CN113612748A - Authority management method and system based on block chain - Google Patents

Authority management method and system based on block chain Download PDF

Info

Publication number
CN113612748A
CN113612748A CN202110850217.1A CN202110850217A CN113612748A CN 113612748 A CN113612748 A CN 113612748A CN 202110850217 A CN202110850217 A CN 202110850217A CN 113612748 A CN113612748 A CN 113612748A
Authority
CN
China
Prior art keywords
user
identity
abnormal
authority
acquiring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110850217.1A
Other languages
Chinese (zh)
Inventor
周亚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nupt Institute Of Big Data Research At Yancheng
Original Assignee
Nupt Institute Of Big Data Research At Yancheng
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nupt Institute Of Big Data Research At Yancheng filed Critical Nupt Institute Of Big Data Research At Yancheng
Priority to CN202110850217.1A priority Critical patent/CN113612748A/en
Publication of CN113612748A publication Critical patent/CN113612748A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/68Special signature format, e.g. XML format
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a block chain-based authority management method and a block chain-based authority management system, wherein the method comprises the following steps: the method comprises the steps of periodically checking the current authority of a target user in a preset time period based on authority information pre-stored in a block chain, determining abnormal authority change of the target user according to a checking result, generating a change report of the abnormal authority change, and outputting the change report.

Description

Authority management method and system based on block chain
Technical Field
The present invention relates to the field of blockchains, and in particular, to a method and a system for privilege management based on blockchains.
Background
In the current internet environment, access control on data becomes a research hotspot of the current information system, and technologies such as encryption, authentication, intrusion detection, access control and the like are used in the traditional security field, but a storage system of the technologies is unstable, and if the technology runs for a long time, a leak is easy to appear, and the function is single, so that the current requirement cannot be met;
the invention provides a block chain-based authority management method and system based on block chains, which are based on the block chains, wherein authority management is performed by using the characteristics of anonymity, distribution, distrustability removal and the like of the block chains, the block chains can realize tracking record when used for a storage function, the record content cannot be changed, the stability of the authority management is improved, and other functions can be added according to requirements;
therefore, the block chain is used for storing the authority information, so that the stability of the information can be ensured, the authority of the user can be checked in a preset time period, the abnormally changed user can be effectively obtained, and the system safety is improved.
Disclosure of Invention
The invention provides a block chain-based authority management method, which is used for carrying out authority management by using the stability of a block chain and improving the effectiveness of the authority management.
The invention provides a block chain-based right management method, which comprises the following steps:
step 1: periodically checking the current authority of the target user in a preset time period based on the authority information pre-stored in the block chain;
step 2: determining the abnormal change of the authority of the target user according to the checking result;
and step 3: and generating and outputting a change report of the abnormal change of the authority.
In one way that can be achieved,
step 1: the authority information pre-stored in the block chain comprises:
and setting a management user in advance, and modifying the authority of the common user by the management user.
In one way that can be achieved,
modifying, by the administrative user, the permissions of the ordinary user, including:
the management user creates a corresponding simulation identity for each common user and sets a unique identity code;
dividing, by the administrative user, a management layer for the simulated identity based on the job of the ordinary user;
meanwhile, setting inquiry and access range authority for the corresponding simulation identity based on the access requirement of the common user;
setting a modifiable range authority for the corresponding simulation identity based on the operation requirement of the common user;
setting a forbidden range authority and an exchange authority for the corresponding simulation identity based on the working range of the common user;
setting a login password for the simulation identity by the common user;
and taking all the setting results as the authority domains of the simulation identities, corresponding to the identity codes on the basis of each simulation identity authority domain, and storing the identity codes in the block chain.
In one way that can be achieved,
after the scope permission and the communication permission are set for the corresponding simulation identity, the method comprises the following steps:
when the common user utilizes the corresponding simulation identity to implement the communication right, whether the communication information contains the file information is judged;
if not, transmitting the communication information to a target simulation identity;
if yes, reminding the common user to submit the transmission handwritten signature, sending file information after monitoring that the corresponding common user submits the transmission handwritten signature, and reminding the first user corresponding to the target simulation identity to submit and receive the handwritten signature when receiving the file information.
In one way that can be achieved,
after monitoring that the corresponding common user submits the transmission handwritten signature, the method comprises the following steps:
before a transmission handwritten signature is submitted, dynamically tracking and capturing the rotation direction and rotation force of each input point in the process of signing the transmission handwritten signature by the common user based on an input interface;
capturing the induction expansion ring corresponding to each input point according to the rotation direction and the rotation force;
obtaining a signature image of the transmission handwritten signature according to the induction expansion ring, and performing character outline recognition on the signature image to obtain external outline characteristics of the transmission handwritten signature;
judging whether the ordinary user belongs to an abnormal user or not based on the external contour features;
if yes, rejecting the transmission handwritten signature, and reminding a common user to sign again;
otherwise, determining the point inclination of each transmission point in the transmission handwritten signature based on the expansion center and the expansion boundary of the induction expansion circle;
meanwhile, carrying out character recognition on the transmitted handwritten signature, respectively acquiring a first stroke and a tail stroke of each character in a standard writing sequence based on a character recognition result, and respectively acquiring a first gradient and a second gradient corresponding to the first stroke and the tail stroke of each stroke in each character;
obtaining an inclination list based on all the point inclinations, the first inclination and the second inclination, and obtaining inclination characteristics of corresponding characters based on the inclination list;
performing thickness identification of each stroke of the character and length identification of each stroke of the character on each character, correspondingly establishing a first curve and a second curve of the transmission handwritten signature according to identification results, and acquiring stroke characteristics of the transmission handwritten signature;
meanwhile, the signing time length, the pause between words and the writing strength of the ordinary user for signing and transmitting the handwritten signature are also obtained based on the dynamic tracking result and are regarded as writing characteristics;
the inclination characteristic, the stroke characteristic and the writing characteristic are sequentially transmitted to a character analysis model, each character of the transmitted handwritten signature is analyzed, and corresponding analysis results are respectively obtained;
establishing a matching table based on the analysis result of each character, extracting historical signatures with similarity higher than preset similarity from the historical analysis result, intercepting the corresponding characters and filling the corresponding characters into the corresponding tables;
when the number of the matched characters in the matching table is 0, determining that the common user belongs to the A-type abnormal user;
when unmatched characters exist in the matching table and the number of the characters is less than that of all characters corresponding to the transmission of the handwritten signature, determining that the common user belongs to a B-type abnormal user;
otherwise, determining that the common user belongs to a normal user.
In one way that can be achieved,
step 1: the method for periodically checking the current authority of the target user in a preset time period comprises the following steps:
acquiring a simulation identity of activities performed on the block chain in a target time period;
acquiring current target behavior data of the simulation identity in a target time period;
meanwhile, historical target behavior data of the simulation identity is obtained;
extracting a first characteristic of the current target behavior, and simultaneously extracting a plurality of target historical behaviors of the simulation identity;
acquiring historical characteristics corresponding to each historical behavior, and establishing a permission model;
transmitting the first characteristic to the authority model, and judging whether the current target behavior is legal or not;
and if the user identity is illegal, determining that the common user corresponding to the simulation identity belongs to the B-type abnormal user.
In one way that can be achieved,
acquiring log data generated when the analog identity logs in a terminal device;
dividing the log data login information into a common login address and an abnormal login address;
inputting first data corresponding to the common login address into a training model as training data to generate training logic;
inputting second data corresponding to the non-common login address into the training logic;
respectively acquiring login times corresponding to the non-use login addresses, and calculating corresponding login success rates;
extracting suspicious addresses with login success rate lower than preset success rate;
acquiring an operator to which the suspicious address belongs, and judging whether the operator is a common operator;
if the operator belongs to a common operator, acquiring a first IP section where the suspicious address is located, and acquiring a common login address of the same section belonging to the first IP section in the training logic;
respectively acquiring a first geographical position and a second geographical position corresponding to the suspicious address and the common login address of the same segment;
calculating a distance between the first geographical location and a second geographical location;
when the distance is smaller than a preset distance, determining that the suspicious address belongs to a legal address, and dividing the suspicious address into the category of the common login address;
otherwise, determining that the corresponding simulated identity login equipment is abnormal, and acquiring abnormal user information corresponding to the simulated identity;
if the operator does not belong to a common operator, acquiring historical log data of the suspicious address, and extracting the residual simulation identity of the historical login of the suspicious address;
when the extraction result is 0, determining that the corresponding simulation identity is stolen, and acquiring abnormal user information corresponding to the simulation identity;
and when the extraction result is not 0, acquiring the historical login times of all the simulation identities on the suspicious address, calculating the login failure rate, when the login failure rate is higher than the preset failure rate, determining that the suspicious address belongs to the dangerous address, and encrypting the simulation identities of the historical login.
In one way that can be achieved,
and step 3: the method for generating and outputting a change report of the abnormal change of the authority comprises the following steps:
when the abnormal user belongs to the A-type abnormal user, acquiring an identity code corresponding to the simulated identity, and forcing a corresponding common user to log out;
and when the abnormal user belongs to the B-type abnormal user, acquiring an identity code corresponding to the simulated identity, acquiring all work contents executed by the abnormal user during the login, withdrawing, and simultaneously forcing the corresponding common user to log out.
In one way that can be achieved,
and step 3: the method for generating and outputting a change report of the abnormal change of the authority further comprises the following steps:
and acquiring the identity code of the abnormal user and a corresponding abnormal mode to generate abnormal loss evaluation, and acquiring abnormal content and generating a change report by combining the abnormal loss evaluation.
In one way that can be achieved,
the system comprises:
the storage investigation unit is used for periodically investigating the current authority of the target user in a preset time period based on the authority information pre-stored in the block chain;
the processing unit is used for determining the abnormal change of the authority of the target user according to the checking result;
and the analysis unit is used for generating and outputting a change report corresponding to the abnormal change of the authority.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
Fig. 1 is a schematic diagram of a block chain-based rights management method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a block chain-based rights management system according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Example 1
An embodiment of the present invention provides a block chain-based rights management method, as shown in fig. 1, including:
step 1: periodically checking the current authority of the target user in a preset time period based on the authority information pre-stored in the block chain;
step 2: determining the abnormal change of the authority of the target user according to the checking result;
and step 3: and generating and outputting a change report of the abnormal change of the authority.
In this example, the pre-stored authority information refers to an operation that a user can perform in the system;
in this example, the target user represents a troubleshooting user;
in this example, the management user can adjust the period of the period investigation according to the requirement;
in this example, the abnormal variation includes: malicious switching of devices, misappropriation of accounts, malicious transmission, etc.
The beneficial effects of the above technical scheme are that: the block chain is widely applied to multiple scientific and technical fields and has the characteristics of being not falsifiable and traceable, so that the stability of information can be guaranteed by using the block chain to store the authority information, the authority of the user is checked within a preset time period, the abnormally changed user is effectively obtained, and the safety of the system is improved.
Example 2
On the basis of step 1 of embodiment 1, a block chain-based right management method includes the steps of: the authority information pre-stored in the block chain comprises:
and setting a management user in advance, and modifying the authority of the common user by the management user.
In this example, managing the right of the user to modify the normal user includes: delete the user, add a new user, adjust the user's right range, etc.
The beneficial effects of the above technical scheme are that: management users are set in advance, and the management users uniformly manage the common users, so that disorder can be effectively avoided.
Example 3
On the basis of embodiment 2, a block chain-based right management method for modifying the right of a general user by a management user includes:
the management user creates a corresponding simulation identity for each common user and sets a unique identity code;
dividing, by the administrative user, a management layer for the simulated identity based on the job of the ordinary user;
meanwhile, setting inquiry and access range authority for the corresponding simulation identity based on the access requirement of the common user;
setting a modifiable range authority for the corresponding simulation identity based on the operation requirement of the common user;
setting a forbidden range authority and an exchange authority for the corresponding simulation identity based on the working range of the common user;
setting a login password for the simulation identity by the common user;
and taking all the setting results as the authority domains of the simulation identities, corresponding to the identity codes on the basis of each simulation identity authority domain, and storing the identity codes in the block chain.
In this example, the common user, the simulation identity and the identity code correspond to each other;
in this example, the simulated identity represents a new identity generated for a common user in the system for ease of management;
in this example, the job represents the identity of the user in real-life work;
in this example, the management layer represents a general name of a department of a general user in the system;
for example, the employee A is an accountant, works in the personnel department, the position of the employee A is the accountant, and the simulation identity corresponding to the employee A belongs to a personnel layer;
in this example, the rights domain represents an area where the simulated identity can perform work.
The beneficial effects of the above technical scheme are that: in order to facilitate online management of common users, simulation identities are set for the common users, working ranges are set for the corresponding simulation identities according to working requirements of the common users, meanwhile, in order to facilitate distinguishing of different simulation identities, a unique identity code is set for each simulation identity, the three are corresponding to each other, and unified management is facilitated.
Example 4
On the basis of embodiment 3, a block chain-based right management method, after setting a prohibited range right and an exchange right for a corresponding analog identity, includes:
when the common user utilizes the corresponding simulation identity to implement the communication right, whether the communication information contains the file information is judged;
if not, transmitting the communication information to a target simulation identity;
if yes, reminding the common user to submit the transmission handwritten signature, sending file information after monitoring that the corresponding common user submits the transmission handwritten signature, and reminding the first user corresponding to the target simulation identity to submit and receive the handwritten signature when receiving the file information.
In this example, the file information includes word documents, table documents, pictures, and audio;
in this example, the communication information represents information generated by communication between the simulated identities;
in this example, the transmission of the handwritten signature is signed by the transmitter;
in this example, the first user represents a user who receives file information, including a management user and a general user;
in this example, the receipt of the handwritten signature is signed by the recipient, i.e. the first user.
The beneficial effects of the above technical scheme are that: because important files in the system generally appear as file information, in order to enhance the confidentiality of the system, when the file information is transmitted between two simulation identities, the identity of a transmitter is prevented from being stolen, so that the transmitter needs to sign a handwritten signature before transmission, and similarly, a receiver also needs to sign the handwritten signature to prepare for checking the identities of the transmitter and the receiver.
Example 5
On the basis of embodiment 4, a block chain-based rights management method, after monitoring that a corresponding ordinary user submits a transmission handwritten signature, includes:
before a transmission handwritten signature is submitted, dynamically tracking and capturing the rotation direction and rotation force of each input point in the process of signing the transmission handwritten signature by the common user based on an input interface;
capturing the induction expansion ring corresponding to each input point according to the rotation direction and the rotation force;
obtaining a signature image of the transmission handwritten signature according to the induction expansion ring, and performing character outline recognition on the signature image to obtain external outline characteristics of the transmission handwritten signature;
judging whether the ordinary user belongs to an abnormal user or not based on the external contour features;
if yes, rejecting the transmission handwritten signature, and reminding a common user to sign again;
otherwise, determining the point inclination of each transmission point in the transmission handwritten signature based on the expansion center and the expansion boundary of the induction expansion circle;
meanwhile, carrying out character recognition on the transmitted handwritten signature, respectively acquiring a first stroke and a tail stroke of each character in a standard writing sequence based on a character recognition result, and respectively acquiring a first gradient and a second gradient corresponding to the first stroke and the tail stroke of each stroke in each character;
obtaining an inclination list based on all the point inclinations, the first inclination and the second inclination, and obtaining inclination characteristics of corresponding characters based on the inclination list;
performing thickness identification of each stroke of the character and length identification of each stroke of the character on each character, correspondingly establishing a first curve and a second curve of the transmission handwritten signature according to identification results, and acquiring stroke characteristics of the transmission handwritten signature;
meanwhile, the signing time length, the pause between words and the writing strength of the ordinary user for signing and transmitting the handwritten signature are also obtained based on the dynamic tracking result and are regarded as writing characteristics;
the inclination characteristic, the stroke characteristic and the writing characteristic are sequentially transmitted to a character analysis model, each character of the transmitted handwritten signature is analyzed, and corresponding analysis results are respectively obtained;
establishing a matching table based on the analysis result of each character, extracting historical signatures with similarity higher than preset similarity from the historical analysis result, intercepting the corresponding characters and filling the corresponding characters into the corresponding tables;
when the number of the matched characters in the matching table is 0, determining that the common user belongs to the A-type abnormal user;
when unmatched characters exist in the matching table and the number of the characters is less than that of all characters corresponding to the transmission of the handwritten signature, determining that the common user belongs to a B-type abnormal user;
otherwise, determining that the common user belongs to a normal user.
In this example, the input point represents the start of each character;
in this example, the inductive expansion ring represents a smallest circle that can enclose the transmitted handwritten signature;
in this example, the outer contour represents the outline of the text;
in this example, when the transmission handwritten signature signed by the ordinary user is rejected three times, it is determined that the corresponding ordinary user belongs to the class a abnormal user;
in this example, the definition of the beginning and end of the character comes from the current stroke specification of the latest version of Xinhua dictionary for the character;
in this example, the first curve represents a curve created based on the stroke thickness of the handwritten signature character;
in this example, the second curve represents a curve created based on the stroke length of the handwritten signature character;
in this example, the stroke characteristics represent the distribution of strokes in the handwritten signature that the average user signed this time;
in this example, the matching table is two rows, the first row contains each character of the transmission handwritten signature signed this time, and the second row contains the extracted historical signature;
in this example, the character analysis model is a comparison model which is set in advance and can store signatures of multiple correct transmitters, and the handwritten signatures are collected and a historical comparison model is updated after the transmitters finish transmission work;
in this example, the class a abnormal user indicates that the person currently using the simulated identity is not a corresponding ordinary user, and is suspected of stealing the identity.
The beneficial effects of the above technical scheme are that: after a transmitter signs a handwritten signature, in order to determine whether the handwritten signature is from the hand of a corresponding ordinary user, the external outline characteristic and the dynamic characteristic of the handwritten signature are obtained and input into a training model to obtain a training result, then whether the handwritten signature is from the hand of the corresponding ordinary user is judged, the training result is returned to the training model after confirmation, the historical training result of the training model is updated, the handwritten signature characteristic of the corresponding ordinary user is conveniently and comprehensively obtained, the same principle can also be used for verifying whether the received handwritten signature is from the hand of the corresponding ordinary user, and corresponding operation is carried out when the signature is determined to be a fake signature.
Example 6
On the basis of embodiment 1, a block chain-based rights management method includes the steps of: the method for periodically checking the current authority of the target user in a preset time period comprises the following steps:
acquiring a simulation identity of activities performed on the block chain in a target time period;
acquiring current target behavior data of the simulation identity in a target time period;
meanwhile, historical target behavior data of the simulation identity is obtained;
extracting a first characteristic of the current target behavior, and simultaneously extracting a plurality of target historical behaviors of the simulation identity;
acquiring historical characteristics corresponding to each historical behavior, and establishing a permission model;
transmitting the first characteristic to the authority model, and judging whether the current target behavior is legal or not;
and if the user identity is illegal, determining that the common user corresponding to the simulation identity belongs to the B-type abnormal user.
In this example, the behavioral data represents traces that are generated when the identity execution job is simulated;
in this example, the historical behavior represents historical work content of the simulated identity;
in this example, the privilege model represents a statistical model that simulates the identity performing the target work within the executable domain;
in this example, if the current target behavior executed by the simulation identity is legal, the troubleshooting is terminated;
in this example, a class B exception user represents a login status exception that simulates an identity;
the beneficial effects of the above technical scheme are that: in order to ensure the normal operation of the system and the safety of each simulation identity, the historical behavior of the simulation identities is obtained, an authority model is established, whether the simulation identities are abnormal or not is analyzed in an emphatic mode, the correlation relationship between the simulation identities is important, and the activity of each simulation identity is guaranteed to be particularly important, so that the authority model of the target behavior is established, the current target behavior is input into the authority model for comparison, and whether the login state of the corresponding user is normal or not is judged.
Example 7
On the basis of embodiment 6, a block chain-based right management method for determining that a common user corresponding to a simulated identity belongs to a class B abnormal user includes:
acquiring log data generated when the analog identity logs in a terminal device;
dividing the log data login information into a common login address and an abnormal login address;
inputting first data corresponding to the common login address into a training model as training data to generate training logic;
inputting second data corresponding to the non-common login address into the training logic;
respectively acquiring login times corresponding to the non-use login addresses, and calculating corresponding login success rates;
extracting suspicious addresses with login success rate lower than preset success rate;
acquiring an operator to which the suspicious address belongs, and judging whether the operator is a common operator;
if the operator belongs to a common operator, acquiring a first IP section where the suspicious address is located, and acquiring a common login address of the same section belonging to the first IP section in the training logic;
respectively acquiring a first geographical position and a second geographical position corresponding to the suspicious address and the common login address of the same segment;
calculating a distance between the first geographical location and a second geographical location;
when the distance is smaller than a preset distance, determining that the suspicious address belongs to a legal address, and dividing the suspicious address into the category of the common login address;
otherwise, determining that the corresponding simulated identity login equipment is abnormal, and acquiring abnormal user information corresponding to the simulated identity;
if the operator does not belong to a common operator, acquiring historical log data of the suspicious address, and extracting the residual simulation identity of the historical login of the suspicious address;
when the extraction result is 0, determining that the corresponding simulation identity is stolen, and acquiring abnormal user information corresponding to the simulation identity;
and when the extraction result is not 0, acquiring the historical login times of all the simulation identities on the suspicious address, calculating the login failure rate, when the login failure rate is higher than the preset failure rate, determining that the suspicious address belongs to the dangerous address, and encrypting the simulation identities of the historical login.
In this example, the common login address represents the address of multiple logins of the simulated identity;
in this example, the address of the simulated identity minority entry or first entry is denoted by the extraordinary entry address;
in this example, the log data represents data generated when a normal user logs in the simulated identity on the device;
in this example, the first data represents data containing login device information in a common login address;
in this example, the second data represents data containing login device information in an unusual login address;
in this example, the training logic represents the login logic trained from the login address of the simulated identity;
for example, the login data of the common login address are 111-;
in this example, the suspicious address indicates a login address that belongs to an unusual address and has a low login success rate;
in this example, the remaining simulated identities in the historical login suspicious address represent other users logged in the suspicious address, including the administrative user and the general user;
in this example, the operator represents a provider of network services, and there are four operators of china unicom, china telecom, china radio and television, and china mobile;
in this example, the IP segment represents a sequence of IP addresses;
in this example, the first geographical location represents a location of the suspect address in real life, and the second geographical location represents a location of the common login address in real life;
in this example, the dangerous address indicates an address where the risk of the user currently logging in is high and there is a potential safety hazard.
The beneficial effects of the above technical scheme are that: in order to avoid embezzlement of the analog identity by others, the verification is carried out when the analog identity is logged in, whether the login address belongs to the common address or not is judged, a series of tests are carried out on the address under the condition that the login address does not belong to the common address, the safety of the address is determined, the leakage of confidentiality is avoided, the safety of the system is improved, and corresponding encryption work is carried out when the suspicious address is determined to belong to the dangerous address.
Example 8
On the basis of the embodiment 1, a block chain-based right management method includes the following steps: the method for generating and outputting a change report of the abnormal change of the authority comprises the following steps:
when the abnormal user belongs to the A-type abnormal user, acquiring an identity code corresponding to the simulated identity, and forcing a corresponding common user to log out;
and when the abnormal user belongs to the B-type abnormal user, acquiring an identity code corresponding to the simulated identity, acquiring all work contents executed by the abnormal user during the login, withdrawing, and simultaneously forcing the corresponding common user to log out.
In this example, when the ordinary user is forced to log out, the login needs to be performed at the ordinary address next time;
the beneficial effects of the above technical scheme are that: when the common user is determined to be abnormal, corresponding remedial measures are carried out based on the abnormal type, loss is timely recovered, and damage to the system is avoided.
Example 9
On the basis of step 3 of embodiment 1, a block chain-based right management method, step 3: the method for generating and outputting a change report of the abnormal change of the authority further comprises the following steps:
and acquiring the identity code of the abnormal user and a corresponding abnormal mode to generate abnormal loss evaluation, and acquiring abnormal content and generating a change report by combining the abnormal loss evaluation.
In this example, the exception mode includes: the type A exception and the type B exception are two;
in this example, the abnormal loss evaluation means that the loss of the system is evaluated according to the abnormal mode and the work of simulating the identity execution during the abnormal period;
in this example, the change report represents a report containing the simulated identity, identity code, anomaly type, and anomaly loss assessment of the anomalous user.
The beneficial effects of the above technical scheme are that: in order to facilitate the management user to visually acquire the abnormal information of the ordinary user, the loss evaluation is performed on the abnormal information when the ordinary user is abnormal, and a change report is generated by combining the abnormal user data for the management user to refer to.
Example 10
On the basis of embodiment 1, a block chain-based rights management system, as shown in fig. 2, includes:
the storage investigation unit is used for periodically investigating the current authority of the target user in a preset time period based on the authority information pre-stored in the block chain;
the processing unit is used for determining the abnormal change of the authority of the target user according to the checking result;
and the analysis unit is used for generating and outputting a change report corresponding to the abnormal change of the authority.
In this example, the memory lookup unit is connected with the processing unit;
in this example, the processing unit is connected to the analysis unit.
The beneficial effects of the above technical scheme are that: the method provided in examples 1 to 9 was based on the provision of a memory-checking unit, a processing unit, and an analysis unit, and it was confirmed that the above method was achieved.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A block chain-based rights management method, comprising:
step 1: periodically checking the current authority of the target user in a preset time period based on the authority information pre-stored in the block chain;
step 2: determining the abnormal change of the authority of the target user according to the checking result;
and step 3: and generating and outputting a change report of the abnormal change of the authority.
2. The block chain-based right management method according to claim 1, wherein the step 1: the authority information pre-stored in the block chain comprises:
and setting a management user in advance, and modifying the authority of the common user by the management user.
3. The block chain-based right management method according to claim 2, wherein the modifying of the right of the general user by the management user comprises:
the management user creates a corresponding simulation identity for each common user and sets a unique identity code;
dividing, by the administrative user, a management layer for the simulated identity based on the job of the ordinary user;
meanwhile, setting inquiry and access range authority for the corresponding simulation identity based on the access requirement of the common user;
setting a modifiable range authority for the corresponding simulation identity based on the operation requirement of the common user;
setting a forbidden range authority and an exchange authority for the corresponding simulation identity based on the working range of the common user;
setting a login password for the simulation identity by the common user;
and taking all the setting results as the authority domains of the simulation identities, corresponding to the identity codes on the basis of each simulation identity authority domain, and storing the identity codes in the block chain.
4. The block chain-based right management method according to claim 3, wherein after the scope-prohibiting right and the communication right are set for the corresponding analog identity, the method includes:
when the common user utilizes the corresponding simulation identity to implement the communication right, whether the communication information contains the file information is judged;
if not, transmitting the communication information to a target simulation identity;
if yes, reminding the common user to submit the transmission handwritten signature, sending file information after monitoring that the corresponding common user submits the transmission handwritten signature, and reminding the first user corresponding to the target simulation identity to submit and receive the handwritten signature when receiving the file information.
5. The block chain-based right management method according to claim 4, wherein after monitoring that the corresponding ordinary user submits a transmission handwritten signature, the method comprises:
before a transmission handwritten signature is submitted, dynamically tracking and capturing the rotation direction and rotation force of each input point in the process of signing the transmission handwritten signature by the common user based on an input interface;
capturing the induction expansion ring corresponding to each input point according to the rotation direction and the rotation force;
obtaining a signature image of the transmission handwritten signature according to the induction expansion ring, and performing character outline recognition on the signature image to obtain external outline characteristics of the transmission handwritten signature;
judging whether the ordinary user belongs to an abnormal user or not based on the external contour features;
if yes, rejecting the transmission handwritten signature, and reminding a common user to sign again;
otherwise, determining the point inclination of each transmission point in the transmission handwritten signature based on the expansion center and the expansion boundary of the induction expansion circle;
meanwhile, carrying out character recognition on the transmitted handwritten signature, respectively acquiring a first stroke and a tail stroke of each character in a standard writing sequence based on a character recognition result, and respectively acquiring a first gradient and a second gradient corresponding to the first stroke and the tail stroke of each stroke in each character;
obtaining an inclination list based on all the point inclinations, the first inclination and the second inclination, and obtaining inclination characteristics of corresponding characters based on the inclination list;
performing thickness identification of each stroke of the character and length identification of each stroke of the character on each character, correspondingly establishing a first curve and a second curve of the transmission handwritten signature according to identification results, and acquiring stroke characteristics of the transmission handwritten signature;
meanwhile, the signing time length, the pause between words and the writing strength of the ordinary user for signing and transmitting the handwritten signature are also obtained based on the dynamic tracking result and are regarded as writing characteristics;
the inclination characteristic, the stroke characteristic and the writing characteristic are sequentially transmitted to a character analysis model, each character of the transmitted handwritten signature is analyzed, and corresponding analysis results are respectively obtained;
establishing a matching table based on the analysis result of each character, extracting historical signatures with similarity higher than preset similarity from the historical analysis result, intercepting the corresponding characters and filling the corresponding characters into the corresponding tables;
when the number of the matched characters in the matching table is 0, determining that the common user belongs to the A-type abnormal user;
when unmatched characters exist in the matching table and the number of the characters is less than that of all characters corresponding to the transmission of the handwritten signature, determining that the common user belongs to a B-type abnormal user;
otherwise, determining that the common user belongs to a normal user.
6. The block chain-based right management method according to claim 1, wherein the step 1: the method for periodically checking the current authority of the target user in a preset time period comprises the following steps:
acquiring a simulation identity of activities performed on the block chain in a target time period;
acquiring current target behavior data of the simulation identity in a target time period;
meanwhile, historical target behavior data of the simulation identity is obtained;
extracting a first characteristic of the current target behavior, and simultaneously extracting a plurality of target historical behaviors of the simulation identity;
acquiring historical characteristics corresponding to each historical behavior, and establishing a permission model;
transmitting the first characteristic to the authority model, and judging whether the current target behavior is legal or not;
and if the user identity is illegal, determining that the common user corresponding to the simulation identity belongs to the B-type abnormal user.
7. The block chain-based right management method according to claim 6, wherein determining that the common user corresponding to the simulated identity belongs to a class B abnormal user includes:
acquiring log data generated when the analog identity logs in a terminal device;
dividing the log data login information into a common login address and an abnormal login address;
inputting first data corresponding to the common login address into a training model as training data to generate training logic;
inputting second data corresponding to the non-common login address into the training logic;
respectively acquiring login times corresponding to the non-use login addresses, and calculating corresponding login success rates;
extracting suspicious addresses with login success rate lower than preset success rate;
acquiring an operator to which the suspicious address belongs, and judging whether the operator is a common operator;
if the operator belongs to a common operator, acquiring a first IP section where the suspicious address is located, and acquiring a common login address of the same section belonging to the first IP section in the training logic;
respectively acquiring a first geographical position and a second geographical position corresponding to the suspicious address and the common login address of the same segment;
calculating a distance between the first geographical location and a second geographical location;
when the distance is smaller than a preset distance, determining that the suspicious address belongs to a legal address, and dividing the suspicious address into the category of the common login address;
otherwise, determining that the corresponding simulated identity login equipment is abnormal, and acquiring abnormal user information corresponding to the simulated identity;
if the operator does not belong to a common operator, acquiring historical log data of the suspicious address, and extracting the residual simulation identity of the historical login of the suspicious address;
when the extraction result is 0, determining that the corresponding simulation identity is stolen, and acquiring abnormal user information corresponding to the simulation identity;
and when the extraction result is not 0, acquiring the historical login times of all the simulation identities on the suspicious address, calculating the login failure rate, when the login failure rate is higher than the preset failure rate, determining that the suspicious address belongs to the dangerous address, and encrypting the simulation identities of the historical login.
8. The block chain-based right management method according to claim 1, wherein step 3: the method for generating and outputting a change report of the abnormal change of the authority comprises the following steps:
when the abnormal user belongs to the A-type abnormal user, acquiring an identity code corresponding to the simulated identity, and forcing a corresponding common user to log out;
and when the abnormal user belongs to the B-type abnormal user, acquiring an identity code corresponding to the simulated identity, acquiring all work contents executed by the abnormal user during the login, withdrawing, and simultaneously forcing the corresponding common user to log out.
9. The block chain-based right management method according to claim 1, wherein step 3: the method for generating and outputting a change report of the abnormal change of the authority further comprises the following steps:
and acquiring the identity code of the abnormal user and a corresponding abnormal mode to generate abnormal loss evaluation, and acquiring abnormal content and generating a change report by combining the abnormal loss evaluation.
10. A block chain based rights management system according to claim 1, characterized in that:
the setting module is used for storing the authority corresponding to each user in the block chain in advance;
the checking module is used for acquiring the behaviors of the ordinary users in a preset time period based on the authority information stored in the block chain in a preset period and extracting the users with abnormal behaviors;
the execution module is used for executing corresponding measures based on the abnormal change mode of the abnormal user;
the execution module is further used for generating a change report based on the change mode of the abnormal user, and outputting the change report to the target user side.
CN202110850217.1A 2021-07-27 2021-07-27 Authority management method and system based on block chain Pending CN113612748A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110850217.1A CN113612748A (en) 2021-07-27 2021-07-27 Authority management method and system based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110850217.1A CN113612748A (en) 2021-07-27 2021-07-27 Authority management method and system based on block chain

Publications (1)

Publication Number Publication Date
CN113612748A true CN113612748A (en) 2021-11-05

Family

ID=78305563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110850217.1A Pending CN113612748A (en) 2021-07-27 2021-07-27 Authority management method and system based on block chain

Country Status (1)

Country Link
CN (1) CN113612748A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115618308A (en) * 2022-12-01 2023-01-17 杭州美创科技股份有限公司 Abnormal behavior detection method and device based on zero trust identity

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115618308A (en) * 2022-12-01 2023-01-17 杭州美创科技股份有限公司 Abnormal behavior detection method and device based on zero trust identity

Similar Documents

Publication Publication Date Title
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN110881044B (en) Computer firewall dynamic defense security platform
CN104104652B (en) A kind of man-machine recognition methods, network service cut-in method and corresponding equipment
Agrawal et al. Privacy and security of Aadhaar: a computer science perspective
CN112217835B (en) Message data processing method and device, server and terminal equipment
US20170324777A1 (en) Injecting supplemental data into data queries at network end-points
CN103581105A (en) Login verification method and login verification system
CN104184705A (en) Verification method, apparatus, server, user data center and system
CN116542637B (en) Government platform safety control method based on computer
US10320775B2 (en) Eliminating abuse caused by password reuse in different systems
CN108965324A (en) A kind of anti-brush method of short message verification code, terminal, server, equipment and medium
CN101051905A (en) Agent identity certificiation method
CN112329042A (en) Big data secure storage system and method
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN106559386A (en) A kind of authentication method and device
CN113612748A (en) Authority management method and system based on block chain
CN113918977A (en) User information transmission device based on Internet of things and big data analysis
CN103532979A (en) Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web
CN106713372B (en) A kind of method of controlling security and safety control system based on permission control
CN111600701B (en) Private key storage method, device and storage medium based on blockchain
Narayanan et al. Security policy audits: why and how
CN109145543B (en) Identity authentication method
CN107844290B (en) Software product design method and device based on data stream security threat analysis
CN115643573A (en) Privileged account authentication method and system based on dynamic security environment
CN115499840A (en) Security assessment system and method for mobile internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211105

RJ01 Rejection of invention patent application after publication