CN108718318B - Health online basic-level hygiene performance assessment information system - Google Patents
Health online basic-level hygiene performance assessment information system Download PDFInfo
- Publication number
- CN108718318B CN108718318B CN201810607514.1A CN201810607514A CN108718318B CN 108718318 B CN108718318 B CN 108718318B CN 201810607514 A CN201810607514 A CN 201810607514A CN 108718318 B CN108718318 B CN 108718318B
- Authority
- CN
- China
- Prior art keywords
- server
- basic
- level
- user
- base
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000036541 health Effects 0.000 title claims abstract description 27
- 238000000034 method Methods 0.000 claims description 7
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 3
- 230000005180 public health Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a health online basic-level hygiene performance assessment information system, which comprises a central server and a plurality of basic-level servers, wherein each basic-level server is provided with a plurality of users and stores the corresponding hygiene performance assessment information of the user; the central server is used for contacting each basic level server, so that users of the second basic level server can log in and access the health performance assessment information of the users through the first basic level server. The invention breaks through information isolated island, makes the basic-level health performance assessment information systems interconnected and intercommunicated, and can safely transmit information among all basic-level servers.
Description
[ technical field ] A method for producing a semiconductor device
The invention belongs to the technical field of information, and particularly relates to a health online basic-level hygiene performance assessment information system.
[ background of the invention ]
In order to achieve the health and health targets established by the state, the existing basic health institutions need to perform performance assessment, and corresponding information systems are respectively established for the performance assessment, but the existing information systems are usually isolated, form information islands, can only serve users of the system, if one user arrives at another information system, the required information cannot be obtained, and communication of basic health personnel is not facilitated.
[ summary of the invention ]
In order to solve the problems, the invention provides a health online primary health performance assessment information system.
The technical scheme adopted by the invention is as follows:
a health online basic-level hygiene performance assessment information system comprises a central server and a plurality of basic-level servers, wherein the servers are connected with one another through a network;
the basic level server is provided with a plurality of users per se and stores corresponding health performance assessment information of the users per se; the central server is used for contacting each basic server, each basic server is registered in the central server in advance, and the registration information comprises an identifier, a network address and a key of the basic server;
the user of the second basic level server can log in and access the health performance assessment information of the user through the first basic level server, and the method specifically comprises the following steps:
(1) user inputs its identifier ServerID2.UserID and password to request login from the first base level server, where ServerID2 is the identifier of the second base level server and UserID is the identifier of the user at the second base level server;
(2) the first basic server constructs an ID inquiry message, wherein the ID inquiry message comprises ServerID2.UserID, and sends the ID inquiry message to a central server;
(3) the central server obtains an identifier ServerID2 of the second basic server based on the ID query message, further obtains a network address of the second basic server, and forwards the ID query message to the second basic server;
(4) after receiving the ID inquiry message, the second basic-level server checks whether the UserID exists, if not, the second basic-level server informs the central server that the UserID does not exist, and the central server informs the first basic-level server, so that the first basic-level server refuses the user to log in, and the process is finished;
(5) if the second base server confirms that the UserID exists, the second base server informs the central server that the UserID exists, the central server generates a random number R at the moment, and the random number R is encrypted by using a key1 in the registration information of the first base server to obtain an encryption result E1;
(6) the central server sends the encryption result E1 to a first base server, and the first base server decrypts the E1 to obtain a random number R;
(7) the first base layer server calculates P ═ R ^ Hash (PW), wherein PW is the password input by the user, and Hash is a Hash function; the first base layer server encrypts the P by using the key1 to obtain an encryption result E2, and sends the encryption result E2 to the central server;
(8) the central server decrypts the E2 to obtain a P value; the central server then constructs a login message comprising: an encryption result E3 of P using the key2 of the second base layer server, an encryption result E4 of R using key2, and a user identifier serverid2. userid;
(9) the central server sends the login message to a second basic-level server, the second basic-level server decrypts E3 and E4 respectively to obtain P and R, and the Hash value of the PW is obtained by calculating P ^ R;
(10) the second primary server verifies whether the user identifier is matched with the PW based on the hash value of the user identifier and the PW, if not, the second primary server refuses login and sends login refusing information to the first primary server through the central server; if the user is matched with the public health performance assessment information, the second basic level server encrypts the health performance assessment information of the user by using the R as a secret key to obtain an encryption result E5;
(11) and the second basic-level server sends the encryption result E5 to the first basic-level server through the central server.
Further, if the user is a user of the first base tier server, he or she may log into the first base tier server directly using his or her identifier and password at the first base tier server.
Further, the encryption uses a symmetric encryption algorithm.
Further, the encryption algorithm is a DES or AES algorithm.
Further, the hash function is SHA1 or MD 5.
Further, the first base-level server and the second base-level server establish encrypted communication using R as a key.
The invention has the beneficial effects that: and an information island is broken, the basic-level health performance assessment information systems are interconnected and intercommunicated, and information can be safely transmitted among all basic-level servers.
[ description of the drawings ]
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:
FIG. 1 is a basic block diagram of the system of the present invention.
[ detailed description ] embodiments
The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are provided only for the purpose of illustrating the present invention and are not to be construed as limiting the present invention.
The invention provides a health online primary layer health performance assessment information system, and a basic structure diagram of the health online primary layer health performance assessment information system is shown in an attached figure 1. The information system comprises a central server and a plurality of basic layer servers, wherein the servers are connected with each other through a network. Wherein each base server can serve its own plurality of users and store corresponding health performance assessment information for each user, each user having its identifier (UserID) in its base server.
The central server is used for contacting each basic server. Each base layer server is registered in the central server in advance, and the registration information includes an identifier (serverID) of the base layer server, a network address and a key. Wherein, the key is a secret information, and the key of each basic layer server is only known by the basic layer server and the central server; a base layer server identifier (ServerID) may uniquely identify a base layer server, and thus a user may be uniquely identified in the form of a ServerID.
Based on the above structure, the following describes the access method of the information system in detail:
first, when a user needs to log in a basic level server, if the user belongs to the user of the basic level server, the user can normally log in the basic level server by using the identifier and the password of the user, so as to access the performance assessment information of the user. If the user does not belong to the base tier Server (set to Server1) itself, but to another base tier Server (set to Server2), the user may request login from the base tier Server using an identifier form of ServerID2.UserID, where ServerID2 is the identifier of Server2, along with the password.
When the base layer Server receives the identifier form of ServerID2.UserID, it can recognize that the user does not belong to the user, but is the user of the base layer Server with the identifier of ServerID2, and at this time, the Server1 constructs an ID query message carrying the ServerID2.UserID input by the user, and sends the ID query message to the central Server. The purpose is to ask the central server whether the identifier entered by the user is actually present.
Since the central Server itself does not know whether the user identifier exists, the central Server obtains the identifier ServerID2 of the corresponding base tier Server based on the ID query message, so that it can know that it should query the base tier Server2 corresponding to the identifier ServerID2. Therefore, the central Server obtains its network address from the registration information of the Server2 and forwards the ID query message to the Server 2.
The Server2 checks whether the user ID exists after receiving the ID inquiry message, if not, the Server2 informs the center Server that the user ID does not exist, and the center Server informs the Server1, so that the Server1 can reject the user login.
If the Server2 confirms that the UserID exists, the Server2 informs the central Server that the UserID exists, the central Server generates a random number R at this time, and encrypts the random number R by using a key1 in the Server1 registration information to obtain an encryption result E1. The encryption algorithm employed in the present invention may employ any one of the well-known symmetric encryption algorithms in the art, such as DES, AES, etc.
The center Server sends the encryption result E1 to the Server1, and the Server1 decrypts the E1 by using the key1 registered by the Server, so as to obtain the random number R.
The Server1 computes P ≧ R ≦ Hash (PW), where PW is the password entered by the user and Hash is a Hash function, which may employ any Hash algorithm known in the art, such as SHA1, MD5, and so forth. The Server1 then encrypts P using the key1 to obtain an encryption result E2. In this way, the Server1 hides the information of the PW on the one hand, and on the other hand, even if the user is a malicious user, the user cannot obtain more information by converting the PW.
The Server1 sends the encryption result E2 to the central Server, and the central Server decrypts the E2 to obtain the P value. Then the central server constructs a login message, wherein the login message comprises the following three contents: 1) an encryption result E3 of P using a key2 of the Server 2; 2) the encryption result E4 of R using key 2; 3) user identifier serverid2. userid.
The central Server sends the login message to the Server2, the Server2 decrypts the E3 and the E4 by using the key2 respectively to obtain P and R, and the hash value of the PW is obtained by calculating P ^ R.
The Server2 obtains the user identifier and the hash value of the password PW, the Server2 can verify whether the user identifier and the PW are matched, if not, the Server2 refuses login, and a login refusing message is sent to the Server1 through the central Server; if the user is matched with the Server2, the Server2 encrypts the performance assessment information of the user by using the R as a key to obtain an encryption result E5.
The Server2 sends the encryption result E5 to the Server1 through the central Server, and the Server1 decrypts the E5 by using R to obtain the performance assessment information of the user, so that the performance assessment information can be displayed to the user.
The above process only relates to the example of user login and performance assessment information transmission, and in the subsequent process, two base layer servers can also set up encrypted communication by using R as a key and transmitting further information without opening a central server.
By the information system, the health performance assessment information can be safely transmitted among different basic level servers, so that a user can safely roam among different basic level servers.
The above description is only a preferred embodiment of the present invention, and all equivalent changes or modifications of the structure, characteristics and principles described in the present invention are included in the scope of the present invention.
Claims (6)
1. A health online basic-level hygiene performance assessment information system is characterized by comprising a central server and a plurality of basic-level servers, wherein the servers are mutually connected through a network;
the basic level server is provided with a plurality of users per se and stores corresponding health performance assessment information of the users per se; the central server is used for contacting each basic server, each basic server is registered in the central server in advance, and the registration information comprises an identifier, a network address and a key of the basic server;
the user of the second basic level server can log in and access the health performance assessment information of the user through the first basic level server, and the method specifically comprises the following steps:
(1) user inputs its identifier ServerID2.UserID and password to request login from the first base level server, where ServerID2 is the identifier of the second base level server and UserID is the identifier of the user at the second base level server;
(2) the first basic server constructs an ID inquiry message, wherein the ID inquiry message comprises ServerID2.UserID, and sends the ID inquiry message to a central server;
(3) the central server obtains an identifier ServerID2 of the second basic server based on the ID query message, further obtains a network address of the second basic server, and forwards the ID query message to the second basic server;
(4) after receiving the ID inquiry message, the second basic-level server checks whether the UserID exists, if not, the second basic-level server informs the central server that the UserID does not exist, and the central server informs the first basic-level server, so that the first basic-level server refuses the user to log in, and the process is finished;
(5) if the second base server confirms that the UserID exists, the second base server informs the central server that the UserID exists, the central server generates a random number R at the moment, and the random number R is encrypted by using a key1 in the registration information of the first base server to obtain an encryption result E1;
(6) the central server sends the encryption result E1 to a first base server, and the first base server decrypts the E1 to obtain a random number R;
(7) the first base layer server calculates P ═ R ^ Hash (PW), wherein PW is the password input by the user, and Hash is a Hash function; the first base layer server encrypts the P by using the key1 to obtain an encryption result E2, and sends the encryption result E2 to the central server;
(8) the central server decrypts the E2 to obtain a P value; the central server then constructs a login message comprising: an encryption result E3 of P using the key2 of the second base layer server, an encryption result E4 of R using key2, and a user identifier serverid2. userid;
(9) the central server sends the login message to a second basic-level server, the second basic-level server decrypts E3 and E4 respectively to obtain P and R, and the Hash value of the PW is obtained by calculating P ^ R;
(10) the second primary server verifies whether the user identifier is matched with the PW based on the hash value of the user identifier and the PW, if not, the second primary server refuses login and sends login refusing information to the first primary server through the central server; if the user is matched with the public health performance assessment information, the second basic level server encrypts the health performance assessment information of the user by using the R as a secret key to obtain an encryption result E5;
(11) and the second basic-level server sends the encryption result E5 to the first basic-level server through the central server.
2. The system of claim 1, wherein if the user is a user of the first base tier server, the user can log into the first base tier server directly using his identifier and password at the first base tier server.
3. The system according to any of claims 1-2, characterized in that encryption uses a symmetric encryption algorithm.
4. The system of claim 3, wherein the encryption algorithm is a DES or AES algorithm.
5. The system of any of claims 1-2, wherein the hash function is SHA1 or MD 5.
6. The system of any of claims 1-2, wherein the first base tier server and the second base tier server establish encrypted communications using R as a key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810607514.1A CN108718318B (en) | 2018-06-13 | 2018-06-13 | Health online basic-level hygiene performance assessment information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810607514.1A CN108718318B (en) | 2018-06-13 | 2018-06-13 | Health online basic-level hygiene performance assessment information system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108718318A CN108718318A (en) | 2018-10-30 |
| CN108718318B true CN108718318B (en) | 2020-09-18 |
Family
ID=63912886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810607514.1A Active CN108718318B (en) | 2018-06-13 | 2018-06-13 | Health online basic-level hygiene performance assessment information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108718318B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114422510B (en) * | 2020-10-13 | 2024-04-30 | 腾讯科技(深圳)有限公司 | Service processing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201491033U (en) * | 2009-08-20 | 2010-05-26 | 福建富士通信息软件有限公司 | Unified certification platform for operation systems |
| CN204990380U (en) * | 2015-06-30 | 2016-01-20 | 广东安居宝数码科技股份有限公司 | Wisdom community unified management equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8239688B2 (en) * | 2007-01-07 | 2012-08-07 | Apple Inc. | Securely recovering a computing device |
-
2018
- 2018-06-13 CN CN201810607514.1A patent/CN108718318B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201491033U (en) * | 2009-08-20 | 2010-05-26 | 福建富士通信息软件有限公司 | Unified certification platform for operation systems |
| CN204990380U (en) * | 2015-06-30 | 2016-01-20 | 广东安居宝数码科技股份有限公司 | Wisdom community unified management equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108718318A (en) | 2018-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112039872B (en) | Cross-domain anonymous authentication method and system based on block chain | |
| EP1340350B1 (en) | Secure location-based services system and method | |
| CN106960148B (en) | Method and device for distributing equipment identifiers | |
| US8942377B2 (en) | Trust discovery in a communications network | |
| US7225342B2 (en) | Terminal apparatus, communication method, and communication system | |
| US20110119744A1 (en) | Pseudonymous identification management apparatus, pseudonymous identification management method, pseudonymous identification management system and service admission method using same system | |
| US7788707B1 (en) | Self-organized network setup | |
| US12058243B2 (en) | Identity management system establishing two-way trusted relationships in a secure peer-to-peer data network | |
| CN104247485A (en) | Network application function authorisation in a generic bootstrapping architecture | |
| CN110868290B (en) | Key service method and device without central control | |
| US20240072996A1 (en) | System and method for key establishment | |
| Mahmoud et al. | Privacy-preserving fine-grained data retrieval schemes for mobile social networks | |
| CN113572765A (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
| US9143482B1 (en) | Tokenized authentication across wireless communication networks | |
| CN110708337B (en) | Big data security framework system based on identity authentication | |
| CN108718318B (en) | Health online basic-level hygiene performance assessment information system | |
| KR20090002328A (en) | Method for joining new device in wireless sensor network | |
| CN113747433B (en) | Equipment authentication method based on block side chain structure in fog network | |
| CN108495292B (en) | Intelligent household short-distance equipment communication method | |
| CN116527259B (en) | Cross-domain identity authentication method and system based on quantum key distribution network | |
| CN112788571A (en) | Group authentication method and system for machine type communication equipment in LTE network | |
| CN108183925B (en) | IoT-based narrowband communication method | |
| CN116599653A (en) | Dynamic security management method, system and storage medium for satellite communication network | |
| KR20120136956A (en) | Method of providing a contents service in p2p network through selection of a sender | |
| CN114531234B (en) | Distributed system and equipment registration and verification method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: Room 310, 3 / F, building 2, Dezhong Plaza, No. 1, Huizhan East Road, Torch Development Zone, Zhongshan City, Guangdong Province Patentee after: GUANGDONG HEALTH ONLINE INFORMATION TECHNOLOGY Co.,Ltd. Address before: 708, room 7, building 16, digital building, 528437 East Conference Road, Torch Development Zone, Guangdong, Zhongshan Patentee before: GUANGDONG HEALTH ONLINE INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CP02 | Change in the address of a patent holder |