CN110378135A - Intimacy protection system and method based on big data analysis and trust computing - Google Patents
Intimacy protection system and method based on big data analysis and trust computing Download PDFInfo
- Publication number
- CN110378135A CN110378135A CN201910612444.3A CN201910612444A CN110378135A CN 110378135 A CN110378135 A CN 110378135A CN 201910612444 A CN201910612444 A CN 201910612444A CN 110378135 A CN110378135 A CN 110378135A
- Authority
- CN
- China
- Prior art keywords
- module
- user
- assumed name
- code
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007405 data analysis Methods 0.000 title claims abstract description 31
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000004458 analytical method Methods 0.000 claims abstract description 33
- 239000000284 extract Substances 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 3
- 238000013461 design Methods 0.000 abstract description 3
- 238000005457 optimization Methods 0.000 description 16
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of intimacy protection system and method based on big data analysis and trust computing; the intimacy protection system includes user terminal, certificate server and access terminal; the user terminal is connect with certificate server, access terminal wireless respectively; the certificate server is connect with access terminal wireless; the intimacy protection system further includes alarm modules, and the alarm modules are connect with certificate server, access terminal wireless respectively;The user terminal includes login module, the first receiving module, analysis module, encrypting module and the first output module, the login module, the first receiving module are electrically connected with analysis module respectively, and the analysis module, encrypting module and the first output module are sequentially connected electrically;Reasonable module design of the present invention assigns the operation of assumed name by certificate server to improve secret protection dynamics, while in network access, also it is possible to prevente effectively from user, which occurs, reduces privacy leakage risk, practicability with higher.
Description
Technical field
The present invention relates to big data analysis technical field, specifically a kind of privacy based on big data analysis and trust computing
Protect system and method.
Background technique
With the rapid development of wireless communication technique, Internet technology and web resource increasingly enrich, due to accessing in network
In the process, more and more internet information retrieval applications are by analysis user behavior, study user preference to optimize retrieval machine
System, provides personalized information retrieval service.
However, a large amount of userspersonal information is collected and analyzed to system, it is easy to privacy of user be caused to be let out during this
Dew, the personal information of user can not be ensured and safeguard protection, this makes troubles to us.
In view of the above-mentioned problems, we devise a kind of intimacy protection system based on big data analysis and trust computing and side
Method, effective protection privacy of user, this is one of our urgent problems to be solved.
Summary of the invention
The purpose of the present invention is to provide a kind of intimacy protection system and method based on big data analysis and trust computing,
To solve the problems of the prior art.
To achieve the above object, the invention provides the following technical scheme:
A kind of intimacy protection system based on big data analysis and trust computing, the intimacy protection system includes user
End, certificate server and access terminal, the user terminal are connect with certificate server, access terminal wireless respectively, the certification
Server with access terminal wireless connect, the intimacy protection system further includes alarm modules, the alarm modules respectively with recognize
Demonstrate,prove server, access terminal wireless connection.
The present invention devises a kind of intimacy protection system based on big data analysis and trust computing, and user carries out network visit
When asking, since present network is more flourishing, the case where information leakage also more and more frequently, the privacy of user is also easy to happen
Leakage, this technology carry out network access by assumed name, keep away by obtaining assumed name from certificate server after user's progress authentication
The occurrence of exempting from privacy leakage guarantees user information safety;Including user terminal, certificate server and access terminal, use
Family end is user operation terminal, actually can choose the tools such as mobile phone, computer, and legal certification machine may be selected in certificate server
Structure is authenticated by certification authority;Accessing terminal is access platform, provides the channel of network access;Alarm modules are set
Meter can be used for when user carries out authentication, verifies repeatedly failure or system detection is blocked to there is criminal just carrying out information
It cuts and waits operation, can be sounded an alarm by alarm modules, guarantee security of system.
Compared with the scheme of optimization, the user terminal include login module, the first receiving module, analysis module, encrypting module and
First output module, the login module, the first receiving module are electrically connected with analysis module respectively, the analysis module, encryption
Module and the first output module are sequentially connected electrically, and first output module is connect with access terminal wireless;The authentication service
Device includes the second receiving module, the first deciphering module, authentication module, database and the second output module, the first output mould
Block and the second receiving module are wirelessly connected, and second receiving module, deciphering module, authentication module and the second output module are successively
Electrical connection, the authentication module, database electrical connection, second output module respectively with access terminal, the first receiving module
It is wirelessly connected, second output module and alarm modules are wirelessly connected.
Compared with the scheme of optimization, it is characterised in that: the login module includes the first typing unit and the second typing unit, institute
State the first typing unit, the second typing unit is electrically connected with analysis module respectively;The encrypting module includes the first encryption unit
With the second encryption unit, the analysis module, the first encryption unit, the second encryption unit are sequentially connected electrically, second encryption
Unit is electrically connected with the first output module.
Compared with the scheme of optimization, first typing unit includes identity code login mode and assumed name login mode, the body
Part code login mode realizes by typing user identity code and logs in that the assumed name login mode is realized by typing user assumed name and stepped on
Record.
User terminal includes that login module, the first receiving module, analysis module, encrypting module and first are defeated in the technical program
Module out, wherein login module includes the first typing unit and the second typing unit, and user can pass through the first typing unit typing
Corresponding identity information, the second typing unit can voluntarily typing login time T, user terminal code P, while the first typing unit is wrapped again
Including identity code login mode and assumed name login mode can when identity code login module needs to apply again assumed name suitable for user
By identity code login module typing user identity code, the signal of request assumed name is retransmited to certificate server, is obtained corresponding
Assumed name, recycle assumed name carry out network access;The assumed name that assumed name login mode is suitable for user can also continue in use, straight
It connected assumed name login mode and logs in assumed name, and carry out network access.
User identity code in the technical program can be set according to actual needs, can choose in the technical program
For the ID card No. of user;User terminal code is the unique encodings obtained when user terminal activates.
For the first receiving module for receiving information and being transmitted, analysis module can be according to identity information in the technical program
A, login time T, user terminal code P generate intelligent record Q according to data, carry out network access convenient for user and obtain assumed name
Deng operation;Encrypting module can encrypt information, and encrypting module is by the way of secondary encryption to intelligence in the technical program
Record Q is encrypted, and when encryption firstly generates code key KS, and pass through code key KSPrimary encryption is carried out to intelligent record Q, is obtained
To ciphertext Q1, the second encryption unit receives ciphertext Q1, code key KS, obtain the public key PK of certificate serverb, pass through public key PKbIt will be right
Code key Ks carries out secondary encryption, obtains code key PKS;What design not only increased ciphertext Q1 in this way cracks difficulty, by symmetric cryptography
Algorithm guarantees the safety of letter transmission in conjunction with rivest, shamir, adelman, avoids that information leakage situation occurs.
Compared with the scheme of optimization, the access terminal include third receiving module, the second deciphering module, time determination module,
Access modules and third output module, first output module, the second output module wirelessly connect with third receiving module respectively
It connects, the third receiving module, the second deciphering module, time determination module, access modules and third output module are successively electrically connected
It connects, the third output module is wirelessly connected with alarm modules, the first receiving module respectively.
It includes third receiving module, the second deciphering module, time determination module, access mould that terminal is accessed in the technical program
Block and third output module, wherein third receiving module can be used for receiving information and be transmitted, and the second deciphering module is available
Private key SKbCode key PKs is decrypted, code key K is obtainedS, recycle code key Ks to decrypt ciphertext Q1, obtain plaintext Q2;Time determines mould
Block can determine whether the whether expired using the time of assumed name, and whether assumed name can continue to use, and when assumed name is expired, user needs again
Assumed name request is sent to certificate server, reacquires assumed name;Access modules can be used for user and access, and it is logical to provide access
Road.
Compared with the scheme of optimization, a kind of method for secret protection based on big data analysis and trust computing the following steps are included:
1) user is by the first typing unit typing user identity code A, while the second typing unit is when voluntarily typing logs in
Between T, user terminal code P, and user identity code A, login time T, user terminal code P are transmitted separately to the first receiving module;First
Receiving module receives data, and transmits it to analysis module;
2) analysis module receives identity information A, login time T, user terminal code P, generates intelligent record Q according to data,
The intelligent record Q of generation is transmitted to again and adds the first encryption unit;
3) the first encryption unit receives intelligent record Q, generates code key KS, and pass through code key KSPrimary encryption is carried out, is obtained
Ciphertext Q1, then by ciphertext Q1, code key KSIt is transmitted to the second encryption unit;Second encryption unit receives ciphertext Q1, code key KS, obtain
The public key PK of certificate serverb, pass through public key PKbIt will be to code key KSSecondary encryption is carried out, code key PK is obtainedS, by code key PKSIt is subsidiary
Ciphertext Q1 is transmitted to certificate server by the first output module;
4) the second receiving module of certificate server receives code key PKS, ciphertext Q1, and transmit it to the first decryption mould
Block, the first deciphering module first pass through private key SKbTo code key PKSDecryption, obtains code key KS, recycle code key KSCiphertext Q1 is decrypted,
Obtain plaintext Q2;
5) authentication module receives plaintext Q2, extracts user terminal code P1, identity information A1 according to plaintext Q2, and pass through user terminal
Code P1 extracts corresponding identity information A2 in the database, and matching identity information A1, identity information A2 are mentioned if successful match
It is shown as " YES ";It goes to step 7);If it fails to match, " NO " is prompted for, is gone to step 6);
6) verifying identification records the verifying number M that it fails to match in time t, if M≤5, user can re-start identity
1) verifying, goes to step;If 5≤M≤8, go to step 7), otherwise goes to step 14);
7) subscriber authentication repeatedly fails, and there are credit suspicion, is classified as " information suspicion user ", and be stored in
In database, user can also re-start authentication at this time, and go to step 1);
8) it is proved to be successful, database generates assumed name U at random and limits assumed name using time T1, when assumed name U, assumed name are used
Between T1 the first receiving module is transmitted to by the second output module;
9) the first receiving module receive assumed name U, assumed name use time T1, and according to assumed name U, assumed name using time T1, step on
Record time T and user terminal code P regenerates intelligent record Q3, then the intelligent record Q3 of generation is transmitted to encrypting module;
10) encrypting module encrypts intelligent record Q3, and encryption obtains ciphertext Q4, and ciphertext Q4 is passed through the first output mould
Block is transmitted to access terminal;
11) the third receiving module for accessing terminal receives ciphertext Q4, and is decrypted by the second deciphering module, obtains in plain text
Q5 extracts assumed name U according to plaintext Q5, assumed name uses time T1;
12) time determination module judges whether assumed name U can continue to use using time T1 according to assumed name, if prompting for
13) " YES " is then gone to step;If prompting for " NO ", user can apply for assumed name again, go to step 1);
13) access modules receive plaintext Q5, and are accessed operation by assumed name U;
14) subscriber authentication repeatedly fails, and is classified as " black list user ", and stores in the database, by this
Black list user's information is transmitted to access terminal, and the user is forbidden to access operation.
Compared with the scheme of optimization, in the step 14), primary recovery credit is carried out within black list user every 3 months in database
Operation, the user after restoring credit can re-start authentication and communicate with access terminal interaction.
Devised in the technical program credit examination, if user occur in 20 days the authentication frequency of failure M, 5≤M≤
8, then it sets it to there are credit suspicion, is classified as " information suspicion user ", when user identity is that " information suspicion is used
Family ", the assumed name of distribution are 7 days using time T1;When authentication frequency of failure M, M >=8, then by it occurs in 20 days in user
It is set as " black list user ", the user is forbidden to access operation;Black list user can restore credit again at quarterly intervals,
It re-starts authentication and carries out network access, and once entered the user of blacklist, the assumed name of distribution is using time T1
15 days.
When carrying out network access, assumed name uses the time longer, and the risk of privacy leakage is higher, therefore this technology side
Credit appraisal mechanism is devised in case, not only increases the safety of authentication, while M fault tolerant number being designed as 5 times,
Also guarantee that user not will receive the limitation of credit examination when data input malfunctions.
Compared with the scheme of optimization, in the step 8), after user is normally carried out authentication and passes through, assumed name uses the time
T1 is 3 days;When user identity is " information suspicion user ", assumed name is 7 days using time T1;When user had note in blacklist
Record, then assumed name is 15 days using time T1.
Compared with the scheme of optimization, in the step 6), time t is 20 days.
Compared with prior art, the beneficial effects of the present invention are:
The present invention is in use, user passes through the first typing unit typing user identity code A first, the second typing unit at this time
Voluntarily typing login time T, user terminal code P, the first receiving module receive user identity code A, login time T, user terminal code P,
And transmit it to analysis module;Then analysis module generates intelligence note according to identity information A, login time T, user terminal code P
List Q is recorded, the first encryption unit encrypts intelligent record Q in such a way that symmetric cryptography, asymmetric encryption combine, and obtains ciphertext
Q1;Then the second receiving module of certificate server receives code key PKS, ciphertext Q1, and transmit it to the first deciphering module solution
It is close, obtain plaintext Q2;Authentication module can extract in the database corresponding identity information according to the user terminal code P1 in plaintext Q2
A2, and verifying is matched with the identity information A1 contained in plaintext, verification tip is " YES ", then database generates assumed name U simultaneously at random
Assumed name, which is limited, according to user credit uses time T1;If verifying it fails to match, prompt for " NO ", then according to failure number M come
The certain credit grade of user is assigned, according to credit grade to determine whether assigning assumed name, and limits the use time of assumed name.
After obtaining assumed name U, can be analyzed again by user terminal, according to assumed name U, assumed name using time T1, login time T and
User terminal code P regenerates intelligent record Q3, is encrypted again, rear by access terminal deciphering, and assumed name is utilized after decryption
Carry out network access operation.
A kind of intimacy protection system and method based on big data analysis and trust computing is devised in the present invention, module is set
Meter is rationally, easy to operate, assigns the operation of assumed name by certificate server to improve secret protection dynamics, while accessing in network
When, also it is possible to prevente effectively from user, which occurs, reduces privacy leakage risk, practicability with higher.
Detailed description of the invention
In order that the present invention can be more clearly and readily understood, right below according to specific embodiment and in conjunction with attached drawing
The present invention is described in further detail.
Fig. 1 is that a kind of connected based on big data analysis with the integral module of the intimacy protection system of trust computing of the invention is shown
It is intended to;
Fig. 2, which is that the present invention is a kind of, to be connected based on big data analysis with the user side module of the intimacy protection system of trust computing
Schematic diagram;
Fig. 3 is a kind of user side module signal of intimacy protection system based on big data analysis and trust computing of the present invention
Figure;
Fig. 4 is a kind of testimony of a witness server module of the intimacy protection system based on big data analysis and trust computing of the present invention
Connection schematic diagram;
Fig. 5 is a kind of testimony of a witness server module of the intimacy protection system based on big data analysis and trust computing of the present invention
Schematic diagram;
Fig. 6 is that a kind of access terminal module of the intimacy protection system based on big data analysis and trust computing of the present invention connects
Connect schematic diagram;
Fig. 7 is that a kind of access terminal module of the intimacy protection system based on big data analysis and trust computing of the present invention shows
It is intended to.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Fig. 1-Fig. 7, a kind of intimacy protection system based on big data analysis and trust computing, the secret protection
System includes user terminal, certificate server and access terminal, and the user terminal connects with certificate server, access terminal wireless respectively
It connects;The intimacy protection system further includes alarm modules, and the alarm modules connect with certificate server, access terminal wireless respectively
It connects.
The present invention devises a kind of intimacy protection system based on big data analysis and trust computing, and user carries out network visit
When asking, since present network is more flourishing, the case where information leakage also more and more frequently, the privacy of user is also easy to happen
Leakage, this technology carry out network access by assumed name, keep away by obtaining assumed name from certificate server after user's progress authentication
The occurrence of exempting from privacy leakage guarantees user information safety;Including user terminal, certificate server and access terminal, use
Family end is user operation terminal, actually can choose the tools such as mobile phone, computer, and legal certification machine may be selected in certificate server
Structure is authenticated by certification authority;Accessing terminal is access platform, provides the channel of network access.
Compared with the scheme of optimization, the user terminal include login module, the first receiving module, analysis module, encrypting module and
First output module, the login module, the first receiving module are electrically connected with analysis module respectively, the analysis module, encryption
Module and the first output module are sequentially connected electrically, and first output module is connect with access terminal wireless;The authentication service
Device includes the second receiving module, the first deciphering module, authentication module, database and the second output module, the first output mould
Block and the second receiving module are wirelessly connected, and second receiving module, deciphering module, authentication module and the second output module are successively
Electrical connection, the authentication module, database electrical connection, second output module respectively with access terminal, the first receiving module
It is wirelessly connected, second output module and alarm modules are wirelessly connected.
Compared with the scheme of optimization, it is characterised in that: the login module includes the first typing unit and the second typing unit, institute
State the first typing unit, the second typing unit is electrically connected with analysis module respectively;The encrypting module includes the first encryption unit
With the second encryption unit, the analysis module, the first encryption unit, the second encryption unit are sequentially connected electrically, second encryption
Unit is electrically connected with the first output module.
Compared with the scheme of optimization, first typing unit includes identity code login mode and assumed name login mode, the body
Part code login mode realizes by typing user identity code and logs in that the assumed name login mode is realized by typing user assumed name and stepped on
Record.
User terminal includes that login module, the first receiving module, analysis module, encrypting module and first are defeated in the technical program
Module out, wherein login module includes the first typing unit and the second typing unit, and user can pass through the first typing unit typing
Corresponding identity information, the second typing unit can voluntarily typing login time T, user terminal code P, while the first typing unit is wrapped again
Including identity code login mode and assumed name login mode can when identity code login module needs to apply again assumed name suitable for user
Pass through identity code login module typing user identity code;Assumed name login mode be suitable for user assumed name can also continue to using
When, assumed name is directly logged in by assumed name login mode, and carry out network access.
User identity code in the technical program can be set according to actual needs, can choose the identity for user
Demonstrate,prove number;User terminal code is the unique encodings obtained when user terminal activates.
For the first receiving module for receiving information and being transmitted, analysis module can be according to identity information in the technical program
A, login time T, user terminal code P generate intelligent record Q according to data, carry out network access convenient for user and obtain assumed name
Deng operation;Encrypting module can encrypt information, and encrypting module is by the way of secondary encryption to intelligence in the technical program
Record Q is encrypted, and when encryption firstly generates code key KS, and pass through code key KSPrimary encryption is carried out to intelligent record Q, is obtained
To ciphertext Q1, the second encryption unit receives ciphertext Q1, code key KS, obtain the public key PK of certificate serverb, pass through public key PKbIt will be right
Code key KSSecondary encryption is carried out, code key PK is obtainedS;What design not only increased ciphertext Q1 in this way cracks difficulty, and symmetric cryptography is calculated
Method guarantees the safety of letter transmission in conjunction with rivest, shamir, adelman, avoids that information leakage situation occurs.
Compared with the scheme of optimization, the access terminal include third receiving module, the second deciphering module, time determination module,
Access modules and third output module, first output module, the second output module wirelessly connect with third receiving module respectively
It connects, the third receiving module, the second deciphering module, time determination module, access modules and third output module are successively electrically connected
It connects, the third output module is wirelessly connected with alarm modules, the first receiving module respectively.
It includes third receiving module, the second deciphering module, time determination module, access mould that terminal is accessed in the technical program
Block and third output module, wherein third receiving module can be used for receiving information and be transmitted, and the second deciphering module is available
Private key SKbTo code key PKSDecryption, obtains code key KS, recycle code key KSCiphertext Q1 is decrypted, plaintext Q2 is obtained;Time determines mould
Block can determine whether the whether expired using the time of assumed name, and whether assumed name can continue to use;Access modules can be used for user and visit
It asks, access path is provided.
Compared with the scheme of optimization, a kind of method for secret protection based on big data analysis and trust computing, comprising the following steps:
1) user is by the first typing unit typing user identity code A, while the second typing unit is when voluntarily typing logs in
Between T, user terminal code P, and user identity code A, login time T, user terminal code P are transmitted separately to the first receiving module;First
Receiving module receives data, and transmits it to analysis module;
2) analysis module receives identity information A, login time T, user terminal code P, generates intelligent record Q according to data,
The intelligent record Q of generation is transmitted to again and adds the first encryption unit;
3) the first encryption unit receives intelligent record Q, generates code key KS, and pass through code key KSPrimary encryption is carried out, is obtained
Ciphertext Q1, then by ciphertext Q1, code key KSIt is transmitted to the second encryption unit;Second encryption unit receives ciphertext Q1, code key KS, obtain
The public key PK of certificate serverb, pass through public key PKbIt will be to code key KSSecondary encryption is carried out, code key PK is obtainedS, by code key PKSIt is subsidiary
Ciphertext Q1 is transmitted to certificate server by the first output module;
4) the second receiving module of certificate server receives code key PKS, ciphertext Q1, and transmit it to the first decryption mould
Block, the first deciphering module first pass through private key SKbTo code key PKSDecryption, obtains code key KS, recycle code key KSCiphertext Q1 is decrypted,
Obtain plaintext Q2;
5) authentication module receives plaintext Q2, extracts user terminal code P1, identity information A1 according to plaintext Q2, and pass through user terminal
Code P1 extracts corresponding identity information A2 in the database, and matching identity information A1, identity information A2 are mentioned if successful match
It is shown as " YES ";It goes to step 7);If it fails to match, " NO " is prompted for, is gone to step 6);
6) verifying identification records the verifying number M that it fails to match in time t, if M≤5, user can re-start identity
1) verifying, goes to step;If 5≤M≤8, go to step 7), otherwise goes to step 14);
7) subscriber authentication repeatedly fails, and there are credit suspicion, is classified as " information suspicion user ", and be stored in
In database, user can also re-start authentication at this time, and go to step 1);
8) it is proved to be successful, database generates assumed name U at random and limits assumed name using time T1, when assumed name U, assumed name are used
Between T1 the first receiving module is transmitted to by the second output module;
9) the first receiving module receive assumed name U, assumed name use time T1, and according to assumed name U, assumed name using time T1, step on
Record time T and user terminal code P regenerates intelligent record Q3, then the intelligent record Q3 of generation is transmitted to encrypting module;
10) encrypting module encrypts intelligent record Q3, and encryption obtains ciphertext Q4, and ciphertext Q4 is passed through the first output mould
Block is transmitted to access terminal;
11) the third receiving module for accessing terminal receives ciphertext Q4, and is decrypted by the second deciphering module, obtains in plain text
Q5 extracts assumed name U according to plaintext Q5, assumed name uses time T1;
12) time determination module judges whether assumed name U can continue to use using time T1 according to assumed name, if prompting for
13) " YES " is then gone to step;If prompting for " NO ", user can apply for assumed name again, go to step 1);
13) access modules receive plaintext Q5, and are accessed operation by assumed name U;
14) subscriber authentication repeatedly fails, and is classified as " black list user ", and stores in the database, by this
Black list user's information is transmitted to access terminal, and the user is forbidden to access operation.
Compared with the scheme of optimization, in the step 14), primary recovery credit is carried out within black list user every 3 months in database
Operation, the user after restoring credit can re-start authentication and communicate with access terminal interaction.
Devised in the technical program credit examination, if user occur in 20 days the authentication frequency of failure M, 5≤M≤
8, then it sets it to there are credit suspicion, is classified as " information suspicion user ", when user identity is that " information suspicion is used
Family ", the assumed name of distribution are 7 days using time T1;When authentication frequency of failure M, M >=8, then by it occurs in 20 days in user
It is set as " black list user ", the user is forbidden to access operation;Black list user can restore credit again at quarterly intervals,
It re-starts authentication and carries out network access, and once entered the user of blacklist, the assumed name of distribution is using time T1
15 days.
Compared with the scheme of optimization, in the step 8), after user is normally carried out authentication and passes through, assumed name uses the time
T1 is 3 days;When user identity is " information suspicion user ", assumed name is 7 days using time T1;When user had note in blacklist
Record, then assumed name is 15 days using time T1.
Compared with the scheme of optimization, in the step 6), time t is 20 days.
A kind of intimacy protection system and method based on big data analysis and trust computing is devised in the present invention, module is set
Meter is rationally, easy to operate, assigns the operation of assumed name by certificate server to improve secret protection dynamics, while accessing in network
When, also it is possible to prevente effectively from user, which occurs, reduces privacy leakage risk, practicability with higher.
The present invention is in use, user passes through the first typing unit typing user identity code A first, the second typing unit at this time
Voluntarily typing login time T, user terminal code P, the first receiving module receive user identity code A, login time T, user terminal code P,
And transmit it to analysis module;Then analysis module generates intelligence note according to identity information A, login time T, user terminal code P
List Q is recorded, the first encryption unit encrypts intelligent record Q in such a way that symmetric cryptography, asymmetric encryption combine, and obtains ciphertext
Q1;Then the second receiving module of certificate server receives code key PKS, ciphertext Q1, and transmit it to the first deciphering module solution
It is close, obtain plaintext Q2;Authentication module can extract in the database corresponding identity information according to the user terminal code P1 in plaintext Q2
A2, and verifying is matched with the identity information A1 contained in plaintext, verification tip is " YES ", then database generates assumed name U simultaneously at random
Assumed name, which is limited, according to user credit uses time T1;If verifying it fails to match, prompt for " NO ", then according to failure number M come
The certain credit grade of user is assigned, according to credit grade to determine whether assigning assumed name, and limits the use time of assumed name.
After obtaining assumed name U, can be analyzed again by user terminal, according to assumed name U, assumed name using time T1, login time T and
User terminal code P regenerates intelligent record Q3, is encrypted again, rear by access terminal deciphering, and assumed name is utilized after decryption
Carry out network access operation.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included within the present invention.Any reference signs in the claims should not be construed as limiting the involved claims.
Claims (9)
1. a kind of intimacy protection system and method based on big data analysis and trust computing, it is characterised in that: the privacy is protected
Protecting system include user terminal, certificate server and access terminal, the user terminal respectively with certificate server, access terminal wireless
Connection, the certificate server are connect with access terminal wireless, and the intimacy protection system further includes alarm modules, the alarm
Module is connect with certificate server, access terminal wireless respectively.
2. the intimacy protection system and method according to claim 1 based on big data analysis and trust computing, feature
Be: the user terminal includes login module, the first receiving module, analysis module, encrypting module and the first output module, described
Login module, the first receiving module are electrically connected with analysis module respectively, the analysis module, encrypting module and the first output module
It is sequentially connected electrically, first output module is connect with access terminal wireless;The certificate server include the second receiving module,
First deciphering module, authentication module, database and the second output module, first output module and the second receiving module are wireless
Connection, second receiving module, deciphering module, authentication module and the second output module are sequentially connected electrically, the authentication module,
Database electrical connection, second output module are wirelessly connected with access terminal, the first receiving module respectively, second output
Module and alarm modules are wirelessly connected.
3. the intimacy protection system and method according to claim 2 based on big data analysis and trust computing, feature
Be: the login module includes the first typing unit and the second typing unit, first typing unit, the second typing unit
It is electrically connected respectively with analysis module;The encrypting module include the first encryption unit and the second encryption unit, the analysis module,
First encryption unit, the second encryption unit are sequentially connected electrically, and second encryption unit is electrically connected with the first output module.
4. the intimacy protection system and method according to claim 3 based on big data analysis and trust computing, feature
Be: first typing unit includes identity code login mode and assumed name login mode, and the identity code login mode passes through
Typing user identity code, which is realized, to be logged in, and the assumed name login mode is realized by typing user assumed name and logged in.
5. the intimacy protection system and method according to claim 2 based on big data analysis and trust computing, feature
Be: the access terminal includes that third receiving module, the second deciphering module, time determination module, access modules and third are defeated
Module out, first output module, the second output module are wirelessly connected with third receiving module respectively, and the third receives mould
Block, the second deciphering module, time determination module, access modules and third output module are sequentially connected electrically, and the third exports mould
Block is wirelessly connected with alarm modules, the first receiving module respectively.
6. a kind of method for secret protection based on big data analysis and trust computing, it is characterised in that: the following steps are included:
1) user is by the first typing unit typing user identity code A, at the same the second typing unit voluntarily typing login time T,
User terminal code P, and user identity code A, login time T, user terminal code P are transmitted separately to the first receiving module;First receives
Module receives data, and transmits it to analysis module;
2) analysis module receives identity information A, login time T, user terminal code P, generates intelligent record Q according to data, then will
The intelligent record Q of generation is transmitted to plus the first encryption unit;
3) the first encryption unit receives intelligent record Q, generates code key KS, and pass through code key KSIntelligent record Q is carried out primary
Encryption, obtains ciphertext Q1, then by ciphertext Q1, code key KSIt is transmitted to the second encryption unit;Second encryption unit receives ciphertext Q1, secret
Key KS, obtain the public key PK of certificate serverb, pass through public key PKbIt will be to code key KSSecondary encryption is carried out, code key PK is obtainedS, will be secret
Key PKSSubsidiary ciphertext Q1 is transmitted to certificate server by the first output module;
4) the second receiving module of certificate server receives code key PKS, ciphertext Q1, and transmit it to the first deciphering module, first
Deciphering module first passes through private key SKbTo code key PKSDecryption, obtains code key KS, recycle code key KSCiphertext Q1 is decrypted, is obtained bright
Literary Q2;
5) authentication module receives plaintext Q2, extracts user terminal code P1, identity information A1 according to plaintext Q2, and pass through user terminal code P1
Corresponding identity information A2 is extracted in the database, and matching identity information A1, identity information A2 are prompted for if successful match
"YES";It goes to step 7);If it fails to match, " NO " is prompted for, is gone to step 6);
6) verifying identification records the verifying number M that it fails to match in time t, if M≤5, user can re-start identity and test
1) card, goes to step;If 5≤M≤8, go to step 7), otherwise goes to step 14);
7) subscriber authentication repeatedly fails, and there are credit suspicion, is classified as " information suspicion user ", and be stored in data
In library, user can also re-start authentication at this time, and go to step 1);
8) it is proved to be successful, database generates assumed name U at random and limits assumed name using time T1, and assumed name U, assumed name are used time T1
The first receiving module is transmitted to by the second output module;
9) the first receiving module receive assumed name U, assumed name use time T1, and according to assumed name U, assumed name using time T1, log in when
Between T and user terminal code P regenerate intelligent record Q3, then the intelligent record Q3 of generation is transmitted to encrypting module;
10) encrypting module encrypts intelligent record Q3, and encryption obtains ciphertext Q4, and ciphertext Q4 is passed by the first output module
Transport to access terminal;
11) the third receiving module for accessing terminal receives ciphertext Q4, and is decrypted by the second deciphering module, obtains plaintext Q5, root
Assumed name U is extracted according to plaintext Q5, assumed name uses time T1;
12) time determination module judges whether assumed name U can continue to use using time T1 according to assumed name, if prompting for " YES ",
It then goes to step 13);If prompting for " NO ", user can apply for assumed name again, go to step 1);
13) access modules receive plaintext Q5, and are accessed operation by assumed name U;
14) subscriber authentication repeatedly fails, and is classified as " black list user ", and stores in the database, by the black name
Single user information is transmitted to access terminal, and the user is forbidden to access operation.
7. the method for secret protection according to claim 6 based on big data analysis and trust computing, it is characterised in that: institute
It states in step 14), carries out within black list user every 3 months in database primary credit of restoring and operate, the user after restoring credit can
It re-starts authentication and is communicated with access terminal interaction.
8. the method for secret protection according to claim 6 based on big data analysis and trust computing, it is characterised in that: institute
It states in step 8), after user is normally carried out authentication and passes through, assumed name is 3 days using time T1;When user identity is " letter
Breath suspicion user ", assumed name are 7 days using time T1;When user has overwriting in blacklist, then assumed name is 15 using time T1
It.
9. the method for secret protection according to claim 6 based on big data analysis and trust computing, it is characterised in that: institute
It states in step 6), time t is 20 days.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910612444.3A CN110378135A (en) | 2019-07-08 | 2019-07-08 | Intimacy protection system and method based on big data analysis and trust computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910612444.3A CN110378135A (en) | 2019-07-08 | 2019-07-08 | Intimacy protection system and method based on big data analysis and trust computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110378135A true CN110378135A (en) | 2019-10-25 |
Family
ID=68252366
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910612444.3A Pending CN110378135A (en) | 2019-07-08 | 2019-07-08 | Intimacy protection system and method based on big data analysis and trust computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110378135A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112907396A (en) * | 2021-01-27 | 2021-06-04 | 胡梁育 | Property management system and method based on wireless communication technology |
CN113139203A (en) * | 2020-01-19 | 2021-07-20 | 上海臻客信息技术服务有限公司 | User information leakage prevention method |
CN113556329A (en) * | 2021-07-06 | 2021-10-26 | 广东轻工职业技术学院 | Industrial data safety protection system of industrial internet technology |
CN113591101A (en) * | 2021-06-22 | 2021-11-02 | 全球码链科技合作中心有限公司 | Ternary data protection method, device, equipment and computer readable storage medium |
CN112907396B (en) * | 2021-01-27 | 2024-05-31 | 北京中铁慧生活科技服务有限公司 | Property management system and method based on wireless communication technology |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060031301A1 (en) * | 2003-07-18 | 2006-02-09 | Herz Frederick S M | Use of proxy servers and pseudonymous transactions to maintain individual's privacy in the competitive business of maintaining personal history databases |
CN102316449A (en) * | 2010-07-07 | 2012-01-11 | 国民技术股份有限公司 | Security terminal system and authentication and interruption method thereof |
CN103546480A (en) * | 2013-10-30 | 2014-01-29 | 宇龙计算机通信科技(深圳)有限公司 | Protection method, terminal and system for privacy information |
CN106254386A (en) * | 2011-09-20 | 2016-12-21 | 中兴通讯股份有限公司 | A kind of information processing method and name mapping server |
CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
CN109951297A (en) * | 2019-03-12 | 2019-06-28 | 中南民族大学 | A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data |
CN109960916A (en) * | 2017-12-22 | 2019-07-02 | 苏州迈瑞微电子有限公司 | A kind of identity authentication method and system |
-
2019
- 2019-07-08 CN CN201910612444.3A patent/CN110378135A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060031301A1 (en) * | 2003-07-18 | 2006-02-09 | Herz Frederick S M | Use of proxy servers and pseudonymous transactions to maintain individual's privacy in the competitive business of maintaining personal history databases |
CN102316449A (en) * | 2010-07-07 | 2012-01-11 | 国民技术股份有限公司 | Security terminal system and authentication and interruption method thereof |
CN106254386A (en) * | 2011-09-20 | 2016-12-21 | 中兴通讯股份有限公司 | A kind of information processing method and name mapping server |
CN103546480A (en) * | 2013-10-30 | 2014-01-29 | 宇龙计算机通信科技(深圳)有限公司 | Protection method, terminal and system for privacy information |
CN109960916A (en) * | 2017-12-22 | 2019-07-02 | 苏州迈瑞微电子有限公司 | A kind of identity authentication method and system |
CN109033855A (en) * | 2018-07-18 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of data transmission method based on block chain, device and storage medium |
CN109951297A (en) * | 2019-03-12 | 2019-06-28 | 中南民族大学 | A kind of identity authorization system and its register method, login method of the reservation privacy of user towards big data |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113139203A (en) * | 2020-01-19 | 2021-07-20 | 上海臻客信息技术服务有限公司 | User information leakage prevention method |
CN112907396A (en) * | 2021-01-27 | 2021-06-04 | 胡梁育 | Property management system and method based on wireless communication technology |
CN112907396B (en) * | 2021-01-27 | 2024-05-31 | 北京中铁慧生活科技服务有限公司 | Property management system and method based on wireless communication technology |
CN113591101A (en) * | 2021-06-22 | 2021-11-02 | 全球码链科技合作中心有限公司 | Ternary data protection method, device, equipment and computer readable storage medium |
CN113556329A (en) * | 2021-07-06 | 2021-10-26 | 广东轻工职业技术学院 | Industrial data safety protection system of industrial internet technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101680260B1 (en) | Certificate issuance system and method based on block chain | |
CN106789018B (en) | Secret key remote acquisition methods and device | |
EP3438902B1 (en) | System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same | |
CN101300808B (en) | Method and arrangement for secure autentication | |
CN1939028B (en) | Accessing protected data on network storage from multiple devices | |
CN106357400B (en) | Establish the method and system in channel between TBOX terminal and TSP platform | |
CN103201998B (en) | For the protection of the data processing of the local resource in mobile device | |
CN106411533A (en) | On-line fingerprint authentication system and method based on bidirectional privacy protection | |
CN110990827A (en) | Identity information verification method, server and storage medium | |
CN103067401A (en) | Method and system for key protection | |
CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
CN103444123A (en) | Shared key establishment and distribution | |
CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
CN102510333A (en) | Authorization method and system | |
CN104322003A (en) | Cryptographic authentication and identification method using real-time encryption | |
CN110378135A (en) | Intimacy protection system and method based on big data analysis and trust computing | |
CN109600296A (en) | A kind of certificate chain instant communicating system and its application method | |
CN102468962A (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
US20120284787A1 (en) | Personal Secured Access Devices | |
CN107690079A (en) | Privacy of user guard method in live platform | |
CN114338201B (en) | Data processing method and device, electronic equipment and storage medium | |
CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
CN109462572B (en) | Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey | |
CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191025 |