CN114221824B - Security access control method, system and readable storage medium for private area network - Google Patents
Security access control method, system and readable storage medium for private area network Download PDFInfo
- Publication number
- CN114221824B CN114221824B CN202210162859.7A CN202210162859A CN114221824B CN 114221824 B CN114221824 B CN 114221824B CN 202210162859 A CN202210162859 A CN 202210162859A CN 114221824 B CN114221824 B CN 114221824B
- Authority
- CN
- China
- Prior art keywords
- access
- user
- data
- private
- characteristic data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a security access control method, a security access control system and a readable storage medium of a private domain network. According to the method and the device, the access condition of the access user is judged by combining the preset access condition of the access user to the private network with the characteristic attribute information of the access user for data comparison, and the security of the access level authority of the private network is improved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, a system, and a readable storage medium for controlling security access of a private network.
Background
With the rapid development and wide popularization of network application, information technology plays a significant role in national economic development, and network information security is one of the most important problems of the current information society. Especially in the field of private network application services, the security integrity design that the private network security is lack due to the fact that the requirement of private density and privacy hierarchy is high due to low network complexity is designed, the existing security access control method is simple and single in structure, the private network application generally lacks security and complexity, once the private network application is intentionally invaded or maliciously tampered, huge loss is caused, and the private network application is difficult to repair.
Thus, the prior art has deficiencies and drawbacks that warrant improvement.
Disclosure of Invention
In view of the foregoing problems, an object of the present invention is to provide a method, a system, and a readable storage medium for controlling security access to a private network, which implement determination of access conditions to an access user by performing data comparison on preset conditions of access to the private network by the access user in combination with characteristic attribute information of the access user, thereby improving security of access level permissions of the private network.
The first aspect of the present invention provides a method for controlling security access of a private network, including:
acquiring user information data of an access user to generate an access user data packet;
the access user data packet comprises user access data which comprise a user grade, a user authority, a user credit value, a user attribute and a user access domain width, and a user access characteristic data set is generated according to the user grade, the user authority, the user credit value, the user attribute and the user access domain width;
acquiring first private key data of an access user in a first private domain information database according to the user access characteristic data set;
authenticating according to the first private key data and a first preset rule to obtain private authentication data;
and performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value.
Optionally, in the method for controlling security access to a private domain network according to the embodiment of the present application, acquiring first private key data of an access user in a first private domain information database according to the user access characteristic data set includes:
the first private information database comprises information characteristic data sets of each private network level;
information characteristic data in the information characteristic data set of the private domain network hierarchy are arranged in an associated mode according to a second preset rule;
the second preset rule is established according to the information characteristic data classification organization tree graph of various information characteristic data;
and classifying and organizing a tree graph according to the information characteristic data of the user access data in the user access characteristic data set, corresponding to the private domain hierarchy, in the first private domain information database to obtain first private key data of the access user.
Optionally, in the method for controlling security access to a private network according to the embodiment of the present application, the classifying and organizing a tree diagram for feature information data includes:
the characteristic information data classification organization tree graph comprises private key characteristic data corresponding to the various information characteristic data;
obtaining user access data classification corresponding to the information characteristic data according to the node position of the private key characteristic data in the characteristic information data classification organization tree graph;
and obtaining the mapping relation between the user access data and the private key characteristic data in the private domain hierarchy according to the user access data classification.
Optionally, in the method for controlling security access to a private domain network according to the embodiment of the present application, obtaining first private key data of an access user according to an information feature data classification organization tree diagram of a private domain hierarchy corresponding to user access data in the user access feature data set in the first private domain information database includes:
obtaining private key characteristic data related to the mapping of the user access data in the characteristic information data classification organization tree graph according to the user access data in the user access characteristic data set;
and aggregating according to the node attribute values of the private key characteristic data in the characteristic information data classification organization tree graph to obtain the first private key data of the access user.
Optionally, in the method for controlling security access to a private domain network according to the embodiment of the present application, the authenticating according to the first private key data and according to a first preset rule to obtain private authentication data includes:
acquiring a first private data value of an access user in a private data model according to the user access characteristic data set;
authenticating according to a first private data value of the access user and the first private key data according to a first preset rule to obtain a private authentication value;
the first preset rule comprises a private authentication value obtained according to the ratio of the private data value to the private key data;
and weighting according to the private authentication value and the access footprint data within a preset time period of an access user to obtain the private authentication data.
Optionally, in the method for controlling security access to a private domain network according to the embodiment of the present application, comparing the private authentication data with a preset private authentication threshold to perform access authentication on the access user includes:
performing data clustering according to preset access information data of the access user in a preset time period and the access user characteristic data set to obtain a preset privacy authentication threshold value;
comparing a threshold value according to the private authentication data and the preset private authentication threshold value;
if the private authentication data is smaller than the preset private authentication threshold value, accessing authentication rejection;
otherwise, the access authentication is passed.
A second aspect of the present invention provides a security access control system for a private network, including a memory and a processor, where the memory includes a security access control method program for the private network, and when executed by the processor, the security access control method program for the private network implements the following steps:
acquiring user information data of an access user to generate an access user data packet;
the access user data packet comprises user access data which comprise a user grade, a user authority, a user credit value, a user attribute and a user access domain width, and a user access characteristic data set is generated according to the user grade, the user authority, the user credit value, the user attribute and the user access domain width;
acquiring first private key data of an access user in a first private domain information database according to the user access characteristic data set;
authenticating according to the first private key data and a first preset rule to obtain private authentication data;
and performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value.
Optionally, in the system for controlling security access to a private domain network according to the embodiment of the present application, acquiring first private key data of an access user from a first private domain information database according to the user access characteristic data set includes:
the first private information database comprises information characteristic data sets of each private network level;
information characteristic data in the information characteristic data set of the private domain network hierarchy are arranged in an associated mode according to a second preset rule;
the second preset rule is established according to the information characteristic data classification organization tree graph of various information characteristic data;
and classifying and organizing a tree graph according to the information characteristic data of the user access data in the user access characteristic data set, corresponding to the private domain hierarchy, in the first private domain information database to obtain first private key data of the access user.
Optionally, in the system for controlling security access to a private domain network according to the embodiment of the present application, obtaining first private key data of an access user according to an information feature data classification organization tree diagram of a private domain hierarchy corresponding to user access data in the user access feature data set in the first private domain information database includes:
obtaining private key characteristic data related to the mapping of the user access data in the characteristic information data classification organization tree graph according to the user access data in the user access characteristic data set;
and aggregating according to the node attribute values of the private key characteristic data in the characteristic information data classification organization tree graph to obtain the first private key data of the access user.
A third aspect of the present invention provides a readable storage medium, where the readable storage medium includes a security access control program of a private network, and when the security access control program of the private network is executed by a processor, the steps of the method for controlling security access of the private network as described in any one of the above are implemented.
The invention discloses a security access control method, a security access control system and a readable storage medium of a private domain network. According to the method and the device, the access condition of the access user is judged by combining the preset access condition of the access user to the private network with the characteristic attribute information of the access user for data comparison, and the security of the access level authority of the private network is improved.
Additional features and advantages of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
FIG. 1 is a flow chart of a method for controlling security access of a private network according to the present invention;
fig. 2 shows a block diagram of a security access control system of a private domain network according to the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
FIG. 1 is a flow chart of a method for controlling security access of a private network according to the present invention;
as shown in fig. 1, the present invention discloses a method for controlling security access of a private network, which comprises:
s101, acquiring user information data of an access user to generate an access user data packet;
s102, the access user data packet comprises user access data including a user grade, a user authority, a user credit value, a user attribute and a user access domain width, and a user access characteristic data set is generated according to the user grade, the user authority, the user credit value, the user attribute and the user access domain width;
s103, acquiring first private key data of the access user in a first private domain information database according to the user access characteristic data set;
s104, authenticating according to the first private key data and a first preset rule to obtain private authentication data;
and S105, performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value.
The method includes the steps of firstly generating an access user data packet according to user information data of an access user, wherein the access user data packet includes user grade, user authority, user credit value, user attribute and user access domain width of the user access data, generating a user access characteristic data set, obtaining first private key data of the access user in a first private domain information database according to the user access characteristic data set through a preset rule, authenticating the first private key data according to the first preset rule to obtain private authentication data, comparing the private authentication data with an obtained preset private authentication threshold value, and performing access authentication on the access user according to a comparison result.
According to the embodiment of the present invention, the obtaining of the first private key data of the access user in the first private domain information database according to the user access characteristic data set specifically includes:
the first private information database comprises information characteristic data sets of each private network level;
information characteristic data in the information characteristic data set of the private domain network hierarchy are arranged in an associated mode according to a second preset rule;
the second preset rule is established according to the information characteristic data classification organization tree graph of various information characteristic data;
and classifying and organizing a tree graph according to the information characteristic data of the user access data in the user access characteristic data set, corresponding to the private domain hierarchy, in the first private domain information database to obtain first private key data of the access user.
It should be noted that first private key data of the access user is acquired in a first private domain information database according to the user access characteristic data set, wherein the first private domain information database includes various information characteristic data sets of different private domain network hierarchies, information characteristic data in the information characteristic data sets are arranged in an associated manner according to a second preset rule, the information characteristic data can be organized and arranged through the associated arrangement of the second preset rule to acquire corresponding private key data of the data arrangement and a contrast relationship with the user access characteristic data, and therefore the first private key data is acquired by arranging the user access data through the rule.
According to the embodiment of the invention, the characteristic information data classification organization tree graph specifically comprises the following steps:
the characteristic information data classification organization tree graph comprises private key characteristic data corresponding to the various information characteristic data;
obtaining user access data classification corresponding to the information characteristic data according to the node position of the private key characteristic data in the characteristic information data classification organization tree graph;
and obtaining the mapping relation between the user access data and the private key characteristic data in the private domain hierarchy according to the user access data classification.
It should be noted that the characteristic information data classification organization tree diagram is a classification layout situation about information characteristic data, a layout node position of private key characteristic data corresponding to each information characteristic data is displayed in the organization tree diagram, classification of user access data corresponding to the information characteristic data can be known by inquiring the position of the private key characteristic data in the organization tree diagram, a mapping relation between the user access data and the private key characteristic data in a private domain hierarchy is reflected, nodes and node attributes of the user access data in the organization tree diagram are in one-to-one correspondence, and the private key data to be acquired can be acquired by processing the user access data through the organization tree diagram through the node attributes.
According to the embodiment of the present invention, the classifying and organizing a tree diagram according to the information characteristic data of the private domain hierarchy corresponding to the user access data in the user access characteristic data set in the first private domain information database to obtain the first private key data of the access user specifically includes:
obtaining private key characteristic data related to the mapping of the user access data in the characteristic information data classification organization tree graph according to the user access data in the user access characteristic data set;
and aggregating according to the node attribute values of the private key characteristic data in the characteristic information data classification organization tree graph to obtain first private key data of the access user.
It should be noted that, node attribute values are aggregated according to a node position relationship of private key feature data correspondingly mapped by user access data in a feature information data classification organization tree graph to obtain first private key data, where the private key feature data of each node position in the feature information data classification organization tree graph has a corresponding node attribute value, and each node in the feature information data classification organization tree graph is in a series-parallel connection relationship, the private key feature data of each node position are aggregated through the series-parallel connection relationship to obtain an aggregated value of the private key feature data of each node position corresponding to the node attribute value, and the node attribute values of the private key feature data corresponding to the user access data in the feature information data classification organization tree graph are aggregated according to the user access data to obtain the first private key data of the access user, and a calculation formula of node attribute value aggregation is:
wherein, the first and the second end of the pipe are connected with each other,in order to obtain the value of the polymerization,in the case of the value of the node attribute,the number of the nodes is the number of the nodes,representIn a node the firstAnd (4) each node.
According to the embodiment of the present invention, the authenticating according to the first private key data according to a first preset rule to obtain private authentication data specifically includes:
acquiring a first private data value of an access user in a private data model according to the user access characteristic data set;
authenticating according to a first private data value of the access user and the first private key data according to a first preset rule to obtain a private authentication value;
the first preset rule comprises a private authentication value obtained according to the ratio of the private data value to the private key data;
and weighting according to the private authentication value and the access footprint data within a preset time period of an access user to obtain the private authentication data.
It should be noted that, the private data model in the first private data value obtained in the private data model according to the user access characteristic data set is a training sample set obtained by preprocessing the sample data of the historical access user characteristic data and the corresponding first private data value, the training sample set is input into the initialized private data model for data accuracy test and obtaining the test result accuracy, if the result accuracy is greater than the preset accuracy threshold, the private data model is obtained by retaining the data, the private data model requires a large number of historical data samples for training, the result is more accurate when the data size is larger, the model training accuracy threshold is set to 80% in the scheme, obtaining a first private data value through a model, obtaining a private authentication value according to the ratio of the first private data value to the first private key data, and weighting the private authentication value and access footprint data within a preset time period of an access user to obtain private authentication data;
wherein, the weighting calculation formula of the private authentication data is as follows:
wherein the content of the first and second substances,in order to authenticate the data for privacy,to access the user's private authentication value,in order to access the user's dynamic security factors,in order to access the confidential coefficients of the content,in order to access the content right level coefficients,for the number of accesses by the accessing user within a preset time period,to representThe first of the number of accessesAnd (7) secondary access.
According to the embodiment of the present invention, the access authentication for the access user according to the comparison between the private authentication data and the preset private authentication threshold specifically comprises:
performing data clustering according to preset access information data of the access user in a preset time period and the access user characteristic data set to obtain a preset privacy authentication threshold value;
comparing a threshold value according to the private authentication data and the preset private authentication threshold value;
if the private authentication data is smaller than the preset private authentication threshold value, accessing authentication rejection;
otherwise, the access authentication is passed.
It should be noted that, in the real-time embodiment of the present invention, data clustering based on euclidean distance is adopted, the euclidean distance between any two data sets between the preset access information data and the feature data set is first calculated, then vector processing is performed on the euclidean distances of the multiple data sets to obtain distance vectors, and then the standard deviation of the multiple distance vectors is used as a data clustering result, that is, the preset privacy authentication threshold in the embodiment of the present invention, where the preset access information data is a preset setting of an access user on an expected access content before a preset time period, a privacy authentication threshold set by a connection between the preset access information data and the feature data set of the access user can be used to evaluate an access threshold preset by the access user, and the deviation of actual access information data of the access user can be measured by the access threshold, so as to reflect the difference between actual access and preset access of the access user in the preset time period, and judging whether the access user has overproof illegal access.
According to the embodiment of the invention, the method further comprises the following steps:
if the access user authentication is not passed, inquiring access user habit data in an access user database according to the user access data in the user access characteristic data set;
correcting the preset private authentication threshold value according to the access user habit data to obtain a corrected private authentication threshold value;
comparing the threshold value according to the corrected private authentication threshold value and the private authentication data;
and judging the access authentication again for the access user according to the threshold comparison result.
If the access user authentication is not passed, in order to eliminate distortion of a preset private authentication threshold of the access user, inquiring a preset private authentication threshold in an access user database according to user access data in a user access characteristic data set, wherein the access user database comprises private domain access habit data of each access user, correcting the preset private authentication threshold according to the access user habit data to obtain a corrected private authentication threshold, and then performing threshold comparison according to the corrected private authentication threshold and the private authentication data to judge the access authentication of the access user again, wherein the corrected private authentication threshold is obtained by solving a variance between the preset private authentication threshold and the access user habit data.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring user characteristic identification information data of an access user;
the user characteristic identification information data comprises biological characteristic data and personal information data of an access user;
establishing a user characteristic signaling according to the user characteristic identification information data and the access user characteristic data;
the user characteristic signaling encrypts user identity data and personal authority identification of the user characteristic data according to the biological characteristic data of the access user;
performing access matching degree identification according to first private key data of an access user and the user characteristic signaling to obtain access authority data of the access user;
setting a preset private authentication threshold value according to the access authority data and the personal information data;
and performing access authentication on the access user according to the preset private authentication threshold value.
It should be noted that, because the biometric features and the personal information of different access users have differences, according to the biological characteristics and the personal information related data of the access user, identity data encryption and personal authority identification are carried out on the user characteristic data to generate access authority data, then a preset private authentication threshold value is further set, performing access authentication on the access user according to a preset privacy authentication threshold, specifically, acquiring user characteristic identification information data of the access user and combining the access user characteristic data to establish a user characteristic signaling to perform user identity data encryption and personal authority identification on the user characteristic data according to the biological characteristic data of the access user, and performing access matching degree identification according to the first private key data of the access user and the user characteristic signaling to obtain access authority data of the access user, and setting a preset private authentication threshold value in combination with the personal information data to perform access authentication on the access user.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring user characteristic identification information data of an access user and identifying a personal authority identifier of the access user;
the personal authority identification comprises historical visiting levels and historical reference records of visiting users;
the personal authority identification comprises an access user privacy level and a user authority preset value which are set according to the historical access level and the historical reference record of the access user;
acquiring a consulting domain order requirement and a privacy level of the access user according to the personal authority identification of the access user;
and correcting the user characteristic identification information data of the access user according to the access data level and the access address record of the access user in the preset time period and looking up the privacy level to obtain the updated privacy level of the access user and obtain the updated privacy level preset value.
It should be noted that, in order to evaluate the privacy level of the accessing user and obtain the preset value of the privacy level, by identifying the information data and identifying the personal authority identifier by the user characteristic of the accessing user, the personal authority identification comprises an access user privacy level and a user authority preset value which are set according to the access user historical access level and the historical consulting record, acquiring the consulting domain order requirement and the privacy level of the access user according to the personal authority identification of the access user, and modifying the user characteristic identification information data of the access user according to the access data level and the access address record of the access user in a preset time period and the reference privacy level to obtain an updated access user privacy level and an updated privacy level preset value, and modifying the privacy level of the access user to obtain an accurate matching privacy level preset value.
According to the embodiment of the invention, the method further comprises the following steps:
obtaining an access user data packet of an access user and extracting a private level characteristic value of the access user;
extracting the access application information of the access user at this time according to the preset access information data of the access user;
the access application information comprises an access data grade and an access privacy grade;
acquiring a preset access privacy level identification value accessed by the access user at this time according to the access data level and the access privacy level;
comparing a threshold value according to the preset access privacy level identification value and the access user privacy level characteristic value;
if the preset access privacy level identification value is larger than the privacy level characteristic value, performing access warning on the access user;
and if the preset access privacy level identification value is smaller than the privacy level characteristic value, the access state of the access user is normal.
It should be noted that, in order to evaluate the access state of the access user, the access state of the access user is evaluated according to the threshold comparison between the preset access privacy level identification value of the access user and the access user privacy level characteristic value, particularly, the characteristic value of the privacy level of the access user is extracted for obtaining the data packet of the access user, extracting the access application information of the access user including the access data grade and the access privacy grade according to the preset access information data of the access user, obtaining the preset access privacy level identification value accessed by the access user at this time according to the access data level and the access privacy level, and comparing a threshold value according to the preset access privacy level identification value and the access user privacy level characteristic value, if the preset access privacy level identification value is greater than the privacy level characteristic value, performing access warning on the access user, and if the preset access privacy level identification value is less than the privacy level characteristic value, determining that the access state of the access user is normal.
FIG. 2 is a block diagram of a security access control system of a private domain network according to the present invention;
as shown in fig. 2, a second aspect of the present invention provides a security access control system 2 for a private network, including a memory 201 and a processor 202, where the memory includes a security access control method program for the private network, and when executed by the processor, the security access control method program for the private network implements the following steps:
acquiring user information data of an access user to generate an access user data packet;
the access user data packet comprises user access data which comprise a user grade, a user authority, a user credit value, a user attribute and a user access domain width, and a user access characteristic data set is generated according to the user grade, the user authority, the user credit value, the user attribute and the user access domain width;
acquiring first private key data of an access user in a first private domain information database according to the user access characteristic data set;
authenticating according to the first private key data and a first preset rule to obtain private authentication data;
and performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value.
The method includes the steps of firstly generating an access user data packet according to user information data of an access user, wherein the access user data packet includes user grade, user authority, user credit value, user attribute and user access domain width of the user access data, generating a user access characteristic data set, obtaining first private key data of the access user in a first private domain information database according to the user access characteristic data set through a preset rule, authenticating the first private key data according to the first preset rule to obtain private authentication data, comparing the private authentication data with an obtained preset private authentication threshold value, and performing access authentication on the access user according to a comparison result.
According to the embodiment of the present invention, the obtaining of the first private key data of the access user in the first private domain information database according to the user access characteristic data set specifically includes:
the first private information database comprises information characteristic data sets of each private network level;
information characteristic data in the information characteristic data set of the private domain network hierarchy are arranged in an associated mode according to a second preset rule;
the second preset rule is established according to the information characteristic data classification organization tree graph of various information characteristic data;
and classifying and organizing a tree graph according to the information characteristic data of the user access data in the user access characteristic data set, corresponding to the private domain hierarchy, in the first private domain information database to obtain first private key data of the access user.
It should be noted that first private key data of the access user is acquired in a first private domain information database according to the user access characteristic data set, wherein the first private domain information database includes various information characteristic data sets of different private domain network hierarchies, information characteristic data in the information characteristic data sets are arranged in an associated manner according to a second preset rule, the information characteristic data can be organized and arranged through the associated arrangement of the second preset rule to acquire corresponding private key data of the data arrangement and a contrast relationship with the user access characteristic data, and therefore the first private key data is acquired by arranging the user access data through the rule.
According to the embodiment of the invention, the characteristic information data classification organization tree graph specifically comprises the following steps:
the characteristic information data classification organization tree graph comprises private key characteristic data corresponding to the various information characteristic data;
obtaining user access data classification corresponding to the information characteristic data according to the node position of the private key characteristic data in the characteristic information data classification organization tree graph;
and obtaining the mapping relation between the user access data and the private key characteristic data in the private domain hierarchy according to the user access data classification.
It should be noted that the characteristic information data classification organization tree diagram is a classification layout situation about information characteristic data, a layout node position of private key characteristic data corresponding to each information characteristic data is displayed in the organization tree diagram, classification of user access data corresponding to the information characteristic data can be known by inquiring the position of the private key characteristic data in the organization tree diagram, a mapping relation between the user access data and the private key characteristic data in a private domain hierarchy is reflected, nodes and node attributes of the user access data in the organization tree diagram are in one-to-one correspondence, and the private key data to be acquired can be acquired by processing the user access data through the organization tree diagram through the node attributes.
According to the embodiment of the present invention, the classifying and organizing a tree graph according to the user access data in the user access characteristic data set and the information characteristic data of the corresponding private domain hierarchy in the first private domain information database to obtain the first private key data of the access user specifically comprises:
obtaining private key characteristic data related to the mapping of the user access data in the characteristic information data classification organization tree graph according to the user access data in the user access characteristic data set;
and aggregating according to the node attribute values of the private key characteristic data in the characteristic information data classification organization tree graph to obtain the first private key data of the access user.
It should be noted that, node attribute values are aggregated according to a node position relationship of private key feature data correspondingly mapped by user access data in a feature information data classification organization tree graph to obtain first private key data, where the private key feature data of each node position in the feature information data classification organization tree graph has a corresponding node attribute value, and each node in the feature information data classification organization tree graph is in a series-parallel connection relationship, the private key feature data of each node position are aggregated through the series-parallel connection relationship to obtain an aggregated value of the private key feature data of each node position corresponding to the node attribute value, and the node attribute values of the private key feature data corresponding to the user access data in the feature information data classification organization tree graph are aggregated according to the user access data to obtain the first private key data of the access user, and a calculation formula of node attribute value aggregation is:
wherein the content of the first and second substances,in order to obtain the value of the polymerization,in the case of the value of the node attribute,the number of the nodes is the number of the nodes,to representIn a node the firstAnd (4) each node.
According to the embodiment of the present invention, the authenticating according to the first private key data according to a first preset rule to obtain private authentication data specifically includes:
acquiring a first private data value of an access user in a private data model according to the user access characteristic data set;
authenticating according to a first private data value of the access user and the first private key data according to a first preset rule to obtain a private authentication value;
the first preset rule comprises a private authentication value obtained according to the ratio of the private data value to the private key data;
and weighting according to the private authentication value and the access footprint data within a preset time period of an access user to obtain the private authentication data.
It should be noted that, the private data model in the first private data value obtained in the private data model according to the user access characteristic data set is a training sample set obtained by preprocessing the sample data of the historical access user characteristic data and the corresponding first private data value, the training sample set is input into the initialized private data model for data accuracy test and obtaining the test result accuracy, if the result accuracy is greater than the preset accuracy threshold, the private data model is obtained by retaining the data, the private data model requires a large number of historical data samples for training, the result is more accurate when the data size is larger, the model training accuracy threshold is set to 80% in the scheme, obtaining a first private data value through a model, obtaining a private authentication value according to the ratio of the first private data value to the first private key data, and weighting the private authentication value and access footprint data within a preset time period of an access user to obtain private authentication data;
wherein, the weighting calculation formula of the private authentication data is as follows:
wherein the content of the first and second substances,in order to authenticate the data for privacy,to access the user's private authentication value,in order to access the user's dynamic security factors,in order to access the confidential coefficients of the content,in order to access the content right level coefficients,for the number of accesses by the accessing user within a preset time period,to representThe first in the number of accessesAnd (7) secondary access.
According to the embodiment of the present invention, the access authentication for the access user according to the comparison between the private authentication data and the preset private authentication threshold specifically comprises:
performing data clustering according to preset access information data of the access user in a preset time period and the access user characteristic data set to obtain a preset privacy authentication threshold value;
comparing a threshold value according to the private authentication data and the preset private authentication threshold value;
if the private authentication data is smaller than the preset private authentication threshold value, accessing authentication rejection;
otherwise, the access authentication is passed.
It should be noted that, in the real-time embodiment of the present invention, data clustering based on euclidean distance is adopted, the euclidean distance between any two data sets between the preset access information data and the feature data set is first calculated, then vector processing is performed on the euclidean distances of the multiple data sets to obtain distance vectors, and then the standard deviation of the multiple distance vectors is used as a data clustering result, that is, the preset privacy authentication threshold in the embodiment of the present invention, where the preset access information data is a preset setting of an access user on an expected access content before a preset time period, a privacy authentication threshold set by a connection between the preset access information data and the feature data set of the access user can be used to evaluate an access threshold preset by the access user, and the deviation of actual access information data of the access user can be measured by the access threshold, so as to reflect the difference between actual access and preset access of the access user in the preset time period, and judging whether the access user has overproof illegal access.
According to the embodiment of the invention, the method further comprises the following steps:
if the access user authentication is not passed, inquiring access user habit data in an access user database according to the user access data in the user access characteristic data set;
correcting the preset private authentication threshold value according to the access user habit data to obtain a corrected private authentication threshold value;
comparing the threshold value according to the corrected private authentication threshold value and the private authentication data;
and judging the access authentication again for the access user according to the threshold comparison result.
If the access user authentication is not passed, in order to eliminate distortion of a preset private authentication threshold of the access user, inquiring a preset private authentication threshold in an access user database according to user access data in a user access characteristic data set, wherein the access user database comprises private domain access habit data of each access user, correcting the preset private authentication threshold according to the access user habit data to obtain a corrected private authentication threshold, and then performing threshold comparison according to the corrected private authentication threshold and the private authentication data to judge the access authentication of the access user again, wherein the corrected private authentication threshold is obtained by solving a variance between the preset private authentication threshold and the access user habit data.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring user characteristic identification information data of an access user;
the user characteristic identification information data comprises biological characteristic data and personal information data of an access user;
establishing a user characteristic signaling according to the user characteristic identification information data and the access user characteristic data;
the user characteristic signaling encrypts user identity data and personal authority identification of the user characteristic data according to the biological characteristic data of the access user;
performing access matching degree identification according to first private key data of an access user and the user characteristic signaling to obtain access authority data of the access user;
setting a preset private authentication threshold value according to the access authority data and the personal information data;
and performing access authentication on the access user according to the preset private authentication threshold value.
It should be noted that, because the biometric features and the personal information of different access users have differences, according to the biological characteristics and the personal information related data of the access user, identity data encryption and personal authority identification are carried out on the user characteristic data to generate access authority data, then a preset private authentication threshold value is further set, performing access authentication on the access user according to a preset privacy authentication threshold, specifically, acquiring user characteristic identification information data of the access user and combining the access user characteristic data to establish a user characteristic signaling to perform user identity data encryption and personal authority identification on the user characteristic data according to the biological characteristic data of the access user, and performing access matching degree identification according to the first private key data of the access user and the user characteristic signaling to obtain access authority data of the access user, and setting a preset private authentication threshold value in combination with the personal information data to perform access authentication on the access user.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring user characteristic identification information data of an access user and identifying a personal authority identifier of the access user;
the personal authority identification comprises historical visiting levels and historical reference records of visiting users;
the personal authority identification comprises an access user privacy level and a user authority preset value which are set according to the historical access level and the historical reference record of the access user;
acquiring a consulting domain order requirement and a privacy level of the access user according to the personal authority identification of the access user;
and correcting the user characteristic identification information data of the access user according to the access data level, the access address record and the inquiry privacy level of the access user in the preset time period to obtain an updated privacy level of the access user, and obtaining an updated privacy level preset value.
It should be noted that, in order to evaluate the privacy level of the accessing user and obtain the preset value of the privacy level, by identifying the information data and identifying the personal authority identifier by the user characteristic of the accessing user, the personal authority identification comprises an access user privacy level and a user authority preset value which are set according to the access user historical access level and the historical consulting record, acquiring the consulting domain order requirement and the privacy level of the access user according to the personal authority identification of the access user, and modifying the user characteristic identification information data of the access user according to the access data level and the access address record of the access user in a preset time period and the reference privacy level to obtain an updated access user privacy level and an updated privacy level preset value, and modifying the privacy level of the access user to obtain an accurate matching privacy level preset value.
According to the embodiment of the invention, the method further comprises the following steps:
obtaining an access user data packet of an access user and extracting a private level characteristic value of the access user;
extracting the access application information of the access user at this time according to the preset access information data of the access user;
the access application information comprises an access data grade and an access privacy grade;
acquiring a preset access privacy level identification value accessed by the access user at this time according to the access data level and the access privacy level;
comparing a threshold value according to the preset access privacy level identification value and the access user privacy level characteristic value;
if the preset access privacy level identification value is larger than the privacy level characteristic value, performing access warning on the access user;
and if the preset access privacy level identification value is smaller than the privacy level characteristic value, the access state of the access user is normal.
It should be noted that, in order to evaluate the access state of the access user, the access state of the access user is evaluated according to the threshold comparison between the preset access privacy level identification value of the access user and the access user privacy level characteristic value, particularly, the privacy level characteristic value of the access user is extracted for obtaining the access user data packet of the access user, extracting the access application information of the access user including the access data grade and the access privacy grade according to the preset access information data of the access user, obtaining the preset access privacy level identification value accessed by the access user at this time according to the access data level and the access privacy level, and comparing a threshold value according to the preset access privacy level identification value and the access user privacy level characteristic value, if the preset access privacy level identification value is greater than the privacy level characteristic value, performing access warning on the access user, and if the preset access privacy level identification value is less than the privacy level characteristic value, determining that the access state of the access user is normal.
A third aspect of the present invention provides a readable storage medium, where the readable storage medium includes a security access control method program for a private network, and when the security access control method program for the private network is executed by a processor, the steps of the security access control method for the private network as described in any of the above are implemented.
The invention discloses a security access control method, a security access control system and a readable storage medium of a private domain network. According to the method and the device, the access condition of the access user is judged by combining the preset access condition of the access user to the private network with the characteristic attribute information of the access user for data comparison, and the security of the access level authority of the private network is improved.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
Claims (10)
1. A secure access control method of a private network is characterized by comprising the following steps:
acquiring user information data of an access user to generate an access user data packet;
the access user data packet comprises user access data which comprises a user grade, a user authority, a user credit value, a user attribute and a user access domain width, and a user access characteristic data set is generated according to the user grade, the user authority, the user credit value, the user attribute and the user access domain width;
acquiring first private key data of an access user in a first private domain information database according to the user access characteristic data set;
authenticating according to the first private key data and a first preset rule to obtain private authentication data;
and performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value.
2. The method of claim 1, wherein obtaining the first private key data of the access user from the first private information database according to the user access characteristic data set comprises:
the first private information database comprises information characteristic data sets of each private network level;
information characteristic data in the information characteristic data set of the private domain network hierarchy are arranged in an associated mode according to a second preset rule;
the second preset rule is established according to the information characteristic data classification organization tree graph of various information characteristic data;
and classifying and organizing a tree graph according to the information characteristic data of the user access data in the user access characteristic data set, corresponding to the private domain hierarchy, in the first private domain information database to obtain first private key data of the access user.
3. The method as claimed in claim 2, wherein the step of organizing the tree graph by classifying the information characteristic data comprises:
the information characteristic data classification organization tree graph comprises private key characteristic data corresponding to the various information characteristic data;
obtaining user access data classification corresponding to the information characteristic data according to the node position of the private key characteristic data in the information characteristic data classification organization tree graph;
and obtaining the mapping relation between the user access data and the private key characteristic data in the private domain hierarchy according to the user access data classification.
4. The method as claimed in claim 2, wherein obtaining the first private key data of the accessing user according to the information characteristic data classification organization tree diagram of the private domain hierarchy corresponding to the user access data in the user access characteristic data set in the first private domain information database comprises:
obtaining private key characteristic data related to mapping of the user access data in the information characteristic data classification organization tree graph according to the user access data in the user access characteristic data set;
and aggregating according to the node attribute values of the private key characteristic data in the information characteristic data classification organization tree graph to obtain the first private key data of the access user.
5. The method as claimed in claim 1, wherein the authenticating according to the first private key data and according to a first preset rule to obtain private authentication data comprises:
acquiring a first private data value of an access user in a private data model according to the user access characteristic data set;
authenticating according to a first private data value of the access user and the first private key data according to a first preset rule to obtain a private authentication value;
the first preset rule comprises a private authentication value obtained according to the ratio of the private data value to the private key data;
and weighting according to the private authentication value and the access footprint data within a preset time period of an access user to obtain the private authentication data.
6. The security access control method of the private network according to claim 5, wherein performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value comprises:
performing data clustering according to preset access information data of the access user in a preset time period and the access user characteristic data set to obtain a preset privacy authentication threshold value;
comparing a threshold value according to the private authentication data and the preset private authentication threshold value;
if the private authentication data is smaller than the preset private authentication threshold value, accessing authentication rejection;
otherwise, the access authentication is passed.
7. A security access control system of a private network is characterized by comprising a memory and a processor, wherein the memory comprises a security access control method program of the private network, and the security access control method program of the private network realizes the following steps when being executed by the processor:
acquiring user information data of an access user to generate an access user data packet;
the access user data packet comprises user access data which comprise a user grade, a user authority, a user credit value, a user attribute and a user access domain width, and a user access characteristic data set is generated according to the user grade, the user authority, the user credit value, the user attribute and the user access domain width;
acquiring first private key data of an access user in a first private domain information database according to the user access characteristic data set;
authenticating according to the first private key data and a first preset rule to obtain private authentication data;
and performing access authentication on the access user according to the comparison between the private authentication data and a preset private authentication threshold value.
8. The system of claim 7, wherein obtaining the first private key data of the access user from the first private information database according to the user access characteristic data set comprises:
the first private information database comprises information characteristic data sets of each private network level;
information characteristic data in the information characteristic data set of the private domain network hierarchy are arranged in an associated mode according to a second preset rule;
the second preset rule is established according to the information characteristic data classification organization tree graph of various information characteristic data;
and classifying and organizing a tree graph according to the information characteristic data of the user access data in the user access characteristic data set, corresponding to the private domain hierarchy, in the first private domain information database to obtain first private key data of the access user.
9. The system of claim 8, wherein the obtaining of the first private key data of the accessing user according to the classification and organization tree diagram of the user access data in the user access characteristic data set corresponding to the information characteristic data of the private domain hierarchy in the first private information database comprises:
obtaining private key characteristic data related to mapping of the user access data in the information characteristic data classification organization tree graph according to the user access data in the user access characteristic data set;
and aggregating according to the node attribute values of the private key characteristic data in the information characteristic data classification organization tree graph to obtain the first private key data of the access user.
10. A readable storage medium, characterized in that the readable storage medium includes a security access control program of a private network, and when the security access control program of the private network is executed by a processor, the steps of the security access control method of the private network according to any one of claims 1 to 6 are implemented.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210162859.7A CN114221824B (en) | 2022-02-22 | 2022-02-22 | Security access control method, system and readable storage medium for private area network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210162859.7A CN114221824B (en) | 2022-02-22 | 2022-02-22 | Security access control method, system and readable storage medium for private area network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114221824A CN114221824A (en) | 2022-03-22 |
CN114221824B true CN114221824B (en) | 2022-05-17 |
Family
ID=80709301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210162859.7A Active CN114221824B (en) | 2022-02-22 | 2022-02-22 | Security access control method, system and readable storage medium for private area network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114221824B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019127278A1 (en) * | 2017-12-28 | 2019-07-04 | 深圳达闼科技控股有限公司 | Safe access blockchain method, apparatus, system, storage medium, and electronic device |
CN112311779A (en) * | 2020-10-22 | 2021-02-02 | 腾讯科技(深圳)有限公司 | Data access control method and device applied to block chain system |
CN112737785A (en) * | 2021-01-06 | 2021-04-30 | 江西清能高科技术有限公司 | Attribute-based encryption method, system and equipment for complex access policy |
CN114003929A (en) * | 2021-10-27 | 2022-02-01 | 平安国际智慧城市科技股份有限公司 | Data processing method, device, server and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10361853B2 (en) * | 2016-10-12 | 2019-07-23 | Bank Of America Corporation | Automated data authentication and service authorization via cryptographic keys in a private blockchain |
-
2022
- 2022-02-22 CN CN202210162859.7A patent/CN114221824B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019127278A1 (en) * | 2017-12-28 | 2019-07-04 | 深圳达闼科技控股有限公司 | Safe access blockchain method, apparatus, system, storage medium, and electronic device |
CN112311779A (en) * | 2020-10-22 | 2021-02-02 | 腾讯科技(深圳)有限公司 | Data access control method and device applied to block chain system |
CN112737785A (en) * | 2021-01-06 | 2021-04-30 | 江西清能高科技术有限公司 | Attribute-based encryption method, system and equipment for complex access policy |
CN114003929A (en) * | 2021-10-27 | 2022-02-01 | 平安国际智慧城市科技股份有限公司 | Data processing method, device, server and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN114221824A (en) | 2022-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102598007B (en) | Effective detection fingerprints the system and method for data and information | |
CN107579956B (en) | User behavior detection method and device | |
CN109831459B (en) | Method, device, storage medium and terminal equipment for secure access | |
CN113132311B (en) | Abnormal access detection method, device and equipment | |
CN113949577A (en) | Data attack analysis method applied to cloud service and server | |
CN107196842A (en) | The false proof implementation method of message and device | |
CN116776386B (en) | Cloud service data information security management method and system | |
CN113486392B (en) | Sensitive data identification and desensitization method based on big data platform | |
CN107729924A (en) | Picture review probability interval generation method and picture review decision method | |
CN115859345A (en) | Data access management method and system based on block chain | |
CN114595689A (en) | Data processing method, data processing device, storage medium and computer equipment | |
CN112000984A (en) | Data leakage detection method, device, equipment and readable storage medium | |
CN114221824B (en) | Security access control method, system and readable storage medium for private area network | |
CN115834231A (en) | Honeypot system identification method and device, terminal equipment and storage medium | |
US20210209067A1 (en) | Network activity identification and characterization based on characteristic active directory (ad) event segments | |
CN111241376A (en) | Multistage information matching method and device and cloud service platform | |
CN115525609B (en) | Data exchange platform and method based on electronic file and electronic archive | |
CN113949529B (en) | Credible hybrid cloud management platform access method and system | |
CN117742626B (en) | Multi-factor authentication cloud printer access control method and related device | |
CN115481108B (en) | Management method and system for same data among different departments | |
CN116881687B (en) | Power grid sensitive data identification method and device based on feature extraction | |
CN116112264B (en) | Method and device for controlling access to strategy hidden big data based on blockchain | |
CN117254982B (en) | Digital identity verification method and system based on block chain | |
CN117040935B (en) | Cloud computing-based node data security transmission method and system | |
CN118094607A (en) | Customer service information service classified storage method and system based on multi-mode large model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |