CN114844652B - Cloud authentication service system based on block chain and big data mining method - Google Patents

Abstract

The invention relates to a cloud authentication service system based on a block chain and a big data mining method, which solve the technical problem that personal information data protection is not compliant; the private block chain data network unit comprises a data acquisition processor and a final node; the data acquisition processor comprises a personal data mining and sensitivity evaluation unit for mining sensitive data and finishing sensitivity judgment; if the authentication data are judged to be sensitive data, the data acquisition processor encrypts the sensitive information by using a symmetric encryption algorithm, a final node forms an encrypted information abstract by using a Hash algorithm, and the signature is carried out by using an asymmetric encryption algorithm; if the authentication data is judged to be non-sensitive data, the terminal node directly carries out signature through an asymmetric encryption algorithm, so that the problem is well solved, and the method can be used in cloud authentication.

Description

Cloud authentication service system based on block chain and big data mining method

Technical Field

The invention relates to the field of cloud evidence and big data mining, in particular to a cloud authentication service system based on a blockchain and a big data mining method.

Background

The existing cloud authentication service system and big data mining method based on the blockchain are authoritative authentication systems which are organized by the combination of data center alliance and cloud computing development and policy forum (hereinafter referred to as alliance and forum), and the only authority authentication system aims at the reliability of cloud services in China. The specific evaluation content of the trusted cloud service authentication comprises 16 items of three major categories, namely: the data management class (persistence of data storage, data destructibility, data mobility, data confidentiality, data awareness, data censorability), the quality of service class (business function, business availability, business resilience, fault recovery capability, network access performance, service metering accuracy) and the rights and interests guarantee class (service change, termination terms, service reimbursement terms, user constraint terms and service obligation terms) essentially cover the problem that cloud service providers need to promise or inform users (based on service SLA) by 90%. The trusted cloud service authentication evaluates the realization degree of the 16 indexes by the cloud service provider by the system and provides a basic basis for the user to select the cloud service provider.

Personal sensitive information refers to personal information that once revealed, illegally provided, or abused may compromise personal and property safety, is highly susceptible to personal reputation, physical and mental health damage, or discrimination treatment, etc. The existing cloud authentication service system based on the blockchain and the big data mining method have the problem that personal information data protection is not compliant. The invention provides a cloud authentication service system based on a blockchain and capable of carrying out data hierarchical authentication and compliance authentication and a big data mining method.

Disclosure of Invention

The invention aims to solve the technical problem that personal information data protection is not compliant in the prior art. The new cloud authentication service system based on the blockchain is characterized by being capable of carrying out data hierarchical authentication and compliance authentication.

In order to solve the technical problems, the technical scheme adopted is as follows:

the cloud authentication service system based on the blockchain comprises a plurality of primary nodes, wherein the primary nodes are connected with a private blockchain data network unit, and a CA relay storage unit is further connected between the primary nodes and the private blockchain data network unit;

the private block chain data network unit comprises a data acquisition processor and a final node connected with the data acquisition processor;

The data acquisition processor comprises a personal data mining and sensitivity evaluation unit, wherein the personal data mining and sensitivity evaluation unit is used for mining sensitive data in self-authentication data to finish the sensitivity judgment of the personal data;

If the authentication data are judged to be sensitive data, the data acquisition processor encrypts the sensitive information by adopting a symmetric encryption algorithm, a final node forms an encrypted information abstract by a Hash algorithm, and the encrypted information abstract is signed by an asymmetric encryption algorithm to form a trusted block data chain; if the authentication data is non-sensitive data, the final node directly signs through an asymmetric encryption algorithm to form a block data chain.

The working principle of the invention is as follows: personal information is divided into general information and sensitive information by personal information protection law of the people's republic of China, and compliance requirements for the two are different. The existing cloud authentication service system based on the blockchain does not distinguish data types according to sensitivity in the data authentication process, and adopts corresponding means to carry out compliance protection according to the regulations of personal information protection laws of the people's republic of China. The invention carries out identification classification on the authentication information and gives out sensibility identification of information data. For sensitive data, the data acquisition processor encrypts the sensitive information by adopting a symmetric encryption algorithm, a final node forms an encrypted information abstract by a Hash algorithm, and signs by an asymmetric encryption algorithm to form a trusted block data chain; if the authentication data is non-sensitive data, the final node directly signs through an asymmetric encryption algorithm to form a block data chain. Therefore, uplink authentication is carried out on the block chain by classifying the data in a grading manner, the compliance protection of sensitive data is overcome, and the high efficiency of the system is ensured.

Meanwhile, each node at present stores the private key autonomously, which puts a very high requirement on the storage security of the private key, and once the private key is lost or forgotten, the loss or permanent invalidation of the asset is meant. In order to prevent data cannot be restored due to loss of private keys, the invention sets a centralized CA relay storage unit to uniformly manage keys of all nodes.

Further, the personal data sensitivity evaluation unit performs the steps of:

Step a, a personal sensitive data type base is established, and the sensitive data types comprise data main body ages less than 14 years old, personal property information, personal health physiological information, personal biological identification information and personal identity information;

step b, carrying out data identification and abstract classification on the collected data;

Step c, traversing the query in the personal sensitive data type base for the classified data, and determining the data sensitivity.

Personal property information includes bank accounts, authentication information (passwords), deposit information (including amounts of funds, payment receipt records, etc.), property information, credit records, credit information, transaction and consumption records, flow records, etc., and virtual property information such as virtual currency, virtual transactions, game type redemption codes, etc.

The personal health physiological information includes relevant records of individuals generated by illness treatment and the like, such as symptoms, inpatients, orders, inspection reports, operation records, anesthesia records, nursing records, medication records, medicine food allergy information, fertility information, past medical history, diagnosis and treatment conditions, family medical history, current medical history, infection medical history and the like.

Personal biometric information including personal genes, fingerprints, voiceprints, palmprints, auricles, irises, facial recognition features, and the like.

Personal identity information including identification cards, military documents, passports, driver's licenses, employee cards, social security cards, residence cards, and the like. Other sensitive information including sexual orientation, wedding history, religious beliefs, unpublished criminal records, communication records and content, address books, buddy lists, group lists, track of track, web browsing records, accommodation information, precise positioning information, and the like. The sensitive information also includes personal information of children under 14 years old (including) and information related to natural person privacy belonging to personal sensitive information.

In the classification of the sensitive information, the sensitive information can be simply classified into sensitive information and non-sensitive information, the sensitivity can be quantitatively analyzed, weight distribution is carried out according to the classification, a design algorithm is carried out, and finally the value of the sensitivity is calculated and sequenced.

Further, the step b includes:

Step b1, obtaining a keyword set related to a sensitive data type library according to an authentication data sample by adopting a deep learning algorithm; calculating to obtain an output hash index according to the input timestamp, the authentication sample set and the keyword set;

Step b2, adopting an asymmetric encryption algorithm to obtain a digest, taking the digest as main body information, adding a version prefix and an address check code as a digest result, and carrying out hash operation on the digest result; processing the version prefix, the main body information and the check bit to obtain an address, and uploading the address to a final node;

step b3, after confirming that the authentication information belongs to the sensitive information through an algorithm, a certain terminal node sends the secret key and the predefined corresponding parameters to other terminal nodes;

step b4, inputting a secret key and an encrypted document set by executing a decryption algorithm, and outputting a plaintext document set;

and b5, updating the authentication data, returning to the step b1, confirming the original hash and classifying the new hash.

When the sensitive data analysis is carried out locally on the nodes, a deep learning algorithm is adopted, so that efficient and accurate data identification, abstract classification and data sensitivity analysis are realized.

Further, the deep learning algorithm comprises natural language processing and deep learning optimization, and comprises the following steps:

Step s1, obtaining natural language by using a natural language processing method according to an authentication data sample, and converting the natural language into machine language through part-of-speech quantization;

step s2, dividing the authentication data sample text into s _k groups, and correspondingly calling s _k deep learning algorithm models from a deep learning algorithm library;

Step s3, selecting the data of the _ki th subset as a verification set, using the rest data of the k-1 group as a training set, inputting the model of the s _ki th machine algorithm to obtain the calculated values of the s _k×s_k models, wherein ki=1, 2,3,..k;

step s4, define

Wherein, { x ₁,x₂,...x_ki,x_k } is the calculated value of independent uncorrelated ki algorithm models when the s _ki th subset data is defined as a validation set; ki=1, 2, 3..k, j and w are predefined parameters, w ₁,w₂,...w_k is a real set;

Step s5, calculating a characteristic index ≡and a weight dispersion coefficient gamma through y _ki＝μ+αt_ki+ε_ki, μ=log (2 gamma);

Wherein, Epsilon _ki is a predefined error term coefficient of 0 with the same distribution but independent, t _ki＝log|w_ki |;

Step s6, calculating a parameter delta through z _ki＝δw_ki+ε_k i;

Wherein z _ki＝arctan(Im(w_ki)/Re(w_ki),ε_k is a predefined uniformly distributed but independent error term coefficient with a mean value of 0;

Step s7, taking the characteristic indexes oc, the weight dispersion coefficients gamma and the position parameters delta obtained in the steps s5 and s6 into phi (w) =exp { j delta w-gamma|w| ^∝ }, performing Fourier transform calculation to obtain a weight distribution function f (x), multiplying the calculated model value by the weight distribution function f (x), and completing fitting of k algorithm model calculated values;

and step S8, taking the fitted algorithm calculated value result as a sensitive data judgment basis to complete the construction of a keyword set related to a sensitive data type library.

In the preferred scheme, the method divides the samples into s _k groups, correspondingly invokes s _k deep learning algorithm models from the deep learning algorithm library, adopts algorithm model fusion, adopts a special fusion algorithm, realizes fusion weighting of various algorithms, and obtains a natural language recognition and analysis algorithm calculation value with high accuracy.

Further, the CA relay storage unit is used for storing private keys of all final-stage nodes in the blockchain data network unit.

The invention provides a big data mining method based on block chain security authentication, which comprises the following steps:

step one, registering sensitive information in a sensitive information base;

Step a1, defining any final-stage node as an authentication data judging server, and the rest final-stage nodes as nodes of a block chain network; the authentication data judging server judges the privacy of authentication data through a data privacy sensitivity judging method, locally identifies sensitive data and defines the sensitive data as sensitivity R;

step a2, the data discrimination server S adds the identification data ID _i to the sensitive data, and defines the corresponding password pw _i and the automatically allocated random number n;

Step a3, the data discrimination server S processes the random number n by using a random private key generation function according to the random number n to generate a private key K _s, generates a public key K _p＝E(K_s by an encryption algorithm based on the private key K), and performs hash operation on the public key by using a hash function to obtain a data address U _ad＝H_kp＝H(K_p);

Step a4, the data discrimination server S detects whether the sensitive information warehouse-in information already exists according to the data ID _i, the password pw _i and the data address U _ad, and if the data ID _i, the password pw _i and the data address U _ad already exist, the data discrimination server S determines that the sensitive information type is registered; otherwise, registering the sensitive information base, and giving the data address U _ad and the private key K _s to the authentication data source U _i;

Step a5, the authentication data discrimination server S carries out hash operation on the data ID _i and the password pw _i to obtain abstract information x, encrypts the abstract information x by using a private key K _s to generate a digital signature, and registers the digital signature as y;

Step a6, the authentication data discrimination server S transmits the data ID _i, the data addresses U _ad, y, the sensitivity R and the sensitive data information to the other blockchain network nodes N _i; after receiving the information, other blockchain network nodes N _i assemble transactions, attach transaction numbers to broadcast the transactions to the whole blockchain network, record the transactions in a new block through a consensus mechanism, finally form a new blockchain, and finish updating a sensitive information base;

Step two, sensitive information identification

Step b1, the authentication data discrimination server S receives the authentication sample data, and performs a data sensitivity recognition operation L according to the authentication sample data, which maps out the data ID _i, the password pw _i, and the data address U' _ad;

Step b2, the authentication data judging server S transmits the data address U' _ad to any one of the blockchain nodes N _i, and if the data ID _i cannot be indexed according to the data index data ID _i, the authentication data judging server S judges that the information is not history sensitive information, and then the step b5 is executed; otherwise, searching a data address U _ad stored in a sensitive information database when the sensitive information is registered according to the data ID _i, judging U' _ad and U _ad, and executing the step b3 if the two are the same; otherwise, judging the information to be non-history sensitive information, and executing the step b5;

Step b3, the authentication data judging server S receives the information y sent by the blockchain node N _i, decrypts the y by utilizing U ' _ad to obtain abstract information x ', calculates x through a hash function, and judges x ' and x; if the two information are the same, judging the information as sensitive information, otherwise judging the information as non-sensitive information;

step b4, the authentication data discrimination server S transmits the data ID _i, the password pw _i, and the data address U' _ad, L to all blockchain nodes; the block chain nodes are assembled into a transaction, a transaction number is attached to the transaction and broadcast to the whole block chain network, and the transaction is recorded in a new block through a consensus mechanism to form a new block chain;

step b5, returning to the execution of the step one.

Further, the data privacy sensitivity discrimination method includes:

Step a, a personal sensitive data type base is established, and the sensitive data types comprise data main body ages less than 14 years old, personal property information, personal health physiological information, personal biological identification information and personal identity information;

step b, carrying out data identification and abstract classification on the collected data;

Step c, traversing the query in the personal sensitive data type base for the classified data, and determining the data sensitivity.

The big data mining method based on blockchain security authentication of claim 6, wherein: the step b comprises the following steps:

Step b1, obtaining a keyword set related to a sensitive data type library according to an authentication data sample by adopting a deep learning algorithm; calculating to obtain an output hash index according to the input timestamp, the authentication sample set and the keyword set;

Step b2, adopting an asymmetric encryption algorithm to obtain a digest, taking the digest as main body information, adding a version prefix and an address check code as a digest result, and carrying out hash operation on the digest result; processing the version prefix, the main body information and the check bit to obtain an address, and uploading the address to a final node;

step b3, after confirming that the authentication information belongs to the sensitive information through an algorithm, a certain terminal node sends the secret key and the predefined corresponding parameters to other terminal nodes;

step b4, inputting a secret key and an encrypted document set by executing a decryption algorithm, and outputting a plaintext document set;

and b5, updating the authentication data, returning to the step b1, confirming the original hash and classifying the new hash.

Further, the deep learning algorithm comprises natural language processing and deep learning optimization, and comprises the following steps:

Step s1, obtaining natural language by using a natural language processing method according to an authentication data sample, and converting the natural language into machine language through part-of-speech quantization;

step s2, dividing the authentication data sample text into s _k groups, and correspondingly calling s _k deep learning algorithm models from a deep learning algorithm library;

Step s3, selecting the data of the _ki th subset as a verification set, using the rest data of the k-1 group as a training set, inputting the model of the s _ki th machine algorithm to obtain the calculated values of the s _k×s_k models, wherein ki=1, 2,3,..k;

step s4, define

Wherein, { x ₁,x₂,...x_ki,x_k } is the calculated value of independent uncorrelated ki algorithm models when the s _ki th subset data is defined as a validation set; ki=1, 2, 3..k, j and w are predefined parameters, w ₁,w₂,...w_k is a real set;

Step s5, calculating a characteristic index ≡and a weight dispersion coefficient gamma through y _ki＝μ+αt_ki+ε_ki, μ=log (2 gamma);

Wherein, Epsilon _ki is a predefined error term coefficient of 0 with the same distribution but independent, t _ki＝log|w_ki |;

Step s6, calculating a parameter delta through z _ki＝δw_ki+ε_k i;

Wherein z _ki＝arctan(Im(w_ki)/Re(w_ki),ε_k is a predefined uniformly distributed but independent error term coefficient with a mean value of 0;

Step s7, taking the characteristic indexes oc, the weight dispersion coefficients gamma and the position parameters delta obtained in the steps s5 and s6 into phi (w) =exp { j delta w-gamma|w| ^∝ }, performing Fourier transform calculation to obtain a weight distribution function f (x), multiplying the calculated model value by the weight distribution function f (x), and completing fitting of k algorithm model calculated values;

and step S8, taking the fitted algorithm calculated value result as a sensitive data judgment basis to complete the construction of a keyword set related to a sensitive data type library.

Drawings

The invention will be further described with reference to the drawings and examples.

FIG. 1 is a schematic diagram of a blockchain-based cloud authentication service system.

Detailed Description

The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

Example 1

The embodiment provides a cloud authentication service system based on a blockchain, as shown in fig. 1, the cloud authentication service system of the blockchain comprises a plurality of primary nodes, wherein the primary nodes are connected with a private blockchain data network unit, and a CA relay storage unit is further connected between the primary nodes and the private blockchain data network unit;

the private block chain data network unit comprises a data acquisition processor and a final node connected with the data acquisition processor;

The data acquisition processor comprises a personal data mining and sensitivity evaluation unit, wherein the personal data mining and sensitivity evaluation unit is used for mining sensitive data in self-authentication data to finish the sensitivity judgment of the personal data;

If the authentication data are judged to be sensitive data, the data acquisition processor encrypts the sensitive information by adopting a symmetric encryption algorithm, a final node forms an encrypted information abstract by a Hash algorithm, and the encrypted information abstract is signed by an asymmetric encryption algorithm to form a trusted block data chain; if the authentication data is non-sensitive data, the final node directly signs through an asymmetric encryption algorithm to form a block data chain.

In this embodiment, according to the personal information protection law of the people's republic of China, personal information is divided into general information and sensitive information, and compliance protection requirements for the two are quite different. The existing cloud authentication service system based on the blockchain does not distinguish data types according to sensitivity in the data authentication process, and adopts corresponding means to carry out compliance protection according to the regulations of personal information protection laws of the people's republic of China. The invention carries out identification classification on the authentication information and gives out sensibility identification of information data. For sensitive data, the data acquisition processor encrypts the sensitive information by adopting a symmetric encryption algorithm, a final node forms an encrypted information abstract by a Hash algorithm, and signs by an asymmetric encryption algorithm to form a trusted block data chain; if the authentication data is non-sensitive data, the final node directly signs through an asymmetric encryption algorithm to form a block data chain. Therefore, uplink authentication is carried out on the block chain by classifying the data in a grading manner, the compliance protection of sensitive data is overcome, and the high efficiency of the system is ensured.

Meanwhile, each node at present stores the private key autonomously, which puts a very high requirement on the storage security of the private key, and once the private key is lost or forgotten, the loss or permanent invalidation of the asset is meant. In order to prevent data cannot be restored due to loss of private keys, the invention sets a centralized CA relay storage unit to uniformly manage keys of all nodes.

Further, the personal data sensitivity evaluation unit performs the steps of:

Step a, a personal sensitive data type base is established, and the sensitive data types comprise data main body ages less than 14 years old, personal property information, personal health physiological information, personal biological identification information and personal identity information;

step b, carrying out data identification and abstract classification on the collected data;

Step c, traversing the query in the personal sensitive data type base for the classified data, and determining the data sensitivity.

Personal property information includes bank accounts, authentication information (passwords), deposit information (including amounts of funds, payment receipt records, etc.), property information, credit records, credit information, transaction and consumption records, flow records, etc., and virtual property information such as virtual currency, virtual transactions, game type redemption codes, etc.

The personal health physiological information includes relevant records of individuals generated by illness treatment and the like, such as symptoms, inpatients, orders, inspection reports, operation records, anesthesia records, nursing records, medication records, medicine food allergy information, fertility information, past medical history, diagnosis and treatment conditions, family medical history, current medical history, infection medical history and the like.

Personal biometric information including personal genes, fingerprints, voiceprints, palmprints, auricles, irises, facial recognition features, and the like.

Personal identity information including identification cards, military documents, passports, driver's licenses, employee cards, social security cards, residence cards, and the like. Other sensitive information including sexual orientation, wedding history, religious beliefs, unpublished criminal records, communication records and content, address books, buddy lists, group lists, track of track, web browsing records, accommodation information, precise positioning information, and the like. The sensitive information also includes personal information of children under 14 years old (including) and information related to natural person privacy belonging to personal sensitive information.

In the classification of the sensitive information, the sensitive information can be simply classified into sensitive information and non-sensitive information, the sensitivity can be quantitatively analyzed, weight distribution is carried out according to the classification, a design algorithm is carried out, and finally the value of the sensitivity is calculated and sequenced.

Further, the step b includes:

Step b1, obtaining a keyword set related to a sensitive data type library according to an authentication data sample by adopting a deep learning algorithm; calculating to obtain an output hash index according to the input timestamp, the authentication sample set and the keyword set;

Step b2, adopting an asymmetric encryption algorithm to obtain a digest, taking the digest as main body information, adding a version prefix and an address check code as a digest result, and carrying out hash operation on the digest result; processing the version prefix, the main body information and the check bit to obtain an address, and uploading the address to a final node;

step b3, after confirming that the authentication information belongs to the sensitive information through an algorithm, a certain terminal node sends the secret key and the predefined corresponding parameters to other terminal nodes;

step b4, inputting a secret key and an encrypted document set by executing a decryption algorithm, and outputting a plaintext document set;

and b5, updating the authentication data, returning to the step b1, confirming the original hash and classifying the new hash.

When the sensitive data analysis is carried out locally on the nodes, a deep learning algorithm is adopted, so that efficient and accurate data identification, abstract classification and data sensitivity analysis are realized.

Further, the deep learning algorithm comprises natural language processing and deep learning optimization, and comprises the following steps:

Step s1, obtaining natural language by using a natural language processing method according to an authentication data sample, and converting the natural language into machine language through part-of-speech quantization;

step s2, dividing the authentication data sample text into s _k groups, and correspondingly calling s _k deep learning algorithm models from a deep learning algorithm library;

Step s3, selecting the data of the _ki th subset as a verification set, using the rest data of the k-1 group as a training set, inputting the model of the s _ki th machine algorithm to obtain the calculated values of the s _k×s_k models, wherein ki=1, 2,3,..k;

step s4, define

Wherein, { x ₁,x₂,...x_ki,x_k } is the calculated value of independent uncorrelated ki algorithm models when the s _ki th subset data is defined as a validation set; ki=1, 2, 3..k, j and w are predefined parameters, w ₁,w₂,...w_k is a real set;

Step s5, calculating a characteristic index ≡and a weight dispersion coefficient gamma through y _ki＝μ+αt_ki+ε_ki, μ=log (2 gamma);

Wherein, Epsilon _ki is a predefined error term coefficient of 0 with the same distribution but independent, t _ki＝log|w_ki |;

Step s6, calculating a parameter delta through z _ki＝δw_ki+ε_k i;

Wherein z _ki＝arctan(Im(w_ki)/Re(w_ki),ε_k is a predefined uniformly distributed but independent error term coefficient with a mean value of 0;

Step s7, taking the characteristic indexes oc, the weight dispersion coefficients gamma and the position parameters delta obtained in the steps s5 and s6 into phi (w) =exp { j delta w-gamma|w| ^∝ }, performing Fourier transform calculation to obtain a weight distribution function f (x), multiplying the calculated model value by the weight distribution function f (x), and completing fitting of k algorithm model calculated values;

and step S8, taking the fitted algorithm calculated value result as a sensitive data judgment basis to complete the construction of a keyword set related to a sensitive data type library.

In the preferred scheme, the method divides the samples into s _k groups, correspondingly invokes s _k deep learning algorithm models from the deep learning algorithm library, adopts algorithm model fusion, adopts a special fusion algorithm, realizes fusion weighting of various algorithms, and obtains a natural language recognition and analysis algorithm calculation value with high accuracy.

Further, the CA relay storage unit is used for storing private keys of all final-stage nodes in the blockchain data network unit.

The invention provides a big data mining method based on block chain security authentication, which comprises the following steps:

step one, registering sensitive information in a sensitive information base;

Step a1, defining any final-stage node as an authentication data judging server, and the rest final-stage nodes as nodes of a block chain network; the authentication data judging server judges the privacy of authentication data through a data privacy sensitivity judging method, locally identifies sensitive data and defines the sensitive data as sensitivity R;

step a2, the data discrimination server S adds the identification data ID _i to the sensitive data, and defines the corresponding password pw _i and the automatically allocated random number n;

Step a3, the data discrimination server S processes the random number n by using a random private key generation function according to the random number n to generate a private key K _s, generates a public key K _p＝E(K_s by an encryption algorithm based on the private key K), and performs hash operation on the public key by using a hash function to obtain a data address U _ad＝H_kp＝H(K_p);

Step a4, the data discrimination server S detects whether the sensitive information warehouse-in information already exists according to the data ID _i, the password pw _i and the data address U _ad, and if the data ID _i, the password pw _i and the data address U _ad already exist, the data discrimination server S determines that the sensitive information type is registered; otherwise, registering the sensitive information base, and giving the data address U _ad and the private key K _s to the authentication data source U _i;

Step a5, the authentication data discrimination server S carries out hash operation on the data ID _i and the password pw _i to obtain abstract information x, encrypts the abstract information x by using a private key K _s to generate a digital signature, and registers the digital signature as y;

Step a6, the authentication data discrimination server S transmits the data ID _i, the data addresses U _ad, y, the sensitivity R and the sensitive data information to the other blockchain network nodes N _i; after receiving the information, other blockchain network nodes N _i assemble transactions, attach transaction numbers to broadcast the transactions to the whole blockchain network, record the transactions in a new block through a consensus mechanism, finally form a new blockchain, and finish updating a sensitive information base;

Step two, sensitive information identification

Step b1, the authentication data discrimination server S receives the authentication sample data, and performs a data sensitivity recognition operation L according to the authentication sample data, which maps out the data ID _i, the password pw _i, and the data address U' _ad;

Step b2, the authentication data judging server S transmits the data address U' _ad to any one of the blockchain nodes N _i, and if the data ID _i cannot be indexed according to the data index data ID _i, the authentication data judging server S judges that the information is not history sensitive information, and then the step b5 is executed; otherwise, searching a data address U _ad stored in a sensitive information database when the sensitive information is registered according to the data ID _i, judging U' _ad and U _ad, and executing the step b3 if the two are the same; otherwise, judging the information to be non-history sensitive information, and executing the step b5;

Step b3, the authentication data judging server S receives the information y sent by the blockchain node N _i, decrypts the y by utilizing U ' _ad to obtain abstract information x ', calculates x through a hash function, and judges x ' and x; if the two information are the same, judging the information as sensitive information, otherwise judging the information as non-sensitive information;

step b4, the authentication data discrimination server S transmits the data ID _i, the password pw _i, and the data address U' _ad, L to all blockchain nodes; the block chain nodes are assembled into a transaction, a transaction number is attached to the transaction and broadcast to the whole block chain network, and the transaction is recorded in a new block through a consensus mechanism to form a new block chain;

step b5, returning to the execution of the step one.

Further, the data privacy sensitivity discrimination method includes:

Step a, a personal sensitive data type base is established, and the sensitive data types comprise data main body ages less than 14 years old, personal property information, personal health physiological information, personal biological identification information and personal identity information;

step b, carrying out data identification and abstract classification on the collected data;

Step c, traversing the query in the personal sensitive data type base for the classified data, and determining the data sensitivity.

The big data mining method based on blockchain security authentication of claim 6, wherein: the step b comprises the following steps:

Step b1, obtaining a keyword set related to a sensitive data type library according to an authentication data sample by adopting a deep learning algorithm; calculating to obtain an output hash index according to the input timestamp, the authentication sample set and the keyword set;

Step b2, adopting an asymmetric encryption algorithm to obtain a digest, taking the digest as main body information, adding a version prefix and an address check code as a digest result, and carrying out hash operation on the digest result; processing the version prefix, the main body information and the check bit to obtain an address, and uploading the address to a final node;

step b3, after confirming that the authentication information belongs to the sensitive information through an algorithm, a certain terminal node sends the secret key and the predefined corresponding parameters to other terminal nodes;

step b4, inputting a secret key and an encrypted document set by executing a decryption algorithm, and outputting a plaintext document set;

and b5, updating the authentication data, returning to the step b1, confirming the original hash and classifying the new hash.

Further, the deep learning algorithm comprises natural language processing and deep learning optimization, and comprises the following steps:

Step s1, obtaining natural language by using a natural language processing method according to an authentication data sample, and converting the natural language into machine language through part-of-speech quantization;

step s2, dividing the authentication data sample text into s _k groups, and correspondingly calling s _k deep learning algorithm models from a deep learning algorithm library;

Step s3, selecting the data of the _ki th subset as a verification set, using the rest data of the k-1 group as a training set, inputting the model of the s _ki th machine algorithm to obtain the calculated values of the s _k×s_k models, wherein ki=1, 2,3,..k;

step s4, define

Wherein, { x ₁,x₂,...x_ki,x_k } is the calculated value of independent uncorrelated ki algorithm models when the s _ki th subset data is defined as a validation set; ki=1, 2, 3..k, j and w are predefined parameters, w ₁,w₂,...w_k is a real set;

Step s5, calculating a characteristic index ≡and a weight dispersion coefficient gamma through y _ki＝μ+αt_ki+ε_ki, μ=log (2 gamma);

Wherein, Epsilon _ki is a predefined error term coefficient of 0 with the same distribution but independent, t _ki＝log|w_ki |;

Step s6, calculating a parameter delta through z _ki＝δw_ki+ε_k i;

Wherein z _ki＝arctan(Im(w_ki)/Re(w_ki),ε_k is a predefined uniformly distributed but independent error term coefficient with a mean value of 0;

Step s7, taking the characteristic indexes oc, the weight dispersion coefficients gamma and the position parameters delta obtained in the steps s5 and s6 into phi (w) =exp { j delta w-gamma|w| ^∝ }, performing Fourier transform calculation to obtain a weight distribution function f (x), multiplying the calculated model value by the weight distribution function f (x), and completing fitting of k algorithm model calculated values;

and step S8, taking the fitted algorithm calculated value result as a sensitive data judgment basis to complete the construction of a keyword set related to a sensitive data type library.

While the foregoing describes the illustrative embodiments of the present invention so that those skilled in the art may understand the present invention, the present invention is not limited to the specific embodiments, and all inventive innovations utilizing the inventive concepts are herein within the scope of the present invention as defined and defined by the appended claims, as long as the various changes are within the spirit and scope of the present invention.

Claims (6)

1. The cloud authentication service system based on the blockchain is characterized in that: the cloud authentication service system of the blockchain comprises a plurality of primary nodes, wherein the primary nodes are connected with a private blockchain data network unit, and a CA relay storage unit is further connected between the primary nodes and the private blockchain data network unit;

the private block chain data network unit comprises a data acquisition processor and a final node connected with the data acquisition processor;

The data acquisition processor comprises a personal data mining and sensitivity evaluation unit, wherein the personal data mining and sensitivity evaluation unit is used for mining sensitive data in self-authentication data to finish the sensitivity judgment of the personal data;

If the authentication data are judged to be sensitive data, the data acquisition processor encrypts the sensitive information by adopting a symmetric encryption algorithm, a final node forms an encrypted information abstract by a Hash algorithm, and the encrypted information abstract is signed by an asymmetric encryption algorithm to form a trusted block data chain; if the authentication data are judged to be non-sensitive data, the final node directly signs through an asymmetric encryption algorithm to form a block data chain;

The personal data mining and sensitivity evaluation unit performs the steps of:

Step a, a personal sensitive data type base is established, and the sensitive data types comprise data main body ages less than 14 years old, personal property information, personal health physiological information, personal biological identification information and personal identity information;

step b, carrying out data identification and abstract classification on the collected data;

step c, traversing inquiry in a personal sensitive data type base for classified data to determine data sensitivity;

The step b comprises the following steps:

Step b1, obtaining a keyword set related to a sensitive data type library according to an authentication data sample by adopting a deep learning algorithm; calculating to obtain an output hash index according to the input timestamp, the authentication sample set and the keyword set;

Step b2, adopting an asymmetric encryption algorithm to obtain a digest, taking the digest as main body information, adding a version prefix and an address check code as a digest result, and carrying out hash operation on the digest result; processing the version prefix, the main body information and the check bit to obtain an address, and uploading the address to a final node;

step b3, after confirming that the authentication information belongs to the sensitive information through an algorithm, a certain terminal node sends the secret key and the predefined corresponding parameters to other terminal nodes;

step b4, inputting a secret key and an encrypted document set by executing a decryption algorithm, and outputting a plaintext document set;

step b5, updating the authentication data, returning to the step b1, confirming the original hash and classifying the new hash;

The deep learning algorithm comprises natural language processing and deep learning optimization, and comprises the following steps:

Step s1, obtaining natural language by using a natural language processing method according to an authentication data sample, and converting the natural language into machine language through part-of-speech quantization;

step s2, dividing the authentication data sample text into s _k groups, and correspondingly calling s _k deep learning algorithm models from a deep learning algorithm library;

Step s3, selecting the data of the _ki th subset as a verification set, using the rest data of the k-1 group as a training set, inputting the model of the s _ki th machine algorithm to obtain the calculated values of the s _k×s_k models, wherein ki=1, 2,3,..k;

step s4, define E is a desired function;

wherein, { x ₁,x₂,...x_ki,x_k } is the calculated value of the independent uncorrelated k algorithm models when the s _ki th subset data is defined as a verification set; ki=1, 2, 3..k, j and w are predefined parameters, w ₁,w₂,...w_k is a real set;

Step s5, calculating a characteristic index alpha and a weight dispersion coefficient gamma through y _ki＝μ+αt_ki+ε_ki, μ=log (2 gamma);

Wherein, Epsilon _ki is a predefined error term coefficient of 0 with the same distribution but independent, t _ki＝log|w_ki |;

Step s6, calculating a parameter delta through z _ki＝δw_ki+ε_ki;

Wherein z _ki＝arctan(Im(w_ki)/Re(w_ki)),ε_k is a predefined uniformly distributed but independent error term coefficient with a mean value of 0;

Step s7, taking the characteristic index α, the weight dispersion coefficient γ and the position parameter δ obtained in the steps s5 and s6 into Φ (w) =exp { jδw- γjw| ^α }, performing fourier transform calculation to obtain a weight distribution function f (x), multiplying the calculated model value by the weight distribution function f (x), and completing fitting of k algorithm model calculated values;

and step S8, taking the fitted algorithm calculated value result as a sensitive data judgment basis to complete the construction of a keyword set related to a sensitive data type library.

2. The blockchain-based cloud authentication service system of claim 1, wherein: the CA relay storage unit is used for storing private keys of all final-stage nodes in the block chain data network unit.

3. A big data mining method based on block chain security authentication is characterized in that: the big data mining method based on the blockchain security authentication is used for the cloud authentication service system of any one of claims 1-2, and the big data mining method comprises the following steps:

step one, registering sensitive information in a sensitive information base;

Step a1, defining any final-stage node as an authentication data judging server, and the rest final-stage nodes as nodes of a block chain network; the authentication data judging server judges the privacy of authentication data through a data privacy sensitivity judging method, locally identifies sensitive data and defines the sensitive data as sensitivity R;

step a2, the data discrimination server S adds the identification data ID _i to the sensitive data, and defines the corresponding password pw _i and the automatically allocated random number n;

Step a3, the data discrimination server S processes the random number n by using a random private key generation function according to the random number n to generate a private key K _s, generates a public key K _p＝E(K_s by an encryption algorithm based on the private key K), and performs hash operation on the public key by using a hash function to obtain a data address U _ad＝H_kp＝H(K_p);

Step a4, the data discrimination server S detects whether the sensitive information warehouse-in information already exists according to the data ID _i, the password pw _i and the data address U _ad, and if the data ID _i, the password pw _i and the data address U _ad already exist, the data discrimination server S determines that the sensitive information type is registered; otherwise, registering the sensitive information base, and giving the data address U _ad and the private key K _s to the authentication data source U _i;

Step a5, the authentication data discrimination server S carries out hash operation on the data ID _i and the password pw _i to obtain abstract information x, encrypts the abstract information x by using a private key K _s to generate a digital signature, and registers the digital signature as y;

Step a6, the authentication data discrimination server S transmits the data ID _i, the data addresses U _ad, y, the sensitivity R and the sensitive data information to the other blockchain network nodes N _i; after receiving the information, other blockchain network nodes N _i assemble transactions, attach transaction numbers to broadcast the transactions to the whole blockchain network, record the transactions in a new block through a consensus mechanism, finally form a new blockchain, and finish updating a sensitive information base;

Step two, sensitive information identification

Step b1, the authentication data discrimination server S receives the authentication sample data, and performs a data sensitivity recognition operation L according to the authentication sample data, which maps out the data ID _i, the password pw _i, and the data address U' _ad;

Step b2, the authentication data judging server S transmits the data address U' _ad to any one of the blockchain nodes N _i, and if the data ID _i cannot be indexed according to the data index data ID _i, the authentication data judging server S judges that the information is not history sensitive information, and then the step b5 is executed; otherwise, searching a data address U _ad stored in a sensitive information database when the sensitive information is registered according to the data ID _i, judging U' _ad and U _ad, and executing the step b3 if the two are the same; otherwise, judging the information to be non-history sensitive information, and executing the step b5;

Step b3, the authentication data judging server S receives the information y sent by the blockchain node N _i, decrypts the y by utilizing U ' _ad to obtain abstract information x ', calculates x through a hash function, and judges x ' and x; if the two information are the same, judging the information as sensitive information, otherwise judging the information as non-sensitive information;

Step b4, the authentication data discrimination server S transmits the data ID _i, the password pw _i, and the data address U ^′ _ad, L to all blockchain nodes; the block chain nodes are assembled into a transaction, a transaction number is attached to the transaction and broadcast to the whole block chain network, and the transaction is recorded in a new block through a consensus mechanism to form a new block chain;

step b5, returning to the execution of the step one.

4. The big data mining method based on blockchain security authentication of claim 3, wherein: the data privacy sensitivity judging method comprises the following steps:

Step a, a personal sensitive data type base is established, and the sensitive data types comprise data main body ages less than 14 years old, personal property information, personal health physiological information, personal biological identification information and personal identity information;

step b, carrying out data identification and abstract classification on the collected data;

Step c, traversing the query in the personal sensitive data type base for the classified data, and determining the data sensitivity.

5. The big data mining method based on blockchain security authentication of claim 4, wherein: the step b comprises the following steps:

Step bb1, obtaining a keyword set related to a sensitive data type library according to an authentication data sample by adopting a deep learning algorithm; calculating to obtain an output hash index according to the input timestamp, the authentication sample set and the keyword set;

Step bb2, adopting an asymmetric encryption algorithm by a blockchain to obtain a digest, taking the digest as main body information, adding a version prefix and an address check code as a digest result, and carrying out hash operation on the digest result; processing the version prefix, the main body information and the check bit to obtain an address, and uploading the address to a final node;

step bb3, after confirming that the authentication information belongs to the sensitive information through the algorithm, a certain terminal node sends the secret key and the predefined corresponding parameters to other terminal nodes;

step bb4, inputting the secret key and the encrypted document set by executing the decryption algorithm, and outputting a plaintext document set;

and (bb 5) updating the authentication data, returning to the step b1, confirming the original hash and classifying the new hash.

6. The big data mining method based on blockchain security authentication of claim 5, wherein: the deep learning algorithm comprises natural language processing and deep learning optimization, and comprises the following steps:

Step s1, obtaining natural language by using a natural language processing method according to an authentication data sample, and converting the natural language into machine language through part-of-speech quantization;

step s2, dividing the authentication data sample text into s _k groups, and correspondingly calling s _k deep learning algorithm models from a deep learning algorithm library;

Step s3, selecting the data of the _ki th subset as a verification set, using the rest data of the k-1 group as a training set, inputting the model of the s _ki th machine algorithm to obtain the calculated values of the s _k×s_k models, wherein ki=1, 2,3,..k;

step s4, define E is a desired function;

wherein, { x ₁,x₂,...x_ki,x_k } is the calculated value of the independent uncorrelated k algorithm models when the s _ki th subset data is defined as a verification set; ki=1, 2, 3..k, j and w are predefined parameters, w ₁,w₂,...w_k is a real set;

Step s5, calculating a characteristic index alpha and a weight dispersion coefficient gamma through y _ki＝μ+αt_ki+ε_ki, μ=log (2 gamma);

Wherein, Epsilon _ki is a predefined error term coefficient of 0 with the same distribution but independent, t _ki＝log|w_ki |;

Step s6, calculating a parameter delta through z _ki＝δw_ki+ε_ki;

Wherein z _ki＝arctan(Im(w_ki)/Re(w_ki)),ε_k is a predefined uniformly distributed but independent error term coefficient with a mean value of 0;

Step s7, taking the characteristic index α, the weight dispersion coefficient γ and the position parameter δ obtained in the steps s5 and s6 into Φ (w) =exp { jδw- γjw| ^∝ }, performing fourier transform calculation to obtain a weight distribution function f (x), multiplying the calculated model value by the weight distribution function f (x), and completing fitting of k algorithm model calculated values;

and step S8, taking the fitted algorithm calculated value result as a sensitive data judgment basis to complete the construction of a keyword set related to a sensitive data type library.