CN112115199A - Data management system based on block chain technology - Google Patents
Data management system based on block chain technology Download PDFInfo
- Publication number
- CN112115199A CN112115199A CN202010974071.7A CN202010974071A CN112115199A CN 112115199 A CN112115199 A CN 112115199A CN 202010974071 A CN202010974071 A CN 202010974071A CN 112115199 A CN112115199 A CN 112115199A
- Authority
- CN
- China
- Prior art keywords
- data
- server
- access
- secret key
- system based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013523 data management Methods 0.000 title claims abstract description 19
- 238000005516 engineering process Methods 0.000 title claims abstract description 18
- 238000007726 management method Methods 0.000 claims abstract description 37
- 238000012986 modification Methods 0.000 claims abstract description 4
- 230000004048 modification Effects 0.000 claims abstract description 4
- 238000000586 desensitisation Methods 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 5
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 4
- 238000013500 data storage Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 3
- 238000012905 input function Methods 0.000 claims 1
- 238000000034 method Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Storage Device Security (AREA)
- Technology Law (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- General Business, Economics & Management (AREA)
Abstract
The invention discloses a data management system based on a block chain technology, which belongs to the technical field of big data management and comprises a client, an encryption server, a management server, a database server and an early warning server; the encryption server is used for encrypting the data stored in the database server; the management server comprises a secret key management unit and an access management unit, wherein the secret key management unit is used for generating a secret key for decrypting encrypted contents of the encryption server, uploading the secret key into a block chain, and acquiring the secret key through the transaction between a user and a secret key owner, and the access management unit is used for managing and controlling the user accessing data; the database server is used for storing and calling data; the early warning server is used for early warning when the user accesses abnormally. By encrypting data and combining the decryption key with the blockchain technique, key modification or attack is prevented by using the decentralized and non-falsification of the blockchain.
Description
Technical Field
The invention relates to the technical field of big data management, in particular to a data management system based on a block chain technology.
Background
Currently, the global big data industry is in active development period, technology evolution and application innovation are advanced in parallel and rapidly, novel data storage, calculation and analysis key technologies such as a non-relational database, distributed parallel calculation, machine learning and deep mining are developed and rapidly developed, big data mining and analysis begin to conduct and penetrate to the traditional first industry and the traditional second industry while creating business values and application values in the industries such as telecommunication, internet, finance, traffic and medical treatment, and big data gradually become national basic strategic resources and social basic production elements.
At the same time, big data security issues are gradually exposed. The big data becomes a key target of network attack due to the huge value of the big data and a centralized storage management mode, the problems of lasso attack and data leakage of the big data become serious day by day, and global big data security events are in a frequent situation. Correspondingly, the security requirements of big data have prompted the research and development and production of related security technologies, solutions and products, but compared with the industrial development, the hysteresis phenomenon exists, in the aspect of access management, because the security of an account cannot be guaranteed, the risk of data leakage exists, although the existing data management system can encrypt data, a decrypted secret key exists on a terminal of a user, the decrypted secret key is easily attacked and leaked, and the encrypted data is similar to a nominal data.
Disclosure of Invention
The invention aims to solve the problem that the large data management has hidden danger of data leakage in the aspect of data security, and provides a data management system based on a block chain technology.
The invention achieves the aim through the following technical scheme, and a data management system based on a block chain technology comprises a client, an encryption server, a management server, a database server and an early warning server;
the encryption server is used for encrypting the data stored in the database server;
the management server comprises a secret key management unit and an access management unit, wherein the secret key management unit is used for generating a secret key for decrypting encrypted contents of the encryption server, uploading the secret key into a block chain, and acquiring the secret key through the transaction between a user and a secret key owner, and the access management unit is used for managing and controlling the user accessing data;
the database server is used for storing and calling data;
the early warning server is used for early warning when the user accesses abnormally.
Preferably, the key management unit includes a key generation module, an upload blockchain module, and a blockchain transaction module.
Preferably, the access management unit includes an access query module and an access control module, wherein the access query module is configured to query a record for accessing the database server, and the access control module is configured to restrict a user accessing the database server.
Preferably, the access query module includes a query for access client information, access operation type and access operation time.
Preferably, the access control module comprises control user information verification, a plug-in verification secret key and role setting authority, wherein the role setting authority comprises a role query function, a download function, a role entry function and a role modification function.
Preferably, the database server comprises a data desensitization unit, a data storage unit and a data calling unit.
Preferably, the data desensitization unit is used for performing fuzzification processing on the sensitive data.
Preferably, the early warning server is used for collecting the log-in record and the operation type of the visitor, early warning the user with abnormal behavior, and marking the IP address of the user.
Compared with the prior art, the invention has the beneficial effects that: the data is encrypted, the secret key for decryption is combined with the block chain technology, the secret key is prevented from being modified or attacked by using decentralized and non-falsification of the block chain, authenticity of the secret key is guaranteed, the secret key is obtained in a transaction mode, the secret key is prevented from being leaked in the transaction process, and therefore access calling safety of the data in the database is improved; by collecting the log-in records and operation types of visitors, users with abnormal behaviors are early warned, the IP addresses of the users are marked, and the risk of the database is effectively reduced in a mode of early warning.
Drawings
FIG. 1 is a schematic diagram of the overall system of the present invention.
FIG. 2 is a diagram of a method for combining a key management unit with a blockchain technique according to the present invention.
Fig. 3 is a schematic diagram of the access management unit system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a data management system based on a block chain technique includes a client, an encryption server, a management server, a database server, and an early warning server; the encryption server is used for encrypting the data stored in the database server, protecting the data in an encryption mode, and decrypting the data in a verification mode when accessing or calling the data to acquire data information; the management server comprises a secret key management unit and an access management unit, wherein the secret key management unit is used for generating a secret key for decrypting encrypted contents of the encryption server, uploading the secret key into a block chain, and acquiring the secret key through the transaction of a user and a secret key owner, the access management unit is used for managing and controlling a user accessing data, decrypting data encrypted by the encryption server through the secret key, combining with the access management unit, only the user acquiring the secret key can modify or delete the encrypted data, and grading the access users to increase the security of the data; the database server is used for storing and calling data, the database server can be integrated or distributed, the early warning server is used for early warning when the user abnormally accesses, the user who abnormally accesses can be effectively found out in an early warning mode, and an administrator can investigate the user or add a blacklist to avoid danger of the user to the data.
The key management unit comprises a key generation module, an uploading block chain module and a block chain transaction module, wherein the key generation module is used for generating a decryption key, the uploading block chain module is used for uploading the key to a block chain, the key is prevented from being modified or attacked by using decentralization and non-falsification of the block chain, the block chain transaction module is used for a normal user to obtain the key through a transaction mode on the block chain, each time of transaction of the block chain consumes a bit coin, the specific mode of combining the key management unit and the block chain is shown in figure 2, the decryption key is generated by encrypting data, the key is mastered in the hand of a user with the highest authority, such as the highest management layer of an enterprise, the key is uploaded to the block chain through the account number of the user with the highest authority, so the account number of the user with the highest authority is called as a transaction first party, and the transaction first party uses the block chain private key of the transaction first party to pack and send the key to a public chain of the block chain, if other users want to acquire the secret key, a transaction is firstly established with the transaction first party, the transaction first party transacts the packaged secret key and the own public key to the users together, the users decrypt the encrypted secret key through the public key of the transaction first party, and therefore the secret key is acquired, and the encrypted data are accessed through the secret key.
As shown in fig. 3, the access management unit includes an access query module and an access control module, wherein the access query module is used for querying records of accessing the database server, the access control module is used for limiting users accessing the database server, the access query module includes queries of access client information, access operation types and access operation time, the access control module includes control user information authentication, plug-in authentication keys and role setting permissions, wherein the role setting permissions are divided into role query, download function and role entry and modification function, each user role is limited by setting the role permissions, the access control module provides the user with the permission to access the database server by verifying login information of the user a priori, however, the user only has access and download functions, and the access control module also utilizes the plug-in authentication keys, only the user with the correct key has higher authority, such as entering, modifying or deleting data, and the access query module can query the information, the operation type and the operation time of the user accessing the database server.
The database server comprises a data desensitization unit, a data storage unit and a data calling unit, wherein the data desensitization unit is used for fuzzifying sensitive data, and desensitization (masking and converting original data generally) processing is performed when different users access specific resources according to a preset strategy. Such as: the ID number only displays the first 4 bits and the last 4 bits, and the rest are replaced by asterisks. When different users access the same sensitive data, the obtained results are completely different, the early warning server is used for collecting login records and operation types of visitors, early warning is carried out on the users with abnormal behaviors, the IP addresses of the users are marked, the early warning server needs to be matched with the access inquiry module, if the early warning server inquires that the login access password of a certain client side has more error times, then the operation types of the users are inquired, the download occupation ratio of the operation types is more, therefore, the early warning server marks the users as abnormal users, adds the users into a blacklist, tracks the IP addresses of the users, early warns the users to managers, the managers can inquire the IP addresses in a manual inquiry mode, if the dangers exist, the authority of the IP access database server is sealed, if the dangers do not exist, the user accounts are removed from the blacklist, restoring its normal rights.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (8)
1. A data management system based on block chain technology is characterized in that: the system comprises a client, an encryption server, a management server, a database server and an early warning server;
the encryption server is used for encrypting the data stored in the database server;
the management server comprises a secret key management unit and an access management unit, wherein the secret key management unit is used for generating a secret key for decrypting encrypted contents of the encryption server, uploading the secret key into a block chain, and acquiring the secret key through the transaction between a user and a secret key owner, and the access management unit is used for managing and controlling the user accessing data;
the database server is used for storing and calling data;
the early warning server is used for early warning when the user accesses abnormally.
2. A data management system based on blockchain technology according to claim 1, wherein: the key management unit comprises a key generation module, an uploading block chain module and a block chain transaction module.
3. A data management system based on blockchain technology according to claim 1, wherein: the access management unit comprises an access query module and an access control module, wherein the access query module is used for querying records for accessing the database server, and the access control module is used for limiting users accessing the database server.
4. A data management system based on blockchain technology according to claim 3, wherein: the access query module comprises queries for access client information, access operation types and access operation times.
5. A data management system based on blockchain technology according to claim 3, wherein: the access control module comprises control user information verification, plug-in verification secret keys and role setting authority, wherein the role setting authority comprises a role inquiry function, a downloading function, a role input function and a role modification function.
6. A data management system based on blockchain technology according to claim 1, wherein: the database server comprises a data desensitization unit, a data storage unit and a data calling unit.
7. A data management system based on blockchain technology according to claim 6, wherein: the data desensitization unit is used for performing fuzzification processing on the sensitive data.
8. A data management system based on blockchain technology according to claim 1, wherein: the early warning server is used for collecting the login records and the operation types of the visitors, early warning the users with abnormal behaviors and marking the IP addresses of the users.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010974071.7A CN112115199A (en) | 2020-09-16 | 2020-09-16 | Data management system based on block chain technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010974071.7A CN112115199A (en) | 2020-09-16 | 2020-09-16 | Data management system based on block chain technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112115199A true CN112115199A (en) | 2020-12-22 |
Family
ID=73803559
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010974071.7A Pending CN112115199A (en) | 2020-09-16 | 2020-09-16 | Data management system based on block chain technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112115199A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112819599A (en) * | 2021-02-23 | 2021-05-18 | 南京启用宝信息科技有限公司 | Enterprise finance and tax accounting management system based on block chain |
| CN114884654A (en) * | 2022-04-29 | 2022-08-09 | 江西锐盾智能科技有限公司 | Safety interaction system of banking library |
| CN114971525A (en) * | 2022-04-20 | 2022-08-30 | 西华大学 | Carbon neutralization management system and method based on block chain |
| CN116595592A (en) * | 2023-05-18 | 2023-08-15 | 武汉淘扣网络科技有限公司 | Industrial Internet of things safety management method and system applying blockchain technology |
| CN116707850A (en) * | 2022-09-29 | 2023-09-05 | 荣耀终端有限公司 | Data processing method, data access method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483198A (en) * | 2017-09-25 | 2017-12-15 | 中国科学院信息工程研究所 | A kind of block catenary system supervised and method |
| KR20190081299A (en) * | 2017-12-29 | 2019-07-09 | 부경대학교 산학협력단 | Block chain based data access control system and method thereof |
| CN110990407A (en) * | 2018-04-27 | 2020-04-10 | 腾讯科技(深圳)有限公司 | Block chain based data storage method and device, server and storage medium |
| CN111177275A (en) * | 2020-01-02 | 2020-05-19 | 肖光昱 | Block chain-based management method, terminal, device and storage medium |
| CN111262867A (en) * | 2020-01-17 | 2020-06-09 | 吴燕琼 | Key management method based on block chain |
-
2020
- 2020-09-16 CN CN202010974071.7A patent/CN112115199A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483198A (en) * | 2017-09-25 | 2017-12-15 | 中国科学院信息工程研究所 | A kind of block catenary system supervised and method |
| KR20190081299A (en) * | 2017-12-29 | 2019-07-09 | 부경대학교 산학협력단 | Block chain based data access control system and method thereof |
| CN110990407A (en) * | 2018-04-27 | 2020-04-10 | 腾讯科技(深圳)有限公司 | Block chain based data storage method and device, server and storage medium |
| CN111177275A (en) * | 2020-01-02 | 2020-05-19 | 肖光昱 | Block chain-based management method, terminal, device and storage medium |
| CN111262867A (en) * | 2020-01-17 | 2020-06-09 | 吴燕琼 | Key management method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 周艺华;李洪明;: "基于区块链的数据管理方案", 信息安全研究, no. 01 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112819599A (en) * | 2021-02-23 | 2021-05-18 | 南京启用宝信息科技有限公司 | Enterprise finance and tax accounting management system based on block chain |
| CN114971525A (en) * | 2022-04-20 | 2022-08-30 | 西华大学 | Carbon neutralization management system and method based on block chain |
| CN114884654A (en) * | 2022-04-29 | 2022-08-09 | 江西锐盾智能科技有限公司 | Safety interaction system of banking library |
| CN116707850A (en) * | 2022-09-29 | 2023-09-05 | 荣耀终端有限公司 | Data processing method, data access method and device |
| CN116707850B (en) * | 2022-09-29 | 2024-05-14 | 荣耀终端有限公司 | Data processing method, data access method and device |
| CN116595592A (en) * | 2023-05-18 | 2023-08-15 | 武汉淘扣网络科技有限公司 | Industrial Internet of things safety management method and system applying blockchain technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104780175B (en) | The authorization management method that the classification of based role accesses | |
| CN112115199A (en) | Data management system based on block chain technology | |
| TWI532355B (en) | Trustworthy extensible markup language for trustworthy computing and data services | |
| US8984611B2 (en) | System, apparatus and method for securing electronic data independent of their location | |
| Viega | Building security requirements with CLASP | |
| CN105103488A (en) | Policy enforcement with associated data | |
| CN105103119A (en) | Data security service | |
| CN101827101A (en) | Information asset protection method based on credible isolated operating environment | |
| CN111274599A (en) | Data sharing method based on block chain and related device | |
| CN105122265A (en) | Data security service system | |
| US11611587B2 (en) | Systems and methods for data privacy and security | |
| CN113609221A (en) | Data storage method, data access device and storage medium | |
| CN114021161A (en) | Safety management method based on industrial big data sharing service | |
| Sauber et al. | A new secure model for data protection over cloud computing | |
| Murala et al. | Secure dynamic groups data sharing with modified revocable attribute-based encryption in cloud | |
| CN116090000A (en) | File security management method, system, device, medium and program product | |
| Gunjal et al. | Multi authority access control mechanism for role based access control for data security in the cloud environment | |
| CN113901507B (en) | Multi-party resource processing method and privacy computing system | |
| CN115643573A (en) | Privileged account authentication method and system based on dynamic security environment | |
| CN112769784A (en) | Text processing method and device, computer readable storage medium and processor | |
| Yang et al. | New paradigm of inference control with trusted computing | |
| CN111651776A (en) | Access control record storage method and device | |
| CN117294465B (en) | Attribute encryption system and method based on cross-domain communication | |
| Kayem et al. | Efficient enforcement of dynamic cryptographic access control policies for outsourced data | |
| Yuan et al. | A fine-grained access control method based on role permission management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |