CN113592453A - Information system operation compliance examination method and system based on block chain - Google Patents
Information system operation compliance examination method and system based on block chain Download PDFInfo
- Publication number
- CN113592453A CN113592453A CN202110874531.3A CN202110874531A CN113592453A CN 113592453 A CN113592453 A CN 113592453A CN 202110874531 A CN202110874531 A CN 202110874531A CN 113592453 A CN113592453 A CN 113592453A
- Authority
- CN
- China
- Prior art keywords
- enterprise
- data
- authentication information
- identity authentication
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012550 audit Methods 0.000 claims abstract description 74
- 238000013480 data collection Methods 0.000 claims abstract description 32
- 238000012552 review Methods 0.000 claims abstract description 12
- 238000012795 verification Methods 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 claims description 6
- 210000001503 joint Anatomy 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000009472 formulation Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention provides a block chain-based information system operation compliance examination method and a block chain-based information system operation compliance examination system, which relate to the technical field of block chains, and the method comprises the following steps: installing a data collection system by an enterprise, and creating a data collection rule by an administrator according to needs; each data collection system is butted with the uplink system in an API mode, and processed data are output to a message queue; adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block; acquiring enterprise identity authentication information; deploying various intelligent contracts to adapt to automatic auditing functions under different safety requirements; a user obtains a manual review report stored in a block on a compliance review platform. The invention can realize automatic audit and audit service inquiry work, weaken the strong centralization of the existing audit work, reduce the labor cost, enhance the openness of the compliance audit result display and ensure the data security.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based information system operation compliance examination method and system.
Background
The Blockchain (Blockchain) technology is a bottom layer technology and a basic framework for constructing a bitcoin network and encrypting and transmitting transaction information, and is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. The distributed data store is characterized in that the blockchain can be regarded as a distributed book, and a reliable database is maintained collectively in an decentralized and distrust mode. The "distributed" here is embodied not only as a distributed storage of data but also as a distributed record of data, so that the distributed database of the blockchain is almost impossible to tamper with. The de-centralization and de-trust are characterized in that a blockchain is formed by a plurality of nodes together to form an end-to-end network, and no centralized equipment or management mechanism exists.
Further, many blockchain platforms support intelligent contracts to perform richer transactions. The smart contract is a transaction contract which can be automatically executed, is written into a block chain in a digital form, and ensures that the whole processes of storage, reading and execution are transparent, traceable and not easy to grasp by the characteristics of the block chain technology. Meanwhile, a set of state machine system is constructed by the block chain self-contained consensus algorithm, so that the intelligent contract can run efficiently. For example, the etherhouse provides an open-source blockchain underlying system, and by providing a plurality of interfaces, developers are allowed to develop various blockchain applications on the basis of the open-source blockchain underlying system and write intelligent contracts.
In this way, the blockchain platform allows users to conduct richer transactions, thereby providing richer functionality. Accordingly, more and more data storage, program applications (e.g., distributed applications Dapp), are implemented through blockchains. However, this also brings more difficulty to the supervision of the blockchain content, which requires the necessary examination and supervision of the blockchain content.
The invention patent with publication number CN109903164A discloses a block chain-based automatic supervision method and system for private share right fund, comprising: converting the private equity fund data into a supervision protocol; converting the supervision protocol into an intelligent contract; uploading the intelligent contract to a block chain system; carrying out first compliance review on the operation of a private share right fund manager through an intelligent contract; feeding back an operation instruction to the escrow bank according to the result of the first compliance review; and performing second compliance examination on the operation of the escrow bank according to the operation instruction and the operation record of the escrow bank.
In the process of safety operation compliance examination in the prior art, the problems of low trust, high operation cost, low transparency and the like generally exist.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a block chain-based information system operation compliance examination method and system.
According to the method and the system for examining the operation compliance of the information system based on the block chain, the scheme is as follows:
in a first aspect, a block chain based information system operation compliance review method is provided, where the method includes:
step S1: the method comprises the steps that an enterprise installs a data collection system, an administrator creates data collection rules as required, the data collection system automatically collects log data of corresponding sources or reports generated by manual examination, the reports are preprocessed, the reports are converted into data formats in a set form, and data source labels are attached;
step S2: each data collection system is in butt joint with an uplink system in an API mode, and processed data are output to a message queue of the uplink system;
step S3: adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block;
for the newly added enterprise label, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance audit platform;
step S4: enterprise IT personnel log in the compliance audit platform to obtain enterprise identity authentication information;
step S5: based on different standards or different control domain requirements, deploying various intelligent contracts to adapt to automatic auditing functions under different safety requirements;
step S6: and the user can select one or more intelligent contracts on the compliance audit platform as required to realize automatic audit or directly obtain manual audit reports stored in the blocks.
Preferably, the creating, by the administrator, the data collection rule as needed in step S1 includes: collection frequency, data source type, and data format.
Preferably, the step S3 specifically includes:
step S3.1: the information list related to the enterprise identity authentication information and the information queue identification number is automatically maintained;
step S3.2: for the message queues corresponding to each enterprise, the uplink system searches the queue identification number through an automatically maintained information table;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is not successful, the enterprise is a newly added enterprise, an entry is created, enterprise identity authentication information is generated and then stored in an information table, and relevant data is returned to an enterprise/user tag account corresponding to the security audit platform;
step S3.3: and after acquiring the identity authentication information of the enterprise, the uplink system sequentially consumes the data in the enterprise message queue, encrypts the data, attaches the enterprise authentication information and uploads the data to the block.
Preferably, the obtaining of the enterprise authentication information in step S4 includes: the enterprise IT personnel share the compliance report with the stakeholders in a mode of sharing the enterprise identity authentication information.
Preferably, the step S5 specifically includes:
step S5.1: the intelligent contract is converted from a conventional auditing strategy and is made by a plurality of users of the block chain, wherein the plurality of users participate in the establishment of the intelligent contract, and the establishment of the intelligent contract comprises identity verification, data acquisition and trusted computing;
step S5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused to each block node for storage, and then state check is periodically carried out to receive a triggering instruction;
step S5.3: after receiving the trigger instruction, the intelligent contract starts to execute, firstly, inquires block information, verifies whether the enterprise identity authentication information is valid, and returns a service rejection prompt if the verification fails;
step S5.4: after the verification is passed, the intelligent contract acquires data in the block;
step S5.5: and the intelligent contract executes trusted calculation, completes an automatic audit part, generates an automatic audit report, and returns to the corresponding account of the compliance audit platform, while the intelligent contract does not land on the ground on data.
Preferably, the compliance audit platform in step S5 supports presentation and downloading of audit reports.
In a second aspect, there is provided a block chain based information system operation compliance audit system, the system comprising:
module M1: the method comprises the steps that an enterprise installs a data collection system, an administrator creates data collection rules as required, the data collection system automatically collects log data of corresponding sources or reports generated by manual examination, the reports are preprocessed, the reports are converted into data formats in a set form, and data source labels are attached;
module M2: each data collection system is in butt joint with an uplink system in an API mode, and processed data are output to a message queue of the uplink system;
module M3: adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block;
for the newly added enterprise label, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance audit platform;
module M4: enterprise IT personnel log in the compliance audit platform to obtain enterprise identity authentication information;
module M5: based on different standards or different control domain requirements, deploying various intelligent contracts to adapt to automatic auditing functions under different safety requirements;
module M6: and the user can select one or more intelligent contracts on the compliance audit platform as required to realize automatic audit or directly obtain manual audit reports stored in the blocks.
Preferably, the creating, by the administrator, the data collection rule according to need in the module M1 includes: collection frequency, data source type, and data format.
Preferably, the module M3 specifically includes:
module M3.1: the information list related to the enterprise identity authentication information and the information queue identification number is automatically maintained;
module M3.2: for the message queues corresponding to each enterprise, the uplink system searches the queue identification number through an automatically maintained information table;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is not successful, the enterprise is a newly added enterprise, an entry is created, enterprise identity authentication information is generated and then stored in an information table, and relevant data is returned to an enterprise/user tag account corresponding to the security audit platform;
module M3.3: and after acquiring the identity authentication information of the enterprise, the uplink system sequentially consumes the data in the enterprise message queue, encrypts the data, attaches the enterprise authentication information and uploads the data to the block.
Preferably, the module M5 specifically includes:
step S5.1: the intelligent contract is converted from a conventional auditing strategy and is made by a plurality of users of the block chain, wherein the plurality of users participate in the establishment of the intelligent contract, and the establishment of the intelligent contract comprises identity verification, data acquisition and trusted computing;
step S5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused to each block node for storage, and then state check is periodically carried out to receive a triggering instruction;
step S5.3: after receiving the trigger instruction, the intelligent contract starts to execute, firstly, inquires block information, verifies whether the enterprise identity authentication information is valid, and returns a service rejection prompt if the verification fails;
step S5.4: after the verification is passed, the intelligent contract acquires data in the block;
step S5.5: and the intelligent contract executes trusted calculation, completes an automatic audit part, generates an automatic audit report, and returns to the corresponding account of the compliance audit platform, while the intelligent contract does not land on the ground on data.
Compared with the prior art, the invention has the following beneficial effects:
1. according to the invention, by adopting a structure of linking log data in real time, deploying various intelligent contracts and integrating and sharing multiple users, automatic audit and audit service inquiry work are realized, so that the strong centrality of the existing audit work is weakened, and the labor cost is reduced;
2. the invention enhances the openness of the compliance audit result display and simultaneously ensures the safety of data.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a schematic view of the overall process of the present invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
The embodiment of the invention provides a block chain-based information system operation compliance examination method, which comprises the following specific steps of:
step S1: the data collection system is installed by the enterprise and the administrator creates data collection rules as needed, including collection frequency, data source type, data format. The data collection system automatically collects log data of corresponding sources or reports generated by manual review, preprocesses the reports, converts the reports into a data format in a set form, and attaches data source labels.
Step S2: each data collection system is connected with the uplink system in an API mode, and processed data are output to a message queue of the uplink system.
Step S3: adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block; and for the newly added enterprise label, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance audit platform.
In this step, it also includes:
the information queues corresponding to all enterprises exist in the uplink system, and an information table related to the enterprise identity authentication information and the information queue identification number is automatically maintained;
for the message queues corresponding to each enterprise, the uplink system searches the queue identification number through an automatically maintained information table;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is not successful, the enterprise is a newly added enterprise, an entry is created, enterprise identity authentication information is generated and then stored in an information table, and relevant data is returned to an enterprise/user tag account corresponding to the security audit platform;
and after acquiring the identity authentication information of the enterprise, the uplink system sequentially consumes the data in the enterprise message queue, encrypts the data, attaches the enterprise authentication information and uploads the data to the block.
Step S4: enterprise IT personnel log in the compliance audit platform to obtain enterprise identity authentication information; enterprise IT personnel may share compliance reports with stakeholders (e.g., auditors, regulatory bodies, customers, etc.) by sharing the enterprise authentication information.
Step S5: based on different standards or different control domain requirements, a plurality of intelligent contracts are deployed to adapt to automatic auditing functions under different safety requirements. After the intelligent contract is triggered, the log data of the corresponding enterprise is acquired from each block by utilizing the enterprise identity authentication information for examination, and an automatic audit report is formed and returned to the compliance examination platform.
Specifically, the intelligent contract is converted from a conventional auditing strategy and is made by a plurality of users of the blockchain, wherein the plurality of users participate in the establishment of the block chain together, and the establishment of the block chain comprises identity verification, data acquisition and trusted computing; when the intelligent contract is deployed, the intelligent contract is automatically diffused to each block node for storage, and then state check is periodically carried out to receive a triggering instruction; after receiving the trigger instruction, the intelligent contract starts to execute, firstly, inquires block information, verifies whether the enterprise identity authentication information is valid, and returns a service rejection prompt if the verification fails; after the verification is passed, the intelligent contract acquires data in the block; and the intelligent contract executes trusted calculation, completes an automatic audit part, generates an automatic audit report, and returns to the corresponding account of the compliance audit platform, while the intelligent contract does not land on the ground on data.
Step S6: the user can select one or more intelligent contracts on the compliance audit platform as required to realize automatic audit, or directly obtain manual audit reports stored in the blocks, and simultaneously support the display and download of the audit reports.
The invention also provides an information system operation compliance review system based on the block chain, which specifically comprises:
module M1: the enterprise installs a data collection system, an administrator creates data collection rules as required, the data collection system automatically collects log data of corresponding sources or reports generated by manual examination, the reports are preprocessed, the reports are converted into data formats in a set form, and data source labels are attached;
module M2: each data collection system is in butt joint with an uplink system in an API mode, and processed data are output to a message queue of the uplink system;
module M3: adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block;
for the newly added enterprise label, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance audit platform;
module M4: enterprise IT personnel log in the compliance audit platform to obtain enterprise identity authentication information;
module M5: based on different standards or different control domain requirements, deploying various intelligent contracts to adapt to automatic auditing functions under different safety requirements;
module M6: a user can select one or more intelligent contracts on the compliance audit platform as required to realize automatic audit or directly obtain manual audit reports stored in the blocks.
Specifically, the creation of data collection rules on demand by the administrator in module M1 includes: collection frequency, data source type, and data format.
In the module M3, there is a message queue corresponding to each enterprise in the uplink system, and an information table related to the enterprise identification information and the message queue identification number is automatically maintained; for the message queues corresponding to the enterprises, the uplink system searches the queue identification number through an automatically maintained information table, and if the query is successful, the uplink system can acquire the identity authentication information of the enterprises corresponding to the enterprise message queues; if the inquiry is not successful, the enterprise is a newly added enterprise, an entry is created, enterprise identity authentication information is generated and then stored in an information table, and relevant data is returned to an enterprise/user tag account corresponding to the security audit platform; and after acquiring the identity authentication information of the enterprise, the uplink system sequentially consumes the data in the enterprise message queue, encrypts the data, attaches the enterprise authentication information and uploads the data to the block.
The information queues corresponding to all enterprises exist in the uplink system, and an information table is automatically maintained; for received data, the uplink system traverses the information table and inquires a queue identification number; if the query is not successful, creating an entry, generating enterprise identity authentication information, and returning the enterprise identity authentication information to the enterprise/user tag account corresponding to the security examination platform; and the uplink system encrypts the data in the message queue, adds enterprise authentication information and uploads the encrypted data to the block.
In a module M5, the intelligent contract is converted from a conventional auditing strategy and is jointly participated in formulation by a plurality of users of the block chain, wherein the formulation comprises identity verification, data acquisition and trusted computing; when the intelligent contract is deployed, the intelligent contract is automatically diffused to each block node for storage, and then state check is periodically carried out to receive a triggering instruction; after receiving the trigger instruction, the intelligent contract starts to execute, firstly, inquires block information, verifies whether the enterprise identity authentication information is valid, and returns a service rejection prompt if the verification fails; after the verification is passed, the intelligent contract acquires data in the block; and the intelligent contract executes trusted calculation, completes an automatic audit part, generates an automatic audit report, and returns to the corresponding account of the compliance audit platform, while the intelligent contract does not land on the ground on data.
The embodiment of the invention provides an information system operation compliance examination method and system based on a block chain. Meanwhile, for irregular audit strategies, the manual audit report can be signed and then uploaded to the block. Eventually different users may view the corresponding review reports on the blockchain.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. An information system operation compliance examination method based on a block chain is characterized by comprising the following steps:
step S1: the method comprises the steps that an enterprise installs a data collection system, an administrator creates data collection rules as required, the data collection system automatically collects log data of corresponding sources or reports generated by manual examination, the reports are preprocessed, the reports are converted into data formats in a set form, and data source labels are attached;
step S2: each data collection system is in butt joint with an uplink system in an API mode, and processed data are output to a message queue of the uplink system;
step S3: adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block;
for the newly added enterprise label, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance audit platform;
step S4: enterprise IT personnel log in the compliance audit platform to obtain enterprise identity authentication information;
step S5: based on different standards or different control domain requirements, deploying various intelligent contracts to adapt to automatic auditing functions under different safety requirements;
step S6: and the user can select one or more intelligent contracts on the compliance audit platform as required to realize automatic audit or directly obtain manual audit reports stored in the blocks.
2. The blockchain-based information system operation compliance review method of claim 1, wherein the administrator creating data collection rules on demand in step S1 includes: collection frequency, data source type, and data format.
3. The block chain-based information system operation compliance review method according to claim 1, wherein the step S3 specifically includes:
step S3.1: the information list related to the enterprise identity authentication information and the information queue identification number is automatically maintained;
step S3.2: for the message queues corresponding to each enterprise, the uplink system searches the queue identification number through an automatically maintained information table;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is not successful, the enterprise is a newly added enterprise, an entry is created, enterprise identity authentication information is generated and then stored in an information table, and relevant data is returned to an enterprise/user tag account corresponding to the security audit platform;
step S3.3: and after acquiring the identity authentication information of the enterprise, the uplink system sequentially consumes the data in the enterprise message queue, encrypts the data in the message queue, appends the enterprise authentication information and uploads the enterprise authentication information to the block.
4. The block chain-based information system operation compliance review method of claim 1, wherein the step S4 of obtaining enterprise identity authentication information comprises: the enterprise IT personnel share the compliance report with the stakeholders in a mode of sharing the enterprise identity authentication information.
5. The block chain-based information system operation compliance review method according to claim 1, wherein the step S5 specifically includes:
step S5.1: the intelligent contract is converted from a conventional auditing strategy and is made by a plurality of users of the block chain, wherein the plurality of users participate in the establishment of the intelligent contract, and the establishment of the intelligent contract comprises identity verification, data acquisition and trusted computing;
step S5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused to each block node for storage, and then state check is periodically carried out to receive a triggering instruction;
step S5.3: after receiving the trigger instruction, the intelligent contract starts to execute, firstly, inquires block information, verifies whether the enterprise identity authentication information is valid, and returns a service rejection prompt if the verification fails;
step S5.4: after the verification is passed, the intelligent contract acquires data in the block;
step S5.5: and the intelligent contract executes trusted calculation, completes an automatic audit part, generates an automatic audit report, and returns to the corresponding account of the compliance audit platform, while the intelligent contract does not land on the ground on data.
6. The block chain-based information system operation compliance audit method of claim 1 wherein the compliance audit platform in step S5 supports the presentation and download of audit reports.
7. A blockchain-based information system operation compliance audit system, comprising:
module M1: the method comprises the steps that an enterprise installs a data collection system, an administrator creates data collection rules as required, the data collection system automatically collects log data of corresponding sources or reports generated by manual examination, the reports are preprocessed, the reports are converted into data formats in a set form, and data source labels are attached;
module M2: each data collection system is in butt joint with an uplink system in an API mode, and processed data are output to a message queue of the uplink system;
module M3: adding enterprise identity authentication information to the data in the uplink system consumption message queue, uploading the data and storing the data in a block;
for the newly added enterprise label, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance audit platform;
module M4: enterprise IT personnel log in the compliance audit platform to obtain enterprise identity authentication information;
module M5: based on different standards or different control domain requirements, deploying various intelligent contracts to adapt to automatic auditing functions under different safety requirements;
module M6: and the user can select one or more intelligent contracts on the compliance audit platform as required to realize automatic audit or directly obtain manual audit reports stored in the blocks.
8. The blockchain-based information system operation compliance audit system of claim 7 wherein the administrator creating data collection rules on demand in module M1 includes: collection frequency, data source type, and data format.
9. The system according to claim 7, wherein the module M3 specifically comprises:
module M3.1: the information list related to the enterprise identity authentication information and the information queue identification number is automatically maintained;
module M3.2: for the message queues corresponding to each enterprise, the uplink system searches the queue identification number through an automatically maintained information table;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is not successful, the enterprise is a newly added enterprise, an entry is created, enterprise identity authentication information is generated and then stored in an information table, and relevant data is returned to an enterprise/user tag account corresponding to the security audit platform;
module M3.3: and after acquiring the identity authentication information of the enterprise, the uplink system sequentially consumes the data in the enterprise message queue, encrypts the data, attaches the enterprise authentication information and uploads the data to the block.
10. The system according to claim 7, wherein the module M5 specifically comprises:
module M5.1: the intelligent contract is converted from a conventional auditing strategy and is made by a plurality of users of the block chain, wherein the plurality of users participate in the establishment of the intelligent contract, and the establishment of the intelligent contract comprises identity verification, data acquisition and trusted computing;
module M5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused to each block node for storage, and then state check is periodically carried out to receive a triggering instruction;
module M5.3: after receiving the trigger instruction, the intelligent contract starts to execute, firstly, inquires block information, verifies whether the enterprise identity authentication information is valid, and returns a service rejection prompt if the verification fails;
module M5.4: after the verification is passed, the intelligent contract acquires data in the block;
module M5.5: and the intelligent contract executes trusted calculation, completes an automatic audit part, generates an automatic audit report, and returns to the corresponding account of the compliance audit platform, while the intelligent contract does not land on the ground on data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110874531.3A CN113592453B (en) | 2021-07-30 | 2021-07-30 | Information system operation compliance examining method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110874531.3A CN113592453B (en) | 2021-07-30 | 2021-07-30 | Information system operation compliance examining method and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113592453A true CN113592453A (en) | 2021-11-02 |
| CN113592453B CN113592453B (en) | 2023-11-24 |
Family
ID=78252957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110874531.3A Active CN113592453B (en) | 2021-07-30 | 2021-07-30 | Information system operation compliance examining method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113592453B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116776305A (en) * | 2023-06-15 | 2023-09-19 | 南京理工大学 | Block chain intelligent contract architecture oriented to industrial scene and operation method thereof |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109903164A (en) * | 2019-01-03 | 2019-06-18 | 广州斯拜若科技有限公司 | Private equity funds automation monitoring and managing method and system based on block chain |
| CN110246044A (en) * | 2019-04-16 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Project auditing system, method, calculating equipment and storage medium based on block chain |
| CN110503538A (en) * | 2019-08-16 | 2019-11-26 | 南京审计大学 | A kind of audit application solution based on block chain intelligence contract |
| US20200007311A1 (en) * | 2018-06-28 | 2020-01-02 | International Business Machines Corporation | Audit trail configuration in a blockchain |
| CN110941674A (en) * | 2019-11-26 | 2020-03-31 | 北京海益同展信息科技有限公司 | Block chain-based compliance audit method, device, system and storage medium |
| WO2020115529A1 (en) * | 2018-12-05 | 2020-06-11 | Rudzika Kestutis | Method for implementing transfer pricing using blockchain |
| US20200234817A1 (en) * | 2019-01-22 | 2020-07-23 | International Business Machines Corporation | Continuous Compliance Auditing Readiness and Attestation in Healthcare Cloud Solutions |
| US20200250753A1 (en) * | 2019-02-05 | 2020-08-06 | Edmon Blount | System and method for securities finance smart contracts on blockchains and distributed ledgers |
| CN111598574A (en) * | 2020-05-12 | 2020-08-28 | 江苏大学 | Intelligent service transaction oriented supervision method and supervision interface |
| US20200313856A1 (en) * | 2019-03-29 | 2020-10-01 | 0Chain, LLC | Systems and methods of blockchain platform for intermediaries and passwordless login |
| US20200412524A1 (en) * | 2019-06-27 | 2020-12-31 | Sap Se | Audit chain for private blockchain |
| CN112506860A (en) * | 2020-12-15 | 2021-03-16 | 中国银行股份有限公司 | Block chain based collaborative audit method, device and system |
| CN112600890A (en) * | 2020-12-03 | 2021-04-02 | 杭州溪塔科技有限公司 | Data management method and system based on block chain |
| CN113034159A (en) * | 2021-03-23 | 2021-06-25 | 上海万向区块链股份公司 | Enterprise credible credit assessment system and method based on block chain prediction machine technology |
-
2021
- 2021-07-30 CN CN202110874531.3A patent/CN113592453B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200007311A1 (en) * | 2018-06-28 | 2020-01-02 | International Business Machines Corporation | Audit trail configuration in a blockchain |
| WO2020115529A1 (en) * | 2018-12-05 | 2020-06-11 | Rudzika Kestutis | Method for implementing transfer pricing using blockchain |
| CN109903164A (en) * | 2019-01-03 | 2019-06-18 | 广州斯拜若科技有限公司 | Private equity funds automation monitoring and managing method and system based on block chain |
| US20200234817A1 (en) * | 2019-01-22 | 2020-07-23 | International Business Machines Corporation | Continuous Compliance Auditing Readiness and Attestation in Healthcare Cloud Solutions |
| US20200250753A1 (en) * | 2019-02-05 | 2020-08-06 | Edmon Blount | System and method for securities finance smart contracts on blockchains and distributed ledgers |
| US20200313856A1 (en) * | 2019-03-29 | 2020-10-01 | 0Chain, LLC | Systems and methods of blockchain platform for intermediaries and passwordless login |
| CN110246044A (en) * | 2019-04-16 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Project auditing system, method, calculating equipment and storage medium based on block chain |
| US20200412524A1 (en) * | 2019-06-27 | 2020-12-31 | Sap Se | Audit chain for private blockchain |
| CN110503538A (en) * | 2019-08-16 | 2019-11-26 | 南京审计大学 | A kind of audit application solution based on block chain intelligence contract |
| CN110941674A (en) * | 2019-11-26 | 2020-03-31 | 北京海益同展信息科技有限公司 | Block chain-based compliance audit method, device, system and storage medium |
| CN111598574A (en) * | 2020-05-12 | 2020-08-28 | 江苏大学 | Intelligent service transaction oriented supervision method and supervision interface |
| CN112600890A (en) * | 2020-12-03 | 2021-04-02 | 杭州溪塔科技有限公司 | Data management method and system based on block chain |
| CN112506860A (en) * | 2020-12-15 | 2021-03-16 | 中国银行股份有限公司 | Block chain based collaborative audit method, device and system |
| CN113034159A (en) * | 2021-03-23 | 2021-06-25 | 上海万向区块链股份公司 | Enterprise credible credit assessment system and method based on block chain prediction machine technology |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116776305A (en) * | 2023-06-15 | 2023-09-19 | 南京理工大学 | Block chain intelligent contract architecture oriented to industrial scene and operation method thereof |
| CN116776305B (en) * | 2023-06-15 | 2023-12-15 | 南京理工大学 | Operation method of intelligent block chain contract system facing industrial scene |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113592453B (en) | 2023-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10489278B2 (en) | Method and system for implementing an automation software testing and packaging framework with entitlements | |
| Yang et al. | Public and private blockchain in construction business process and information integration | |
| CN109218079B (en) | Block chain network, deployment method and storage medium | |
| US10310824B2 (en) | Distributed ledger platform for computing applications | |
| KR102586278B1 (en) | Computer-implemented systems and methods for connecting blockchains to digital twins | |
| US10824977B2 (en) | Systems and/or methods for securing and automating process management systems using distributed sensors and distributed ledger of digital transactions | |
| CN109325854B (en) | Block chain network, deployment method and storage medium | |
| CN110620810B (en) | Non-linked ownership of continuous asset transfer over blockchain | |
| US20180157825A1 (en) | Systems and methods for determining trust levels for computing components using blockchain | |
| CN115210741B (en) | Partially ordered blockchain | |
| CN112686671B (en) | Intelligent contract deployment method, device, equipment and medium based on block chain | |
| KR101316681B1 (en) | Model-based customized eco system and method for design of the eco system | |
| TW202032488A (en) | Blockchain-based crowd sourcing of map applications | |
| CN110490282A (en) | Source tracing method, device of tracing to the source, traceability system and storage medium | |
| AU2019380381A1 (en) | Smart logistics management using blockchain | |
| CN112732227B (en) | Workflow engine and configuration method and device thereof | |
| CN111311211A (en) | Data processing method and device based on block chain | |
| CA3027613A1 (en) | Systems and methods for determining trust levels for computing components using blockchain | |
| CN111782551B (en) | Test method and device for block chain item and computer equipment | |
| CN113592453A (en) | Information system operation compliance examination method and system based on block chain | |
| Akbar et al. | Toward effective and efficient DevOps using blockchain | |
| CN116643722A (en) | Open type collaborative software development platform | |
| CN114491662A (en) | Block chain-based data asset auditing method, system and equipment | |
| CN112862648A (en) | Block chain-based multi-department joint cooperation method, device, equipment and medium | |
| CN115701078A (en) | Cross-chain transaction processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |