CN113239334A - Big data security access control system - Google Patents

Big data security access control system Download PDF

Info

Publication number
CN113239334A
CN113239334A CN202110509210.3A CN202110509210A CN113239334A CN 113239334 A CN113239334 A CN 113239334A CN 202110509210 A CN202110509210 A CN 202110509210A CN 113239334 A CN113239334 A CN 113239334A
Authority
CN
China
Prior art keywords
information
data
user
data access
big data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110509210.3A
Other languages
Chinese (zh)
Inventor
李旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110509210.3A priority Critical patent/CN113239334A/en
Publication of CN113239334A publication Critical patent/CN113239334A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a big data security access control system which can determine the data access authority of a data access user according to the acquired characteristic information of the data access user, and then sends a data access request to a big data cloud server according to the data access authority so as to open a specific big data storage space to a mobile terminal for data access, and simultaneously monitors the data access action of the mobile terminal in the big data access process so as to determine whether the condition of violation of data access exists, so that the safety of big data access can be greatly improved, the data tampering can be effectively avoided, and the normal and safe operation of a big database can be ensured to the maximum extent.

Description

Big data security access control system
Technical Field
The invention relates to the technical field of data security management, in particular to a big data security access control system.
Background
At present, a big data technology is widely applied to different fields such as finance, medical treatment and the like, and mass user data can be efficiently and accurately analyzed by means of the big data technology, so that the financial state or the physical state of a user can be predicted in a targeted manner. The big data technology generally relates to personal privacy data of a user, and the data security of the personal privacy data needs to be ensured while the personal privacy data are analyzed, so that corresponding security verification needs to be carried out on the user accessing the big database. In the prior art, the identity of a user is safely verified in a password verification mode, but the safety verification mode is too simple and is easily broken to cause data safety hidden dangers, and meanwhile, in the data access process of the user, the data access action of a monitor cannot be carried out in the prior art, so that the situation of data tampering cannot be avoided.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a big data security access control system which comprises a user information acquisition module, a user information authentication module, a mobile terminal, a big data cloud server and an Internet of things communication module; the user information acquisition module is used for acquiring characteristic information corresponding to a data access user; the user information authentication module is used for analyzing and authenticating the characteristic information so as to determine the data access authority of the data access user; the mobile terminal is connected with the big data cloud server through the Internet of things communication module; the mobile terminal is also connected with the user information authentication module and is used for sending a data access request to the big data cloud server according to the data access authority; the big data cloud server is used for opening a corresponding big data storage interval to the mobile terminal according to the data access request and monitoring data access actions of the mobile terminal in a big data access process; therefore, the big data security access control system can determine the data access authority of the data access user according to the acquired characteristic information of the data access user, and then sends a data access request to the big data cloud server according to the data access authority, so that a specific big data storage space is opened for data access to the mobile terminal, and meanwhile, the data access action of the mobile terminal in the big data access process is monitored, so that whether the condition of data access violation exists or not is determined, the safety of big data access can be greatly improved, data tampering is effectively avoided, and the normal and safe operation of a big database is guaranteed to the maximum extent.
The invention provides a big data security access control system which is characterized by comprising a user information acquisition module, a user information authentication module, a mobile terminal, a big data cloud server and an Internet of things communication module; wherein the content of the first and second substances,
the user information acquisition module is used for acquiring characteristic information corresponding to a data access user;
the user information authentication module is used for analyzing and authenticating the characteristic information so as to determine the data access authority of the data access user;
the mobile terminal is connected with the big data cloud server through the Internet of things communication module;
the mobile terminal is also connected with the user information authentication module and is used for sending a data access request to the big data cloud server according to the data access authority;
the big data cloud server is used for opening a corresponding big data storage interval to the mobile terminal according to the data access request and monitoring a data access action of the mobile terminal in a big data access process;
further, the user information acquisition module comprises an image acquisition unit, a sound acquisition unit, an image processing unit and a sound processing unit; wherein the content of the first and second substances,
the image acquisition unit is used for shooting the data access user so as to obtain a face image of the data access user;
the sound acquisition unit is used for acquiring sound of the data access user so as to obtain a sound signal from the data access user;
the image processing unit is used for processing the face image so as to obtain the face feature information of the data access user;
the sound processing unit is used for processing the sound signal so as to obtain sound characteristic information of the data access user;
further, the image acquisition unit comprises a binocular camera;
the binocular camera is used for shooting a binocular face image of the face area of the data access user;
the image processing unit comprises an image preprocessor and an image contour extractor; wherein the content of the first and second substances,
the image preprocessor is used for performing Kalman filtering processing on the binocular face image so as to remove image background noise of the binocular face image;
the image contour extractor is used for generating a three-dimensional face image of the face area according to the binocular face image subjected to Kalman filtering; extracting corresponding three-dimensional facial feature information from the three-dimensional facial image, and taking the three-dimensional facial feature information as the facial feature information;
further, the sound collection unit includes a microphone array;
the microphone array is used for collecting sound signals from the data access user in different directions;
the sound processing unit comprises a sound signal preprocessor and a voiceprint feature extractor; wherein the content of the first and second substances,
the sound signal preprocessor is used for carrying out environmental noise filtering processing on the sound signal so as to remove an environmental noise component of the sound signal;
the voiceprint feature extractor is used for extracting voiceprint feature information corresponding to the data access user from the voice signal subjected to the environmental noise filtering processing, and the voiceprint feature information is used as the voice feature information;
further, the analyzing and authenticating the characteristic information by the user information authentication module, so as to determine the data access authority of the data access user specifically includes:
according to the facial feature information and the sound feature information, legal user identity information matched with the facial feature information on a facial contour and the sound feature information on a voiceprint is determined from a preset legal user database;
according to the legal user identity information, determining data type information which is browsed once by a user corresponding to the legal user identity information in the historical process of data browsing of the big data cloud server;
determining the data access authority of the data access user according to the data type information browsed once;
further, the step of determining, by the user information authentication module, valid user identity information matched with the facial feature information on a facial contour and the voice feature information on a voiceprint from a preset valid user database according to the facial feature information and the voice feature information specifically includes:
extracting corresponding facial feature contour feature information from the facial feature information, and determining a plurality of previous legal user identity information with the highest similarity to the facial feature contour feature information from the preset legal user database, thereby forming a legal user identity information set;
extracting corresponding voiceprint characteristic information from the voice characteristic information, and determining legal user identity information with first high similarity to the voiceprint characteristic information from the legal user identity information set so as to serve as finally determined legal user identity information;
further, the determining, by the user information authentication module, the data access right of the data access user according to the data type information browsed once specifically includes:
determining respective data security levels of all the once browsed data from the once browsed data type information, and taking the access authority of the data with the highest data security level as the data access authority of the data access user;
further, extracting corresponding facial feature contour feature information from the facial feature information, and determining a plurality of first legal user identity information with the highest similarity to the facial feature contour feature information from the preset legal user database, so as to form a legal user identity information set specifically comprising:
extracting corresponding facial feature contour feature information C from the facial feature information;
calculating the similarity between the facial contour feature information in a preset legal user database according to the following formula (1):
Figure BDA0003059643340000041
in the above formula (1), HiRepresenting facial feature information of the ith user in a preset legal user database, DOS representing a similarity function, diRepresenting the similarity between the facial features and facial features of the ith user in a preset legal user database, wjRepresenting the proportion of the eye contour information in the facial feature information, cjAn information set h representing all the eye contour information extracted from the facial feature informationjRepresenting the eye contour information in the facial feature contour information of the ith user in a preset legal user database;
forming a legal user identity information set according to the following formula (2):
K={kl=Qi|di∈{MID(rand(di),a)}} (2)
in the above formula (2), K represents a set of legal user identity information, KlRepresenting information corresponding to the ith element in the set of identity information of a legitimate user, QiInformation representing the ith user in a database of pre-set legitimate users, MID (d)i) A) is in the sequence rand (d)i) Middle cut the first a elements, rand (d)i) Representing according to the degree of similarity diArranging user information of a preset legal user database in a descending order, wherein a represents a preset element interception quantity value;
further, the step of sending, by the mobile terminal, a data access request to the big data cloud server according to the data access permission specifically includes:
determining the data type and data creation time of the data allowed to be accessed according to the data access authority;
compressing and packaging the data type and the data creation time to form a corresponding data access request, and then sending the data access request to the big data cloud server;
the step of opening a corresponding big data storage interval to the mobile terminal by the big data cloud server according to the data access request specifically includes:
analyzing the data type and data creation time of the data allowed to be accessed from the data access request;
traversing and querying a big data storage space of the big data cloud server by taking the data type and the data creation time as index information, so as to determine a big data storage interval matched with the data type and/or the data creation time, and opening the corresponding big data storage interval to the mobile terminal;
further, the monitoring of the data access action of the mobile terminal in the big data access process by the big data cloud server specifically includes:
monitoring whether data access actions of data deletion, data shearing or data tampering exist in the process of accessing the big data in the big data storage interval by the mobile terminal; if the mobile terminal exists, interrupting the communication connection between the mobile terminal and the big data cloud server, and meanwhile adding the physical address information of the mobile terminal into an access prohibition blacklist of the big data cloud server; and if the current data access action does not exist, keeping the current data access action of the mobile terminal unchanged.
Compared with the prior art, the big data security access control system comprises a user information acquisition module, a user information authentication module, a mobile terminal, a big data cloud server and an Internet of things communication module; the user information acquisition module is used for acquiring characteristic information corresponding to a data access user; the user information authentication module is used for analyzing and authenticating the characteristic information so as to determine the data access authority of the data access user; the mobile terminal is connected with the big data cloud server through the Internet of things communication module; the mobile terminal is also connected with the user information authentication module and is used for sending a data access request to the big data cloud server according to the data access authority; the big data cloud server is used for opening a corresponding big data storage interval to the mobile terminal according to the data access request and monitoring data access actions of the mobile terminal in a big data access process; therefore, the big data security access control system can determine the data access authority of the data access user according to the acquired characteristic information of the data access user, and then sends a data access request to the big data cloud server according to the data access authority, so that a specific big data storage space is opened for data access to the mobile terminal, and meanwhile, the data access action of the mobile terminal in the big data access process is monitored, so that whether the condition of data access violation exists or not is determined, the safety of big data access can be greatly improved, data tampering is effectively avoided, and the normal and safe operation of a big database is guaranteed to the maximum extent.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a big data security access control system provided by the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of a big data security access control system according to an embodiment of the present invention. The big data security access control system comprises a user information acquisition module, a user information authentication module, a mobile terminal, a big data cloud server and an Internet of things communication module; wherein the content of the first and second substances,
the user information acquisition module is used for acquiring characteristic information corresponding to a data access user;
the user information authentication module is used for analyzing and authenticating the characteristic information so as to determine the data access authority of the data access user;
the mobile terminal is connected with the big data cloud server through the Internet of things communication module;
the mobile terminal is also connected with the user information authentication module and is used for sending a data access request to the big data cloud server according to the data access authority;
the big data cloud server is used for opening a corresponding big data storage interval to the mobile terminal according to the data access request, and monitoring data access actions of the mobile terminal in a big data access process.
The beneficial effects of the above technical scheme are: the big data security access control system can determine the data access authority of a data access user according to the acquired characteristic information of the data access user, and then sends a data access request to the big data cloud server according to the data access authority, so that a specific big data storage space is opened for data access to the mobile terminal, and meanwhile, the data access action of the mobile terminal in the big data access process is monitored, so that whether the condition of data access violation exists or not is determined, the safety of big data access can be greatly improved, data tampering is effectively avoided, and the normal and safe operation of a big database is guaranteed to the maximum extent.
Preferably, the user information acquisition module comprises an image acquisition unit, a sound acquisition unit, an image processing unit and a sound processing unit; wherein the content of the first and second substances,
the image acquisition unit is used for shooting the data access user so as to obtain a face image of the data access user;
the sound acquisition unit is used for acquiring sound of the data access user so as to obtain a sound signal from the data access user;
the image processing unit is used for processing the face image so as to obtain the face characteristic information of the data access user;
the sound processing unit is used for processing the sound signal so as to obtain the sound characteristic information of the data access user.
The beneficial effects of the above technical scheme are: the method comprises the steps that a data access user is shot and image acquisition is carried out, so that a face image and a sound signal of the data access user are obtained; because the face and the sound of the data access user are unique, the face image and the sound signal are collected and analyzed, the face characteristic information and the sound characteristic information of the data access user can be accurately obtained, and therefore the data access authority of the data access user can be conveniently and quickly determined subsequently.
Preferably, the image acquisition unit comprises a binocular camera;
the binocular camera is used for shooting a binocular face image of the face area of the data access user;
the image processing unit comprises an image preprocessor and an image contour extractor; wherein the content of the first and second substances,
the image preprocessor is used for performing Kalman filtering processing on the binocular face image so as to remove image background noise of the binocular face image;
the image contour extractor is used for generating a three-dimensional face image of the face area according to the binocular face image subjected to Kalman filtering; and extracting corresponding three-dimensional facial feature information from the three-dimensional facial image, wherein the three-dimensional facial feature information is taken as the facial feature information.
The beneficial effects of the above technical scheme are: the data access user is shot in a binocular shooting mode, and a corresponding three-dimensional face image is formed, so that the three-dimensional facial feature information of the data access user can be accurately obtained.
Preferably, the sound collection unit includes a microphone array;
the microphone array is used for collecting sound signals from the data access user in different directions;
the sound processing unit comprises a sound signal preprocessor and a voiceprint feature extractor; wherein the content of the first and second substances,
the sound signal preprocessor is used for carrying out environmental noise filtering processing on the sound signal so as to remove the environmental noise component of the sound signal;
the voiceprint feature extractor is used for extracting voiceprint feature information corresponding to the data access user from the voice signal after the environmental noise filtering processing, and the voiceprint feature information is used as the voice feature information.
The beneficial effects of the above technical scheme are: and the data access user is subjected to multi-directional sound collection in a microphone array mode, and corresponding voiceprints are formed, so that the voiceprint characteristic information of the data access user can be accurately obtained.
Preferably, the analyzing and authenticating the characteristic information by the user information authentication module, so as to determine the data access authority of the data access user specifically includes:
according to the face feature information and the sound feature information, legal user identity information matched with the face feature information on a face contour and the sound feature information on a voiceprint is determined from a preset legal user database;
according to the legal user identity information, determining data type information which is browsed once by a user corresponding to the legal user identity information in the historical process of data browsing of the big data cloud server;
and determining the data access authority of the data access user according to the data type information browsed once.
The beneficial effects of the above technical scheme are: the dual feature information of the face feature information and the sound feature information is utilized to determine the corresponding legal user identity information from the preset legal user database, so that the determination reliability of the legal user identity information can be improved, and the condition of false confirmation is avoided.
Preferably, the step of determining, by the user information authentication module, valid user identity information matched with the facial feature information on a facial contour and the voice feature information on a voiceprint from a preset valid user database according to the facial feature information and the voice feature information specifically includes:
extracting corresponding facial feature contour feature information from the facial feature information, and determining a plurality of previous legal user identity information with the highest similarity to the facial feature contour feature information from the preset legal user database, thereby forming a legal user identity information set;
extracting corresponding voiceprint characteristic information from the voice characteristic information, and determining legal user identity information with first high similarity to the voiceprint characteristic information from the legal user identity information set so as to serve as finally determined legal user identity information.
The beneficial effects of the above technical scheme are: the process utilizes the facial feature contour feature information and the voiceprint feature information to carry out two-step determination on the identity information of the legal user, so that the identity information of the legal user can be determined one by one in a small range, and the workload for determining the identity information of the legal user is greatly reduced.
Preferably, the determining, by the user information authentication module, the data access right of the data access user according to the data type information that has been browsed includes:
determining the respective data security levels of all the once browsed data from the once browsed data type information, and taking the access authority of the data with the highest data security level as the data access authority of the data access user.
The beneficial effects of the above technical scheme are: the data access authority of the data access user can be quickly determined under the condition that the access authority is not required to be determined again, so that the condition that the data access user is subjected to unauthorized access is effectively avoided.
Preferably, extracting corresponding facial feature contour feature information from the facial feature information, and determining the first several pieces of legal user identity information with the highest similarity to the facial feature contour feature information from the preset legal user database, so as to form a legal user identity information set specifically comprising:
extracting corresponding facial feature contour feature information C from the facial feature information;
calculating the similarity between the facial features contour feature information and facial features contour feature information of users in a preset legal user database according to the following formula (1):
Figure BDA0003059643340000111
in the above formula (1), HiRepresenting facial feature information of the ith user in a preset legal user database, DOS representing a similarity function, diRepresenting the similarity between the facial feature information of the facial features and the facial feature information of the ith user in a preset legal user database, wjRepresenting the proportion of the eye contour information in the facial feature information of the five sense organs, cjAn information set h representing all the eye contour information extracted from the facial feature informationjRepresenting the eye contour information in the facial feature contour information of the ith user in a preset legal user database;
forming a legal user identity information set according to the following formula (2):
K={kl=Qi|di∈{MID(rand(di),a)}} (2)
in the above formula (2), K represents a set of legal user identity information, KlRepresenting information corresponding to the ith element in the set of identity information of a legitimate user, QiInformation representing the ith user in a database of pre-set legitimate users, MID (d)i) A) is in the sequence rand (d)i) Middle cut the first a elements, rand (d)i) Representing according to the degree of similarity diAnd (4) arranging the user information of the preset legal user database in a descending order, wherein a represents the interception quantity value of the preset element.
The beneficial effects of the above technical scheme are: because the eye contour information in the facial features contour feature information can represent the facial features of the user better, the similarity between the facial features contour feature information and the eye contour information of the user in the preset legal user database can be accurately determined under the condition of small calculation workload, so that the difficulty of similarity calculation is greatly reduced, and the reliability of similarity calculation is improved.
Preferably, the sending, by the mobile terminal, the data access request to the big data cloud server according to the data access permission specifically includes:
determining the data type and data creation time of the data allowed to be accessed according to the data access authority;
compressing and packaging the data type and the data creation time to form a corresponding data access request, and then sending the data access request to the big data cloud server;
the step of opening a corresponding big data storage interval to the mobile terminal by the big data cloud server according to the data access request specifically includes:
analyzing the data type and data creation time of the data allowed to be accessed from the data access request;
and traversing and querying the big data storage space of the big data cloud server by taking the data type and the data creation time as index information, so as to determine a big data storage interval matched with the data type and/or the data creation time, and opening the corresponding big data storage interval to the mobile terminal.
The beneficial effects of the above technical scheme are: compressing and packaging the data type and the data creation time to form a data access request, so that the response speed of the big data cloud server to the data access request can be improved; and traversing and querying the big data storage space of the big data cloud server by taking the data type and the data creation time as index information, so that the corresponding big data storage interval can be quickly and accurately determined to be opened to the mobile terminal, and the condition that the big data storage interval is left open is avoided.
Preferably, the monitoring, by the cloud big-data server, of the data access action of the mobile terminal in the big-data access process specifically includes:
monitoring whether data access actions of data deletion, data shearing or data tampering exist in the process of accessing the big data of the big data storage interval by the mobile terminal; if the address information exists, the communication connection between the mobile terminal and the big data cloud server is interrupted, and meanwhile, the physical address information of the mobile terminal is added into an access prohibition blacklist of the big data cloud server; and if the current data access action does not exist, keeping the current data access action of the mobile terminal unchanged.
The beneficial effects of the above technical scheme are: the process determines whether the condition of violation of data access exists by monitoring the data access action of the mobile terminal in the big data access process, and timely interrupts the communication connection between the mobile terminal and the big data cloud server when the data access action of data deletion, data shearing or data tampering exists, so that the safety of big data access is greatly improved, and data tampering is effectively avoided.
According to the content of the embodiment, the big data security access control system comprises a user information acquisition module, a user information authentication module, a mobile terminal, a big data cloud server and an internet of things communication module; the user information acquisition module is used for acquiring characteristic information corresponding to a data access user; the user information authentication module is used for analyzing and authenticating the characteristic information so as to determine the data access authority of the data access user; the mobile terminal is connected with the big data cloud server through the Internet of things communication module; the mobile terminal is also connected with the user information authentication module and is used for sending a data access request to the big data cloud server according to the data access authority; the big data cloud server is used for opening a corresponding big data storage interval to the mobile terminal according to the data access request and monitoring data access actions of the mobile terminal in a big data access process; therefore, the big data security access control system can determine the data access authority of the data access user according to the acquired characteristic information of the data access user, and then sends a data access request to the big data cloud server according to the data access authority, so that a specific big data storage space is opened for data access to the mobile terminal, and meanwhile, the data access action of the mobile terminal in the big data access process is monitored, so that whether the condition of data access violation exists or not is determined, the safety of big data access can be greatly improved, data tampering is effectively avoided, and the normal and safe operation of a big database is guaranteed to the maximum extent.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. The big data security access control system is characterized by comprising a user information acquisition module, a user information authentication module, a mobile terminal, a big data cloud server and an Internet of things communication module; wherein the content of the first and second substances,
the user information acquisition module is used for acquiring characteristic information corresponding to a data access user;
the user information authentication module is used for analyzing and authenticating the characteristic information so as to determine the data access authority of the data access user;
the mobile terminal is connected with the big data cloud server through the Internet of things communication module;
the mobile terminal is also connected with the user information authentication module and is used for sending a data access request to the big data cloud server according to the data access authority;
and the big data cloud server is used for opening a corresponding big data storage interval to the mobile terminal according to the data access request and monitoring the data access action of the mobile terminal in the big data access process.
2. The big data security access control system of claim 1, wherein:
the user information acquisition module comprises an image acquisition unit, a sound acquisition unit, an image processing unit and a sound processing unit; wherein the content of the first and second substances,
the image acquisition unit is used for shooting the data access user so as to obtain a face image of the data access user;
the sound acquisition unit is used for acquiring sound of the data access user so as to obtain a sound signal from the data access user;
the image processing unit is used for processing the face image so as to obtain the face feature information of the data access user;
the sound processing unit is used for processing the sound signal so as to obtain the sound characteristic information of the data access user.
3. The big data security access control system of claim 2, wherein:
the image acquisition unit comprises a binocular camera;
the binocular camera is used for shooting a binocular face image of the face area of the data access user;
the image processing unit comprises an image preprocessor and an image contour extractor; wherein the content of the first and second substances,
the image preprocessor is used for performing Kalman filtering processing on the binocular face image so as to remove image background noise of the binocular face image;
the image contour extractor is used for generating a three-dimensional face image of the face area according to the binocular face image subjected to Kalman filtering; and extracting corresponding three-dimensional facial feature information from the three-dimensional facial image, wherein the three-dimensional facial feature information is taken as the facial feature information.
4. The big data security access control system of claim 2, wherein:
the sound collection unit comprises a microphone array;
the microphone array is used for collecting sound signals from the data access user in different directions;
the sound processing unit comprises a sound signal preprocessor and a voiceprint feature extractor; wherein the content of the first and second substances,
the sound signal preprocessor is used for carrying out environmental noise filtering processing on the sound signal so as to remove an environmental noise component of the sound signal;
the voiceprint feature extractor is used for extracting voiceprint feature information corresponding to the data access user from the voice signal after the environmental noise filtering processing, and the voiceprint feature information is used as the voice feature information.
5. The big data security access control system of claim 2, wherein:
the user information authentication module analyzes and authenticates the characteristic information, so that the step of determining the data access authority of the data access user specifically comprises the following steps:
according to the facial feature information and the sound feature information, legal user identity information matched with the facial feature information on a facial contour and the sound feature information on a voiceprint is determined from a preset legal user database;
according to the legal user identity information, determining data type information which is browsed once by a user corresponding to the legal user identity information in the historical process of data browsing of the big data cloud server;
and determining the data access authority of the data access user according to the data type information browsed once.
6. The big data security access control system of claim 5, wherein:
the step of determining, by the user information authentication module, valid user identity information matched with the face feature information on a face contour and the sound feature information on a voiceprint from a preset valid user database according to the face feature information and the sound feature information specifically includes:
extracting corresponding facial feature contour feature information from the facial feature information, and determining a plurality of previous legal user identity information with the highest similarity to the facial feature contour feature information from the preset legal user database, thereby forming a legal user identity information set;
extracting corresponding voiceprint characteristic information from the voice characteristic information, and determining legal user identity information with first high similarity to the voiceprint characteristic information from the legal user identity information set so as to serve as finally determined legal user identity information.
7. The big data security access control system of claim 5, wherein:
the step of determining, by the user information authentication module, the data access right of the data access user according to the data type information browsed once specifically includes:
determining the respective data security levels of all the once browsed data from the once browsed data type information, and taking the access authority of the data with the highest data security level as the data access authority of the data access user.
8. The big data security access control system of claim 6, wherein:
extracting corresponding facial feature contour feature information from the facial feature information, and determining a plurality of previous legal user identity information with the highest similarity to the facial feature contour feature information from the preset legal user database, so as to form a legal user identity information set, which specifically comprises:
extracting corresponding facial feature contour feature information C from the facial feature information;
calculating the similarity between the facial contour feature information in a preset legal user database according to the following formula (1):
Figure FDA0003059643330000041
in the above formula (1), HiRepresenting facial feature information of the ith user in a preset legal user database, DOS representing a similarity function, diRepresenting the similarity between the facial features and facial features of the ith user in a preset legal user database, wjRepresenting the proportion of the eye contour information in the facial feature information, cjAn information set h representing all the eye contour information extracted from the facial feature informationjRepresenting the eye contour information in the facial feature contour information of the ith user in a preset legal user database;
forming a legal user identity information set according to the following formula (2):
K={kl=Qi|di∈{MID(rand(di),a)}} (2)
in the above formula (2), K represents a set of legal user identity information, KlRepresenting information corresponding to the ith element in the set of identity information of a legitimate user, QiInformation representing the ith user in a database of pre-set legitimate users, MID (d)i) A) is in the sequence rand (d)i) Middle cut the first a elements, rand (d)i) Representing according to the degree of similarity diAnd (4) arranging the user information of the preset legal user database in a descending order, wherein a represents the interception quantity value of the preset element.
9. The big data security access control system of claim 1, wherein:
the step of sending a data access request to the big data cloud server by the mobile terminal according to the data access permission specifically comprises the following steps:
determining the data type and data creation time of the data allowed to be accessed according to the data access authority;
compressing and packaging the data type and the data creation time to form a corresponding data access request, and then sending the data access request to the big data cloud server;
the step of opening a corresponding big data storage interval to the mobile terminal by the big data cloud server according to the data access request specifically includes:
analyzing the data type and data creation time of the data allowed to be accessed from the data access request;
and traversing and querying the big data storage space of the big data cloud server by taking the data type and the data creation time as index information, so as to determine a big data storage interval matched with the data type and/or the data creation time, and opening the corresponding big data storage interval to the mobile terminal.
10. The big data security access control system of claim 1, wherein:
the monitoring of the data access action of the mobile terminal in the big data access process by the big data cloud server specifically comprises the following steps:
monitoring whether data access actions of data deletion, data shearing or data tampering exist in the process of accessing the big data in the big data storage interval by the mobile terminal; if the mobile terminal exists, interrupting the communication connection between the mobile terminal and the big data cloud server, and meanwhile adding the physical address information of the mobile terminal into an access prohibition blacklist of the big data cloud server; and if the current data access action does not exist, keeping the current data access action of the mobile terminal unchanged.
CN202110509210.3A 2021-05-11 2021-05-11 Big data security access control system Withdrawn CN113239334A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110509210.3A CN113239334A (en) 2021-05-11 2021-05-11 Big data security access control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110509210.3A CN113239334A (en) 2021-05-11 2021-05-11 Big data security access control system

Publications (1)

Publication Number Publication Date
CN113239334A true CN113239334A (en) 2021-08-10

Family

ID=77133409

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110509210.3A Withdrawn CN113239334A (en) 2021-05-11 2021-05-11 Big data security access control system

Country Status (1)

Country Link
CN (1) CN113239334A (en)

Similar Documents

Publication Publication Date Title
CN103646201A (en) Verification method achieved by combining human faces with identities
CN103841108A (en) Authentication method and system of biological characteristics of user
JP2008516339A (en) Security alarm notification using iris detection system
JP4120997B2 (en) Unauthorized access determination device and method
CN103646200B (en) The coding encrypting of a kind of face information and application process
CN113132311B (en) Abnormal access detection method, device and equipment
CN110717164A (en) Intelligent multidimensional weighting identity authentication and risk control method and system
CN107277046B (en) Anti-coercion password control method and device based on face recognition
CN103646236B (en) The coding encrypting and application process of a kind of palmprint information
CN111901567A (en) Privacy protection method, device, equipment and computer readable storage medium
CN113132329A (en) WEBSHELL detection method, device, equipment and storage medium
JP2006260461A (en) Access control system and information processing system using the same
CN112671700A (en) Enterprise economic management information safety system
CN116886315A (en) Authentication method based on biological characteristics and zero knowledge proof under web3.0
CN113239334A (en) Big data security access control system
CN116561737A (en) Password validity detection method based on user behavior base line and related equipment thereof
CN114727294A (en) Identity recognition method and system for communication
KR102060563B1 (en) Method and apparatus for providing authentication using voice and facial data
CN103647769B (en) A kind of coding encrypting and application process of human ear information
CN112671979A (en) Terminal anti-theft method and device
Neal et al. Mobile biometrics, replay attacks, and behavior profiling: An empirical analysis of impostor detection
Fu et al. Continuous user authentication based on context-emphasized behavior profiling
Lala et al. Towards A secured financial transaction: A multi-factor authentication model
CN111368291A (en) Method and system for realizing honeypot-like defense
CN113645045B (en) Security control method, device and equipment in TEE and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210810

WW01 Invention patent application withdrawn after publication