CN117633900A - File path verification method and device based on distributed network, equipment and medium - Google Patents
File path verification method and device based on distributed network, equipment and medium Download PDFInfo
- Publication number
- CN117633900A CN117633900A CN202410101045.1A CN202410101045A CN117633900A CN 117633900 A CN117633900 A CN 117633900A CN 202410101045 A CN202410101045 A CN 202410101045A CN 117633900 A CN117633900 A CN 117633900A
- Authority
- CN
- China
- Prior art keywords
- file path
- verification
- path
- file
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 189
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000004044 response Effects 0.000 claims abstract description 30
- 230000006870 function Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 abstract description 16
- 238000007726 management method Methods 0.000 description 9
- 238000012550 audit Methods 0.000 description 7
- 230000007246 mechanism Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000007789 sealing Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the disclosure discloses a file path verification method, a device, equipment and a medium based on a distributed network, wherein the method comprises the following steps: receiving identification permission request data sent by a client; extracting a file path of the identification license request data; acquiring file path verification data stored in a distributed mode from a blockchain according to the type of the extracted file path; wherein, the file path type includes: absolute path or relative path; verifying the file path based on the file path verification data to obtain a verification result of whether the file path passes verification; and distributing the identification permission request data to each node in a blockchain in response to the verification result being that the file path passes verification. The embodiment of the disclosure can ensure the security of the system in the process of the identification license registration, and the compliance of the data in the process of the identification license registration.
Description
Technical Field
The disclosure relates to the technical field of industrial internet of a distributed network, in particular to a file path verification method, a device, equipment and a medium based on the distributed network.
Background
The industrial Internet identification management system is an important component of an industrial Internet network system and is a neural center for supporting industrial Internet interconnection and intercommunication. Because of the lack of an identity layer design in the traditional internet, a network trust mechanism is realized by mainly building a network security service facility by means of a centralized mechanism, so that problems such as identity fraud and data theft occur sometimes, and the security of process information such as identity registration and analysis cannot be effectively ensured.
With the continuous advance of demands of information security and the like, the traditional internet has been updated and iterated to enter a web3.0 stage. Compared with the traditional Internet, the Web3.0 has higher security technical guarantee, can rely on a blockchain network constructed based on a consensus mechanism, realizes brand-new credit creation by means of technical endorsements, forms a trust model for economic and social operation, regularizes disordered business in the physical world, and realizes redistribution of basic rights of the traditional Internet by combining with distributed digital identities to construct a trust network among machines. In addition, the Web3 also has the typical characteristic of decentralization, is a novel network with common building, common treatment and shared value for all users, and has the core function of constructing a distributed network ecology taking the users as main bodies so as to help the users to leave a platform mechanism to complete network interaction.
How to ensure the security of an identification management system under the web3.0 network architecture is a problem to be solved at present.
Disclosure of Invention
It is an object of the present disclosure to provide a method, apparatus, device and medium for verifying file paths based on a distributed network, so as to solve the problems set forth in the background art.
According to one embodiment of an aspect of the present disclosure, there is provided a file path verification method based on a distributed network, including:
receiving identification permission request data sent by a client;
extracting a file path of the identification license request data;
acquiring file path verification data stored in a distributed mode from a blockchain according to the type of the extracted file path; wherein, the file path type includes: absolute path or relative path;
verifying the file path based on the file path verification data to obtain a verification result of whether the file path passes verification;
and distributing the identification permission request data to each node in a blockchain in response to the verification result being that the file path passes verification.
Preferably, the step of extracting the file path identifying license request data includes:
And calling a preset file path extraction function to extract the file path.
Preferably, the file path verification data is stored in a smart contract of a blockchain, and the file path verification data includes:
a list of compliance information and a file path verification function.
Preferably, the step of verifying the file path based on the file path verification data includes:
invoking the file path verification function to calculate the file path to obtain a calculation result;
matching the calculation result with the path information of the compliance file stored in the compliance information list;
if the matching is successful, the file path verification passes.
Preferably, the file path verification data includes: and the compliant file path information list comprises at least one of the following items:
a compliant file path, a compliant file path directory format, and a response content of the compliant file path.
Preferably, the step of verifying the file path based on the file path verification data includes:
judging whether the file path is contained in the compliant file path information list;
if the file path information list contains the file path, checking to pass; if the file path is not contained in the compliant file path information list, judging whether the format of the file path is consistent with the format of the compliant file path directory;
If the format of the file path is inconsistent with the format of the compliant file path directory, checking that the file path does not pass, and if the format of the file path is consistent with the format of the compliant file path directory, judging whether the items contained in the file path are consistent with the items contained in the compliant file path directory;
if the items contained in the file path are inconsistent with the items contained in the compliant file path directory, checking that the items do not pass, and if the items contained in the file path are consistent with the items contained in the compliant file path directory, sending a specified request to the file path;
judging whether the received response content is consistent with the response content of the compliant file path;
and if the received response content is consistent with the response content of the compliant file path, checking to pass.
Preferably, the method further comprises:
and providing a verification result query interface for the client.
According to an embodiment of another aspect of the present disclosure, there is provided a file path verification apparatus based on a distributed network, including:
an identification license request data receiving unit, configured to receive identification license request data sent by a client;
A file path extracting unit configured to extract a file path of the identification license request data;
the file path verification data acquisition unit is used for acquiring file path verification data stored in a distributed mode from the blockchain according to the type of the extracted file path; wherein, the file path type includes: absolute path or relative path;
a file path verification unit, configured to verify the file path based on the file path verification data, to obtain a verification result of whether the file path passes the verification;
and the storage unit is used for distributing the identification permission request data to all nodes of the blockchain in response to the verification result that the file path passes verification.
According to an embodiment of another aspect of the present disclosure, there is provided an electronic device including:
a memory for storing a computer program product;
a processor for executing the computer program product stored in the memory, and when executed, implementing any of the methods described above.
According to an embodiment of another aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement any of the methods described above.
According to the embodiment of the disclosure, under the condition that the identification license request data is received, the file path of the identification license request data is extracted, the file path verification data of distributed storage is obtained from the blockchain according to the type of the file path, the file path is verified by utilizing the file path verification data, and under the condition that verification passes, the identification license request data is distributed to all nodes in the blockchain, so that the safety of a system in the identification license registration process is ensured, and the compliance of the identification license registration process data is ensured.
In addition, the file path verification data and the identification license request data of the present disclosure are stored in a distributed manner, and at least have the following advantages:
high reliability: the system has no single point of failure, can ensure the data safety and service continuity through a data protection strategy and a copy mode, and can protect the safety and privacy of the data through mechanisms such as encryption, access control and the like;
high performance: the method can efficiently manage the read cache and the write cache, support automatic hierarchical storage, and can separate high-speed storage and low-speed storage or mix parts in any proportion;
high flexibility: and a plurality of different data types and application programs can be supported, so that the method and the device are flexibly suitable for different service requirements and scenes.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of one embodiment of a file path verification method based on a distributed network of the present disclosure;
FIG. 2 is a flow chart of one embodiment of the present disclosure verifying the file path based on the file path verification data;
FIG. 3 is a schematic structural diagram of one embodiment of a file path verification device based on a distributed network according to the present disclosure;
fig. 4 is a block diagram of one embodiment of an electronic device of the present disclosure.
Detailed Description
Embodiments of the present disclosure are described in further detail below with reference to the accompanying drawings.
The identifier management system comprises the aspects of identifier license registration, identifier use, identifier protection and the like, and a plurality of information security problems are related in the identifier management process. By verifying the file path, the security of the identification license request data can be ensured on the one hand, and the compliance of the identification license request operation can be ensured on the other hand. The verification of the file path has at least the following meaning:
Safety: if the file path format is incorrect or illegal characters are present, security issues, such as malicious filename attacks, may be raised. Thus, verifying the legitimacy of the file path helps to secure the system.
Data integrity: if the file path is illegal, it may result in the file not being properly read or processed, thereby compromising the integrity of the data. By verifying the validity of the file path, the correctness and the integrity of the file can be ensured.
Maintainability: if the file path is illegal, the file may not be stored normally, thereby making system maintenance difficult. By verifying the validity of the file path, maintenance problems caused by file path problems can be avoided.
Therefore, verification of the validity of the file path has important significance for guaranteeing system safety, maintaining data integrity and facilitating system maintenance.
The file path verification method based on the distributed network of the present disclosure is a flowchart of one embodiment, as shown in fig. 1, the method can be applied to web3.0 service end, and the method includes the following steps:
s101, receiving identification license request data sent by a client.
It may be appreciated that, to ensure security, after receiving the identification permission request data, the embodiments of the present disclosure may verify the identity of the client, and then execute the subsequent operation if the identity verification passes. The method for verifying the client identity may be, for example, that the identifier license request data carries an encrypted signature encrypted by an encryption key negotiated with the server when the client registers, and the server verifies the encrypted signature by using the negotiated decryption key to verify the client identity. The client may be a registration service, registration authority, or enterprise node, among others.
The identification license request data may be any data sent to the server in the identification license registration process, for example, may be identification license initial request data, may be identification license request update data, or may also be identification license request other procedural data, etc. That is, the identifier license request data includes data that needs to be submitted in the identifier license registration process, and is used for requesting the server to audit the submitted data, so as to perform license registration on the identifier. The identification in the embodiments of the present disclosure is an industrial internet identification.
The identification license request data may be uploaded using a format specified by the web3.0 server, which may be, for example, XMl (Xtensible Markup Language, extensible markup language) format, where the client's cryptographic signature may be saved in an XML format file reservation field.
Optionally, in some implementations, the client may send the identification license request data in a compressed format, and in specific implementations, when the client sends the identification license request data in a preset compressed format, the client may compress the associated files (i.e., the identification license request data) together in a unified format specified by the web3.0 server to form a compressed file for sending, and add the compressed file identifier to the file name of the compressed file. After the web3.0 server receives the compressed file sent by the client, the compressed file can be decompressed by adopting a preset compression format after the file name of the compressed file reads the compressed file identifier, so that after a plurality of compressed files are obtained, the method of the embodiment of the disclosure is executed for each compressed file.
S102, extracting the file path of the identification license request data.
Alternatively, in some of these implementations, in step S102, a preset file path extraction function may be invoked to extract the file path from the identification license request data. That is, depending on the programming language employed, a file path extraction function corresponding to that language may be used to extract a file path identifying license request data.
S103, acquiring file path verification data stored in a distributed mode from the blockchain according to the type of the extracted file path.
After receiving the identification permission request data and extracting the corresponding file path, the embodiment of the disclosure triggers the server to acquire file path verification data from the distributed node (i.e. in the blockchain), and the embodiment of the disclosure has the advantages that the file path verification data is stored in a distributed manner:
high reliability: the system has no single point of failure, can ensure the data safety and service continuity through a data protection strategy and a copy mode, and can protect the safety and privacy of the data through mechanisms such as encryption, access control and the like;
high performance: the method can efficiently manage the read cache and the write cache, support automatic hierarchical storage, separate high-speed storage and low-speed storage, or mix and distribute the hot spot data in any proportion, for example, by writing the hot spot data into the high-speed storage, the response speed of the hot spot data can be improved;
High flexibility: and a plurality of different data types and application programs can be supported, so that the method and the device are flexibly suitable for different service requirements and scenes.
The disclosed embodiments store the file path verification data in the intelligent contracts for each blockchain node. The file path verification data includes: a list of compliance information and a file path verification function. Before executing the step, creating an intelligent contract in a blockchain, wherein the intelligent contract is used for verifying the compliance of a file path, and comprises a compliance information list and a file path verification function, and the compliance information list stores compliance file path information; the file path verification function is used for performing function calculation on the file path to be verified.
The verification function in the embodiment of the present disclosure may be, for example, a regular expression or an MD5 (message digest algorithm) algorithm, which is not specifically limited, and may be other functions.
Because the blockchain has non-falsifiability, the file path verification data is stored in the blockchain node, so that the safety of the file path verification data can be effectively ensured, and the reliability of the file path verification can be further ensured.
In addition, considering the public accessibility of the blockchain, the compliance file path information stored in the compliance information list in the embodiment of the disclosure is not the compliance file path itself, but a value calculated by the file path verification function, so that the safety of the compliance file path information in the intelligent contract can be ensured.
In the embodiment of the disclosure, the file path verification data is stored in the intelligent contracts of the blockchain in a distributed mode, and in order to ensure the consistency of data among nodes, the data consistency verification can be regularly carried out among the nodes. Because the file path verification data is stored in a distributed manner at different nodes, in some implementations, the corresponding file path verification data may be obtained according to the type of the extracted file path. The file path types include: absolute path or relative path. The absolute path is a path calculated from the root directory; the relative path is calculated from the current path, and the current path is the path of the working directory where the client sends the identification license request data. Because the absolute path and the relative path have differences in security, fixity, portability, format, length limitation and other aspects, the embodiments of the disclosure adopt different file path verification data for two different types of file paths, for example, if the type of the extracted file path is the absolute path, the corresponding file path verification data is obtained from a blockchain storing the absolute path verification data; if the type of the extracted file path is the relative path, the corresponding file path verification data is obtained from the blockchain stored with the relative path verification data.
S104, verifying the file path based on the file path verification data to obtain a verification result of whether the file path passes verification.
When the embodiment of the disclosure needs to verify the file path, a file path verification transaction request can be initiated to the intelligent contract, and the file path extracted in the step S102 is carried in the request, so that file path verification data in the intelligent contract is called to verify whether the file path is legal and compliant.
Optionally, in some implementations, the method for verifying the file path based on the file path verification data includes:
invoking the file path verification function to calculate the file path to obtain a calculation result;
matching the calculation result with the path information of the compliance file stored in the compliance information list;
if the matching is successful, determining that the file path passes the verification, and if the file path is legal and compliant, otherwise, determining that the file path does not pass the verification.
And S105, responding to the verification result to enable the file path to pass verification, and distributing the identification license request data to all nodes in a blockchain.
The server side performs distributed storage on the identification license request data to facilitate subsequent auditing of the identification license request data so as to judge whether the identification license request data meets the identification license registration standard. By verifying the file path of the identification license request data, the embodiment of the invention can ensure the validity and compliance of the identification license request data to a certain extent, thereby facilitating the subsequent management operation of the identification license request data and smoothly interfacing with the next-stage audit management platform.
Optionally, in some implementations, in step S105, in response to the verification result that the file path passes the verification, the server may audit the data required by the identifier license registration process included in the identifier license request data, and after the data required by the identifier license registration process passes the audit, perform corresponding identifier license registration, and store the identifier license registration data (including the identifier and the data required by the identifier license registration process) in each node in the blockchain in a distributed manner.
Embodiments of the present disclosure further include: and in response to the verification result being that the file path verification fails, distributing the verification failure result and the verification failure reason into each node in the blockchain. Therefore, records which are not passed by the file path verification of each client are stored in each distributed node, and malicious clients can be identified according to the records which are not passed by the file path verification for many times. For example, when the number of times that the file path verification of the identification license request data sent by the same client fails for the same reason reaches a predetermined value, the client may have a predetermined risk, and at this time, a corresponding warning may be sent to the client, or operations such as sealing the number of the client account may be performed, so as to prevent the server device from being attacked maliciously.
In some implementations, the verification result may be stored in a distributed manner by adopting a server-side encryption signature manner, and the encryption signature may be encrypted by adopting an encryption key negotiated during registration of the client, so that the client may verify the encryption signature by using a corresponding decryption key to confirm validity of the server-side identity, and meanwhile, it is ensured that the verification result is not tampered, and only the corresponding client may view the verification result, thereby preventing leakage of the verification result.
In addition, the embodiment of the disclosure provides a corresponding verification result query interface to the client after verification is completed. Through the query interface client can check whether the verification made for the file path identifying the license request data passes or not, and in case the verification does not pass, learn about the reason of the failure.
According to the embodiment of the disclosure, the file path verification data is stored in the blockchain, so that the file path verification data is not tampered, and the reliability of the file path verification result can be further ensured. In addition, the identification license request data are distributed in all nodes in the blockchain, namely, the identification license request data are guaranteed not to be tampered, under the condition that the public can inquire, the data are prevented from being damaged or lost when single-point faults are avoided, and the safety of the data is guaranteed.
Another embodiment of the file path verification method based on the distributed network of the present disclosure is as follows, and the method may be applied to a web3.0 server, and specifically includes the following steps:
s201, receiving identification license request data sent by a client.
It may be appreciated that, to ensure security, after receiving the identification permission request data, the embodiments of the present disclosure may verify the identity of the client, and then execute the subsequent operation if the identity verification passes. The method for verifying the client identity may be, for example, that the identifier license request data carries an encrypted signature encrypted by an encryption key negotiated with the server when the client registers, and the server verifies the encrypted signature by using the negotiated decryption key to verify the client identity.
The client may be a registration service, registration authority, or enterprise node, among others.
The identification license request data may be any data sent to the server in the identification license registration process, for example, may be identification license initial request data, may be identification license request update data, or may also be identification license request other procedural data, etc. That is, the identifier license request data includes data that needs to be submitted in the identifier license registration process, and is used for requesting the server to audit the submitted data, so as to perform license registration on the identifier.
The identification license request data may be uploaded using a format specified by the web3.0 server, which may be, for example, XMl (Xtensible Markup Language, extensible markup language) format, where the client's cryptographic signature may be saved in an XML format file reservation field.
Optionally, in some implementations, the client may send the identification license request data in a compressed format, and in specific implementations, when the client sends the identification license request data in a preset compressed format, the client may compress the associated files (i.e., the identification license request data) together in a unified format specified by the web3.0 server to form a compressed file for sending, and add the compressed file identifier to the file name of the compressed file. After the web3.0 server receives the compressed file sent by the client, the compressed file can be decompressed by adopting a preset compression format after the file name of the compressed file reads the compressed file identifier, so that after a plurality of compressed files are obtained, the method of the embodiment of the disclosure is executed for each compressed file.
S202, extracting the file path of the identification license request data.
Alternatively, in some implementations, in step S202, a preset file path extraction function may be invoked to extract the file path from the identification license request data. That is, depending on the programming language employed, a file path extraction function corresponding to that language may be used to extract a file path that identifies license request data.
S203, acquiring file path verification data stored in a distributed mode from the blockchain according to the type of the extracted file path.
In the embodiment of the disclosure, after each time identification permission request data is received and a corresponding file path is extracted, a server side is triggered to acquire file path verification data stored in a distributed mode from a blockchain.
In the embodiment of the disclosure, the file path verification data are stored in each node in a distributed manner, so that the data consistency among the nodes can be ensured, and the data consistency verification among the nodes can be performed regularly. Because the file path verification data are stored in different nodes in a distributed mode, the corresponding file path verification data can be acquired according to the type of the extracted file path when the file path verification data are acquired. The file path types include: absolute path or relative path. The absolute path is a path calculated from the root directory; the relative path is calculated from the current path, and the current path is the path of the working directory where the client sends the identification license request data. Because the absolute path and the relative path have differences in security, fixity, portability, format, length limitation and other aspects, the embodiments of the disclosure adopt different file path verification data for two different types of file paths, for example, if the type of the extracted file path is the absolute path, the corresponding file path verification data is obtained from a blockchain storing the absolute path verification data; if the type of the extracted file path is the relative path, the corresponding file path verification data is obtained from the blockchain stored with the relative path verification data.
The file path verification data in this embodiment includes: and the compliant file path information list comprises at least one of the following items:
a compliant file path, a compliant file path directory format, and a response content of the compliant file path.
The compliant file path refers to a preset compliant file path; the format of the compliant file path directory, that is, the format requirement of the preset compliant file path directory, where the format requirement includes, for example: beginning with a first specific character, ending with a second specific character, each item being spaced apart with a third specific character, and so on; the items included in the compliant file path directory, that is, the items included in the preset compliant file path directory, may include, for example, a total directory name of the items, a platform name, a data type, a date, and a file name.
The response content of the compliant file path, that is, the response content obtained by sending the specified request to the compliant file path, may be, for example, a status code of a specific content, and if the status code is 200, it indicates that the file path is a real compliant path.
It will be appreciated that, since the absolute path differs from the relative path itself in terms of format, included items, length, etc., the corresponding file path verification data also differs. The absolute path is different from the relative path in terms of the format of the compliant file path directory, for example, it is generally started with "http", "v", or "%" such as "/home/User/file.txt" or "% User% file.txt", whereas the relative path is generally denoted by "./" for the current directory path, by "./" for the path of the upper directory, or by "%" and ".%" for the current directory path, such as for example, where the current path is/home/User, the relative path/fiel.txt is denoted by the file.txt file under the/home/User directory. The two contained items also differ, the absolute path contains the complete path from the root directory, while the relative path contains only the path from the current working directory, e.g., the current path is/home/user, and the relative path may contain only/field. Tx, i.e., the file. Txt file under the home/user directory. Thus, different types of file paths correspond to different file path verification data.
S204, verifying the file path based on the file path verification data to obtain a verification result of whether the file path passes verification.
Embodiments of the present disclosure verify that the contents of a file path include at least one of the following based on file path verification data:
1) Verifying whether a file path exists in the compliant file path information list;
2) Verifying whether the file path directory format is correct based on the compliant file path directory format;
3) Verifying whether the items contained in the file path are correct based on the items contained in the compliant file path directory;
4) The file path is verified based on the response content of the compliant file path.
The flow of verifying the file path based on the file path verification data according to the embodiment of the disclosure is shown in fig. 2, and specifically includes the following steps:
s2041, judging whether the file path is contained in a compliant file path information list;
if the file path information list contains the file path, the verification of the file path can be directly confirmed to pass; if the file path is not included in the compliant file path information list, executing step S2042;
s2042, judging whether the format of the file path is consistent with the format of the compliant file path directory;
If the format of the file path is inconsistent with the format of the compliant file path directory, confirming that the file path verification is not passed, and if the format of the file path is consistent with the format of the compliant file path directory, executing step S2043;
s2043, judging whether the items contained in the file path are consistent with the items contained in the compliant file path directory;
if the item contained in the file path is inconsistent with the item contained in the compliant file path directory, confirming that the file path verification is not passed, and if the item contained in the file path is consistent with the item contained in the compliant file path directory, executing step S2044;
s2044, sending a specified request to the file path;
s2045, judging whether the received response content is consistent with the response content of the compliant file path;
and if the received response content is inconsistent with the response content of the compliant file path, confirming that the file path verification is passed, and if the received response content is inconsistent with the response content of the compliant file path, confirming that the file path verification is not passed.
It can be understood that although the corresponding file path verification data of different types of file paths have differences, the method for verifying the file paths based on the file path verification data can be consistent, that is, the above method flow is applicable to different types of file paths.
The above-mentioned judging process is only an embodiment, the specific judging sequence can be adjusted according to the needs, and the judging sequence of each judging condition is not particularly limited in the embodiment of the disclosure.
And S205, responding to the verification result that the file path passes verification, and distributing the identification license request data to all nodes in a blockchain.
The server side performs distributed storage on the identification license request data to facilitate subsequent auditing of the identification license request data so as to judge whether the identification license request data meets the identification license registration standard. By verifying the file path of the identification license request data, the embodiment of the invention can ensure the validity and compliance of the identification license request data to a certain extent, thereby facilitating the subsequent management operation of the identification license request data and smoothly interfacing with the next-stage audit management platform.
Embodiments of the present disclosure further include: and in response to the verification result being that the file path verification fails, distributing the verification failure result and the verification failure reason into each node in the blockchain. Therefore, records which are not passed by the file path verification of each client are stored in each distributed node, and malicious clients can be identified according to the records which are not passed by the file path verification for many times. For example, when the number of times that the file path verification of the identification license request data sent by the same client fails for the same reason reaches a predetermined value, the client may have a predetermined risk, and at this time, a corresponding warning may be sent to the client, or operations such as sealing the number of the client account may be performed, so as to prevent the server device from being attacked maliciously.
In some implementations, the verification result may be stored in a distributed manner by adopting a server-side encryption signature manner, and the encryption signature may be encrypted by adopting an encryption key negotiated during registration of the client, so that the client may verify the encryption signature by using a corresponding decryption key to confirm validity of the server-side identity, and meanwhile, it is ensured that the verification result is not tampered, and only the corresponding client may view the verification result, thereby preventing leakage of the verification result.
In addition, the embodiment of the disclosure provides a corresponding verification result query interface to the client after verification is completed. Through the query interface client can check whether the verification made for the file path identifying the license request data passes or not, and in case the verification does not pass, learn about the reason of the failure.
Alternatively, embodiments of the present disclosure may store file paths that are not passed through by the verification in a distributed manner as a file path blacklist, so as to share the blacklist to other distributed nodes, or use the blacklist as a condition for verification in a subsequent file path verification.
In summary, in the embodiment of the disclosure, when the identifier license request data is received, the file path of the identifier license request data is extracted, the file path verification data of distributed storage is obtained according to the type of the file path, the file path is verified by using the file path verification data, and the identifier license request data is distributed in each node in the blockchain under the condition that verification passes, so that the security of the system in the identifier license registration process and the compliance of the data in the identifier license registration process are ensured. And the content, the format and the security of the identification license request data reaching the next-stage audit management platform can meet the requirements of the specification through the verification of the security and the compliance of the identification license request data.
In addition, by means of the distributed storage of the file path verification data, the file path verification data can be guaranteed not to be tampered, and further the reliability of the file path verification result can be guaranteed. In addition, the identification license request data are distributed in all nodes in the blockchain, namely, the identification license request data are guaranteed not to be tampered, under the condition that the public can inquire, the data are prevented from being damaged or lost when single-point faults are avoided, and the safety of the data is guaranteed.
The third embodiment of the disclosure further provides a file path verification device based on a distributed network, as shown in fig. 3, which is a schematic structural diagram of the device, and the device includes:
an identification license request data receiving unit 301, configured to receive identification license request data sent by a client.
A file path extracting unit 302, configured to extract the file path of the identification license request data.
A file path verification data obtaining unit 303, configured to obtain file path verification data stored in a distributed manner from a blockchain according to a type of the extracted file path, where the type of the file path includes: absolute path or relative path.
And a file path verification unit 304, configured to verify the file path based on the file path verification data, to obtain a verification result of whether the file path passes the verification.
A storage unit 305, configured to distribute the identification permission request data to nodes of a blockchain in response to the verification result being that the file path passes the verification.
The specific manner in which the individual units perform the operations in relation to the apparatus of the above embodiments has been described in detail in relation to the embodiments of the method and will not be described in detail here.
Next, an electronic device according to an embodiment of the present disclosure is described with reference to fig. 4. The electronic device may be either or both of the first device and the second device, or a stand-alone device independent thereof, which may communicate with the first device and the second device to receive the acquired input signals therefrom.
Fig. 4 illustrates a block diagram of an electronic device according to an embodiment of the disclosure.
As shown in fig. 4, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may store one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or nonvolatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program products may be stored on the computer readable storage medium that can be run by a processor to implement the various embodiments methods of the present disclosure and/or other desired functions as described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output device may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 4 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform steps in a method according to various embodiments of the present disclosure described in the above section of the specification.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium, having stored thereon computer program instructions, which when executed by a processor, cause the processor to perform steps in a method according to various embodiments of the present disclosure described in the above section of the present disclosure.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (10)
1. A file path verification method based on a distributed network, comprising:
receiving identification permission request data sent by a client;
extracting a file path of the identification license request data;
acquiring file path verification data stored in a distributed mode from a blockchain according to the type of the extracted file path; wherein, the file path type includes: absolute path or relative path;
verifying the file path based on the file path verification data to obtain a verification result of whether the file path passes verification;
and distributing the identification permission request data to each node in a blockchain in response to the verification result being that the file path passes verification.
2. The method of claim 1, wherein the step of extracting the file path identifying license request data comprises:
And calling a preset file path extraction function to extract the file path.
3. The method of claim 1, wherein the file path verification data is stored in a blockchain smart contract, the file path verification data comprising:
a list of compliance information and a file path verification function.
4. A method according to claim 3, wherein the step of verifying the file path based on the file path verification data comprises:
invoking the file path verification function to calculate the file path to obtain a calculation result;
matching the calculation result with the path information of the compliance file stored in the compliance information list;
if the matching is successful, the file path verification passes.
5. The method of claim 1, wherein the file path verification data comprises: and the compliant file path information list comprises at least one of the following items:
a compliant file path, a compliant file path directory format, and a response content of the compliant file path.
6. The method of claim 5, wherein verifying the file path based on the file path verification data comprises:
Judging whether the file path is contained in the compliant file path information list;
if the file path information list contains the file path, checking to pass; if the file path information list does not contain the file path, judging whether the format of the file path is consistent with the format of the catalogue of the compliant file path;
if the format of the file path is inconsistent with the format of the compliant file path directory, checking to be failed, and if the format of the file path is consistent with the format of the compliant file path directory, judging whether the items contained in the file path are consistent with the items contained in the compliant file path directory;
if the items contained in the file path are inconsistent with the items contained in the compliant file path directory, checking that the items do not pass, and if the items contained in the file path are consistent with the items contained in the compliant file path directory, sending a specified request to the file path;
judging whether the received response content is consistent with the response content of the compliant file path;
and if the received response content is consistent with the response content of the compliant file path, checking to pass.
7. The method according to claim 1, wherein the method further comprises:
and providing a verification result query interface for the client.
8. A file path verification apparatus based on a distributed network, comprising:
an identification license request data receiving unit, configured to receive identification license request data sent by a client;
a file path extracting unit configured to extract a file path of the identification license request data;
the file path verification data acquisition unit is used for acquiring file path verification data stored in a distributed mode from the blockchain according to the type of the extracted file path; wherein, the file path type includes: absolute path or relative path;
a file path verification unit, configured to verify the file path based on the file path verification data, to obtain a verification result of whether the file path passes the verification;
and the storage unit is used for distributing the identification permission request data to all nodes of the blockchain in response to the verification result that the file path passes verification.
9. An electronic device, comprising:
a memory for storing a computer program product;
A processor for executing a computer program product stored in said memory, which, when executed, implements the method of any of the preceding claims 1-7.
10. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of the preceding claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410101045.1A CN117633900B (en) | 2024-01-24 | 2024-01-24 | File path verification method and device based on distributed network, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410101045.1A CN117633900B (en) | 2024-01-24 | 2024-01-24 | File path verification method and device based on distributed network, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117633900A true CN117633900A (en) | 2024-03-01 |
| CN117633900B CN117633900B (en) | 2024-05-31 |
Family
ID=90034177
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410101045.1A Active CN117633900B (en) | 2024-01-24 | 2024-01-24 | File path verification method and device based on distributed network, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117633900B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180144124A1 (en) * | 2016-11-23 | 2018-05-24 | 2236008 Ontario Inc. | Path-based access control for message-based operating systems |
| CN113434139A (en) * | 2021-06-23 | 2021-09-24 | 平安普惠企业管理有限公司 | Image packaging processing method and device, server and storage medium |
| CN115022042A (en) * | 2022-06-02 | 2022-09-06 | 贵州数据宝网络科技有限公司 | Compliance code verification method for protecting data privacy and computer readable medium |
| CN115080988A (en) * | 2021-09-13 | 2022-09-20 | 鼎链数字科技(深圳)有限公司 | Method and system for storing, using and auditing unstructured data based on block chain |
| CN116226289A (en) * | 2023-04-11 | 2023-06-06 | 远光软件股份有限公司 | Electronic certificate management method, device, equipment and storage medium based on blockchain |
| CN117055903A (en) * | 2023-08-14 | 2023-11-14 | 平安银行股份有限公司 | Front-end analog data deployment method, front-end analog data deployment device, computer equipment and storage medium |
-
2024
- 2024-01-24 CN CN202410101045.1A patent/CN117633900B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180144124A1 (en) * | 2016-11-23 | 2018-05-24 | 2236008 Ontario Inc. | Path-based access control for message-based operating systems |
| CN113434139A (en) * | 2021-06-23 | 2021-09-24 | 平安普惠企业管理有限公司 | Image packaging processing method and device, server and storage medium |
| CN115080988A (en) * | 2021-09-13 | 2022-09-20 | 鼎链数字科技(深圳)有限公司 | Method and system for storing, using and auditing unstructured data based on block chain |
| CN115022042A (en) * | 2022-06-02 | 2022-09-06 | 贵州数据宝网络科技有限公司 | Compliance code verification method for protecting data privacy and computer readable medium |
| CN116226289A (en) * | 2023-04-11 | 2023-06-06 | 远光软件股份有限公司 | Electronic certificate management method, device, equipment and storage medium based on blockchain |
| CN117055903A (en) * | 2023-08-14 | 2023-11-14 | 平安银行股份有限公司 | Front-end analog data deployment method, front-end analog data deployment device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117633900B (en) | 2024-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11347876B2 (en) | Access control | |
| US7062650B2 (en) | System and method for verifying integrity of system with multiple components | |
| JP4902636B2 (en) | Method and system for preventing software piracy in a corporate environment using machine attributes | |
| US8417964B2 (en) | Software module management device and program | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| CN112861191B (en) | Application program monitoring method and device | |
| CN111460400B (en) | Data processing method, device and computer readable storage medium | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| CN113051036A (en) | Application program licensing method, device, equipment and medium based on Docker container | |
| CN104468458A (en) | Method and system for migrating client work load to cloud environment, and migration agent | |
| WO2024146285A1 (en) | Blockchain-based data processing method, device, and readable storage medium | |
| US20230325833A1 (en) | Blockchain-based data processing method and apparatus, device, storage medium, and program product | |
| CN112565293A (en) | Information security management method and device, computer equipment and readable storage medium | |
| CN117633900B (en) | File path verification method and device based on distributed network, equipment and medium | |
| CN111698227A (en) | Information synchronization management method, device, computer system and readable storage medium | |
| CN114386147B (en) | Copyright protection method and system of BIM model based on blockchain and intelligent contract | |
| CN113485731A (en) | Intelligent contract upgrading method and system for block chain | |
| CN115018509A (en) | Object processing method and device, electronic equipment and storage medium | |
| CN101552770A (en) | Method for managing digital resources and relevant digital resource managing system | |
| CN111555887A (en) | Block chain certificate compatibility processing method and device and computer storage medium | |
| CN117040930B (en) | Resource processing method, device, product, equipment and medium of block chain network | |
| CN114938299B (en) | Device authorization method and device based on application service interface | |
| CN117938501A (en) | File warehouse entry verification method and device based on distributed network, equipment and medium | |
| CN112286553B (en) | User lock upgrading method, device, system, electronic equipment and storage medium | |
| JP2006040146A (en) | File execution system and its method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |