CN113225295B - Safe anonymous opinion feedback system - Google Patents
Safe anonymous opinion feedback system Download PDFInfo
- Publication number
- CN113225295B CN113225295B CN202010068595.XA CN202010068595A CN113225295B CN 113225295 B CN113225295 B CN 113225295B CN 202010068595 A CN202010068595 A CN 202010068595A CN 113225295 B CN113225295 B CN 113225295B
- Authority
- CN
- China
- Prior art keywords
- anonymous
- feedback
- employee
- information
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of Internet, in particular to a safe anonymous suggestion feedback system, which adopts the following steps: the method comprises the following steps: establishing an anonymous account; step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply; step three: the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as a user name and a corresponding feedback request is processed; collecting three different employee related information data to form basic information source data; the system has the advantages that the system is convenient to use, and can not only enable employees to feel relieved about feedback of information, but also ensure that one anonymous account number can not be identified by the system and can not be attacked by forged users.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of Internet, in particular to a safe anonymous opinion feedback system.
[ background of the invention ]
With the development of society and the coming of the Internet + age, people can not open the web for life, work, entertainment, shopping, medical treatment, finance and the like. However, each internet platform provides services, and meanwhile, opinions or feedback on the quality of the services and various measures are also required, so that better services and the plate structure of the platform are improved. Therefore, the internet has a large number of opinion feedback and voting systems, but the two modes can not be separated, one mode is completely anonymous, and the other mode is required to be authenticated by users. An anonymous opinion feedback system is very useful for enterprises to collect true opinion feedback, but a completely anonymous system is vulnerable to attacks, which can forge feedback opinions using a large number of anonymous account numbers.
[ summary of the invention ]
The present invention is directed to overcoming the disadvantages and drawbacks of the prior art by providing a secure anonymous opinion feedback system.
The invention relates to a safe anonymous opinion feedback system, which adopts the following steps:
the method comprises the following steps: the establishment of the anonymous account adopts the following steps:
(1) Information collection: collecting three different employee related information data, wherein the three information data are employee information data, employee enterprise computer system information data and private key data of an internal anonymous account system respectively to form combined basic information source data;
(2) Generating a hash value through a sha256 algorithm on the basic information source data collected in the step (1), wherein the hash value is used as an anonymous account of the user;
(3) Taking the hash value in the step (2) in the step one as an account number, generating a JSON Web token asymmetrically encrypted by RSA, and converting the JSON Web token into a two-dimensional code;
step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply;
step three: and the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as the user name, and a corresponding feedback request is processed.
Further, in the step one, the employee information data in the step (1) is used for helping the employee to log in an enterprise internal employee information system through SPNEGO and Kerberos technologies to obtain the employee information.
Further, the information data of the enterprise computer system in the step one (1) is collected: the method is characterized in that the enterprise computer system information of the employee is collected at a browser end by using a finger printjs2 technology.
The invention has the beneficial effects that: the invention relates to a safe anonymous opinion feedback system, which collects three different employee related information data to form basic information source data, can generate an anonymous account number which can be identified by an enterprise and is based on a hash value for each employee, correspondingly converts the anonymous account number into a token, and converts the token into a two-dimensional code for the employee to log in; the system is convenient to use, and can ensure that the staff can not only feel confident about feedback information because the system can not identify the staff to which the anonymous account belongs, but also ensure that one anonymous account is used by one person and can not be attacked by forged users.
[ description of the drawings ]
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:
FIG. 1 is a schematic of the flow topology of the present invention;
FIG. 2 is an enlarged view of the left half of FIG. 1;
fig. 3 is an enlarged view of the right half of fig. 1.
[ detailed description ] embodiments
The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are only intended to illustrate the present invention, but not to limit the present invention.
As shown in fig. 1 to fig. 3, the system for feeding back anonymous opinions in this embodiment includes the following steps:
the method comprises the following steps: the establishment of the anonymous account adopts the following steps:
(1) Information collection: collecting three different employee related information data, wherein the three information data are employee information data, employee enterprise computer system information data and private key data of an internal anonymous account system respectively to form combined basic information source data;
(2) Generating a hash value through a sha256 algorithm on the basic information source data collected in the step (1), wherein the hash value is used as an anonymous account of the user;
(3) Taking the hash value in the step (2) in the step one as an account number, generating a JSON Web token asymmetrically encrypted by RSA, and converting the JSON Web token into a two-dimensional code;
step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply;
step three: and the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as the user name, and a corresponding feedback request is processed.
Further, the employee information data in step (1) in the first step is obtained by logging in an enterprise internal employee information system through SPNEGO and Kerberos technologies.
Further, the information data of the enterprise computer system in the step one (1) is collected: the method is characterized in that the enterprise computer system information of an employee is collected by using finger printjs2 technology at a browser end.
The working principle of the invention is as follows:
the invention aims at the problem that a completely anonymous system is easy to attack, and an attacker can forge feedback opinions by using a large number of anonymous account numbers. Therefore, in practice, the problems to be solved are: when the opinion feedback is carried out in the enterprise, in order to prevent the above problems from occurring and causing the unreality of the feedback opinion, an anonymous account number which can be identified by the enterprise is generated for each employee, but the account number cannot contain employee information. Is a means for solving the above problems.
The invention consists of three parts, namely an internal anonymous account system, an anonymous feedback system mobile phone client and an anonymous feedback system server.
1. Internal anonymous account system: and the system is responsible for generating an anonymous account number which can be identified by a business for each employee.
The core technology is as follows: collecting 3 kinds of different relevant information of the employee, wherein the 3 kinds of information can be obtained only after the employee logs in the system on the computer of the employee, and then generating a hash value by using the 3 kinds of information through a sha256 algorithm to serve as an anonymous account number of the user. The anonymous account is used in the anonymous feedback system, so that each employee can only generate one anonymous account, and thus, the attack of forged users is prevented.
The above-mentioned 3 kinds of information are specifically stated as follows:
(1) The method comprises the steps that employees log in an employee information system in an enterprise through SPNEGO and Kerberos technologies to obtain employee information; for example, the employee number and the employee name are guaranteed to be operated by the employee.
(2) Collecting enterprise computer system information of the employee by using a finger printjs2 technology at a browser end; such as browser version and screen resolution, etc., that ensures that the anonymous account cannot be broken in a forward exhaustive manner (or violently if only employee information is used). However, since the computer is mass-produced, the device information cannot be guaranteed to be unique, and the device information needs to be used in combination with the first information.
(3) The first information is public, the second information can be found in the employee computer, but how to ensure that the hash value is generated by the system of the invention, the invention adds a secret key. In addition, the hash value is used as an account number, a JSON Web Token (JWT) which is asymmetrically encrypted by RSA is generated, and finally the token is converted into a two-dimensional code.
2. And (3) an anonymous feedback system mobile phone client, which opens the camera and reads the token generated in the step (1) to be used as a user access credential and provides a user interface for feedback creation, reply and the like.
3. And (3) an anonymous feedback system server, which verifies the token by using the RSA public key corresponding to the step (1), and if the verification is successful, uses the hash value as a user name and processes a corresponding feedback request.
The specific process of the invention is as follows:
(1) The employee requests the two-dimensional code, and the browser used by the employee acquires enterprise computer system information (equipment information) of the employee through a finger printjs2 technology at the moment;
(2) The employee information system verifies and acquires employee information through SPNEGO and Kerberos technologies; generating private key data by the internal anonymous account system;
(3) Generating a hash value through a sha256 algorithm, wherein the hash value is used as an anonymous account number of the user;
(4) Generating a JSON Web token asymmetrically encrypted by RSA by taking the hash value as an account, and converting the JSON Web token into a two-dimensional code;
(5) Then the mobile phone client opens the camera and reads the token generated in the step 1 as a user access credential, and provides a user interface for feedback creation and reply;
(6) The anonymous feedback system server verifies the token by using an RSA public key, and if the verification is successful, the hash value is used as a user name and a corresponding feedback request is processed;
(7) And after the feedback data are processed, the feedback data are collected in a feedback database to form feedback big data information.
The invention relates to a safe anonymous opinion feedback system, which collects three different employee related information data to form basic information source data, can generate an anonymous account number which can be identified by an enterprise and is based on a hash value for each employee, correspondingly converts the anonymous account number into a token, and converts the token into a two-dimensional code for the employee to log in; the system has the advantages that the system is convenient to use, and can not only enable employees to feel relieved about feedback of information, but also ensure that one anonymous account number can not be identified by the system and can not be attacked by forged users.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and all equivalent changes and modifications made based on the features and principles described in the claims of the present invention are included in the scope of the present invention.
Claims (1)
1. A secure anonymous opinion feedback system, comprising the steps of:
the method comprises the following steps: the establishment of the anonymous account adopts the following steps:
(1) Information collection: collecting three different employee related information data, wherein the three information data are employee information data, employee enterprise computer system information data and private key data of an internal anonymous account system respectively to form combined basic information source data;
(2) Generating a hash value through a sha256 algorithm on the basic information source data collected in the step (1), wherein the hash value is used as an anonymous account of the user;
(3) Taking the hash value in the step (2) in the step one as an account number, generating a JSON Web token asymmetrically encrypted by RSA, and converting the JSON Web token into a two-dimensional code;
step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply;
step three: the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as a user name and a corresponding feedback request is processed; the employee information data in the step (1) in the step one helps employees to log in an enterprise internal employee information system through SPNEGO and Kerberos technologies to obtain employee information;
the method is characterized in that: acquiring information data of the enterprise computer system in the step (1): the method is characterized in that the enterprise computer system information of an employee is collected by using finger printjs2 technology at a browser end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010068595.XA CN113225295B (en) | 2020-01-21 | 2020-01-21 | Safe anonymous opinion feedback system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010068595.XA CN113225295B (en) | 2020-01-21 | 2020-01-21 | Safe anonymous opinion feedback system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113225295A CN113225295A (en) | 2021-08-06 |
CN113225295B true CN113225295B (en) | 2022-10-25 |
Family
ID=77085153
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010068595.XA Active CN113225295B (en) | 2020-01-21 | 2020-01-21 | Safe anonymous opinion feedback system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113225295B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109299617A (en) * | 2018-09-19 | 2019-02-01 | 中国农业银行股份有限公司贵州省分行 | A kind of file encryption and decryption system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10530582B2 (en) * | 2013-10-28 | 2020-01-07 | Singou Technology Ltd. | Method and device for information system access authentication |
CN105162764A (en) * | 2015-07-30 | 2015-12-16 | 北京石盾科技有限公司 | Dual authentication method, system and device for SSH safe login |
US20180212956A1 (en) * | 2017-01-24 | 2018-07-26 | Ca, Inc. | Anonymous token authentication |
CN107194551A (en) * | 2017-05-11 | 2017-09-22 | 深圳市柘叶红实业有限公司 | Staff electronic information management system and management method |
CN108521429A (en) * | 2018-04-20 | 2018-09-11 | 黄绍进 | A kind of the Internet, applications access method and device of anonymity |
CN109639740B (en) * | 2019-01-31 | 2022-02-22 | 平安科技(深圳)有限公司 | Login state sharing method and device based on equipment ID |
-
2020
- 2020-01-21 CN CN202010068595.XA patent/CN113225295B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109299617A (en) * | 2018-09-19 | 2019-02-01 | 中国农业银行股份有限公司贵州省分行 | A kind of file encryption and decryption system |
Also Published As
Publication number | Publication date |
---|---|
CN113225295A (en) | 2021-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021206913B2 (en) | Systems and methods for distributed data sharing with asynchronous third-party attestation | |
US7519558B2 (en) | Biometrically enabled private secure information repository | |
US7571472B2 (en) | Methods and apparatus for credential validation | |
US7840813B2 (en) | Method and system with authentication, revocable anonymity and non-repudiation | |
US7836298B2 (en) | Secure identity management | |
US8327421B2 (en) | System and method for identity consolidation | |
CN100461667C (en) | Method and system for proof-of-possession operations associated with authentication assertions in a heterogeneous federated environment | |
US20060206926A1 (en) | Single login systems and methods | |
CN105119721B (en) | A kind of three factor remote identity authentication methods based on smart card | |
CN101291227A (en) | Password inputting method, device and system | |
CN104767616A (en) | Message processing method, system and related device | |
US20070198712A1 (en) | Method and apparatus for biometric security over a distributed network | |
CN1992592A (en) | System and method of dynamic password identification | |
US20120066497A1 (en) | Method and device for enabling portable user reputation | |
CN113225295B (en) | Safe anonymous opinion feedback system | |
CN117097472A (en) | Identity authentication method of collaborative signature | |
Zhang et al. | A secure biometric authentication based on PEKS | |
CN117370952A (en) | Multi-node identity verification method and device based on block chain | |
US20050076213A1 (en) | Self-enrollment and authentication method | |
Kuznetsov et al. | Deep learning-based biometric cryptographic key generation with post-quantum security | |
Obed-Emeribe | Multimodal biometric technology system framework and e-commerce in Emerging Markets | |
KR20050010430A (en) | A method of authenticating users by using one time password and a system thereof | |
CN114036485A (en) | Face characteristic cooperative protection safety authentication system under public network | |
JP2004013865A (en) | Personal identification method by associative memory | |
Martin et al. | Implementing webIDs+ biometrics. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |