CN115396225B - Data platform user identity authentication method and device - Google Patents
Data platform user identity authentication method and device Download PDFInfo
- Publication number
- CN115396225B CN115396225B CN202211056239.1A CN202211056239A CN115396225B CN 115396225 B CN115396225 B CN 115396225B CN 202211056239 A CN202211056239 A CN 202211056239A CN 115396225 B CN115396225 B CN 115396225B
- Authority
- CN
- China
- Prior art keywords
- data
- authentication
- user
- data platform
- identity information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 112
- 230000007246 mechanism Effects 0.000 claims abstract description 29
- 238000012795 verification Methods 0.000 claims description 22
- 238000005070 sampling Methods 0.000 claims description 16
- 238000011156 evaluation Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 7
- 238000007418 data mining Methods 0.000 claims description 5
- 238000007689 inspection Methods 0.000 claims description 5
- 238000005065 mining Methods 0.000 claims description 4
- 238000013475 authorization Methods 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 230000002747 voluntary effect Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 9
- 230000008901 benefit Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000007621 cluster analysis Methods 0.000 description 2
- 230000000052 comparative effect Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000012353 t test Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data platform user identity authentication method and a device, which preliminarily group users according to the professional field of the users and the service application scene of the provided data, establish a common recognition trust mechanism of the data platform users, potential data buyers and a data platform authenticator, determine a hierarchical data authentication mode of safety privacy, determine an expected authentication level by the users, determine an adopted anonymous authentication method according to an applicable scene, and solve the problem of user safety privacy protection during the authentication of the data platform user identity information by preliminarily grading, grouping and authenticating or upgrading the authentication level by adopting dynamic reliability assessment or a mode of voluntarily adding authentication data on the basis of the preliminarily graded grouping and authenticating.
Description
Technical Field
The invention belongs to the technical field of data platform user identity authentication, and particularly relates to a data platform user identity authentication method and device.
Background
The current data platform user identity authentication method is roughly divided into an authentication method of platform-known user identity information and an authentication method of platform-unknown user identity information. The authentication method of the known user identity information comprises password authentication, smart card authentication, gateway authentication, biometric authentication, dynamic password authentication and Usbkey authentication. The disadvantages of these authentication techniques are: the password security and efficiency are contradictory, the authentication technology related to hardware or mobile internet is limited by the application range and scene of the hardware, the authentication method based on personal information is not suitable for the authentication of organizations, and the multi-fusion authentication technology has the problems of high error cost and the like although the security is improved. The authentication method of the unknown user identity information is divided into big data behavior analysis authentication and public information encryption authentication technologies. The biggest problems of these methods are that the lack of personal identity information makes the application scenarios limited, and cross-platform authentication is not possible.
In fact, there is a fundamental logical contradiction in current data platform user identity authentication. That is, the data platform needs to acquire sufficient user identity information to perform identity authentication, but the user needs to protect the identity information sufficiently to ensure privacy and security. Particularly, the requirements of the current data platform users on security and privacy are continuously increased, and the identity information authentication of the platform users by each data platform is more and more comprehensive and strict for the purposes of self development and risk avoidance. How to solve the contradiction with the balance becomes a key problem to be urgently solved by the current identity authentication technology. Therefore, an anonymous identity authentication technology exists, namely, the platform can be ensured to be visible and unknown to user authentication privacy data in the user identity authentication stage of the data platform. The prior anonymous identity authentication method is improved on the basis of the traditional identity authentication method, and generally adopts a method of improving the difficulty of password deciphering, improving the authentication security of a third party or fusing a plurality of authentication technologies to achieve the effect of anonymity of user identity information. However, the conventional anonymous identity authentication method is based on the conventional identity authentication method, and the contradiction between the identity information authentication of the user on the data platform and the security and privacy protection of the user cannot be completely and fundamentally solved.
Particularly, for a data platform with multiple users anonymous, when the data quality of the data platform is directly related to the user identity represented by the user identity information, the data platform needs to perform user identity authentication through the real identity information of the user. However, in this case, data buyers of the data platform usually focus on related specialties, and once the identity information of the user is exposed, the user loss is likely to be very large, so that the security and privacy requirements of the user on the identity information are also higher. In this case, the security anonymity of the conventional anonymous identity authentication method is not sufficient to support the application of the scene, and the anonymous identity authentication technology of more specialized hierarchical grouping is more suitable for the application scene.
Meanwhile, different specialized data platform users, buyers and data platforms have different requirements on identity information cognition and security privacy, so that the safety privacy determination standard of the specialized data platform for anonymous user identity information is formulated by referring to the common recognition of the users, the buyers and the data platform, which is necessary, and the risk of identity authentication safety privacy brought by the specialized difference of the data platform can be avoided.
In addition, the identity authentication of the specialized data platform user comprises the authentication of the user identity information, and the identity authentication result of the user is verified and dynamically upgraded according to the actual data platform working quality of the user or through the submission of more identity information by the user, so that the condition that the user identity authentication is not true is avoided, and the condition that the specialization of the user after the identity authentication is poor is avoided.
Disclosure of Invention
The invention aims to provide a data platform user identity authentication method and a data platform user identity authentication device, which fundamentally solve the problem of contradiction between data platform user identity information authentication and user safety privacy protection. Particularly, aiming at a multi-user anonymous data platform, when the data quality of the data platform is directly related to the user identity represented by the user identity information, the anonymous identity authentication technology serving as specialized hierarchical grouping is more suitable for the application scenario. Meanwhile, aiming at different requirements of identity information recognition and security privacy of different specialized data platform users, buyers and data platforms, the invention refers to the common recognition of the users, the buyers and the data platforms to formulate the security privacy identification standard of the specialized data platforms for the identity information of anonymous users, so as to avoid the security privacy risk of identity authentication brought by the specialized difference of the data platforms. In addition, on the basis of the primary authentication of the user identity information, the invention checks and dynamically upgrades the identity authentication result of the user through the actual data platform working quality of the user or through submitting more identity information by the user, so as to avoid the condition that the name of the user identity authentication of a specialized data platform is not consistent and the specialization after the user identity authentication is poor.
The technical scheme adopted by the invention is as follows: the invention provides a multi-user anonymous hierarchical grouping dynamic identity authentication method based on data platform consensus trust, which comprises the steps of primarily grouping users according to the professional field of the users and the service application scene of the provided data; establishing a consensus trust mechanism of a data platform user, a data potential buyer and a data platform authenticator; on the basis of a consensus trust mechanism, determining a safe and private hierarchical data authentication mode; according to a hierarchical data authentication mode of safety privacy and a user grouping result, determining an expected authentication level by a user, and determining an adopted anonymous authentication method according to an applicable scene, wherein the authentication method comprises a batch sampling authentication method and a group authentication method participating in a matching authentication group; and on the basis of the preliminary grading grouping authentication, the authentication grade is subjected to the preliminary grading grouping authentication or upgrading by adopting dynamic credibility evaluation or adopting a mode of adding authentication data voluntarily.
In order to achieve the above object, a first aspect of the embodiments of the present invention discloses a technical solution:
a data platform user identity authentication method specifically comprises the following steps:
s1, primarily grouping data platform users according to the professional field where the data platform users are located and the service application scene for providing data;
s2, establishing a data platform user, a data potential buyer and a data platform authenticator consensus trust mechanism;
s3, on the basis of a consensus trust mechanism, determining a safe and private hierarchical data authentication mode and providing a data platform user data authentication template;
s4, according to the hierarchical data authentication mode and the data platform user preliminary grouping result, determining an expected authentication level by a data platform user, and determining to adopt an anonymous authentication method;
s5, according to data requirements of the data platform for identity authentication of different levels, hierarchical grouping anonymous authentication of users of the data platform is achieved;
and S6, verifying and dynamically upgrading the identity authentication of the user by adopting dynamic credibility evaluation or a mode of adding authentication data voluntarily according to the hierarchical grouping anonymous authentication.
Preferably, the step S1 specifically includes:
s11, excavating professional fields related to the data platform and service application scenes for providing service data according to historical service data of the data platform;
s12, inquiring the professional field of the data platform user and the service application scene for providing the service data, and requiring the data platform user to submit public digital information directly related to the professional field and the service application scene for providing the service data;
s13, the data platform checks the public digital information submitted by the user according to the historical service data, and judges whether the public digital information reaches the historical average level submitted by the user during user authentication in the same professional field and the service application scene providing the service data;
if the user is in the service application scene, the user passes through the inspection of the data platform on the public digital information submitted by the user according to the historical service data, and the user is preliminarily grouped into a user group in the professional field and the service application scene for providing the service data;
otherwise, the user fails the verification and cannot be grouped into a user group in the professional field and the service application scene providing the service data, and if the user needs to pass the verification, the user needs to further submit the public digital information containing the service data.
Preferably, the step S2 specifically includes:
s21, preliminarily grouping the user group marks into professional fields and service application scenes for providing business data;
s22, screening out potential data buyers corresponding to the user group in the professional field and the service application scene providing the service data according to the historical transaction records of the data platform;
s23, user groups, potential data buyers and data platforms of user groups, service application scenes of professional fields and service data are respectively used as block chain nodes, and a consensus trust mechanism is established by adopting a workload certification mechanism, a rights and interests certification mechanism, a share authorization certification mechanism or a Pool consensus mechanism.
Preferably, the step S3 specifically includes:
s31, according to the data platform user, the data potential buyer and the data platform authenticator consensus trust mechanism, the safety privacy grade division can be determined according to the safety privacy grade classification standard;
s32, determining authentication identity information ranges corresponding to authentication identity information of different security privacy levels, data specification conditions of various kinds of identity information, the lowest identity information authentication standard, and a rule and a method formed by authenticated user certificates or passwords;
and S33, taking the authentication identity information corresponding to each level, the authentication identity information range, the data specification conditions of various kinds of identity information, the lowest identity information authentication standard, and the set of user certificate or password constitution rules and methods passing authentication as a hierarchical data authentication mode with safety and privacy to form a hierarchical data authentication template.
Preferably, the anonymous authentication method in step S4 is a batch sampling authentication method;
the batch sampling authentication method comprises the following specific steps:
s41, mining the safety privacy relevance of each identity information by adopting a grey relevance data mining analysis method;
s42, sequencing according to the degree of association, and dividing each identity information with high safety privacy association degree into different batches by adopting a data analysis, classification and summarization method;
and S43, performing the same batch authentication and verification on each batch of identity information, and when the divided batches exceed a set value, performing the authentication and verification on the identity information by adopting a sampling method.
Preferably, the anonymous authentication method in step S4 is a group authentication method participating in a matching authentication group;
the group authentication method for participating in the matching authentication group comprises the following specific steps:
s41, dividing the users passing the primary grouping verification in the same professional field and the service application scene providing the service data according to the expected authentication level of the users of the data platform;
s42, the data platform users with the same expected authentication level are grouped into a set, and the identity information of the data platform users in the same set is verified in the safety and privacy grading data authentication mode in the step S3;
s43, the obtained authentication mode verification results are subjected to comparative difference cluster analysis, and data platform users corresponding to the differences of the verification results of the hierarchical authentication mode of the identity information safety and privacy of the data platform users in a preset difference range are clustered into a group;
and S44, carrying out full-anonymous identity authentication on the same group of data platform users, namely, only carrying out uniform authentication on the identity information of the group of data platform users, and endowing the same group of data platform users with identity information identifications without differences.
Preferably, the dynamic reliability evaluation in step S6 includes:
and if the data platform user fails the preliminary grouping verification, further submitting the public digital information, calculating the accuracy value and the professional value of the newly submitted public digital information by judging whether the newly submitted public digital information is repeated with the historical service data of the data platform, determining the quality of the newly submitted public digital information, and taking the quality as a dynamic reliability evaluation result.
Preferably, the voluntary addition of the authentication data in step S6 includes:
when identity information data required by a safe and private hierarchical data authentication mode provided by a data platform user cannot meet the requirements of the authentication mode, the data platform user needs to additionally submit authentication data according to the hierarchical data authentication mode;
when the data platform user does not pass the anonymous authentication of the step S4, the data platform user needs to additionally submit authentication data according to the hierarchical data authentication mode;
when the data platform user needs to upgrade the authentication level, the data platform user needs to additionally submit the authentication data according to the hierarchical data authentication mode.
The second aspect of the invention discloses a data platform user identity authentication method, and the device comprises:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute any one of the data platform user identity authentication methods disclosed in the first aspect of the embodiment of the invention;
the third aspect of the present invention discloses a computer storage medium, where a computer instruction is stored, and when the computer instruction is called, the computer instruction is used to execute any one of the data platform user identity authentication methods disclosed in the first aspect of the embodiments of the present invention.
Compared with the prior art, the invention has the beneficial effects that:
(1) The invention provides a data platform user identity authentication method and a device, which have the advantage of fundamentally solving the problem of contradiction between data platform user identity information authentication and user safety privacy protection. Particularly, for a data platform with multiple users anonymous, when the data quality of the data platform is directly related to the user identity represented by the user identity information, the data platform needs to perform user identity authentication through the real identity information of the user. However, data buyers of the data platform usually focus on related specialties, and once the identity information of the user is exposed, the user loss is likely to be very large, so that the security and privacy requirements of the user on the identity information are higher. However, the security anonymity of the conventional anonymous identity authentication method is not enough to support the application of the scene. The method of the invention carries out preliminary grouping on users according to the professional field of the users and the service application scene of the provided data, determines the expected authentication level by the users according to the grading data authentication mode of the security privacy and the user grouping result, and determines to adopt a batch sampling authentication method or a group authentication method participating in the matching authentication group according to the applicable scene. The method is used as an anonymous identity authentication technology of specialized hierarchical grouping and is more suitable for the application scene.
(2) The invention provides a data platform user identity authentication method and a device, which have the advantages that different specialized data platform users, buyers and data platforms have different requirements on identity information and security privacy of the data platform users, the buyers and the data platforms.
(3) The invention provides a method and a device for authenticating user identity of a data platform, which have the advantages that on the basis of primary hierarchical grouping authentication, dynamic reliability evaluation is adopted or the authentication grade is upgraded through the primary hierarchical grouping authentication by adopting a mode of adding authentication data voluntarily, besides the authentication including user identity information, the actual working quality of the data platform of a user or more identity information submitted by the user is also used for verifying and dynamically upgrading the identity authentication result of the user, so that the condition that the user identity authentication is not consistent is avoided, the defect of specialization after the user identity authentication is avoided, and compared with other user identity authentication methods, the method and the device are more in line with the requirement of the user identity authentication of a specialized data platform.
Drawings
FIG. 1 is a flowchart of a data platform user identity authentication method.
Detailed Description
The following describes the data platform user identity authentication method and apparatus provided by the present invention in further detail with reference to the accompanying drawings and specific embodiments.
The method is suitable for the field of user identity authentication of a data platform, in particular to multi-user anonymous identity authentication of a specialized data platform, identity authentication is carried out through specialized classification grouping, specialized safety privacy risks caused by specialized differences of the data platform are avoided through multi-party consensus, and the user identity authentication is dynamically upgraded through the actual working quality of the data platform of a user or through the fact that the user submits more identity information for inspection, so that the condition that the user identity authentication of the specialized data platform is not true and the condition that the user identity authentication is poor after the user identity authentication is avoided.
The method of the invention has the flow as shown in the attached figure 1, and comprises the following basic steps:
aiming at the user identity authentication of a data platform, in particular to the multi-user anonymous identity authentication of a specialized data platform, the method and the device for the user identity authentication of the data platform are provided for solving the contradiction between the user identity information authentication of the data platform and the user safety privacy protection. The method comprises the following specific steps: firstly, according to the professional field where the user is located and the service application scene providing data, preliminarily grouping the users so as to preliminarily group the identity authentications of different specialized users; further, a data platform user, a data potential buyer and a data platform authenticator consensus trust mechanism is established to enable the data platform user, the data potential buyer and the data platform authenticator to achieve consensus on the security privacy identification standard of the anonymous user identity information; more specifically, on the basis of a consensus trust mechanism, a hierarchical data authentication mode of safety privacy is determined, and a hierarchical data authentication template is provided for user identity authentication in different specialized scenes so as to guide a user to submit targeted identity information data required by hierarchical authentication and avoid identity authentication safety privacy risks brought by specialized differences of data platforms; according to a hierarchical data authentication mode with safety and privacy and a user grouping result, an expected authentication level is determined by a user, and an adopted anonymous authentication method is determined according to an applicable scene, wherein the authentication method comprises a batch sampling authentication method and a group authentication method participating in a matching authentication group, so that the data requirements of a data platform for different levels of identity authentication are met while the user identity authentication requirements are met, and hierarchical grouping of multi-user anonymous identity authentication of a specialized data platform is realized. And finally, on the basis of the primary hierarchical grouping identity authentication, checking and dynamically upgrading the identity authentication result of the user by adopting dynamic reliability evaluation or a mode of voluntarily adding authentication data through the primary hierarchical grouping authentication or upgrading the authentication level, namely through the actual working quality of a data platform of the user or a mode of submitting more identity information by the user so as to avoid the condition that the name of the user identity authentication of a specialized data platform is inconsistent and the specialization of the user identity authentication is poor.
1) And preliminarily grouping the users according to the professional field where the users are and the service application scene of the provided data.
Assume that the user of data platform O is a (N) (N =1,2. According to historical business data HDA (O) of the data platform O, professional fields related to the data platform and a service application scene P (M) (M =1, 2. Before user identity authentication, a data platform user A (n) is asked for its professional domain and service application scenario PA (n) providing business data (PA (n) ∈ P (m)), and the data platform user A (n) is asked to submit public digital information DA (PA (n)) directly related to the professional domain and the service application scenario PA (n) providing business data. The public digital information refers to professional data which does not relate to the safety and privacy of the user, can be disclosed and can indicate the professional field of the user and the service application scene for providing the business data.
The data platform O checks the public digital information DA (PA (n)) submitted by the user a (n) according to the historical service data HDA (O). The detection method comprises the following steps:
1-1) database similarity comparison, t test, semantic similarity check, jacard similarity coefficient and the like are adopted as data check methods, wherein the database similarity comparison method firstly needs to customize a database comparison function, calculates the cost required for converting a character string A into a character string B, the cost is smaller, the two character strings are more similar, then the Levensan distance is used as a cost value for mutual conversion between the two character strings, the distance between each character between the two character strings is sequentially obtained and is used as a similar cost value, the similar cost value between the two character strings is compared with a total cost value which is completely dissimilar to obtain the check rate, and according to the method, the check rate R (DA (PA (WCn)) of public digital information DA (PA (n)) provided by a user can be compared with the data platform historical business data HDA ((PA (n)) of a service application scene PA (n) providing the business data and the public digital information DA (PA (n)) provided by the same professional field.
1-2) adopting a data mining method such as a union rule algorithm, a Pearson correlation coefficient and a grey system theoretical correlation degree analysis method, wherein the grey system theoretical correlation degree analysis method firstly carries out dimensionless quantitative preprocessing on historical service data and public digital information, carries out initial value transformation and equalization transformation on the data to obtain a standardized matrix, thereby calculating a correlation coefficient matrix, and finally calculating the correlation degree as the accuracy rate of the public digital information. The method is adopted to mine the relevance between the historical service data HDA ((PA (n)) of the data platform of the service application scene PA (n) providing the service data and the historical service data HDA ((PA (n)) of the public digital information DA (PA (n)) provided by the user), and further verify the accuracy AR (DA (PA (n)) of the public digital information DA (PA (n)) provided by the user.
1-3, analyzing a data professional value dsv (HDA ((PA (n))) of each data platform historical service data HDA ((PA (n)) according to the same professional field and a service application scene PA (n) providing service data, wherein the data professional value refers to a correlation degree value between the data and the professional field and the service application scene providing the service data, mining the correlation R (HDA ((PA (n)) of each data platform historical service data HDA ((PA (n)) and the professional field and the service application scene PA (n)) providing the service data by a data mining method such as a correlation rule algorithm, a Pearson correlation coefficient and a grey system theory correlation analysis method, and assigning values to the correlation degree between the data platform historical service data HDA ((PA (n)) of the same professional field and the service application scene PA (n)) providing the service data, so as to obtain the professional scene data (HDA ((HDA (n)) of each data platform historical service data HDA ((PA (n)) according to the professional field and the service application scene PA (n)) providing the service data.
According to the relevance between the professional value dsv (HDA ((PA (n))) of each data platform historical service data HDA ((PA (n)) and the data platform historical service data HDA ((PA (n)) of mining the same professional field and the service application scene PA (n)) providing the service data and the relevance between the data platform historical service data HDA ((PA (n)) and the public digital information DA (PA (n)) provided by the user, the professional value dsv (DA ((PA (n)))) of each public digital information DA (PA (n)) provided by the user can be obtained n)), and determining the relevance R (hda ((PA (n)) and DA (PA (n)) of the historical business data hda ((PA (n)) of each data platform of the service application scene PA (n)) in the same professional field and the service application scene PA (n)) provided by the user, and assigning the relevance degree of the historical business data hda ((PA (n)) and the public digital information DA (PA (n)) provided by the user of each data platform of the service application scene PA (n)) in the same professional field and the service application scene PA (n) provided by the service data through an analytic hierarchy process, so as to obtain the data professional relevance coefficient Kdv (PA (n)) of each historical business data hda ((PA (n)) and the public digital information DA (PA (n)) provided by the user of each data platform of the service application scene PA (n)) in the same professional field and the service application scene PA (n)) provided by the service data, and summing the professional relevance value dsv (DA (PA (n)) of each public digital information DA (PA (n)) provided by the user obtained in the above step to obtain the average public digital information (PA (DA (n)) provided by the user.
1-4) according to the check repetition rate WCR (DA (PA (n))) of the public digital information DA (PA (n)) provided by the user, the accuracy rate AR (DA (PA (n))) of the public digital information DA (PA (n)) provided by the user and the average professional value of the public digital information DA (PA (n)) provided by the user, judging whether the average level of the histories submitted during user authentication in the same professional field and the service application scene PA (n) providing business data is reached. If the user is in the service application scene PA (n), the user passes the inspection of the data platform O on the public digital information DA (PA (n)) submitted by the user A (n) according to the historical service data HDA (O), and the user is preliminarily grouped into the user group of the professional field and the service application scene PA (n) for providing the service data. Otherwise, the user fails the check and cannot be grouped into a user group of the professional field and the service application scenario PA (n) providing the service data. If the user needs to pass the verification, further submitting public digital information DA' (PA (n)) containing more service data.
2) And establishing a consensus trust mechanism of a data platform user, a data potential buyer and a data platform authenticator.
A user group, which is preliminarily grouped into a professional domain and a service application scenario PA (n) providing traffic data, is labeled as { a (PA (n), s) }, where the user is a (PA (n), s) (s =1, 2. Screening out data potential buyers corresponding to user groups { A (PA (n), s) } of the professional field and the service application scene PA (n) for providing the service data according to the historical transaction record of the data platform O, and marking each data potential buyer as { PBD (A (PA (n), s)) }. The data potential buyer PBD (a (PA (n), s)) belongs to the platform user a (n). In a specialized data platform, the actual role conditions of a data potential buyer and a data providing user are continuously changed along with data transaction, and both are data platform users in nature, and both need the user identity authentication method. The data potential buyer here is a data platform user that has been authenticated.
A consensus mechanism of a user group A (PA (n), s), a potential buyer PBD (A (PA (n, s)) and a data platform O of a service application scene PA (n) for providing business data in a unified professional field is established. The specific method is that user group A (PA (n, s), potential data buyer PBD (A (PA (n, s)) and data platform O of user group A (PA (n, s)), potential data buyer PBD (PA (n, s)) in the professional field and service application scene PA (n) providing business data are respectively used as block chain nodes, and a security privacy identification standard of a specialized data platform for anonymous user identity information is established by jointly voting of all block chain nodes by adopting a workload identification mechanism, a rights and interests identification mechanism, a shares authorization identification mechanism or a Pool consensus mechanism. The security privacy certification standard of the specialized data platform for the anonymous user identity information comprises a certification identity information range AIR (PA (n), id (l)) (id (l) refers to various kinds of identity information, l =1, 2.. N), a data specification condition DSC (PA (n), id (l)) of various kinds of identity information (comprising data standard definition, data relation, data authority, data storage mode, data verification rule, data conversion rule, data specification, data structure, data type, data content, data interface specification and the like), and a minimum identity information certification standard IAS (PA (n), id (l)) (comprising at least which identities are includedInformation, at least how much identity information is provided, data specification conditions at least for various kinds of identity information, at least what authentication consensus mechanism is satisfied, at least what security privacy level is reached, etc.), security privacy level classification criteria SL (PA (n), id sl (l) The authentication method comprises a user certificate or password forming rule passing the authentication and a user certificate or password forming method passing the authentication (including the user certificate or password forming rule passing the authentication and the user certificate or password forming method passing the authentication, wherein the common user certificate or password forming rule comprises rules of a standardized data format, standardized codes, a certificate format, a version number, a serial number, a signature algorithm, a password mechanism, key backup and recovery and the like, and the common user certificate or password forming method comprises methods of an X.509 certificate specification, a PKI system, a PKCS standard and the like).
3) And determining a security and privacy hierarchical data authentication mode on the basis of the consensus trust mechanism.
According to the data platform user, data potential buyer and data platform authenticator consensus trust mechanism established in the step 2), classifying standards SL (PA (n), id according to security privacy level sl (l) Can determine how many security privacy levels the identity information authentication is divided into, each level sl (PA (n), id sl (l) Which necessary identity information id is included in the list of all the other devices sl (l) In that respect Different security privacy levels sl (PA (n), id) can be further determined depending on which essential identity information is included in each level sl (l) The range of authentication identity information AIR corresponding to the authentication identity information of (1) sl (PA (n), id (l)), data specification condition DSC of various kinds of identity information sl (PA (n), id (l)), minimum identity information authentication standard IAS sl (PA(n),id sl (l) User certificate or password formation rule and method OP for passing authentication sl (PA(n),id sl (l) ). Each level sl (PA (n), id sl (l) Corresponding requisite identity information id sl (l) And scope of authentication identity information AIR sl (PA (n), id (l)), data specification condition DSC of various kinds of identity information sl (PA (n), id (l)), lowestIdentity information authentication standard IAS sl (PA(n),id sl (l) User certificate or password formation rule and method OP for passing authentication sl (PA(n),id sl (l) ) as a hierarchical data authentication model for secure privacy.
4) According to a hierarchical data authentication mode of safety privacy and a user grouping result, an expected authentication level is determined by a user, and an adopted anonymous authentication method is determined according to an applicable scene, wherein the authentication method comprises a batch sampling authentication method and a group authentication method participating in a matching authentication group.
Determining an expected authentication level sl (PA (n), id) by a user according to the hierarchical data authentication mode of the safety privacy in step 2) and the user grouping result in step 1) sl (l) And provides identity information data required by a hierarchical data authentication mode of security and privacy, and determines an adopted anonymous authentication method according to an applicable scene. The authentication method comprises a batch sampling authentication method and a group authentication method participating in a matching authentication group. The batch sampling authentication method and the group authentication method participating in the matching authentication group improve the security and privacy of the anonymous identity authentication. The two methods have advantages, the batch sampling authentication method is suitable for application scenes with few anonymous users and more authenticated identity information of a data platform, and the same group authentication method participating in the matching authentication group is suitable for application scenes with more anonymous users and less authenticated identity information of the data platform.
The batch sampling authentication method is to expect an authentication level sl (PA (n), id) of a user sl (l) Corresponding requisite identity information id sl (l) A method for batch sampling authentication. The specific method is that a grey correlation degree data mining analysis method is adopted to mine each identity information id sl (l) The security and privacy relevance degrees are sorted according to the relevance degrees, and the identity information id with high security and privacy relevance degrees is sorted and summarized by adopting a data analysis, classification and summarization method sl (l) Divided into different batches. Identity information id for each batch sl (l) And carrying out the same batch of authentication and verification. When the number of the divided batches is too large, a sampling method can be adopted to carry out identification information id sl (l) And (7) authentication and verification. Each identity information in the methodid sl (l) The security privacy association degree of (2) is a probability that the user identity can be inferred by associating the identity information with each other.
The group authentication method for participating in the matching authentication group is to group and verify the users passing the primary group in the service application scene PA (n) of the same professional field and providing service data further according to the expected authentication level sl (PA (n), id) of the users sl (l) Dividing the users with the same expected authentication level into a set A (PA (n), sl (PA (n), id) sl (l) And) carrying out the safety and privacy hierarchical data authentication mode verification of the step 3) on the user identity information in the same set, carrying out comparative difference cluster analysis on the obtained authentication mode verification results, and clustering users corresponding to the safety and privacy hierarchical authentication mode verification results of the user identity information in a preset difference range into a group. And carrying out fully anonymous identity authentication on the users in the same group, namely carrying out uniform authentication on the identity information of the users in the group, and endowing the users in the same group with identity information identification without difference. After the authentication by the method, the authentication identity of any user in the same group of users based on the identity information can not be identified independently, and when the user in the same group of users needs to identify the identity independently, the user can obtain the identity by adopting a method for analyzing the data behavior of the historical service data set submitted by the user.
5) On the basis of the preliminary grading grouping authentication, the dynamic credibility evaluation is adopted or the mode of adding authentication data voluntarily is adopted to pass the preliminary grading grouping authentication or upgrade the authentication grade.
Through the above steps 1) -4), a preliminary hierarchical group authentication result of the user can be determined. When the user does not pass the primary grading grouping authentication or the user still needs to carry out upgrading authentication after passing the primary grading grouping authentication, the steps 1) -4) are repeated by adopting dynamic credibility evaluation or adopting a mode of voluntarily adding authentication data to carry out secondary primary grading grouping authentication or grade upgrading authentication.
The method for evaluating the dynamic credibility is that in the step 1-4), when the user who does not pass the preliminary grouping verification needs to further submit public digital information DA ' (PA (n)) containing more service data, the quality of the newly submitted public digital information DA ' (PA (n)) is determined by dynamically evaluating whether the newly submitted public digital information DA ' (PA (n)) is repeated with the historical service data HDA (O) of the data platform O, so that the accuracy is high and low, and the professional value is high and low, and the result is used as the dynamic credibility evaluation.
The mode of adding the authentication data voluntarily means that, in the step 4), when the identity information data required by the security privacy hierarchical data authentication mode provided by the user cannot meet the requirements of the authentication mode, or the user does not pass the identity authentication in the step 4), or the authentication level needs to be upgraded, the user needs to additionally submit the authentication data according to the corresponding security privacy hierarchical data authentication mode.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered as the technical solutions and the inventive concepts of the present invention within the technical scope of the present invention.
Claims (4)
1. A data platform user identity authentication method is characterized by comprising the following steps:
s1, excavating professional fields related to a data platform and service application scenes for providing service data according to historical service data of the data platform;
s2, inquiring the professional field of the data platform user and the service application scene for providing the service data, and requiring the data platform user to submit public digital information directly related to the professional field and the service application scene for providing the service data;
s3, the data platform checks the public digital information submitted by the user according to the historical service data, and judges whether the public digital information reaches the historical average level submitted by the user during user authentication in the same professional field and the service application scene for providing the service data;
if the user is in the service application scene, the user passes through the inspection of the data platform on the public digital information submitted by the user according to the historical service data, and the user is preliminarily grouped into a user group in the professional field and the service application scene providing the service data;
otherwise, the user fails to pass the inspection and cannot be grouped into a user group in the professional field and the service application scene providing the service data, and if the user needs to pass the authentication, the user needs to further submit the public digital information containing the service data;
s4, preliminarily grouping the user group marks into professional fields and service application scenes for providing service data;
s5, screening out potential data buyers corresponding to the user group in the professional field and the service application scene providing the service data according to the historical transaction records of the data platform;
s6, respectively taking user groups of users in the professional field and service application scenes for providing service data, potential data buyers and a data platform as block chain nodes, and establishing a consensus trust mechanism of the users of the data platform, the potential data buyers and a data platform authenticator by adopting a workload certification mechanism, a rights and interests certification mechanism, a share authorization certification mechanism or a Pool consensus mechanism;
s7, according to the data platform user, the data potential buyer and the data platform authenticator consensus trust mechanism, the safety privacy grade division can be determined according to the safety privacy grade classification standard;
s8, determining authentication identity information ranges corresponding to authentication identity information of different security privacy levels, data specification conditions of various kinds of identity information, the lowest identity information authentication standard, and a rule and a method formed by authenticated user certificates or passwords;
s9, taking the authentication identity information corresponding to each level, the authentication identity information range, the data specification conditions of various kinds of identity information, the lowest identity information authentication standard, and the set of rules and methods formed by authenticated user certificates or passwords as a hierarchical data authentication mode with safe privacy to form a hierarchical data authentication template;
s10, according to the hierarchical data authentication mode and the data platform user preliminary grouping result, determining an expected authentication level by a data platform user, and determining an anonymous authentication method which adopts a batch sampling authentication method or a group authentication method which participates in a matching authentication group;
s11, according to data requirements of the data platform for different levels of identity authentication, hierarchical grouping anonymous authentication of users of the data platform is achieved;
s12, verifying and dynamically upgrading the identity authentication of the user by adopting a dynamic reliability evaluation mode for further submitting public digital information according to the classified grouping anonymous authentication or a voluntary authentication data adding mode for additionally submitting authentication data according to a classified data authentication mode;
the dynamic credibility evaluation mode for further submitting the public digital information comprises the following steps: if the data platform user fails the preliminary grouping verification, further submitting public digital information, calculating the accuracy value and the professional value of the newly submitted public digital information by judging whether the newly submitted public digital information is repeated with the historical service data of the data platform, determining the quality of the newly submitted public digital information, and taking the quality as a dynamic reliability evaluation result;
the mode of adding authentication data according to the hierarchical data authentication mode and adopting voluntary addition of authentication data is as follows:
when identity information data required by a safe and private hierarchical data authentication mode provided by a data platform user cannot meet the requirements of the authentication mode, the data platform user needs to additionally submit authentication data according to the hierarchical data authentication mode;
when the data platform user does not pass the anonymous authentication of the step S4, the data platform user needs to additionally submit authentication data according to the hierarchical data authentication mode;
when the data platform user needs to upgrade the authentication level, the data platform user needs to additionally submit the authentication data according to the hierarchical data authentication mode.
2. The data platform user identity authentication method according to claim 1, wherein the batch sampling authentication method in step S10 specifically comprises the steps of:
s101, mining the security and privacy association degree of each identity information by adopting a grey association degree data mining analysis method;
s102, sorting according to the degree of association, and dividing each identity information with high security and privacy association degree into different batches by adopting a data analysis, classification and summarization method;
s103, carrying out the same batch authentication and verification on each batch of identity information, and when the divided batches exceed a set value, carrying out the authentication and verification on the identity information by adopting a sampling method.
3. The data platform user identity authentication method according to claim 1, wherein the group authentication method participating in the matching authentication group in step S10 specifically includes the steps of:
s101, dividing users passing the primary grouping verification in the same professional field and service application scene providing business data according to expected authentication levels of users of a data platform;
s102, grouping the data platform users with the same expected authentication level into a set, and carrying out the safety privacy grading data authentication mode verification in the step S3 on the data platform user identity information in the same set;
s103, carrying out comparison difference clustering analysis on the obtained authentication mode verification results, and clustering data platform users corresponding to the difference of the hierarchical authentication mode verification results of the identity information security and privacy of the data platform users in a preset difference range into a group;
and S104, carrying out full-anonymous identity authentication on the same group of data platform users, namely, carrying out uniform authentication on the identity information of the group of data platform users, and endowing the same group of data platform users with identity information identifications without differences.
4. An apparatus for data platform user identity authentication, the apparatus comprising:
a memory storing executable program code;
a processor coupled with the memory;
the processor calls the executable program code stored in the memory to execute the data platform user identity authentication method according to any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211056239.1A CN115396225B (en) | 2022-08-31 | 2022-08-31 | Data platform user identity authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211056239.1A CN115396225B (en) | 2022-08-31 | 2022-08-31 | Data platform user identity authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115396225A CN115396225A (en) | 2022-11-25 |
| CN115396225B true CN115396225B (en) | 2023-04-11 |
Family
ID=84124100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211056239.1A Active CN115396225B (en) | 2022-08-31 | 2022-08-31 | Data platform user identity authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115396225B (en) |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8856939B2 (en) * | 2008-09-05 | 2014-10-07 | Iowa State University Research Foundation, Inc. | Cloaking with footprints to provide location privacy protection in location-based services |
| CN110087239B (en) * | 2019-05-20 | 2020-10-13 | 北京航空航天大学 | Anonymous access authentication and key agreement method and device based on 5G network |
| CN110572268B (en) * | 2019-09-12 | 2021-06-15 | 腾讯科技(深圳)有限公司 | Anonymous authentication method and device |
| CN112187712B (en) * | 2020-08-18 | 2021-10-22 | 西安电子科技大学 | Anonymous authentication method and system for trust in de-center mobile crowdsourcing |
| CN114513316B (en) * | 2020-10-27 | 2024-01-16 | 国家电网有限公司大数据中心 | Anonymous authentication method based on identity, server and user terminal equipment |
| CN113987460B (en) * | 2021-11-03 | 2024-06-18 | 北京邮电大学 | Distributed pseudonym and anonymous authentication method based on alliance chain in crowd sensing scene |
| CN114866244B (en) * | 2022-03-14 | 2024-02-23 | 杭州云象网络技术有限公司 | Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption |
-
2022
- 2022-08-31 CN CN202211056239.1A patent/CN115396225B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115396225A (en) | 2022-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210110399A1 (en) | Transaction assessment and/or authentication | |
| US11663364B2 (en) | Whole-lifecycle encrypted big data analysis method and system for the data from the different sources | |
| US10346845B2 (en) | Enhanced automated acceptance of payment transactions that have been flagged for human review by an anti-fraud system | |
| KR101877345B1 (en) | Method for approving the use of credit card by using token id based on blockchain and merkle tree structure related thereto, and server using the same | |
| CN108122109B (en) | Electronic credential identity management method and device | |
| US10891631B2 (en) | Framework for generating risk evaluation models | |
| US7690032B1 (en) | Method and system for confirming the identity of a user | |
| CN109768983B (en) | Block chain-based multi-dimensional dynamic identity recognition method, device and system | |
| US10911455B2 (en) | Using third party information to improve predictive strength for authentications | |
| CN112185395B (en) | Federal voiceprint recognition method based on differential privacy | |
| CN109447791B (en) | Block chain-based fund transaction method and device | |
| CN112700250B (en) | Identity authentication method, device and system in financial scene | |
| WO2020082557A1 (en) | Risk analysis method, apparatus, and device for mobile phone number, and readable storage medium | |
| US20240296449A1 (en) | Mobile authentification method via peer mobiles | |
| CN110825814A (en) | Method for creating citizen identity block chain based on national population basic information | |
| CN115526425A (en) | Financial data prediction system and method based on block chain and big data | |
| CN114971642A (en) | Knowledge graph-based anomaly identification method, device, equipment and storage medium | |
| CN113886817A (en) | Host intrusion detection method and device, electronic equipment and storage medium | |
| RU2723679C1 (en) | Method and system for dynamic authentication and user risk assessment | |
| CN112785410A (en) | Relying party risk adjustment indicator systems and methods | |
| CN115396225B (en) | Data platform user identity authentication method and device | |
| CN108595318B (en) | Difference test method for digital certificate verification module in RFC-guided SSL/TLS implementation | |
| KR102307668B1 (en) | Certification system and certification method | |
| Alese et al. | A User Identity Management System for Cybercrime Control | |
| CN111275506A (en) | Bill issuing method and block link point equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230613 Address after: 101127 No. 1-219, Juhe 6th Street, Jufuyuan Industrial Park, economic development zone, Tongzhou District, Beijing Patentee after: Beijing HUAYIXIN Technology Co.,Ltd. Patentee after: Lin Shaowei Address before: 101127 No. 1-219, Juhe 6th Street, Jufuyuan Industrial Park, economic development zone, Tongzhou District, Beijing Patentee before: Beijing HUAYIXIN Technology Co.,Ltd. Patentee before: Huajiao Lianchuang (Xiamen) Technology Co.,Ltd. |
|
| OR01 | Other related matters | ||
| OR01 | Other related matters |