CN112347188A - Authorization and access auditing system and method based on private chain - Google Patents
Authorization and access auditing system and method based on private chain Download PDFInfo
- Publication number
- CN112347188A CN112347188A CN202011114782.3A CN202011114782A CN112347188A CN 112347188 A CN112347188 A CN 112347188A CN 202011114782 A CN202011114782 A CN 202011114782A CN 112347188 A CN112347188 A CN 112347188A
- Authority
- CN
- China
- Prior art keywords
- user
- module
- data
- information
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 60
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012795 verification Methods 0.000 claims abstract description 52
- 238000000586 desensitisation Methods 0.000 claims abstract description 39
- 238000007726 management method Methods 0.000 claims description 36
- 238000012550 audit Methods 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 4
- 230000001815 facial effect Effects 0.000 claims description 2
- 210000003462 vein Anatomy 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000000875 corresponding effect Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000011282 treatment Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The application discloses an authorization and access auditing system and method based on a private chain. The system comprises: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a block chain storage module; the method comprises the following steps: user credit granting process and credit granting verification process. According to the method and the device, the user information machine is stored through the block chain technology, the privacy information of the user does not directly participate in the data authentication process of the user by combining the personal information with the desensitization technology, the privacy disclosure risk is reduced, meanwhile, relevant records and user certificates of IPFS storage are introduced, the private chain points to the finished file entity in an indexed mode, and the problems that data under the traditional authorization authentication mode can be tampered and forged are solved.
Description
Technical Field
The application relates to the technical field of block chains, in particular to an authorization and access auditing system and method based on a private chain.
Background
Currently, as medical treatments become more closely coupled with large data, access to the system and data becomes more important. Higher and higher requirements are put on authorization, access and audit. The authentication and authorization method of the current common hospital internal information system is usually the traditional method, i.e. the account number and password or the related information based on the biotechnology are digitalized and then used as the login mark. However, since the tamper-proof property of the conventional database has a certain defect, privacy problems in the user account generation process and data in the conventional authorization authentication mode may be tampered and forged.
Aiming at the privacy problem in the user account generation process in the related technology and the problem that data in the traditional authorization authentication mode can be falsified and forged, an effective solution is not provided at present.
Disclosure of Invention
The present application mainly aims to provide an authorization and access auditing system and method based on a private chain, so as to solve the privacy problem in the user account generation process in the related art and the problem that data in the traditional authorization authentication mode may be tampered and forged.
In order to achieve the above object, in a first aspect, the present application provides a private chain-based authorization and access auditing system, including: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a block chain storage module;
the user management module, the desensitization service module, the certificate service module, the data uplink module and the block chain storage module are sequentially connected, and the user management module is connected with the data uplink module;
the user management module is used for receiving a new user authorization request, acquiring biological characteristic information submitted by a new user and user registration information, and carrying out USB-KEY burning according to returned authorization information;
the desensitization service module is used for receiving a new user authorization request, extracting the sensitive fields in the biological characteristic information and the user registration information according to the preset sensitive fields, and converting the sensitive fields into ciphertext in an encryption mode. Simultaneously, a desensitization service module randomly generates a unique user ID for the user, and combines the user ID and the characteristic information ciphertext to generate a user characteristic code;
the certificate service module is used for receiving a new user authorization request and a user feature code, signing and issuing a user certificate, generating a public key and a corresponding private key, and carrying out secondary encryption on the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to an uplink module;
the data uplink module is used for encrypting the received new user authorization data and storing the corresponding public key into the block chain;
the user management module further comprises: the data uplink module is used for receiving user login information, transmitting verification data for authentication to the data uplink module and receiving and returning a verification result.
The block chain storage module acquires encrypted data information according to verification data submitted by a user and sends the acquired encrypted data information to the data uplink module;
the encrypted data information includes: user ID, feature code, burn write device ID.
And the data chaining module compares the encrypted data information transmitted by the block chain storage module, judges whether the user ID and the burning writing equipment ID are correct or not, compares the user characteristic codes after the user ID and the burning writing equipment ID are confirmed to be correct, returns a verification result to the user management module, and submits a user verification condition record to the block chain module. If any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
the storage mode of the block chain storage module is IPFS (inter plane File System, InterPlanetary File System), a point-to-point distributed hypermedia distribution protocol can expand storage capacity in a distributed storage mode of different nodes, relevant data are obtained by multiple nodes, user certificates and user audit records are stored in the IPFS, hash values of relevant storage objects are generated, after a private chain is built, hash values of the relevant storage objects are stored in each block in the block chain, the hash values of the relevant storage objects are used as indexes, and the hash values of the relevant storage objects in each block correspond to the node values in the IPFS one to one.
The private chain construction process is as follows:
creating blocks aiming at nodes A-N in a block chain storage module, and initializing, wherein the method comprises the following steps: deploying an IPFS execution file, generating a point-to-point key, creating a data directory and creating an IPFS node;
configuring each node, including: importing a node id and configuring cross-domain resource sharing;
starting the node A and linking other nodes to the node A;
the initialization comprises the following steps: the method comprises the steps of deploying an IPFS execution file, generating a point-to-point key, creating a data directory and creating an IPFS node.
The configuration comprises: and importing the node id and configuring cross-domain resource sharing.
In a second aspect, the present application further provides an authorization and access auditing method based on a private chain, which is implemented by using the authorization and access auditing system based on a private chain, and includes a user credit granting process and a credit granting verification process:
the steps of the user credit granting process are as follows:
the user management module receives the new user authorization request, acquires the biological characteristic information submitted by the new user and the user registration information, and submits the biological characteristic information and the user registration information to the desensitization service module;
and the desensitization service module receives a new user authorization request, extracts the biological characteristic information and the sensitive fields in the user registration information according to preset sensitive fields, and converts the biological characteristic information and the sensitive fields into a ciphertext in an encryption mode. Simultaneously, a desensitization service module randomly generates a unique user ID for the user, and combines the user ID and the characteristic information ciphertext to generate a user characteristic code;
the certificate service module receives a new user authorization request and a user feature code, signs a user certificate, generates a public key and a corresponding private key, and secondarily encrypts the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to an uplink module;
the data uplink module encrypts the received new user authorization data and stores the encrypted data and the corresponding public key in the block chain;
the data uplink module returns uplink success information to the certificate service module;
the certificate service module returns a user private key and a user ID to the desensitization service module;
the desensitization service module inquires related feature codes in a local system through a user ID returned by the certificate service module, and assembles the desensitization service module and a private key returned by the certificate service module into a data structure body in a JSON format in the desensitization service module; returning authorization information to the user management module;
the user management module receives a user private KEY and a user ID and stores the user private KEY and the user ID into a management database, returns the user ID, the private KEY and the user feature code and carries out USB-KEY burning, and submits the user ID, burning conditions and timestamp information to the data uplink module; the burning condition comprises whether burning is successful, a burning writing device ID and a burning device ID;
the data uplink module stores the user ID, the burning condition and the time stamp to the block chain module. The time stamp comprises a burning time stamp and an uploading time stamp.
The steps of the credit authorization process are as follows:
the user management module receives the user login information, verifies whether the login information is correct or not, if the verification is passed, obtains related contents in the USB-KEY submitted by the user, transmits verification data for authentication to the data uplink module, and receives and returns a verification result.
The user login information comprises: user ID, password and local USB-KEY data;
the verification data used for authentication is data encrypted by a private key;
the related content in the USB-KEY comprises a user ID and a user private KEY;
the data uplink module receives the verification data for authentication of the user;
the block chain storage module acquires encrypted data information according to verification data submitted by a user and sends the acquired encrypted data information to the data uplink module; the encrypted data information comprises a user ID, a feature code and a burning writing device ID.
The data uplink module compares the encrypted data information transmitted by the block chain storage module, and if the comparison result is correct, the data uplink module returns a verification result to the user management module and submits a user verification condition record to the block chain module; if the comparison result is incorrect, directly returning authentication failure;
and the block chain storage module receives the user verification condition record submitted by the uplink module.
The beneficial technical effects are as follows:
according to the method and the device, the user information machine is stored through the block chain technology, the privacy information of the user does not directly participate in the data authentication process of the user by combining the personal information with the desensitization technology, the privacy disclosure risk is reduced, meanwhile, relevant records and user certificates of IPFS storage are introduced, and the private chain is indexed to the completion of the pointing of a file entity.
The user information is subjected to characteristic code extraction in a desensitization mode, the characteristic code and the user id are correlated, the user information is encrypted in a certificate encryption mode after the correlation, and the encrypted hash is stored in the private chain.
Desensitization is performed on user sensitive information through desensitization service, only the feature code is reserved, and no user information entity is used, for example: finger veins, fingerprints, facial features, etc.
And storing the user certificate and the user audit record into the IPFS, generating a related hash, and storing a hash index in the private chain to meet the non-falsification audit requirement of the user access data.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, serve to provide a further understanding of the application and to enable other features, objects, and advantages of the application to be more apparent. The drawings and their description illustrate the embodiments of the invention and do not limit it. In the drawings:
FIG. 1 is a schematic block diagram of a private chain-based authorization and access auditing system according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a storage method of a blockchain memory module according to an embodiment of the present disclosure;
FIG. 3 is a diagram illustrating a private chain construction process provided in accordance with an embodiment of the present application;
FIG. 4 is a timing diagram illustrating a user trust process provided in an embodiment of the present application;
fig. 5 is a timing diagram of a trust verification process provided according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In this application, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "middle", "vertical", "horizontal", "lateral", "longitudinal", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings. These terms are used primarily to better describe the present application and its embodiments, and are not used to limit the indicated devices, elements or components to a particular orientation or to be constructed and operated in a particular orientation.
Moreover, some of the above terms may be used to indicate other meanings besides the orientation or positional relationship, for example, the term "on" may also be used to indicate some kind of attachment or connection relationship in some cases. The specific meaning of these terms in this application will be understood by those of ordinary skill in the art as appropriate.
In addition, the term "plurality" shall mean two as well as more than two.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
In a first aspect, the present application provides a private chain-based authorization and access auditing system, as shown in fig. 1, including: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a block chain storage module;
the user management module, the desensitization service module, the certificate service module, the data uplink module and the block chain storage module are sequentially connected, and the user management module is connected with the data uplink module;
the user management module is used for receiving a new user authorization request, acquiring biological characteristic information submitted by a new user and user registration information, and carrying out USB-KEY burning according to returned authorization information;
and the desensitization service module receives a new user authorization request, extracts the biological characteristic information and the sensitive fields in the user registration information according to preset sensitive fields, and converts the biological characteristic information and the sensitive fields into a ciphertext in an encryption mode. Simultaneously, a desensitization service module randomly generates a unique user ID for the user, and combines the user ID and the characteristic information ciphertext to generate a user characteristic code;
the certificate service module receives a new user authorization request and a user feature code, signs a user certificate, generates a public key and a corresponding private key, and secondarily encrypts the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to an uplink module;
the data uplink module encrypts the received new user authorization data and stores the encrypted data and the corresponding public key in the block chain;
the user management module further comprises: the data uplink module is used for receiving user login information, transmitting verification data for authentication to the data uplink module and receiving and returning a verification result.
The block chain storage module acquires encrypted data information according to verification data submitted by a user and sends the acquired encrypted data information to the data uplink module; the encrypted data information includes: user ID, feature code, burn write device ID.
And the data chaining module compares the encrypted data information transmitted by the block chain storage module, judges whether the user ID and the burning writing equipment ID are correct or not, compares the user characteristic codes after the user ID and the burning writing equipment ID are confirmed to be correct, returns a verification result to the user management module, and submits a user verification condition record to the block chain module. If any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
the storage mode of the block chain storage module is IPFS (inter plane File System, InterPlanetary File System), a point-to-point distributed hypermedia distribution protocol can expand storage capacity in a distributed storage mode of different nodes, relevant data are obtained by multiple nodes, user certificates and user audit records are stored in the IPFS, hash values of relevant storage objects are generated, after a private chain is built, hash values of the relevant storage objects are stored in each block in the block chain, the hash values of the relevant storage objects are used as indexes, and the hash values of the relevant storage objects in each block correspond to the node values in the IPFS one to one.
The private chain construction process is as follows, as shown in fig. 3:
creating blocks aiming at nodes A-N in a block chain storage module, and initializing, wherein the initialization comprises the following steps: deploying an IPFS execution file, generating a point-to-point key, creating a data directory and creating an IPFS node;
configuring each node, the configuring comprising: importing a node id and configuring cross-domain resource sharing;
starting the node A and linking other nodes to the node A;
in a second aspect, the present application further provides an authorization and access auditing method based on a private chain, which is implemented by using the authorization and access auditing system based on a private chain, and includes a user credit granting process and a credit granting verification process:
the steps of the user credit granting process are as follows, as shown in fig. 4:
step S11: the user management module receives the new user authorization request, acquires the biological characteristic information submitted by the new user and the user registration information, and submits the biological characteristic information and the user registration information to the desensitization service module;
step S12: and the desensitization service module receives a new user authorization request, extracts the biological characteristic information and the sensitive fields in the user registration information according to preset sensitive fields, and converts the biological characteristic information and the sensitive fields into a ciphertext in an encryption mode. Simultaneously, a desensitization service module randomly generates a unique user ID for the user, and combines the user ID and the characteristic information ciphertext to generate a user characteristic code;
step S13: the certificate service module receives a new user authorization request and a user feature code, signs a user certificate, generates a public key and a corresponding private key, and secondarily encrypts the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to an uplink module;
step S14: the data uplink module encrypts the received new user authorization data and stores the encrypted data and the corresponding public key in the block chain;
step S15: the data uplink module returns uplink success information to the certificate service module;
step S16: the certificate service module returns a user private key and a user ID to the desensitization service module;
step S17: the desensitization service module inquires related feature codes in a local system through a user ID returned by the certificate service module, and assembles the desensitization service module and a private key returned by the certificate service module into a data structure body in a JSON format in the desensitization service module; returning authorization information to the user management module;
step S18: the user management module receives a user private KEY and a user ID and stores the user private KEY and the user ID into a management database, returns the user ID, the private KEY and the user feature code and carries out USB-KEY burning, and submits the user ID, burning conditions and timestamp information to the data uplink module; the burning condition comprises whether burning is successful, burning writing equipment ID and burning equipment ID.
Step S19: the data uplink module stores the user ID, the burning condition and the time stamp to the block chain module. The time stamp comprises a burning time stamp and an uploading time stamp.
The steps of the trust verification process are as follows, as shown in fig. 5:
step S21: the user management module receives user login information, verifies whether the login information is correct or not, directly feeds back login verification failure if the login information is incorrect, acquires related contents in a USB-KEY submitted by a user if the login information is verified to be passed, transmits verification data for authentication to the data uplink module, and receives and returns a verification result.
The user login information comprises: user ID, password and local USB-KEY data;
the verification data used for authentication is data encrypted by a private key;
the related content in the USB-KEY comprises: a user ID, a user private key;
step S22: the data uplink module receives the verification data for authentication of the user;
step S23: the block chain storage module acquires encrypted data information according to verification data submitted by a user and sends the acquired encrypted data information to the data uplink module; the encrypted data information comprises a user ID, a feature code and a burning writing device ID.
Step S24: and the data chaining module compares the encrypted data information transmitted by the block chain storage module, judges whether the user ID and the burning writing equipment ID are correct or not, compares the user characteristic codes after the user ID and the burning writing equipment ID are confirmed to be correct, returns a verification result to the user management module, and submits a user verification condition record to the block chain module. If any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
step S25: and the block chain storage module receives the user verification condition record submitted by the uplink module.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A private chain-based authorization and access auditing system, comprising: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a block chain storage module;
the user management module, the desensitization service module, the certificate service module, the data uplink module and the block chain storage module are sequentially connected, and the user management module is connected with the data uplink module;
the user management module is used for receiving a new user authorization request, acquiring biological characteristic information submitted by a new user and user registration information, and carrying out USB-KEY burning according to returned authorization information;
the desensitization service module is used for receiving a new user authorization request, extracting sensitive fields in the biological characteristic information and the user registration information according to preset sensitive fields, and converting the sensitive fields into ciphertexts in an encryption mode; simultaneously, a desensitization service module randomly generates a unique user ID for the user, and combines the user ID and the characteristic information ciphertext to generate a user characteristic code;
the certificate service module is used for receiving a new user authorization request and a user feature code, signing and issuing a user certificate, generating a public key and a corresponding private key, and carrying out secondary encryption on the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to an uplink module;
the data uplink module is used for encrypting the received new user authorization data and storing the corresponding public key into the block chain;
and the block chain storage module is used for storing the data transmitted from the data uplink module.
2. The private chain-based authorization and access auditing system according to claim 1 where said biometric information includes: finger veins, facial features.
3. The private chain-based authorization and access auditing system according to claim 1 where said user registration information includes: name, mobile phone number, hospital, ward, and department.
4. The private chain-based authorization and access auditing system according to claim 1 where said user management module further comprises: the data uplink module is used for receiving user login information, transmitting verification data for authentication to the data uplink module and receiving and returning a verification result;
the data uplink module further comprises: receiving the verification data used for authentication of the user, comparing the verification data according to the encrypted data information transmitted by the block chain storage module, returning a verification result to the user management module, and submitting a user verification condition record to the block chain module;
the block chain storage module further comprises: and acquiring encrypted data information according to verification data submitted by a user, sending the acquired encrypted data information to the data uplink module, and receiving a user verification condition record submitted by the uplink module.
5. The private chain-based authorization and access audit system according to claim 1, wherein the block chain storage module is in an IPFS storage mode, the user certificate and the user audit record are stored in the IPFS, a hash value of a related storage object is generated, each block in the block chain stores the hash value of the related storage object after the private chain is constructed, the hash value of the related storage object is used as an index, and the hash value of the related storage object in each block corresponds to each node value in the IPFS one to one.
6. The private chain-based authorization and access audit system according to claim 5 wherein the private chain construction process is as follows:
creating blocks aiming at nodes A-N in a block chain storage module, and initializing;
configuring each node;
starting the node A and linking other nodes to the node A;
successful linking completes the private chain construction.
7. The private chain-based authorization and access audit system according to claim 6 wherein the initialization includes: the method comprises the steps of deploying an IPFS execution file, generating a point-to-point key, creating a data directory and creating an IPFS node.
8. The private chain-based authorization and access auditing system according to claim 6 where said configuring comprises: and importing the node id and configuring cross-domain resource sharing.
9. A method for auditing authorization and access based on private chain, which is implemented by the system for auditing authorization and access based on private chain according to any one of claims 1-8, and comprises: the method comprises a user credit granting process and a credit granting verification process:
the steps of the user credit granting process are as follows:
the user management module receives the new user authorization request, acquires the biological characteristic information submitted by the new user and the user registration information, and submits the biological characteristic information and the user registration information to the desensitization service module;
the desensitization service module receives a new user authorization request, extracts the biological characteristic information and the sensitive fields in the user registration information according to preset sensitive fields, and converts the biological characteristic information and the sensitive fields into ciphertext in an encryption mode; simultaneously, a desensitization service module randomly generates a unique user ID for the user, and combines the user ID and the characteristic information ciphertext to generate a user characteristic code;
the certificate service module receives a new user authorization request and a user feature code, signs a user certificate, generates a public key and a corresponding private key, and secondarily encrypts the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to an uplink module;
the data uplink module encrypts the received new user authorization data and stores the encrypted data and the corresponding public key in the block chain;
the data uplink module returns uplink success information to the certificate service module;
the certificate service module returns a user private key and a user ID to the desensitization service module;
the desensitization service module inquires related feature codes in a local system through a user ID returned by the certificate service module, and assembles the desensitization service module and a private key returned by the certificate service module into a data structure body in a JSON format in the desensitization service module; returning authorization information to the user management module;
the user management module receives a user private KEY and a user ID and stores the user private KEY and the user ID into a management database, returns the user ID, the private KEY and the user feature code and carries out USB-KEY burning, and submits the user ID, burning conditions and timestamp information to the data uplink module;
the data uplink module stores the user ID, the burning condition and the time stamp to the block chain module.
10. The private chain-based authorization and access auditing method according to claim 9 where the trust verification process steps are as follows:
the user management module receives user login information, verifies whether the login information is correct or not, directly feeds back login verification failure if the login information is incorrect, acquires related contents in a USB-KEY submitted by a user if the login information is verified to be passed, transmits verification data for authentication to the data uplink module, and receives and returns a verification result;
the verification data used for authentication is data encrypted by a private key;
the data uplink module receives the verification data for authentication of the user;
the block chain storage module acquires encrypted data information according to verification data submitted by a user and sends the acquired encrypted data information to the data uplink module;
the data uplink module compares the encrypted data information transmitted by the block chain storage module, and if the comparison result is correct, the data uplink module returns a verification result to the user management module and submits a user verification condition record to the block chain module; if the comparison result is incorrect, directly returning authentication failure;
and the block chain storage module receives the user verification condition record submitted by the uplink module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011114782.3A CN112347188A (en) | 2020-10-16 | 2020-10-16 | Authorization and access auditing system and method based on private chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011114782.3A CN112347188A (en) | 2020-10-16 | 2020-10-16 | Authorization and access auditing system and method based on private chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112347188A true CN112347188A (en) | 2021-02-09 |
Family
ID=74362029
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011114782.3A Pending CN112347188A (en) | 2020-10-16 | 2020-10-16 | Authorization and access auditing system and method based on private chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112347188A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112861162A (en) * | 2021-03-15 | 2021-05-28 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
CN113132362A (en) * | 2021-03-31 | 2021-07-16 | 青岛中瑞汽车服务有限公司 | Trusted authorization method, trusted authorization device, electronic equipment and storage medium |
CN114091109A (en) * | 2022-01-19 | 2022-02-25 | 豆沙包科技(深圳)有限公司 | Cross-border e-commerce platform data verification method, system, terminal and storage medium |
CN115001801A (en) * | 2022-05-30 | 2022-09-02 | 北京沸铜科技有限公司 | Block chain-based digital content heterogeneous chain cross-chain authorization method |
CN116781266A (en) * | 2022-01-06 | 2023-09-19 | 西安链科信息技术有限公司 | Data security private cloud control system, control method, medium, equipment and terminal |
CN112861162B (en) * | 2021-03-15 | 2024-05-03 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107947922A (en) * | 2017-11-29 | 2018-04-20 | 中国科学院合肥物质科学研究院 | A kind of digital archives management method and system based on block chain technology |
CN110278462A (en) * | 2019-06-20 | 2019-09-24 | 北京工业大学 | A kind of mobile film projection authorization management method based on block chain |
CN111274592A (en) * | 2020-01-19 | 2020-06-12 | 山东超越数控电子股份有限公司 | Electronic medical record system based on block chain and biological characteristics |
CN111478769A (en) * | 2020-03-18 | 2020-07-31 | 西安电子科技大学 | Distributed credible identity authentication method, system, storage medium and terminal |
CN111488619A (en) * | 2020-04-16 | 2020-08-04 | 医遛健康咨询(上海)有限公司 | Health data privacy protection and sharing system based on block chain |
CN111552955A (en) * | 2020-04-29 | 2020-08-18 | 合肥井创数字科技有限公司 | Personal identity authentication method and device based on block chain and IPFS |
CN111651791A (en) * | 2020-07-02 | 2020-09-11 | 武汉市云链智慧区块链科技有限公司 | Block chain private key storage and identity authentication device |
-
2020
- 2020-10-16 CN CN202011114782.3A patent/CN112347188A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107947922A (en) * | 2017-11-29 | 2018-04-20 | 中国科学院合肥物质科学研究院 | A kind of digital archives management method and system based on block chain technology |
CN110278462A (en) * | 2019-06-20 | 2019-09-24 | 北京工业大学 | A kind of mobile film projection authorization management method based on block chain |
CN111274592A (en) * | 2020-01-19 | 2020-06-12 | 山东超越数控电子股份有限公司 | Electronic medical record system based on block chain and biological characteristics |
CN111478769A (en) * | 2020-03-18 | 2020-07-31 | 西安电子科技大学 | Distributed credible identity authentication method, system, storage medium and terminal |
CN111488619A (en) * | 2020-04-16 | 2020-08-04 | 医遛健康咨询(上海)有限公司 | Health data privacy protection and sharing system based on block chain |
CN111552955A (en) * | 2020-04-29 | 2020-08-18 | 合肥井创数字科技有限公司 | Personal identity authentication method and device based on block chain and IPFS |
CN111651791A (en) * | 2020-07-02 | 2020-09-11 | 武汉市云链智慧区块链科技有限公司 | Block chain private key storage and identity authentication device |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112861162A (en) * | 2021-03-15 | 2021-05-28 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
CN112861162B (en) * | 2021-03-15 | 2024-05-03 | 深圳市互联在线云计算股份有限公司 | Block chain storage safety guarantee system based on distributed storage |
CN113132362A (en) * | 2021-03-31 | 2021-07-16 | 青岛中瑞汽车服务有限公司 | Trusted authorization method, trusted authorization device, electronic equipment and storage medium |
CN116781266A (en) * | 2022-01-06 | 2023-09-19 | 西安链科信息技术有限公司 | Data security private cloud control system, control method, medium, equipment and terminal |
CN114091109A (en) * | 2022-01-19 | 2022-02-25 | 豆沙包科技(深圳)有限公司 | Cross-border e-commerce platform data verification method, system, terminal and storage medium |
CN114091109B (en) * | 2022-01-19 | 2022-05-20 | 豆沙包科技(深圳)有限公司 | Cross-border e-commerce platform data verification method, system, terminal and storage medium |
CN115001801A (en) * | 2022-05-30 | 2022-09-02 | 北京沸铜科技有限公司 | Block chain-based digital content heterogeneous chain cross-chain authorization method |
CN115001801B (en) * | 2022-05-30 | 2023-05-30 | 北京沸铜科技有限公司 | Digital content heterogeneous chain cross-chain authorization method based on blockchain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
CN110049016B (en) | Data query method, device, system, equipment and storage medium of block chain | |
CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
CN112347188A (en) | Authorization and access auditing system and method based on private chain | |
US9323915B2 (en) | Extended security for wireless device handset authentication | |
CN104270338B (en) | Method and its system that a kind of electronic identity registration and certification are logged in | |
CN110046521A (en) | Decentralization method for secret protection | |
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
US8615663B2 (en) | System and method for secure remote biometric authentication | |
CA2712471C (en) | Method for reading attributes from an id token | |
CN112580102A (en) | Multi-dimensional digital identity authentication system based on block chain | |
CN109145540B (en) | Intelligent terminal identity authentication method and device based on block chain | |
CN104769602B (en) | Method and system for authentication-access request | |
US20080120707A1 (en) | Systems and methods for authenticating a device by a centralized data server | |
US20080120698A1 (en) | Systems and methods for authenticating a device | |
WO1996007256A1 (en) | Certifying system | |
US20040172536A1 (en) | Method for authentication between a portable telecommunication object and a public access terminal | |
CN110059503A (en) | The retrospective leakage-preventing method of social information | |
US9165149B2 (en) | Use of a mobile telecommunication device as an electronic health insurance card | |
CN107294900A (en) | Identity registration method and apparatus based on biological characteristic | |
CN105224417A (en) | The tape backup method improved | |
CN101340283A (en) | Multisystem biometric token | |
CN101777978A (en) | Method and system based on wireless terminal for applying digital certificate and wireless terminal | |
CN108768653A (en) | Identity authorization system based on quantum key card | |
CN101547095A (en) | Application service management system and management method based on digital certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |