by the password target source is acquired by the identity authentication system depending on the biological characteristics of the brain to serve as the authentication basis, so that the authentication attack of an imposter is effectively prevented, and the electronic data is prevented from being maliciously tampered.
Compared with the prior art, the invention has the following beneficial effects:
(1) the invention relates to a system and a method for preserving the full life cycle information of an electronic file, which combine the user registration and the user login of the system, adopt a set password target source to combine with electroencephalogram signal extraction analysis and comprehensive training comparison authentication, obtain a system password target source to generate a unique electroencephalogram signal by an identity authentication system depending on brain biological characteristics, and generate matching authentication, wherein the forgery and copy incapability of the system increase the safety guarantee for a data preservation system, and further improve the safety of the information preservation system.
(2) According to the system and the method for preserving the full life cycle information of the electronic file, when the acquired electroencephalogram signal is stored, a mode of on-chain information storage is adopted, the robustness of an electroencephalogram signal storage database is improved, system data are effectively prevented from being maliciously tampered, and the safety of a login system and a preservation system is further improved.
(3) The invention relates to a system and a method for preserving the whole life cycle information of an electronic file.A plurality of pieces of information are encrypted by uploading the information, verifying the information and then issuing the information to a node network, and then a hash function is used for generating an abstract, thereby forming a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved.
(4) The invention relates to a system and a method for preserving the full life cycle information of an electronic file, which reduce the interference of power frequency interference and external stimulation by limiting the relation among the signal-to-noise ratio of an electroencephalogram signal, the variance of the electroencephalogram signal and the response variance and by an amplitude averaging method.
(5) According to the system and the method for preserving the full life cycle information of the electronic file, the problem that different amplitudes exist in each channel and time interval of the acquisition equipment is solved by extracting potential parameters, the accuracy of electroencephalogram signals is improved, the subsequent electroencephalogram signals are processed conveniently, the accuracy of subsequent identity authentication is improved, and the safety of the system is improved.
(6) The invention relates to a system and a method for protecting the whole life cycle information of an electronic file, wherein a PC server is used as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment and transmits acquired electroencephalogram signal data to a controller of a protection system, an identification result is analyzed by combining an intelligent algorithm model, and the signal is transmitted to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a block diagram of the system framework of the present invention.
FIG. 2 is a block diagram of an electroencephalogram data saving module according to the present invention.
FIG. 3 is a flow chart of the user identification authentication EEG signal processing of the present invention.
Fig. 4 is a block diagram of a data security management and control platform of the present invention.
FIG. 5 is a flow chart of brain electrical signal storage of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described in detail and completely with reference to the accompanying drawings. It is to be understood that the described embodiments are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The first embodiment is as follows:
as shown in fig. 1, a system for preserving full life cycle information of an electronic file; the system comprises a background management module, a data security module and a personal center module; the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification;
the data security module comprises single-user data security and multi-user data security; the multi-user data preservation comprises data right transfer preservation and multi-user protocol preservation, wherein the preservation process comprises the steps that a user writes related information of preservation data, a local server of the user automatically generates preservation data and broadcasts the preservation data in a whole network, nodes in the whole network monitor the network, receive the preservation data, verify the preservation data through a node tree algorithm, continue the preservation data without ending the preservation data, and finally perform a consensus mechanism to generate a data preservation certificate;
the user authentication comprises user registration and user login, the user authentication comprises a PC (personal computer) end and a server end, when the user logs in, the user inputs a registered user name, a target source non-target source corresponding to the user name in a database is presented to the user, electroencephalogram signals of the user under stimulation of a plurality of response sources are collected through electroencephalogram equipment, classification labeling, preprocessing and feature extraction are carried out on the electroencephalogram signals, the electroencephalogram signals after preprocessing and feature extraction are authenticated by learning training, and the authentication is passed if the matching is successful.
When the user is registered in the user authentication process, the user selects a user name, at least two target sources are used as passwords, and the two target sources are head portrait pictures of the user and sounds for shouting the name of the user.
When a user registers a user name, after a target source is set, the server randomly selects other non-target sources for stimulation, the user collects electroencephalogram signals under stimulation of a response source through head-worn electroencephalogram equipment, transmits the electroencephalogram signals to a PC (personal computer) terminal for preprocessing and feature extraction through wireless communication, the extracted features are used as a training set, and the feature set and a source label are stored in a database for training.
In the registration process, a user needs to input at least three photos of the user and one section of words which yell the name of the user, and meanwhile, a large number of photos of non-users and sound sources of the names of the non-users are stored in the system. The password set by the user is the head portrait and the sound source of the user, when logging in, the user can generate effective brain wave signals only by seeing the head portrait and hearing the sound source of the user, the user sees and hears the target source of the user when logging in, due to the height characteristic of the brain waves, the brain waves are preprocessed and feature extracted, finally, an integrated learning model and a classifier are adopted to classify and compare and authenticate the brain waves, the identity authentication system depending on the biological characteristics of the brain acquires the password target source to generate unique brain waves, and matching authentication is carried out, so that the unforgeability and the irreproducibility of the identity authentication system increase safety guarantee for the data security system. The system adopts the PC server as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment (Emotiv Epoc +), the login user has fourteen electrode channels, simultaneously transmits acquired electroencephalogram signal data to a controller of a security system, analyzes and identifies results by combining an intelligent algorithm model, and transmits signals to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation, the convenience of login authentication is provided by adopting the method, malicious login tampering of electronic data files is effectively prevented, and the safety of the system is ensured.
Example two:
as shown in fig. 4, on the basis of the first embodiment, the data security module is divided into four layers: user application layer, system access layer, data management layer, and block layer.
The user application layer carries out feature extraction and training classification on the electroencephalogram signals of the collected users through electroencephalogram equipment, and compares and identifies user groups with unique identities and based on categories; the system access layer comprises user registration, identification and authentication of user identity, the matching degree of a target source providing a unique identifier and the electroencephalogram signal of the user, and the identity of the user is verified.
The data management layer comprises a control engine, the control engine generates a management protocol for receiving and transmitting analysis results generated by the data blocks; the block layer comprises block data storage, a block network and network monitoring; and the block layer controls the aggregation of the log and the data index and carries out non-falsifiable data recording.
Example three:
as shown in fig. 5, a method for preserving the full life cycle information of an electronic file includes the following steps:
a, in the user registration process, performing distributed storage on the acquired electroencephalogram signal feature extracted data;
and b, safely storing the electroencephalogram signal data after the features are extracted, wherein the storage mode is on-chain storage.
c, when the user logs in for authentication, acquiring electroencephalogram signals of the user, preprocessing and performing characteristic processing on the electroencephalogram signals, and generating unique electroencephalogram signals for the user to perform matching authentication aiming at a password target source;
d, when the user requests to access the data, the data processing node detects the user identity, the user identity must be successfully authenticated in the authentication unit, the electroencephalogram authentication information is consistent with the password target source tag, the user processes and provides a data copy in the trusted computing space, a processing result is reported to be uplink, and the safety container is destroyed after the data is operated.
In step b, the method for on-chain storage comprises: the method comprises the following steps of electroencephalogram information uploading, information preprocessing and feature extraction, information publishing, electronic certificate construction, block publishing, node verification, information chaining and information data safe storage.
In the step a, the storing process of the electroencephalogram signals is <1>, the PC terminal calls intelligent contracts such as reading functions and writing functions, and the functions can be used only by meeting matching conditions when called; reading and writing the data into a database, reading data with specified length after electroencephalogram characteristics are extracted, clearing the database at the original position in the database, and writing new data into the position after reading; writing the operation on the database into a disk block, and storing the database modification information in a disk after hash calculation; <4>, connecting the modified database with the block and storing the file in the database; and <5>, returning an intelligent contract, prompting a data result of the database modification and displaying the successful registration.
In the step b, in the process of chain storage, an elliptic curve digital signature algorithm specified in an asymmetric algorithm is adopted to finish the signature of a private key to a hash value and the verification of a public key to the signature; uploading information, verifying the information, then issuing the information to a node network, encrypting a plurality of pieces of information, encrypting the information by using an asymmetric algorithm elliptic curve public key cryptographic algorithm in the encryption process, and then generating a summary by using a hash function so as to form a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved.
Example four
On the basis of the first embodiment, the preprocessing of the acquired electroencephalogram signals comprises the steps of adopting peak-peak amplitude detection, measuring the difference between the maximum value and the minimum value in a detection segment, comparing the peak-peak voltage with the threshold voltage of 75 mu V, reducing the errors of the electroencephalogram signals caused by the distortion of the voltage change of an ocular baseline, and improving the sensitivity of artifact correction processing. The average value is calculated by an amplitude averaging method, iterative averaging,and the interference of power frequency interference and external stimulation is reduced. The signal-to-noise ratio S of the electroencephalogram signal satisfies the condition that S is equal to (delta)1/2/(δ/n)1/2=(n)1/2(ii) a In the formula, delta is the variance of the collected electroencephalogram signals, delta/n is the variance of the average evoked response of n-times superposition, (n)1/2Is the coefficient of signal-to-noise ratio improvement. For the feature extraction of the electroencephalogram signal, the electroencephalogram signal belongs to a neuroelectrophysiological phenomenon, so that the electroencephalogram signal has obvious amplitude difference from a sampling point due to the stimulation of a target source and a non-target source, and because the amplitude of each channel and time interval of the acquisition equipment is different due to the unpredictability of the cerebral cortex, the potential feature is extracted by adopting a method of selecting an electroencephalogram channel and time betweenness aiming at a specific object. The extraction process is that the potential variables of the target source and the non-target source are used as two continuous variables, and the following formula is satisfied: y (t) ═ a1a21/2V. (a1+ a2) · (b1(t) -b2(t))/S (t); in the above formula, T is a value range (1, T), T is a feature extraction time length, a1 represents the number of sampling samples of the target source, a2 represents the number of sampling samples of the non-target source, b1(T) represents the potential average value of all target sources at time T, b2(T) represents the potential average value of all non-target sources at time T, s (T) represents the standard deviation at time T, and y (T) is the double-row correlation coefficient at time T. Calculating the y (T) value of each sampling point according to the biserial correlation coefficient, then carrying out iterative averaging on the y (T) value of each sampling point and the sampled y (T) value of 5 points after the sampling point, and extracting the voltage characteristic information of the electroencephalogram signal from the time period when the y (T) value of the sampling point after the superposition averaging is larger than the average value of the y (T) values in the T time length and the duration time interval is larger than 25 sampling points.
EXAMPLE five
On the basis of the first embodiment, after the electroencephalogram signals of the identified user are subjected to feature extraction, classification training processing is carried out on the electroencephalogram signals. The classification training comprises the following steps: a1, obtaining a plurality of electroencephalogram signal sampling sets after characteristic extraction, disordering the sequences of the electroencephalogram signal sampling sets, selecting part of the electroencephalogram signal sampling sets as training sets, and using the rest samples as test sets. Randomly selecting a sample from the training set each time, putting the sample into the sampling set, putting the sample back into the training set, and repeatedly executing the samples with the same number of times as the training set to obtain a new sampling set; a2, repeating the step A1 to obtain a plurality of new sampling sets, selecting a classifier for each new sampling set, then training to obtain a learner, and combining the learners; and A3, combining the output results, voting for classified people, and taking the result with the largest number of votes of the learner as a final result. And after the final result is obtained, matching the classification training result with the logged electroencephalogram signal during logging, wherein if matching is successful, authentication is successful, and if matching is failed, authentication is failed. The unique electroencephalogram signal generated by the password target source is acquired by the identity authentication system depending on the biological characteristics of the brain to serve as the authentication basis, so that the authentication attack of an imposter is effectively prevented, and the electronic data is prevented from being maliciously tampered.
The device obtained by the technical scheme is an electronic file full life cycle information security system and a method, a set password target source is combined with electroencephalogram signal extraction analysis and comprehensive training comparison authentication by combining user registration and user login of the system, the password target source is obtained by an identity authentication system depending on brain biological characteristics to generate a unique electroencephalogram signal, matching authentication is generated, and the non-forgeability and the non-duplicability of the system increase security for the data security system and further improve the security of the information security system. When the acquired electroencephalogram signals are stored, the robustness of an electroencephalogram signal storage database is improved by adopting a chain information storage mode, system data are effectively prevented from being maliciously tampered, and the safety of logging in a system and the safety of a security system are further improved. Uploading information, verifying the information, then issuing the information to a node network, encrypting a plurality of pieces of information, encrypting the information by using an asymmetric algorithm elliptic curve public key cryptographic algorithm in the encryption process, and then generating a summary by using a hash function to form a Merkel tree; therefore, the safety of the electroencephalogram signal data is protected, the attack is prevented, and the safety of identity authentication is improved. The method reduces the interference of power frequency interference and external stimulation by limiting the relation among the signal-to-noise ratio of the electroencephalogram signal, the variance of the electroencephalogram signal and the response variance, and by means of an amplitude averaging method and iterative averaging. The problem that different amplitudes exist in each channel and time interval of the acquisition equipment is solved by extracting potential parameters, the accuracy of the electroencephalogram signal is improved, the subsequent electroencephalogram signal is processed conveniently, the accuracy of the subsequent identity authentication is improved, and the safety of the system is improved. The PC server is adopted as an intelligent gateway to realize network interconnection, a login user wears electroencephalogram signal acquisition equipment, meanwhile, acquired electroencephalogram signal data are transmitted to a controller of a security system, an identification result is analyzed by combining an intelligent algorithm model, and signals are transmitted to an STM32 single-chip microcomputer microcontroller of the system to perform login determination operation.
Other technical solutions not described in detail in the present invention are prior art in the field, and are not described herein again.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention; any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A kind of electronic file full life cycle information security system; the system comprises a background management module, a data security module and a personal center module; the system is characterized in that the background management module comprises user management and authority management; the personal center module comprises user authentication, file management and short message inquiry, wherein the file management comprises data uploading, data inquiry and data modification;
the data security module comprises single-user data security and multi-user data security; the multi-user data preservation comprises data right transfer preservation and multi-user protocol preservation, wherein the preservation process comprises the steps that a user writes related information of preservation data, a local server of the user automatically generates preservation data and broadcasts the preservation data in a whole network, nodes in the whole network monitor the network, receive the preservation data, verify the preservation data through a node tree algorithm, continue the preservation data without ending the preservation data, and finally perform a consensus mechanism to generate a data preservation certificate;
the user authentication comprises user registration and user login, the user authentication comprises a PC (personal computer) end and a server end, when the user logs in, the user inputs a registered user name, a target source non-target source corresponding to the user name in a database is presented to the user, electroencephalogram signals of the user under stimulation of a plurality of response sources are collected through electroencephalogram equipment, classification labeling, preprocessing and feature extraction are carried out on the electroencephalogram signals, the electroencephalogram signals after preprocessing and feature extraction are authenticated by learning training, and the authentication is passed if the matching is successful.
2. The system of claim 1, wherein the user authentication is performed during user registration, wherein the user selects a user name, at least two target sources are used as passwords, and the two target sources are a head portrait picture and a sound for shouting the name of the user.
3. The system of claim 2, wherein the server randomly selects other non-target sources for stimulation after the target source is set when the user registers the user name, the user collects electroencephalogram signals under the stimulation of the response source through the head-mounted electroencephalogram device, transmits the electroencephalogram signals to the PC terminal for preprocessing and feature extraction through wireless communication, uses the extracted features as a training set, and stores the feature set and the source tag into the database for training.
4. The system of claim 1, wherein the data security module is divided into four layers: user application layer, system access layer, data management layer, and block layer.
5. The system of claim 4, wherein the user application layer performs feature extraction and training classification on the electroencephalogram signals of the collected users through electroencephalogram equipment, and compares and identifies user groups with unique identities and categories; the system access layer comprises user registration, identification and authentication of user identity, the matching degree of a target source providing a unique identifier and the electroencephalogram signal of the user, and the identity of the user is verified.
6. The system of claim 4, wherein the data management layer comprises a control engine, the control engine generating a management protocol for receiving and transmitting the analysis result generated by the data block; the block layer comprises block data storage, a block network and network monitoring; and the block layer controls the aggregation of the log and the data index and carries out non-falsifiable data recording.
7. The system for preserving full life-cycle information of electronic files as claimed in claim 1, wherein the method for preserving full life-cycle information of electronic files comprises the following steps:
a, in the user registration process, performing distributed storage on the acquired electroencephalogram signal feature extracted data;
and b, safely storing the electroencephalogram signal data after the features are extracted, wherein the storage mode is on-chain storage.
c, when the user logs in for authentication, acquiring electroencephalogram signals of the user, preprocessing and performing characteristic processing on the electroencephalogram signals, and generating unique electroencephalogram signals for the user to perform matching authentication aiming at a password target source;
d, when the user requests to access the data, the data processing node detects the user identity, the user identity must be successfully authenticated in the authentication unit, the electroencephalogram authentication information is consistent with the password target source tag, the user processes and provides a data copy in the trusted computing space, a processing result is reported to be uplink, and the safety container is destroyed after the data is operated.
8. The method as claimed in claim 7, wherein the step b of storing the electronic file in the chain includes: the method comprises the following steps of electroencephalogram information uploading, information preprocessing and feature extraction, information publishing, electronic certificate construction, block publishing, node verification, information chaining and information data safe storage.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110775201.9A CN113591051A (en) | 2021-07-08 | 2021-07-08 | Electronic file full life cycle information security system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110775201.9A CN113591051A (en) | 2021-07-08 | 2021-07-08 | Electronic file full life cycle information security system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113591051A true CN113591051A (en) | 2021-11-02 |
Family
ID=78246638
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110775201.9A Pending CN113591051A (en) | 2021-07-08 | 2021-07-08 | Electronic file full life cycle information security system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113591051A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254416A (en) * | 2021-05-26 | 2021-08-13 | 中国科学技术大学 | Whole brain data storage method and system, electronic equipment and storage medium |
CN116992108A (en) * | 2023-09-25 | 2023-11-03 | 杭州易康信科技有限公司 | Government administration electronic archive processing method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106096444A (en) * | 2016-06-12 | 2016-11-09 | 杨鹏 | A kind of identification based on bio information and social information's recording method and system |
US20200153624A1 (en) * | 2018-11-13 | 2020-05-14 | Ares Technologies, Inc. | Biometric scanner apparatus and methods for its use |
CN111831678A (en) * | 2020-09-17 | 2020-10-27 | 支付宝(杭州)信息技术有限公司 | Privacy protection method and device based on block chain and electronic equipment |
CN111859422A (en) * | 2020-07-10 | 2020-10-30 | 郑州信大先进技术研究院 | Digital asset deposit certificate system based on block chain |
CN113065961A (en) * | 2021-03-22 | 2021-07-02 | 江苏派智信息科技有限公司 | Power block chain data management system |
-
2021
- 2021-07-08 CN CN202110775201.9A patent/CN113591051A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106096444A (en) * | 2016-06-12 | 2016-11-09 | 杨鹏 | A kind of identification based on bio information and social information's recording method and system |
US20200153624A1 (en) * | 2018-11-13 | 2020-05-14 | Ares Technologies, Inc. | Biometric scanner apparatus and methods for its use |
CN111859422A (en) * | 2020-07-10 | 2020-10-30 | 郑州信大先进技术研究院 | Digital asset deposit certificate system based on block chain |
CN111831678A (en) * | 2020-09-17 | 2020-10-27 | 支付宝(杭州)信息技术有限公司 | Privacy protection method and device based on block chain and electronic equipment |
CN113065961A (en) * | 2021-03-22 | 2021-07-02 | 江苏派智信息科技有限公司 | Power block chain data management system |
Non-Patent Citations (2)
Title |
---|
王建宇: "基于区块链的数据保全系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
胡林康: "基于脑电波视听觉范式的身份认证系统", 《中国优秀硕士学位论文全文数据库医药卫生科技辑》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254416A (en) * | 2021-05-26 | 2021-08-13 | 中国科学技术大学 | Whole brain data storage method and system, electronic equipment and storage medium |
CN116992108A (en) * | 2023-09-25 | 2023-11-03 | 杭州易康信科技有限公司 | Government administration electronic archive processing method and system |
CN116992108B (en) * | 2023-09-25 | 2023-12-19 | 杭州易康信科技有限公司 | Government administration electronic archive processing method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Premarathne et al. | Hybrid cryptographic access control for cloud-based EHR systems | |
US9298902B2 (en) | System, method and program product for recording creation of a cancelable biometric reference template in a biometric event journal record | |
Adler | Sample images can be independently restored from face recognition templates | |
Stefan et al. | Robustness of keystroke-dynamics based biometrics against synthetic forgeries | |
US20190370445A1 (en) | Systems and Methods for Biometric Identity and Authentication | |
WO2021216762A1 (en) | Artificial intelligence-based generation of anthropomorphic signatures and use threof | |
US20170118205A1 (en) | User biological feature authentication method and system | |
CN106503517B (en) | A kind of security certification system based on the acquisition of virtual implementing helmet brain line | |
TW201435640A (en) | Method and system for identifying human/machine | |
CN113591051A (en) | Electronic file full life cycle information security system and method | |
AU2012101558A4 (en) | Adaptive device authentication | |
CN107733636A (en) | Authentication method and Verification System | |
KR20170034618A (en) | Method for User Authentication Using Biometirc Information, Authentication Server and Biometric Device for User Authentication | |
Gobi et al. | A secured public key cryptosystem for biometric encryption | |
CN112002436A (en) | Block chain-based medical question answering method, device and medium | |
El-Yahyaoui et al. | An improved framework for biometric Database's privacy | |
WO2023244602A1 (en) | Systems and methods that provide a high level of security for a user | |
Liu et al. | Biohashing for human acoustic signature based on random projection | |
Onyesolu et al. | Enhancing security in a distributed examination using biometrics and distributed firewall system | |
CN108512815B (en) | Anti-theft chain detection method, anti-theft chain detection device and server | |
CN112272195B (en) | Dynamic detection authentication system and method thereof | |
US20230133033A1 (en) | System and method for processing a data subject rights request using biometric data matching | |
CN213122985U (en) | PIS authentication system | |
Neal et al. | Mobile biometrics, replay attacks, and behavior profiling: An empirical analysis of impostor detection | |
CN108241803B (en) | A kind of access control method of heterogeneous system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211102 |