CN113225295B - Safe anonymous opinion feedback system - Google Patents

Safe anonymous opinion feedback system Download PDF

Info

Publication number
CN113225295B
CN113225295B CN202010068595.XA CN202010068595A CN113225295B CN 113225295 B CN113225295 B CN 113225295B CN 202010068595 A CN202010068595 A CN 202010068595A CN 113225295 B CN113225295 B CN 113225295B
Authority
CN
China
Prior art keywords
anonymous
feedback
employee
information
hash value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010068595.XA
Other languages
Chinese (zh)
Other versions
CN113225295A (en
Inventor
张程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HSBC Software Development Guangdong Ltd
Original Assignee
HSBC Software Development Guangdong Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HSBC Software Development Guangdong Ltd filed Critical HSBC Software Development Guangdong Ltd
Priority to CN202010068595.XA priority Critical patent/CN113225295B/en
Publication of CN113225295A publication Critical patent/CN113225295A/en
Application granted granted Critical
Publication of CN113225295B publication Critical patent/CN113225295B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of Internet, in particular to a safe anonymous suggestion feedback system, which adopts the following steps: the method comprises the following steps: establishing an anonymous account; step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply; step three: the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as a user name and a corresponding feedback request is processed; collecting three different employee related information data to form basic information source data; the system has the advantages that the system is convenient to use, and can not only enable employees to feel relieved about feedback of information, but also ensure that one anonymous account number can not be identified by the system and can not be attacked by forged users.

Description

Safe anonymous opinion feedback system
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of Internet, in particular to a safe anonymous opinion feedback system.
[ background of the invention ]
With the development of society and the coming of the Internet + age, people can not open the web for life, work, entertainment, shopping, medical treatment, finance and the like. However, each internet platform provides services, and meanwhile, opinions or feedback on the quality of the services and various measures are also required, so that better services and the plate structure of the platform are improved. Therefore, the internet has a large number of opinion feedback and voting systems, but the two modes can not be separated, one mode is completely anonymous, and the other mode is required to be authenticated by users. An anonymous opinion feedback system is very useful for enterprises to collect true opinion feedback, but a completely anonymous system is vulnerable to attacks, which can forge feedback opinions using a large number of anonymous account numbers.
[ summary of the invention ]
The present invention is directed to overcoming the disadvantages and drawbacks of the prior art by providing a secure anonymous opinion feedback system.
The invention relates to a safe anonymous opinion feedback system, which adopts the following steps:
the method comprises the following steps: the establishment of the anonymous account adopts the following steps:
(1) Information collection: collecting three different employee related information data, wherein the three information data are employee information data, employee enterprise computer system information data and private key data of an internal anonymous account system respectively to form combined basic information source data;
(2) Generating a hash value through a sha256 algorithm on the basic information source data collected in the step (1), wherein the hash value is used as an anonymous account of the user;
(3) Taking the hash value in the step (2) in the step one as an account number, generating a JSON Web token asymmetrically encrypted by RSA, and converting the JSON Web token into a two-dimensional code;
step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply;
step three: and the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as the user name, and a corresponding feedback request is processed.
Further, in the step one, the employee information data in the step (1) is used for helping the employee to log in an enterprise internal employee information system through SPNEGO and Kerberos technologies to obtain the employee information.
Further, the information data of the enterprise computer system in the step one (1) is collected: the method is characterized in that the enterprise computer system information of the employee is collected at a browser end by using a finger printjs2 technology.
The invention has the beneficial effects that: the invention relates to a safe anonymous opinion feedback system, which collects three different employee related information data to form basic information source data, can generate an anonymous account number which can be identified by an enterprise and is based on a hash value for each employee, correspondingly converts the anonymous account number into a token, and converts the token into a two-dimensional code for the employee to log in; the system is convenient to use, and can ensure that the staff can not only feel confident about feedback information because the system can not identify the staff to which the anonymous account belongs, but also ensure that one anonymous account is used by one person and can not be attacked by forged users.
[ description of the drawings ]
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:
FIG. 1 is a schematic of the flow topology of the present invention;
FIG. 2 is an enlarged view of the left half of FIG. 1;
fig. 3 is an enlarged view of the right half of fig. 1.
[ detailed description ] embodiments
The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are only intended to illustrate the present invention, but not to limit the present invention.
As shown in fig. 1 to fig. 3, the system for feeding back anonymous opinions in this embodiment includes the following steps:
the method comprises the following steps: the establishment of the anonymous account adopts the following steps:
(1) Information collection: collecting three different employee related information data, wherein the three information data are employee information data, employee enterprise computer system information data and private key data of an internal anonymous account system respectively to form combined basic information source data;
(2) Generating a hash value through a sha256 algorithm on the basic information source data collected in the step (1), wherein the hash value is used as an anonymous account of the user;
(3) Taking the hash value in the step (2) in the step one as an account number, generating a JSON Web token asymmetrically encrypted by RSA, and converting the JSON Web token into a two-dimensional code;
step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply;
step three: and the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as the user name, and a corresponding feedback request is processed.
Further, the employee information data in step (1) in the first step is obtained by logging in an enterprise internal employee information system through SPNEGO and Kerberos technologies.
Further, the information data of the enterprise computer system in the step one (1) is collected: the method is characterized in that the enterprise computer system information of an employee is collected by using finger printjs2 technology at a browser end.
The working principle of the invention is as follows:
the invention aims at the problem that a completely anonymous system is easy to attack, and an attacker can forge feedback opinions by using a large number of anonymous account numbers. Therefore, in practice, the problems to be solved are: when the opinion feedback is carried out in the enterprise, in order to prevent the above problems from occurring and causing the unreality of the feedback opinion, an anonymous account number which can be identified by the enterprise is generated for each employee, but the account number cannot contain employee information. Is a means for solving the above problems.
The invention consists of three parts, namely an internal anonymous account system, an anonymous feedback system mobile phone client and an anonymous feedback system server.
1. Internal anonymous account system: and the system is responsible for generating an anonymous account number which can be identified by a business for each employee.
The core technology is as follows: collecting 3 kinds of different relevant information of the employee, wherein the 3 kinds of information can be obtained only after the employee logs in the system on the computer of the employee, and then generating a hash value by using the 3 kinds of information through a sha256 algorithm to serve as an anonymous account number of the user. The anonymous account is used in the anonymous feedback system, so that each employee can only generate one anonymous account, and thus, the attack of forged users is prevented.
The above-mentioned 3 kinds of information are specifically stated as follows:
(1) The method comprises the steps that employees log in an employee information system in an enterprise through SPNEGO and Kerberos technologies to obtain employee information; for example, the employee number and the employee name are guaranteed to be operated by the employee.
(2) Collecting enterprise computer system information of the employee by using a finger printjs2 technology at a browser end; such as browser version and screen resolution, etc., that ensures that the anonymous account cannot be broken in a forward exhaustive manner (or violently if only employee information is used). However, since the computer is mass-produced, the device information cannot be guaranteed to be unique, and the device information needs to be used in combination with the first information.
(3) The first information is public, the second information can be found in the employee computer, but how to ensure that the hash value is generated by the system of the invention, the invention adds a secret key. In addition, the hash value is used as an account number, a JSON Web Token (JWT) which is asymmetrically encrypted by RSA is generated, and finally the token is converted into a two-dimensional code.
2. And (3) an anonymous feedback system mobile phone client, which opens the camera and reads the token generated in the step (1) to be used as a user access credential and provides a user interface for feedback creation, reply and the like.
3. And (3) an anonymous feedback system server, which verifies the token by using the RSA public key corresponding to the step (1), and if the verification is successful, uses the hash value as a user name and processes a corresponding feedback request.
The specific process of the invention is as follows:
(1) The employee requests the two-dimensional code, and the browser used by the employee acquires enterprise computer system information (equipment information) of the employee through a finger printjs2 technology at the moment;
(2) The employee information system verifies and acquires employee information through SPNEGO and Kerberos technologies; generating private key data by the internal anonymous account system;
(3) Generating a hash value through a sha256 algorithm, wherein the hash value is used as an anonymous account number of the user;
(4) Generating a JSON Web token asymmetrically encrypted by RSA by taking the hash value as an account, and converting the JSON Web token into a two-dimensional code;
(5) Then the mobile phone client opens the camera and reads the token generated in the step 1 as a user access credential, and provides a user interface for feedback creation and reply;
(6) The anonymous feedback system server verifies the token by using an RSA public key, and if the verification is successful, the hash value is used as a user name and a corresponding feedback request is processed;
(7) And after the feedback data are processed, the feedback data are collected in a feedback database to form feedback big data information.
The invention relates to a safe anonymous opinion feedback system, which collects three different employee related information data to form basic information source data, can generate an anonymous account number which can be identified by an enterprise and is based on a hash value for each employee, correspondingly converts the anonymous account number into a token, and converts the token into a two-dimensional code for the employee to log in; the system has the advantages that the system is convenient to use, and can not only enable employees to feel relieved about feedback of information, but also ensure that one anonymous account number can not be identified by the system and can not be attacked by forged users.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and all equivalent changes and modifications made based on the features and principles described in the claims of the present invention are included in the scope of the present invention.

Claims (1)

1. A secure anonymous opinion feedback system, comprising the steps of:
the method comprises the following steps: the establishment of the anonymous account adopts the following steps:
(1) Information collection: collecting three different employee related information data, wherein the three information data are employee information data, employee enterprise computer system information data and private key data of an internal anonymous account system respectively to form combined basic information source data;
(2) Generating a hash value through a sha256 algorithm on the basic information source data collected in the step (1), wherein the hash value is used as an anonymous account of the user;
(3) Taking the hash value in the step (2) in the step one as an account number, generating a JSON Web token asymmetrically encrypted by RSA, and converting the JSON Web token into a two-dimensional code;
step two: the mobile phone client of the anonymous feedback system opens the camera and reads the token generated in the step one to serve as a user access credential, and provides a user interface for feedback creation and reply;
step three: the server side of the anonymous feedback system verifies the token by using the RSA public key corresponding to the step one, and if the verification is successful, the hash value is used as a user name and a corresponding feedback request is processed; the employee information data in the step (1) in the step one helps employees to log in an enterprise internal employee information system through SPNEGO and Kerberos technologies to obtain employee information;
the method is characterized in that: acquiring information data of the enterprise computer system in the step (1): the method is characterized in that the enterprise computer system information of an employee is collected by using finger printjs2 technology at a browser end.
CN202010068595.XA 2020-01-21 2020-01-21 Safe anonymous opinion feedback system Active CN113225295B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010068595.XA CN113225295B (en) 2020-01-21 2020-01-21 Safe anonymous opinion feedback system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010068595.XA CN113225295B (en) 2020-01-21 2020-01-21 Safe anonymous opinion feedback system

Publications (2)

Publication Number Publication Date
CN113225295A CN113225295A (en) 2021-08-06
CN113225295B true CN113225295B (en) 2022-10-25

Family

ID=77085153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010068595.XA Active CN113225295B (en) 2020-01-21 2020-01-21 Safe anonymous opinion feedback system

Country Status (1)

Country Link
CN (1) CN113225295B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109299617A (en) * 2018-09-19 2019-02-01 中国农业银行股份有限公司贵州省分行 A kind of file encryption and decryption system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468115B (en) * 2013-10-28 2017-10-10 安信通科技(澳门)有限公司 information system access authentication method and device
CN105162764A (en) * 2015-07-30 2015-12-16 北京石盾科技有限公司 Dual authentication method, system and device for SSH safe login
US20180212956A1 (en) * 2017-01-24 2018-07-26 Ca, Inc. Anonymous token authentication
CN107194551A (en) * 2017-05-11 2017-09-22 深圳市柘叶红实业有限公司 Staff electronic information management system and management method
CN108521429A (en) * 2018-04-20 2018-09-11 黄绍进 A kind of the Internet, applications access method and device of anonymity
CN109639740B (en) * 2019-01-31 2022-02-22 平安科技(深圳)有限公司 Login state sharing method and device based on equipment ID

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109299617A (en) * 2018-09-19 2019-02-01 中国农业银行股份有限公司贵州省分行 A kind of file encryption and decryption system

Also Published As

Publication number Publication date
CN113225295A (en) 2021-08-06

Similar Documents

Publication Publication Date Title
AU2021206913B2 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
US7519558B2 (en) Biometrically enabled private secure information repository
US7571472B2 (en) Methods and apparatus for credential validation
US7840813B2 (en) Method and system with authentication, revocable anonymity and non-repudiation
US7836298B2 (en) Secure identity management
US8327421B2 (en) System and method for identity consolidation
CN100461667C (en) Method and system for proof-of-possession operations associated with authentication assertions in a heterogeneous federated environment
US20220303268A1 (en) Passwordless login
CN101291227A (en) Password inputting method, device and system
Nagaraju et al. SecAuthn: provably secure multi-factor authentication for the cloud computing systems
CN104767616A (en) Message processing method, system and related device
US20070198712A1 (en) Method and apparatus for biometric security over a distributed network
CN1992592A (en) System and method of dynamic password identification
US20120066497A1 (en) Method and device for enabling portable user reputation
CN113225295B (en) Safe anonymous opinion feedback system
Zhang et al. A secure biometric authentication based on PEKS
US20050076213A1 (en) Self-enrollment and authentication method
CN114036485A (en) Face characteristic cooperative protection safety authentication system under public network
CN109034944A (en) With the data information maintaining method and device of people multi-user
Obed-Emeribe Multimodal biometric technology system framework and e-commerce in Emerging Markets
JP2004013865A (en) Personal identification method by associative memory
Kuznetsov et al. Deep learning-based biometric cryptographic key generation with post-quantum security
Raja et al. Effective Method of Web Site Authentication Using Finger Print Verification
Martin et al. Implementing webIDs+ biometrics.
Ravimaran et al. Reliable and Fault Tolerant Mobile Transaction Paradigmusing Surrogate Object

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant