CN113592453B - Information system operation compliance examining method and system based on block chain - Google Patents
Information system operation compliance examining method and system based on block chain Download PDFInfo
- Publication number
- CN113592453B CN113592453B CN202110874531.3A CN202110874531A CN113592453B CN 113592453 B CN113592453 B CN 113592453B CN 202110874531 A CN202110874531 A CN 202110874531A CN 113592453 B CN113592453 B CN 113592453B
- Authority
- CN
- China
- Prior art keywords
- enterprise
- data
- authentication information
- identity authentication
- intelligent contract
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012550 audit Methods 0.000 claims abstract description 49
- 238000013480 data collection Methods 0.000 claims abstract description 32
- 238000007689 inspection Methods 0.000 claims abstract description 29
- 210000001503 joint Anatomy 0.000 claims abstract description 7
- 238000012552 review Methods 0.000 claims description 21
- 238000012795 verification Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 9
- 238000009472 formulation Methods 0.000 claims description 5
- 239000000203 mixture Substances 0.000 claims description 5
- 238000007781 pre-processing Methods 0.000 claims description 5
- 238000012860 routine audit Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The application provides a block chain-based information system operation compliance inspection method and a system, and relates to the technical field of block chains, wherein the method comprises the following steps: installing a data collection system by an enterprise, and creating data collection rules by an administrator according to the needs; each data collection system is in butt joint with the uplink system through an API (application program interface) form, and the processed data are output to a message queue; the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block; acquiring enterprise identity authentication information; deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements; the user obtains the manual audit report stored in the block on the compliance audit platform. The application can realize automatic audit and audit service inquiry work, weaken the strong centrality of the existing audit work, reduce labor cost, enhance the openness of compliance audit result display and simultaneously ensure the safety of data.
Description
Technical Field
The application relates to the technical field of blockchains, in particular to a blockchain-based information system operation compliance inspection method and system.
Background
Blockchain (Blockchain) technology is essentially a new mode of application for computer technology such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The distributed data storage is embodied in that a blockchain may be considered a distributed ledger that collectively maintains a reliable database by means of de-centralization, de-trust. "distributed" here is embodied not only as distributed storage of data, but also as distributed recording of data, so that a distributed database of blockchains is less likely to be tampered with. The decentralization and the desynchronization are embodied in that a blockchain is formed by a plurality of nodes together into an end-to-end network, and no centralized equipment and management mechanism exist.
Further, many blockchain platforms support smart contracts to perform richer transactions. The intelligent contract is a transaction contract which can be automatically executed, is written into a blockchain in a digital form, and is transparent, trackable and uncorruptable in the whole process of storage, reading and execution by the characteristics of blockchain technology. Meanwhile, a set of state machine systems are built by a consensus algorithm of the blockchain, so that intelligent contracts can be operated efficiently. For example, ethernet provides an open-source blockchain underlying system that allows developers to develop various blockchain applications on this basis, writing intelligent contracts, by providing interfaces.
As such, the blockchain platform allows users to conduct richer content transactions, thereby providing richer functionality. Accordingly, more and more data storage, program applications (e.g., distributed application Dapp), are implemented via blockchains. However, this also presents greater difficulty in the administration of blockchain content, requiring the necessary review and administration of the content on the blockchain.
The application patent with publication number of CN109903164A discloses a private equity fund automatic supervision method and system based on blockchain, comprising: converting the private equity fund data into a supervision protocol; converting the supervision protocol into an intelligent contract; uploading the intelligent contract to a blockchain system; performing a first compliance review of operations by a private equity fund manager through an intelligent contract; feeding back an operation instruction to the escrow bank according to the result of the first compliance examination; and performing second compliance examination on the operation of the escrow bank according to the operation instruction and the operation record of the escrow bank.
In the safety operation compliance inspection process in the prior art, the problems of low trust, high operation cost, low transparency and the like are commonly existed.
Disclosure of Invention
Aiming at the defects in the prior art, the application provides a block chain-based information system operation compliance inspection method and system.
According to the information system operation compliance inspection method and system based on the blockchain, the scheme is as follows:
in a first aspect, there is provided a blockchain-based information system operation compliance auditing method, the method comprising:
step S1: installing a data collection system by an enterprise, creating a data collection rule by an administrator according to the need, automatically collecting log data of a corresponding source or a report generated by manual auditing by the data collection system, preprocessing the report, converting the report into a data format in a given form, and attaching a data source label;
step S2: each data collection system is in butt joint with the uplink system through an API (application program interface) form, and processed data is output to a message queue of the uplink system;
step S3: the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block;
for the newly added enterprise tag, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance inspection platform;
step S4: enterprise IT personnel log in the compliance inspection platform to obtain enterprise identity authentication information;
step S5: based on different standards or different control domain requirements, deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements;
step S6: the user can select one or more intelligent contracts on the compliance review platform as required to realize automatic audit or directly obtain manual audit reports stored in the block.
Preferably, the administrator creates the data collection rule on demand in step S1 includes: the collection frequency, the type of data source, and the data format.
Preferably, the step S3 specifically includes:
step S3.1: the uplink system is internally provided with message queues corresponding to enterprises, and an information table related to the identity authentication information of the enterprises and the identification number of the message queues is automatically maintained;
step S3.2: for the message queues corresponding to each enterprise, the uplink system traverses an automatically maintained information table to inquire the identification number of the queue;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is fruitless, indicating that the enterprise is a new enterprise, creating an entry, generating enterprise identity authentication information, storing the information in an information table, and returning relevant data to an enterprise/user tag account corresponding to the security inspection platform;
step S3.3: and after the uplink system acquires the identity authentication information of the enterprise, sequentially consuming the data in the enterprise message queue, encrypting the data, and uploading the enterprise authentication information to the block after the enterprise authentication information is added.
Preferably, the obtaining the enterprise identity authentication information in step S4 includes: enterprise IT personnel share compliance reports with interested parties in a manner that shares enterprise identity authentication information.
Preferably, the step S5 specifically includes:
step S5.1: the intelligent contract is converted by a routine audit strategy, and a plurality of users of the blockchain participate in formulation together, wherein the intelligent contract comprises identity verification, data acquisition and trusted computing;
step S5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused into each block node for storage, then the state is checked regularly, and a trigger instruction is received;
step S5.3: after the intelligent contract receives the triggering instruction, the intelligent contract starts to execute, firstly inquires block information, verifies whether the enterprise identity authentication information is valid or not, and returns a refusal service prompt if verification fails;
step S5.4: after the verification is passed, the intelligent contract acquires the data in the block;
step S5.5: the intelligent contract executes trusted computation, an automatic audit part is completed, an automatic audit report is generated, the intelligent contract returns to the account corresponding to the compliance inspection platform, and the data are not landed in the process.
Preferably, the compliance review platform in step S5 supports the presentation and downloading of audit reports.
In a second aspect, there is provided a blockchain-based information system operation compliance review system, the system comprising:
module M1: installing a data collection system by an enterprise, creating a data collection rule by an administrator according to the need, automatically collecting log data of a corresponding source or a report generated by manual auditing by the data collection system, preprocessing the report, converting the report into a data format in a given form, and attaching a data source label;
module M2: each data collection system is in butt joint with the uplink system through an API (application program interface) form, and processed data is output to a message queue of the uplink system;
module M3: the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block;
for the newly added enterprise tag, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance inspection platform;
module M4: enterprise IT personnel log in the compliance inspection platform to obtain enterprise identity authentication information;
module M5: based on different standards or different control domain requirements, deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements;
module M6: the user can select one or more intelligent contracts on the compliance review platform as required to realize automatic audit or directly obtain manual audit reports stored in the block.
Preferably, the administrator creating the data collection rules in the module M1 on demand includes: the collection frequency, the type of data source, and the data format.
Preferably, the module M3 specifically includes:
module M3.1: the uplink system is internally provided with message queues corresponding to enterprises, and an information table related to the identity authentication information of the enterprises and the identification number of the message queues is automatically maintained;
module M3.2: for the message queues corresponding to each enterprise, the uplink system traverses an automatically maintained information table to inquire the identification number of the queue;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is fruitless, indicating that the enterprise is a new enterprise, creating an entry, generating enterprise identity authentication information, storing the information in an information table, and returning relevant data to an enterprise/user tag account corresponding to the security inspection platform;
module M3.3: and after the uplink system acquires the identity authentication information of the enterprise, sequentially consuming the data in the enterprise message queue, encrypting the data, and uploading the enterprise authentication information to the block after the enterprise authentication information is added.
Preferably, the module M5 specifically includes:
step S5.1: the intelligent contract is converted by a routine audit strategy, and a plurality of users of the blockchain participate in formulation together, wherein the intelligent contract comprises identity verification, data acquisition and trusted computing;
step S5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused into each block node for storage, then the state is checked regularly, and a trigger instruction is received;
step S5.3: after the intelligent contract receives the triggering instruction, the intelligent contract starts to execute, firstly inquires block information, verifies whether the enterprise identity authentication information is valid or not, and returns a refusal service prompt if verification fails;
step S5.4: after the verification is passed, the intelligent contract acquires the data in the block;
step S5.5: the intelligent contract executes trusted computation, an automatic audit part is completed, an automatic audit report is generated, the intelligent contract returns to the account corresponding to the compliance inspection platform, and the data are not landed in the process.
Compared with the prior art, the application has the following beneficial effects:
1. according to the application, by adopting a structure that log data is real-time uplink, a plurality of intelligent contracts are deployed and integrated and shared by multiple users, automatic audit and audit service inquiry work is realized, so that the strong centrality of the existing audit work is weakened, and the labor cost is reduced;
2. the application enhances the openness of compliance audit result display and ensures the safety of data.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, given with reference to the accompanying drawings in which:
FIG. 1 is a schematic overall flow chart of the present application.
Detailed Description
The present application will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the present application, but are not intended to limit the application in any way. It should be noted that variations and modifications could be made by those skilled in the art without departing from the inventive concept. These are all within the scope of the present application.
The embodiment of the application provides a block chain-based information system operation compliance checking method, which is shown by referring to fig. 1 and comprises the following specific steps:
step S1: the data collection system is installed by an enterprise, and an administrator creates data collection rules including collection frequency, data source type, data format as needed. The data collection system automatically collects the log data of the corresponding source or reports generated by manual auditing, preprocesses the reports, converts the reports into a data format of a preset form, and attaches a data source label.
Step S2: each data collection system is in butt joint with the uplink system through an API (application program interface) form, and processed data is output to a message queue of the uplink system.
Step S3: the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block; for the newly added enterprise tag, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance review platform.
In this step, it also specifically includes:
a message queue corresponding to each enterprise exists in the uplink system, and an information table related to the identity authentication information of the enterprise and the identification number of the message queue is automatically maintained;
for the message queues corresponding to each enterprise, the uplink system traverses an automatically maintained information table to inquire the identification number of the queue;
if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue;
if the inquiry is fruitless, indicating that the enterprise is a new enterprise, creating an entry, generating enterprise identity authentication information, storing the information in an information table, and returning relevant data to an enterprise/user tag account corresponding to the security inspection platform;
after the uplink system acquires the identity authentication information of the enterprise, the data in the enterprise message queue are sequentially consumed, encrypted, and the enterprise authentication information is added and uploaded to the block.
Step S4: enterprise IT personnel log in the compliance inspection platform to obtain enterprise identity authentication information; enterprise IT personnel may share compliance reports with interested parties (e.g., auditors, regulatory agencies, customers, etc.) by sharing enterprise identity authentication information.
Step S5: based on different standards or different control domain requirements, deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements. After the intelligent contract is triggered, the enterprise identity authentication information is utilized to acquire log data of the corresponding enterprise from each block for examination, and an automatic audit report is formed and returned to the compliance examination platform.
Specifically, the intelligent contract is converted by a routine audit strategy, and a plurality of users of the blockchain participate in formulation together, wherein the intelligent contract comprises identity verification, data acquisition and trusted computing; when the intelligent contract is deployed, the intelligent contract is automatically diffused into each block node for storage, then the state is checked regularly, and a trigger instruction is received; after the intelligent contract receives the triggering instruction, the intelligent contract starts to execute, firstly inquires block information, verifies whether the enterprise identity authentication information is valid or not, and returns a refusal service prompt if verification fails; after the verification is passed, the intelligent contract acquires the data in the block; the intelligent contract executes trusted computation, an automatic audit part is completed, an automatic audit report is generated, the intelligent contract returns to the account corresponding to the compliance inspection platform, and the data are not landed in the process.
Step S6: the user can select one or more intelligent contracts on the compliance review platform as required to realize automatic audit, or directly acquire manual audit reports stored in the block, and support the display and downloading of the audit reports.
The application also provides a block chain-based information system operation compliance checking system, which specifically comprises:
module M1: installing a data collection system by an enterprise, creating a data collection rule by an administrator according to the requirement, automatically collecting log data of a corresponding source or a report generated by manual auditing by the data collection system, preprocessing the report, converting the report into a data format in a given form, and attaching a data source label;
module M2: each data collection system is in butt joint with the uplink system through an API (application program interface) form, and processed data is output to a message queue of the uplink system;
module M3: the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block;
for the newly added enterprise tag, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance inspection platform;
module M4: enterprise IT personnel log in the compliance inspection platform to obtain enterprise identity authentication information;
module M5: based on different standards or different control domain requirements, deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements;
module M6: the user can select one or more intelligent contracts on the compliance review platform as needed to achieve automated auditing or directly obtain manual audit reports stored in the block.
Specifically, creating data collection rules on demand by the administrator in module M1 includes: the collection frequency, the type of data source, and the data format.
In the module M3, a message queue corresponding to each enterprise exists in the uplink system, and an information table related to the enterprise identity authentication information and the message queue identification number is automatically maintained; for the message queues corresponding to all enterprises, the uplink system traverses the automatically maintained information table to inquire the queue identification number, and if the inquiry is successful, the uplink system can acquire the identity authentication information of the enterprise corresponding to the enterprise message queue; if the inquiry is fruitless, indicating that the enterprise is a new enterprise, creating an entry, generating enterprise identity authentication information, storing the information in an information table, and returning relevant data to an enterprise/user tag account corresponding to the security inspection platform; after the uplink system acquires the identity authentication information of the enterprise, the data in the enterprise message queue are sequentially consumed, encrypted, and the enterprise authentication information is added and uploaded to the block.
Message queues corresponding to all enterprises exist in the uplink system, and an information table is automatically maintained; for the received data, the uplink system traverses the information table to query the queue identification number; if no result is found, creating an entry, generating enterprise identity authentication information, and returning to the enterprise/user tag account corresponding to the security inspection platform; the uplink system encrypts the data in the message queue and then adds enterprise authentication information to the data, and the data is uploaded to the block.
In block M5, the intelligent contract is transformed from a conventional audit strategy and is formulated by multiple users of the blockchain in a joint manner, including authentication, data acquisition and trusted computing; when the intelligent contract is deployed, the intelligent contract is automatically diffused into each block node for storage, then the state is checked regularly, and a trigger instruction is received; after the intelligent contract receives the triggering instruction, the intelligent contract starts to execute, firstly inquires block information, verifies whether the enterprise identity authentication information is valid or not, and returns a refusal service prompt if verification fails; after the verification is passed, the intelligent contract acquires the data in the block; the intelligent contract executes trusted computation, an automatic audit part is completed, an automatic audit report is generated, the intelligent contract returns to the account corresponding to the compliance inspection platform, and the data are not landed in the process.
The embodiment of the application provides a block chain-based information system operation compliance examination method and a block chain-based information system operation compliance examination system, which utilize the characteristics of decentralization, non-falsification, anonymity, openness and the like of a block chain technology to encrypt and solidify related data and information of compliance examination into a block, then deploy a conventional audit strategy converted into an intelligent contract, and examine information processes in the block to form an automatic examination report. Meanwhile, for the unconventional audit strategy, the manual audit report can be signed and then uploaded to the block. Eventually different users can view the corresponding audit report on the blockchain.
Those skilled in the art will appreciate that the application provides a system and its individual devices, modules, units, etc. that can be implemented entirely by logic programming of method steps, in addition to being implemented as pure computer readable program code, in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Therefore, the system and various devices, modules and units thereof provided by the application can be regarded as a hardware component, and the devices, modules and units for realizing various functions included in the system can also be regarded as structures in the hardware component; means, modules, and units for implementing the various functions may also be considered as either software modules for implementing the methods or structures within hardware components.
The foregoing describes specific embodiments of the present application. It is to be understood that the application is not limited to the particular embodiments described above, and that various changes or modifications may be made by those skilled in the art within the scope of the appended claims without affecting the spirit of the application. The embodiments of the application and the features of the embodiments may be combined with each other arbitrarily without conflict.
Claims (10)
1. A blockchain-based information system operation compliance review method, comprising:
step S1: installing a data collection system by an enterprise, creating a data collection rule by an administrator according to the need, automatically collecting log data of a corresponding source or a report generated by manual auditing by the data collection system, preprocessing the report, converting the report into a data format in a given form, and attaching a data source label;
step S2: each data collection system is in butt joint with the uplink system through an API (application program interface) form, and processed data is output to a message queue of the uplink system;
step S3: the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block;
for the newly added enterprise tag, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance inspection platform;
step S4: enterprise IT personnel log in the compliance inspection platform to obtain enterprise identity authentication information;
step S5: based on different standards or different control domain requirements, deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements;
step S6: the user can select one or more intelligent contracts on the compliance review platform as required to realize automatic audit or directly obtain manual audit reports stored in the block.
2. The blockchain-based information system operation compliance review method of claim 1, wherein the administrator creating the data collection rules on demand in step S1 includes: the collection frequency, the type of data source, and the data format.
3. The blockchain-based information system operation compliance review method of claim 1, wherein the step S3 specifically includes:
step S3.1: the uplink system is internally provided with message queues corresponding to enterprises, and an information table related to the identity authentication information of the enterprises and the identification number of the message queues is automatically maintained;
step S3.2: for the message queues corresponding to each enterprise, the uplink system traverses an automatically maintained information table to inquire the identification number of the queue;
if the inquiry is successful, the uplink system acquires enterprise identity authentication information corresponding to the message queue of the currently inquired enterprise;
if the inquiry is of no effect, indicating that the currently inquired enterprise is a newly added enterprise, creating an entry, generating enterprise identity authentication information, storing the information in an information table, and returning related data to an enterprise/user tag account corresponding to the security inspection platform;
step S3.3: after the uplink system acquires the identity authentication information of the enterprise, sequentially consuming the data in the enterprise message queue corresponding to the identity authentication information, encrypting the data in the message queue, and uploading the data to the block after the enterprise authentication information is added.
4. The blockchain-based information system operation compliance review method of claim 1, wherein the obtaining of the enterprise identity authentication information in step S4 includes: enterprise IT personnel share compliance reports with interested parties in a manner that shares enterprise identity authentication information.
5. The blockchain-based information system operation compliance review method of claim 1, wherein the step S5 specifically includes:
step S5.1: the intelligent contract is converted by a routine audit strategy, and a plurality of users of the blockchain participate in formulation together, wherein the intelligent contract comprises identity verification, data acquisition and trusted computing;
step S5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused into each block node for storage, then the state is checked regularly, and a trigger instruction is received;
step S5.3: after the intelligent contract receives the triggering instruction, the intelligent contract starts to execute, firstly inquires block information, verifies whether the enterprise identity authentication information is valid or not, and returns a refusal service prompt if verification fails;
step S5.4: after the verification is passed, the intelligent contract acquires the data in the block;
step S5.5: the intelligent contract executes trusted computation, an automatic audit part is completed, an automatic audit report is generated, the intelligent contract returns to the account corresponding to the compliance inspection platform, and the data are not landed in the process.
6. The blockchain-based information system operation compliance review method of claim 1, wherein the compliance review platform in step S5 supports the presentation and downloading of audit reports.
7. A blockchain-based information system operation compliance review system, comprising:
module M1: installing a data collection system by an enterprise, creating a data collection rule by an administrator according to the need, automatically collecting log data of a corresponding source or a report generated by manual auditing by the data collection system, preprocessing the report, converting the report into a data format in a given form, and attaching a data source label;
module M2: each data collection system is in butt joint with the uplink system through an API (application program interface) form, and processed data is output to a message queue of the uplink system;
module M3: the uplink system consumes the data in the message queue, adds enterprise identity authentication information, and uploads and stores the data into the block;
for the newly added enterprise tag, the uplink system generates corresponding enterprise identity authentication information and returns the corresponding enterprise identity authentication information to the compliance inspection platform;
module M4: enterprise IT personnel log in the compliance inspection platform to obtain enterprise identity authentication information;
module M5: based on different standards or different control domain requirements, deploying a plurality of intelligent contracts to adapt to the automatic audit function under different security requirements;
module M6: the user can select one or more intelligent contracts on the compliance review platform as required to realize automatic audit or directly obtain manual audit reports stored in the block.
8. The blockchain-based information system operation compliance review system of claim 7, wherein the administrator in the module M1 creates data collection rules on demand comprising: the collection frequency, the type of data source, and the data format.
9. The blockchain-based information system operation compliance review system of claim 7, wherein the module M3 specifically includes:
module M3.1: the uplink system is internally provided with message queues corresponding to enterprises, and an information table related to the identity authentication information of the enterprises and the identification number of the message queues is automatically maintained;
module M3.2: for the message queues corresponding to each enterprise, the uplink system traverses an automatically maintained information table to inquire the identification number of the queue;
if the inquiry is successful, the uplink system acquires enterprise identity authentication information corresponding to the message queue of the currently inquired enterprise;
if the inquiry is of no effect, indicating that the currently inquired enterprise is a newly added enterprise, creating an entry, generating enterprise identity authentication information, storing the information in an information table, and returning related data to an enterprise/user tag account corresponding to the security inspection platform;
module M3.3: after the uplink system acquires the identity authentication information of the enterprise, sequentially consuming the data in the enterprise message queue corresponding to the identity authentication information, encrypting the data, and uploading the data to the block after the enterprise authentication information is added.
10. The blockchain-based information system operation compliance auditing system of claim 7, wherein the module M5 specifically comprises:
module M5.1: the intelligent contract is converted by a routine audit strategy, and a plurality of users of the blockchain participate in formulation together, wherein the intelligent contract comprises identity verification, data acquisition and trusted computing;
module M5.2: when the intelligent contract is deployed, the intelligent contract is automatically diffused into each block node for storage, then the state is checked regularly, and a trigger instruction is received;
module M5.3: after the intelligent contract receives the triggering instruction, the intelligent contract starts to execute, firstly inquires block information, verifies whether the enterprise identity authentication information is valid or not, and returns a refusal service prompt if verification fails;
module M5.4: after the verification is passed, the intelligent contract acquires the data in the block;
module M5.5: the intelligent contract executes trusted computation, an automatic audit part is completed, an automatic audit report is generated, the intelligent contract returns to the account corresponding to the compliance inspection platform, and the data are not landed in the process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110874531.3A CN113592453B (en) | 2021-07-30 | 2021-07-30 | Information system operation compliance examining method and system based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110874531.3A CN113592453B (en) | 2021-07-30 | 2021-07-30 | Information system operation compliance examining method and system based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113592453A CN113592453A (en) | 2021-11-02 |
| CN113592453B true CN113592453B (en) | 2023-11-24 |
Family
ID=78252957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110874531.3A Active CN113592453B (en) | 2021-07-30 | 2021-07-30 | Information system operation compliance examining method and system based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113592453B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116776305B (en) * | 2023-06-15 | 2023-12-15 | 南京理工大学 | Operation method of intelligent block chain contract system facing industrial scene |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109903164A (en) * | 2019-01-03 | 2019-06-18 | 广州斯拜若科技有限公司 | Private equity funds automation monitoring and managing method and system based on block chain |
| CN110246044A (en) * | 2019-04-16 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Project auditing system, method, calculating equipment and storage medium based on block chain |
| CN110503538A (en) * | 2019-08-16 | 2019-11-26 | 南京审计大学 | A kind of audit application solution based on block chain intelligence contract |
| CN110941674A (en) * | 2019-11-26 | 2020-03-31 | 北京海益同展信息科技有限公司 | Block chain-based compliance audit method, device, system and storage medium |
| WO2020115529A1 (en) * | 2018-12-05 | 2020-06-11 | Rudzika Kestutis | Method for implementing transfer pricing using blockchain |
| CN111598574A (en) * | 2020-05-12 | 2020-08-28 | 江苏大学 | Intelligent service transaction oriented supervision method and supervision interface |
| CN112506860A (en) * | 2020-12-15 | 2021-03-16 | 中国银行股份有限公司 | Block chain based collaborative audit method, device and system |
| CN112600890A (en) * | 2020-12-03 | 2021-04-02 | 杭州溪塔科技有限公司 | Data management method and system based on block chain |
| CN113034159A (en) * | 2021-03-23 | 2021-06-25 | 上海万向区块链股份公司 | Enterprise credible credit assessment system and method based on block chain prediction machine technology |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200313856A1 (en) * | 2019-03-29 | 2020-10-01 | 0Chain, LLC | Systems and methods of blockchain platform for intermediaries and passwordless login |
| US10887081B2 (en) * | 2018-06-28 | 2021-01-05 | International Business Machines Corporation | Audit trail configuration in a blockchain |
| US11164671B2 (en) * | 2019-01-22 | 2021-11-02 | International Business Machines Corporation | Continuous compliance auditing readiness and attestation in healthcare cloud solutions |
| US11416934B2 (en) * | 2019-02-05 | 2022-08-16 | Edmon Blount | System and method for securities finance smart contracts on blockchains and distributed ledgers |
| US11356242B2 (en) * | 2019-06-27 | 2022-06-07 | Sap Se | Audit chain for private blockchain |
-
2021
- 2021-07-30 CN CN202110874531.3A patent/CN113592453B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020115529A1 (en) * | 2018-12-05 | 2020-06-11 | Rudzika Kestutis | Method for implementing transfer pricing using blockchain |
| CN109903164A (en) * | 2019-01-03 | 2019-06-18 | 广州斯拜若科技有限公司 | Private equity funds automation monitoring and managing method and system based on block chain |
| CN110246044A (en) * | 2019-04-16 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Project auditing system, method, calculating equipment and storage medium based on block chain |
| CN110503538A (en) * | 2019-08-16 | 2019-11-26 | 南京审计大学 | A kind of audit application solution based on block chain intelligence contract |
| CN110941674A (en) * | 2019-11-26 | 2020-03-31 | 北京海益同展信息科技有限公司 | Block chain-based compliance audit method, device, system and storage medium |
| CN111598574A (en) * | 2020-05-12 | 2020-08-28 | 江苏大学 | Intelligent service transaction oriented supervision method and supervision interface |
| CN112600890A (en) * | 2020-12-03 | 2021-04-02 | 杭州溪塔科技有限公司 | Data management method and system based on block chain |
| CN112506860A (en) * | 2020-12-15 | 2021-03-16 | 中国银行股份有限公司 | Block chain based collaborative audit method, device and system |
| CN113034159A (en) * | 2021-03-23 | 2021-06-25 | 上海万向区块链股份公司 | Enterprise credible credit assessment system and method based on block chain prediction machine technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113592453A (en) | 2021-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10824977B2 (en) | Systems and/or methods for securing and automating process management systems using distributed sensors and distributed ledger of digital transactions | |
| US10489278B2 (en) | Method and system for implementing an automation software testing and packaging framework with entitlements | |
| CN110620810A (en) | Non-linked ownership of continuous asset transfer over blockchain | |
| CN110162992A (en) | Data processing method, data processing equipment and computer system | |
| US9170821B1 (en) | Automating workflow validation | |
| CN111027936A (en) | Workflow realization method, equipment and medium based on intelligent contract in alliance network | |
| US11645194B2 (en) | Systems for enterprise-wide end-to-end automated software testing | |
| US20200058163A1 (en) | System and Method for Mapping a Virtual Building Model | |
| CN111311211A (en) | Data processing method and device based on block chain | |
| CN113592453B (en) | Information system operation compliance examining method and system based on block chain | |
| CN110599384A (en) | Organization relation transfer method, device, equipment and storage medium | |
| Asuncion et al. | Connecting supplier and DoD blockchains for transparent part tracking | |
| Wada et al. | A model-driven development framework for non-functional aspects in service oriented architecture | |
| CN111630534B (en) | Method for collaborative machine learning of analytical models | |
| CN113610525B (en) | Processing method, device, equipment and medium of financial data based on blockchain | |
| CN114491662A (en) | Block chain-based data asset auditing method, system and equipment | |
| CN111797002A (en) | Workflow testing method, device, equipment and storage medium based on Oozie | |
| CN112749948A (en) | Information processing method and device for project management | |
| US20200097870A1 (en) | Work task commitment manager | |
| CN111274323A (en) | Intelligent automatic monitoring method based on periodicity | |
| CN113031968B (en) | Block chain flow execution system driven by layout chart and using method thereof | |
| US20100174648A1 (en) | Secure real-time business processing systems | |
| US20200228324A1 (en) | Verifiable Analytics Platform with Smart Contracts | |
| CN117851428A (en) | Data updating method and device | |
| CN115329348A (en) | Metadata processing method and device based on block chain, computer equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |