CN114944924A - Private information management method and system - Google Patents
Private information management method and system Download PDFInfo
- Publication number
- CN114944924A CN114944924A CN202110177599.6A CN202110177599A CN114944924A CN 114944924 A CN114944924 A CN 114944924A CN 202110177599 A CN202110177599 A CN 202110177599A CN 114944924 A CN114944924 A CN 114944924A
- Authority
- CN
- China
- Prior art keywords
- account
- contract
- management
- management program
- end management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 51
- 238000000034 method Methods 0.000 claims abstract description 29
- 238000004891 communication Methods 0.000 claims abstract description 18
- 238000012795 verification Methods 0.000 claims 1
- 241000700605 Viruses Species 0.000 abstract description 3
- 238000012545 processing Methods 0.000 abstract description 2
- 238000012790 confirmation Methods 0.000 abstract 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention discloses a private information management method and system, which realizes whole course authentication and encryption from front end management, background communication to block chain-based on-chain and off-chain storage by means of decentralized characteristic of block chain, when a front end management program registers an account in the block chain, source code and corresponding executable files, etc. are registered, the front-end hypervisor is subjected to strict security checks by the trusted opportunity, including whether the program is complete, confirmation that it has not been maliciously modified or infected by a virus, meanwhile, whether the current login account is authorized to access the block chain network through the front-end management program and the trusted machine is checked, and the connection with the block chain network can be established only after the check is passed, therefore, the front-end management program which is operated by a user can be ensured to be safe and reliable, the background communication and storage adopt the whole-process encryption processing, and the safety management of private information is ensured.
Description
Technical Field
The invention relates to a private information management method and system based on a block chain.
Background
As various secret key information, such as personal bank account numbers, mailbox passwords, personal daily life electronic information and the like, are hopefully stored in an absolute private mode, various cloud disks and various third party management systems are stored in places which can be stored at present, the method cannot guarantee absolute privacy security, security vulnerabilities exist in front-end entry, back-end communication and background storage, the biggest vulnerabilities exist in system developers and operation and maintenance organizations, used software has no back door, how storage is encrypted, whether encryption methods have vulnerabilities or not, and the existing system architectures are mostly based on centralized management, privacy security cannot be achieved for core developers, and private information management methods based on block chains are started to be adopted, but the security and the reliability of the front-end entry system cannot be guaranteed.
Disclosure of Invention
The invention aims to solve the technical problems that by means of the decentralized characteristic of a blockchain, whole-process authentication and encryption are realized from front-end management and back-end communication to block-chain-based on-chain and off-chain storage, when a front-end management program registers an account in the blockchain, a source code, a corresponding executable file and the like are registered for a user to download, when the user uses the system, the front-end management program is downloaded to a current node, and a trusted machine program is downloaded at the same time, and when the front-end management program is started, the trusted machine follows the blockchain network communication when the front-end management program is started, the trusted machine carries out strict security check on the current front-end management program by means of the support of a trusted machine (a decentralized trusted machine realization method and system, patent application number: 2020111511913), including whether the program is complete or not, whether the program is modified maliciously or infected by viruses is confirmed, and whether the current login account is authorized to access the blockchain network through the front-end management program and the trusted machine, after the check is passed, the connection with the block chain network can be established, so that the front-end management program which is operated by a user can be ensured to be safe and trusted, the whole-process encryption processing is adopted for the rear-end communication and storage, and the safe management of private information is ensured.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a private information management method includes the following steps:
the block chain network account number comprises a common account number and a contract account number, when the common account number is created each time, the account number address and a transaction serial number are combined together and then subjected to Hash to generate an initial contract address, the address stores all contract account number address information subsequently created by the common account number, and a trust engine and a front-end management program both create a corresponding contract account number by the common account number and store the address information into the initial contract account number;
creating a common account, and generating a corresponding initial contract account when generating the common account;
establishing a front-end management program contract account by using a common account, registering a source code, a corresponding executable file and the like for downloading and using by a user, and storing a contract account address to an initial contract account;
downloading a trust machine from a block chain network by using a common account, creating a contract account for the trust machine, distributing authority roles to the contract account, providing an account adding interface, an account deleting interface and an account inquiring interface for the contract account;
adding an account interface: the parameters are two items of contract account numbers and common account numbers of the front-end management program, one or a batch of common account numbers can be added for accessing the front-end management program on the current trust machine, if the parameters are null, the current trust machine allows all the common account numbers to access all the front-end management programs;
and (4) deleting an account interface: the parameters are two items of a front-end management program contract account and a common account, and one common account or a batch of accounts corresponding to the front-end management program contract can be deleted;
and (3) inquiring an account interface: the parameters are contract account numbers, and all common account numbers which can access the contract account numbers on the current trust machine are inquired;
downloading a front-end management program to a management node, configuring a local trust machine as a proxy, and connecting a block chain network;
and starting a front-end management program, configuring a current node trust machine as a proxy server, and connecting the block chain network with the front-end management program by the front-end management program through the trust machine network for access.
The implementation process of the invention patent is described in three aspects of front-end security, communication security and storage security:
the front end is safe:
the front-end management program is opened, a contract account is established in a block chain, a source code and an executable file are registered, the executable file is ensured to be consistent with the opened source code, when the block chain network is accessed, a trust opportunity matches a currently operated version with the registration information of the contract account, and the block chain network can be established with connection only if the matching is successful;
the front-end management program login adopts the combination of face recognition and passwords, after login is successful, content is managed in a grading mode according to the privacy degree and can be divided into 1 to multiple stages, the highest-level content mainly stores information such as bank passwords, different-level information is managed in different windows, and when the highest-level information is operated, the function of a system clipboard is forbidden, so that the content is prevented from being stolen by a hacker program;
and (3) communication security:
the front-end management program and the block chain network communication are connected through a trusted machine encryption channel, and when the front-end management program is connected with the trusted machine, the front-end management program needs to pass security check of the trusted machine, and the check is divided into two steps: the first step is that the integrity of a front-end management program is checked, and a trust opportunity matches a currently running version with contract account registration information; secondly, checking access authority, inquiring whether a current front-end management account contract in a trust machine contract has authority control or not through an account interface inquired by a trust machine, and if the current front-end management account contract contains a current login common account, establishing an encrypted connection channel of a block chain network only after the current front-end management account contract passes the inquiry, so that the front-end management program is not infected or disguised by viruses, login limitation of a region range is performed on login accounts, and safer protection is realized;
and (4) storage safety:
the background storage process is completed in a block chain network, the login password and the highest level information are directly stored in a chain in an encrypted mode, other level contents can be stored in a chain in an encrypted mode, for example, the contents are stored in a cloud end and decentralized storage devices in an encrypted mode, addresses and content encryption keys are required to be encrypted and stored in the chain when the contents are stored in the chain, and distributed synchronization to each node is facilitated.
Through safety protection in the three aspects of front-end safety, communication safety and storage safety, the decentralized private information management method is realized, information is ensured to be recorded, communicated to background storage, no leakage risk is caused, and the privacy of the information is ensured.
A private information management system comprising: the method comprises the steps of establishing a common account and an initial contract account in a block chain network, deploying a private system front-end management program, establishing a front-end management program contract account in the block chain network, registering a front-end management program source code and an executable file, downloading the front-end management program to a local node, downloading a trusted machine to the local node, establishing a contract account for a current trusted machine, adding an account interface to the contract account of the common account and the front-end management program into the account of the trusted machine through a contract, enabling the common account to communicate with the block chain network when logging in the front-end management program, performing window management on a front-end management program window according to content privacy level, disabling a system clipboard function when operating a window with the highest level, and enabling the front-end management program to pass security check of the trusted machine when being connected with the trusted machine, and checking the front-end management program in two steps: the first step is that the integrity of a front-end management program is checked, and a trust opportunity matches a currently running version with contract account registration information; and secondly, checking access authority, inquiring an account interface through a contract, inquiring whether a front-end management account contract in a trust machine contract has authority control, if the front-end management account contract contains a current login common account, establishing an encryption connection channel with a block chain network after the front-end management account contract passes the access control, finishing a background storage process in the block chain network, directly encrypting and storing a login password and highest-level information on a chain, and for other-level contents, performing encryption and storage under the chain, if the login password and the highest-level information are encrypted and stored in a cloud end and decentralized storage equipment, encrypting and storing a storage mode, an address and a content encryption key when the contents are stored under the chain, and storing the encrypted and stored contents on the chain, so that distributed synchronization to each node is facilitated.
Therefore, a decentralized private information management method and system are realized through three aspects of safety protection, namely front end safety, communication safety and storage safety.
Drawings
FIG. 1 is a flow chart of a login process of a privacy information management system of the present invention.
Detailed Description
The following description of the preferred embodiments of the present invention, with reference to the accompanying drawings, will provide a better understanding of the function and features of the invention.
And registering a contract account number for the front-end management program in the block chain network, simultaneously registering an executable file and source code information, and confirming whether the executable file is matched or not by third-party authentication after compiling according to the provided source code.
And downloading the front-end management program to the management node.
Downloading a trusted machine program to a management node, registering a contract account on a blockchain network, wherein the contract account provides three interfaces, namely an account interface is added, an account interface is deleted and an account interface is inquired, and the method mainly functions in specifying which common accounts can be connected with which front-end management programs in the current trusted machine.
The common account login front-end management program flow comprises the following steps:
a common account logs in a front-end management program;
the front-end management program packs the login request and sends the login request to the current trusted machine program;
the trusted machine program acquires corresponding process information through a communication port of the opposite side, acquires a contract account number of the process from a blockchain network through a process content Hash characteristic value, downloads the characteristic information of an executable file registered by the account number, matches the characteristic information with the front-end management program, and if the matching fails, returns a login failure, and if the matching fails, continues the permission check;
the trusted machine program checks whether the contract account number of the front-end management program has authority configuration, if so, whether the current common account number exists in the configuration list, if not, the login failure is returned, and if so, the login is successful.
The method realizes a complete trusted management flow from the front-end management program and the back-end communication to the background storage, and realizes the complete trusted management of the private information.
Obviously, many modifications and variations of the present invention are possible in light of the above teachings, and it is to be understood that within the scope of the appended claims, the invention may be practiced otherwise than as specifically described.
Claims (8)
1. A private information management method includes the following steps: (1-1) creating a common account and generating a corresponding initial contract account at the same time; (1-2) establishing a front-end management program contract account, registering source codes, corresponding executable files and the like for downloading and using by a user, and storing a contract account address to an initial contract account; (1-3) establishing a trust machine contract account, distributing authority roles to the contract account, providing an increased account by the contract account, deleting the account and inquiring an account interface, and storing the trust machine contract account address to an initial contract account; (1-4) downloading a front-end management program to a management node, configuring a local trust machine as a proxy, and connecting a block chain network; (1-5) adopting front-end safety management; (1-6) adopting communication security management; and (1-7) adopting background storage safety management.
2. The method as claimed in claim 1, wherein an initial contract account is generated, all trust machine nodes and network program contract accounts are created by a common account, the common account manages all other contract accounts created by the common account through the initial contract account, and the initial contract account has an adding, deleting and querying interface, so that the common account can conveniently manage the own contract account.
3. The method as claimed in claim 1, wherein the front-end management program registers the source code and the executable file, the executable file has corresponding source code, which is convenient for any user to verify the validity of the contract account and for the third authority to manage the contract.
4. The method according to claim 1, wherein the trusted machine contract account number has three functions, the first function is an executor of security verification of the front-end hypervisor, corresponding process information can be obtained through a communication port of the front-end hypervisor, a corresponding contract account number can be obtained from a blockchain network through a process content hash value, an executable file characteristic value registered by the contract account number is downloaded, and the security of the front-end hypervisor can be confirmed by matching with an executable file characteristic value corresponding to a currently running process; the second is used as an encryption channel for the front-end management program to communicate with the block chain network; and thirdly, the method can control which common users can access which front-end management programs at the current node, plays a role of safety access control based on regions, and provides three management interfaces for realizing the control and a trust engine contract: the method comprises the steps of adding an account interface, deleting the account interface and inquiring the account interface, wherein parameters of the added account interface and the deleted account interface are a front-end management program contract account and a common account, and the inquiring interface only has one front-end management contract account.
5. The method of claim 1, employing front-end security management, the front-end security management being managed from two perspectives, the security check of the first front-end being implemented by a trusted machine; and the second management interface carries out window management according to the information privacy level, and the highest level management window disables the system clipboard function.
6. The method as claimed in claim 1, wherein, with communication security management, the front-end hypervisor and the blockchain network communication are communicated through an encryption channel of a trusted machine, and the trusted machine checks security of the front-end hypervisor and current access authority of the logged-in common account when establishing the encryption communication channel.
7. The method as claimed in claim 1, wherein the background storage security management is performed, the private information management method is performed by using a blockchain network, the login password and the highest level information are directly stored in a chain in an encrypted manner, and other level contents can be stored in a chain in an encrypted manner, such as in a cloud and decentralized storage devices.
8. A private information management system comprising: the method comprises the steps of establishing a common account and an initial contract account in a block chain network, deploying a private system front-end management program, establishing a front-end management program contract account in the block chain network, registering a front-end management program source code and an executable file, downloading the front-end management program to a local node, downloading a trusted machine to the local node, establishing a contract account for a current trusted machine, increasing an account interface through a contract, adding the common account and the front-end management program contract account to the account of the trusted machine, enabling the common account to be communicated with the block chain network when logging in the front-end management program, performing window management on a front-end management program window according to a content privacy level, disabling a system clipboard function when a window with the highest operation level is used, and enabling the front-end management program to be checked in two steps through security check of the trusted machine when being connected with the trusted machine: the first step is that the integrity of a front-end management program is checked, and a trust opportunity matches a currently running version with contract account registration information; and secondly, checking access authority, inquiring an account interface through a contract, inquiring whether a front-end management account contract in a trust machine contract has authority control, if the front-end management account contract contains a current login common account, establishing an encryption connection channel with a block chain network after the front-end management account contract passes the access control, finishing a background storage process in the block chain network, directly encrypting and storing a login password and highest-level information on a chain, and for other-level contents, performing encryption and storage under the chain, if the login password and the highest-level information are encrypted and stored in a cloud end and decentralized storage equipment, encrypting and storing a storage mode, an address and a content encryption key when the contents are stored under the chain, and storing the encrypted and stored contents on the chain, so that distributed synchronization to each node is facilitated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110177599.6A CN114944924A (en) | 2021-02-09 | 2021-02-09 | Private information management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110177599.6A CN114944924A (en) | 2021-02-09 | 2021-02-09 | Private information management method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114944924A true CN114944924A (en) | 2022-08-26 |
Family
ID=82906155
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110177599.6A Pending CN114944924A (en) | 2021-02-09 | 2021-02-09 | Private information management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114944924A (en) |
-
2021
- 2021-02-09 CN CN202110177599.6A patent/CN114944924A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9942274B2 (en) | Securing communication over a network using client integrity verification | |
| US20090240936A1 (en) | System and method for storing client-side certificate credentials | |
| US20090319793A1 (en) | Portable device for use in establishing trust | |
| US20190273739A1 (en) | Systems and methods for controlling access to a blockchain | |
| CN111431707B (en) | Service data information processing method, device, equipment and readable storage medium | |
| US8566952B1 (en) | System and method for encrypting data and providing controlled access to encrypted data with limited additional access | |
| CN105743638A (en) | System client authorization authentication method based on B/S framework | |
| CN112016073B (en) | Construction method of server zero trust connection architecture | |
| US11146961B2 (en) | Third party certificate management for native mobile apps and internet of things apps | |
| CN115333840A (en) | Resource access method, system, device and storage medium | |
| US10158623B2 (en) | Data theft deterrence | |
| CN114844644A (en) | Resource request method, device, electronic equipment and storage medium | |
| CN110851837B (en) | Self-service equipment based on trusted computing, and security management system and method thereof | |
| US10104060B2 (en) | Authenticating applications to a network service | |
| KR101133210B1 (en) | Mobile Authentication System and Central Control System | |
| CN115277237A (en) | Control method and device for accessing mobile terminal to enterprise intranet | |
| CN114944924A (en) | Private information management method and system | |
| CN115146284A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN116781359B (en) | Portal security design method using network isolation and cryptograph | |
| CN117478326B (en) | Key escrow method, device, terminal equipment and storage medium | |
| CN117313144A (en) | Sensitive data management method and device, storage medium and electronic equipment | |
| CN114697111A (en) | Method and system for accessing public cloud in cross-cloud mode and public cloud | |
| BR102017006703A2 (en) | identifier, guarantor and integrator method of different applications on the same device or on different processing devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20220826 |