CN112347188B - Authorization and access auditing system and method based on private chain - Google Patents

Authorization and access auditing system and method based on private chain Download PDF

Info

Publication number
CN112347188B
CN112347188B CN202011114782.3A CN202011114782A CN112347188B CN 112347188 B CN112347188 B CN 112347188B CN 202011114782 A CN202011114782 A CN 202011114782A CN 112347188 B CN112347188 B CN 112347188B
Authority
CN
China
Prior art keywords
user
module
data
information
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011114782.3A
Other languages
Chinese (zh)
Other versions
CN112347188A (en
Inventor
于斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zero Krypton Information Technology Beijing Co ltd
Linkdoc Technology Beijing Co ltd
Original Assignee
Zero Krypton Information Technology Beijing Co ltd
Linkdoc Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zero Krypton Information Technology Beijing Co ltd, Linkdoc Technology Beijing Co ltd filed Critical Zero Krypton Information Technology Beijing Co ltd
Priority to CN202011114782.3A priority Critical patent/CN112347188B/en
Publication of CN112347188A publication Critical patent/CN112347188A/en
Application granted granted Critical
Publication of CN112347188B publication Critical patent/CN112347188B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an authorization and access auditing system and method based on a private chain. The system comprises: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a blockchain storage module; the method comprises the following steps: user trust process and trust verification process. According to the application, the user information machine is stored by the block chain technology, and the personal information is combined with the desensitization technology, so that the user privacy information is not directly involved in the user authentication data process, the privacy disclosure risk is reduced, meanwhile, the IPFS storage related records and the user certificates are introduced, the private chain indexed mode points to the completed file entity, and the problem that the data in the traditional authorization authentication mode can be tampered and forged is solved.

Description

Authorization and access auditing system and method based on private chain
Technical Field
The application relates to the technical field of blockchains, in particular to a private-chain-based authorization and access auditing system and method.
Background
Currently, as medical treatment is increasingly tightly coupled with large data, access to systems and data is becoming more important. Higher and higher requirements are being placed on authorization, access, and auditing. The current common authentication and authorization method of the internal information system of the hospital is generally a traditional method, namely, an account number password or related information based on biotechnology is digitized and then used as a login mark. However, since the tamper resistance of the conventional database has a certain defect, privacy problems in the user account generation process and data in the conventional authorization authentication mode may be tampered and forged.
Aiming at the privacy problem in the generation process of the user account and the problem that the data in the traditional authorization authentication mode can be tampered and forged in the related technology, no effective solution is proposed at present.
Disclosure of Invention
The application mainly aims to provide an authorization and access auditing system and method based on a private chain, which are used for solving the privacy problem in the generation process of a user account in the related technology and the problem that data in the traditional authorization authentication mode can be tampered and forged.
To achieve the above object, in a first aspect, the present application provides a private chain-based authorization and access auditing system, including: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a blockchain storage module;
the user management module, the desensitization service module, the certificate service module, the data uplink module and the block chain storage module are sequentially connected in sequence, and the user management module is connected with the data uplink module;
The user management module is used for receiving a new user authorization request, acquiring the biological characteristic information submitted by a new user and the user registration information, and burning the USB-KEY according to the returned authorization information;
The desensitization service module is used for receiving a new user authorization request, extracting sensitive fields in the biological characteristic information and the user registration information according to preset sensitive fields, and converting the biological characteristic information and the sensitive fields into ciphertext in an encryption mode. Meanwhile, a desensitization service module randomly generates a unique user ID for the user, and the user ID and the characteristic information ciphertext are combined to generate a user characteristic code;
the certificate service module is used for issuing a user certificate after receiving a new user authorization request and a user feature code, generating a public key and a corresponding private key, and secondarily encrypting the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to a uplink module;
the data uplink module is used for storing the encrypted received new user authorization data and the corresponding public key into the block chain;
The user management module further comprises: and the data receiving module is used for receiving user login information, transmitting verification data for authentication to the data uplink module, and receiving and returning a verification result.
The block chain storage module acquires encrypted data information according to verification data submitted by a user, and sends the acquired encrypted data information to the data uplink module;
the encrypted data information includes: user ID, feature code, and writing device ID.
The data uplink module compares the encrypted data information transmitted by the block chain storage module, judges whether the user ID and the burning writing equipment ID are correct or not, compares the user feature codes after confirming the user ID and the burning writing equipment ID are correct, returns a verification result to the user management module, and submits a user verification condition record to the block chain module. If any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
The storage mode of the block chain storage module is IPFS (INTERPLANETARY FILE SYSTEM, interstellar file system, a point-to-point distributed hypermedia distribution protocol, storage can be expanded in a mode of distributed storage of different nodes, related data are obtained by multiple nodes, a user certificate and a user audit record are stored in IPFS, a hash value of a related storage object is generated, each block in the block chain after the private chain is constructed stores the hash value of the related storage object, the hash value of the related storage object is used as an index, and the hash value of the related storage object in each block corresponds to each node value in IPFS one by one.
The private chain construction process is as follows:
Creating a block for nodes A to N in the block chain storage module and initializing the block, wherein the method comprises the following steps: deploying ipfs an execution file, generating a point-to-point key, creating a data directory and creating IPFS nodes;
configuring each node, including: importing a node id and configuring cross-domain resource sharing;
starting the node A, and linking other nodes to the node A;
the initializing includes: deployment ipfs executes files, generates point-to-point keys, creates data directories, creates IPFS nodes.
The configuration includes: importing node id and configuring cross-domain resource sharing.
In a second aspect, the present application further provides a private-chain-based authorization and access auditing method, which is implemented by adopting the private-chain-based authorization and access auditing system, and includes a user trust process and a trust verification process:
The user credit granting process comprises the following steps:
The user management module receives the new user authorization request, acquires the biological characteristic information submitted by the new user and the user registration information, and submits the biological characteristic information and the user registration information to the desensitization service module;
The desensitization service module receives a new user authorization request, extracts the sensitive fields in the biological characteristic information and the user registration information according to a preset sensitive field, and converts the biological characteristic information and the sensitive fields into ciphertext in an encryption mode. Meanwhile, a desensitization service module randomly generates a unique user ID for the user, and the user ID and the characteristic information ciphertext are combined to generate a user characteristic code;
the certificate service module is used for issuing a user certificate after receiving a new user authorization request and a user feature code, generating a public key and a corresponding private key, and secondarily encrypting the user feature code for transmission through the certificate; submitting the encrypted data and the corresponding public key to a uplink module;
the data uplink module stores the received new user authorization data after encryption and the corresponding public key into the block chain;
The data uplink module returns uplink success information to the certificate service module;
The certificate service module returns the user private key and the user ID to the desensitization service module;
The desensitization service module inquires related feature codes in a local system through the user ID returned by the certificate service module, and the related feature codes and a private key returned by the certificate service module are assembled into a data structure body in a JSON format in the module; returning authorization information to the user management module;
The user management module receives the user private KEY and the user ID, stores the user private KEY and the user ID in the management database, returns the user ID, the private KEY and the user feature code, burns the USB-KEY, and submits the user ID, the burning condition and the timestamp information to the data uploading module; the recording condition comprises whether recording is successful or not, recording the ID of the recording equipment and recording the ID of the equipment;
and the data uplink module stores the user ID, the burning condition and the time stamp into the blockchain module. The time stamp comprises a burning time stamp and an uploading time stamp.
The trust verification process comprises the following steps:
And the user management module receives the user login information, verifies whether the login information is correct, acquires related content in the USB-KEY submitted by the user if the login information is verified, transmits verification data for authentication to the data uplink module, and receives and returns a verification result.
The user login information includes: user ID, password, and local USB-KEY data;
the verification data used for authentication is data encrypted by a private key;
The related content of the USB-KEY comprises a user ID and a user private KEY;
the data uplink module receives the verification data for authentication;
The block chain storage module acquires encrypted data information according to verification data submitted by a user, and sends the acquired encrypted data information to the data uplink module; the encrypted data information comprises a user ID, a feature code and a burning writing device ID.
The data uplink module compares the encrypted data information transmitted by the block chain storage module, if the comparison result is correct, the data uplink module returns a verification result to the user management module, and submits a user verification condition record to the block chain module; if the comparison result is incorrect, directly returning authentication failure;
And the block chain storage module receives the user verification condition record submitted by the uplink module.
The beneficial technical effects are as follows:
The application stores the user information machine through the blockchain technology, and the personal information is combined with the desensitization technology to ensure that the user privacy information does not directly participate in the user authentication data process, thereby reducing the privacy disclosure risk, and simultaneously introducing IPFS storage related records and user certificates, and pointing the completed file entity in an indexed mode of the private chain.
The user information extracts the feature code through a desensitization mode, the feature code and the user id are associated, the user information is encrypted through a certificate encryption mode after the association, and the encrypted hash is stored in a private chain.
The user sensitive information is desensitized by the desensitization service, only the feature codes are reserved, and any user information entity is not used, for example: finger veins, fingerprints, facial features, etc.
And storing the user certificate and the user audit record into IPFS, generating related hashes, and storing hash indexes in the private chain to realize the non-tamperable audit requirement of the user access data.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application, are incorporated in and constitute a part of this specification. The drawings and their description are illustrative of the application and are not to be construed as unduly limiting the application. In the drawings:
FIG. 1 is a schematic block diagram of a private chain-based authorization and access auditing system provided in accordance with an embodiment of the present application;
FIG. 2 is a schematic diagram of a block chain memory module according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a private chain construction process provided in accordance with an embodiment of the present application;
FIG. 4 is a timing diagram of a user trusted process provided in accordance with an embodiment of the present application;
fig. 5 is a timing diagram of a trust verification process according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the application herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the present application, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "middle", "vertical", "horizontal", "lateral", "longitudinal" and the like indicate an azimuth or a positional relationship based on that shown in the drawings. These terms are only used to better describe the present application and its embodiments and are not intended to limit the scope of the indicated devices, elements or components to the particular orientations or to configure and operate in the particular orientations.
Also, some of the terms described above may be used to indicate other meanings in addition to orientation or positional relationships, for example, the term "upper" may also be used to indicate some sort of attachment or connection in some cases. The specific meaning of these terms in the present application will be understood by those of ordinary skill in the art according to the specific circumstances.
In addition, the term "plurality" shall mean two as well as more than two.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
In a first aspect, the present application provides a private chain-based authorization and access auditing system, as shown in fig. 1, including: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a blockchain storage module;
the user management module, the desensitization service module, the certificate service module, the data uplink module and the block chain storage module are sequentially connected in sequence, and the user management module is connected with the data uplink module;
The user management module is used for receiving a new user authorization request, acquiring the biological characteristic information submitted by a new user and the user registration information, and burning the USB-KEY according to the returned authorization information;
The desensitization service module receives a new user authorization request, extracts the sensitive fields in the biological characteristic information and the user registration information according to a preset sensitive field, and converts the biological characteristic information and the sensitive fields into ciphertext in an encryption mode. Meanwhile, a desensitization service module randomly generates a unique user ID for the user, and the user ID and the characteristic information ciphertext are combined to generate a user characteristic code;
the certificate service module is used for issuing a user certificate after receiving a new user authorization request and a user feature code, generating a public key and a corresponding private key, and secondarily encrypting the user feature code for transmission through the certificate; submitting the encrypted data and the corresponding public key to a uplink module;
the data uplink module stores the received new user authorization data after encryption and the corresponding public key into the block chain;
The user management module further comprises: and the data receiving module is used for receiving user login information, transmitting verification data for authentication to the data uplink module, and receiving and returning a verification result.
The block chain storage module acquires encrypted data information according to verification data submitted by a user, and sends the acquired encrypted data information to the data uplink module; the encrypted data information includes: user ID, feature code, and writing device ID.
The data uplink module compares the encrypted data information transmitted by the block chain storage module, judges whether the user ID and the burning writing equipment ID are correct or not, compares the user feature codes after confirming the user ID and the burning writing equipment ID are correct, returns a verification result to the user management module, and submits a user verification condition record to the block chain module. If any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
The storage mode of the block chain storage module is IPFS (INTERPLANETARY FILE SYSTEM, interstellar file system, a point-to-point distributed hypermedia distribution protocol, storage can be expanded in a mode of distributed storage of different nodes, related data are obtained by multiple nodes, a user certificate and a user audit record are stored in IPFS, a hash value of a related storage object is generated, each block in the block chain after the private chain is constructed stores the hash value of the related storage object, the hash value of the related storage object is used as an index, and the hash value of the related storage object in each block corresponds to each node value in IPFS one by one.
The private chain construction process is as follows, as shown in FIG. 3:
creating a block for nodes A to N in a block chain storage module and initializing, wherein the initializing comprises the following steps: deploying ipfs an execution file, generating a point-to-point key, creating a data directory and creating IPFS nodes;
Configuring each node, the configuring comprising: importing a node id and configuring cross-domain resource sharing;
starting the node A, and linking other nodes to the node A;
In a second aspect, the present application further provides a private-chain-based authorization and access auditing method, which is implemented by adopting the private-chain-based authorization and access auditing system, and includes a user trust process and a trust verification process:
the user trust process steps are as follows, as shown in fig. 4:
Step S11: the user management module receives the new user authorization request, acquires the biological characteristic information submitted by the new user and the user registration information, and submits the biological characteristic information and the user registration information to the desensitization service module;
Step S12: the desensitization service module receives a new user authorization request, extracts the sensitive fields in the biological characteristic information and the user registration information according to a preset sensitive field, and converts the biological characteristic information and the sensitive fields into ciphertext in an encryption mode. Meanwhile, a desensitization service module randomly generates a unique user ID for the user, and the user ID and the characteristic information ciphertext are combined to generate a user characteristic code;
Step S13: the certificate service module is used for issuing a user certificate after receiving a new user authorization request and a user feature code, generating a public key and a corresponding private key, and secondarily encrypting the user feature code for transmission through the certificate; submitting the encrypted data and the corresponding public key to a uplink module;
Step S14: the data uplink module stores the received new user authorization data after encryption and the corresponding public key into the block chain;
step S15: the data uplink module returns uplink success information to the certificate service module;
step S16: the certificate service module returns the user private key and the user ID to the desensitization service module;
Step S17: the desensitization service module inquires related feature codes in a local system through the user ID returned by the certificate service module, and the related feature codes and a private key returned by the certificate service module are assembled into a data structure body in a JSON format in the module; returning authorization information to the user management module;
Step S18: the user management module receives the user private KEY and the user ID, stores the user private KEY and the user ID in the management database, returns the user ID, the private KEY and the user feature code, burns the USB-KEY, and submits the user ID, the burning condition and the timestamp information to the data uploading module; the recording condition comprises whether recording is successful or not, and recording the ID of the writing equipment and the ID of the writing equipment.
Step S19: and the data uplink module stores the user ID, the burning condition and the time stamp into the blockchain module. The time stamp comprises a burning time stamp and an uploading time stamp.
The steps of the trust verification process are as follows, as shown in fig. 5:
step S21: the user management module receives user login information, verifies whether the login information is correct, directly feeds back login verification failure if the login information is incorrect, acquires related content in a USB-KEY submitted by a user if the login verification is passed, transmits verification data for authentication to the data uplink module, and receives and returns a verification result.
The user login information includes: user ID, password, and local USB-KEY data;
the verification data used for authentication is data encrypted by a private key;
the USB-KEY related content comprises: user ID, user private key;
step S22: the data uplink module receives the verification data for authentication;
step S23: the block chain storage module acquires encrypted data information according to verification data submitted by a user, and sends the acquired encrypted data information to the data uplink module; the encrypted data information comprises a user ID, a feature code and a burning writing device ID.
Step S24: the data uplink module compares the encrypted data information transmitted by the block chain storage module, judges whether the user ID and the burning writing equipment ID are correct or not, compares the user feature codes after confirming the user ID and the burning writing equipment ID are correct, returns a verification result to the user management module, and submits a user verification condition record to the block chain module. If any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
Step S25: and the block chain storage module receives the user verification condition record submitted by the uplink module.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (7)

1. A private chain-based authorization and access auditing system, comprising: the system comprises a user management module, a desensitization service module, a certificate service module, a data uplink module and a blockchain storage module;
the user management module, the desensitization service module, the certificate service module, the data uplink module and the block chain storage module are sequentially connected in sequence, and the user management module is connected with the data uplink module;
the user management module is used for receiving a new user authorization request and acquiring the biological characteristic information submitted by a new user and the user registration information;
The desensitization service module is used for receiving a new user authorization request, extracting sensitive fields in the biological characteristic information and the user registration information according to preset sensitive fields, and converting the biological characteristic information and the sensitive fields into ciphertext in an encryption mode; meanwhile, a desensitization service module randomly generates a unique user ID for the user, and the user ID and the characteristic information ciphertext are combined to generate a user characteristic code;
the certificate service module is used for issuing a user certificate after receiving a new user authorization request and a user feature code, generating a public key and a corresponding private key, and secondarily encrypting the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to a uplink module;
the data uplink module is used for storing the encrypted received new user authorization data and the corresponding public key into the block chain;
the block chain storage module is used for storing the data transmitted from the data uplink module;
the data uplink module returns uplink success information to the certificate service module;
The certificate service module returns the user private key and the user ID to the desensitization service module;
The desensitization service module inquires related feature codes in a local system through the user ID returned by the certificate service module, and the related feature codes and a private key returned by the certificate service module are assembled into a data structure body in a JSON format in the module; returning authorization information to the user management module;
The user management module receives the user private KEY and the user ID, stores the user private KEY and the user ID in the management database, returns the user ID, the private KEY and the user feature code, burns the USB-KEY, and submits the user ID, the burning condition and the timestamp information to the data uploading module;
the data uplink module stores the user ID, the burning condition and the time stamp into the block chain module;
The user management module further comprises: the data link module is used for receiving user login information, transmitting verification data for authentication to the data link module, and receiving and returning a verification result; the user login information includes: user ID, password, and local USB-KEY data;
The data uplink module further includes: receiving verification data for authentication of a user, comparing the verification data with encrypted data information transmitted by a blockchain storage module, returning a verification result to the user management module, and submitting a user verification condition record to the blockchain module;
Comparing the encrypted data information transmitted by the block chain storage module, wherein the comparing comprises the following steps:
judging whether the user ID and the burning writing equipment ID are correct or not, comparing the user feature codes after confirming the user ID and the burning writing equipment ID are correct, returning a verification result to the user management module, and submitting a user verification condition record to the block chain module; if any one of the user ID, the feature code and the burning writing equipment ID is not matched, directly returning authentication failure;
The blockchain storage module further includes: acquiring encrypted data information according to verification data submitted by a user, transmitting the acquired encrypted data information to the data uplink module, and receiving a user verification condition record submitted by the uplink module;
The storage mode of the block chain storage module is IPFS, a user certificate and a user audit record are stored in IPFS, a hash value of a related storage object is generated, each block in the private chain is stored with the hash value of the related storage object after the private chain is constructed, the hash value of the related storage object is used as an index entry, and the hash value of the related storage object in each block corresponds to each node value in IPFS one by one;
The private chain construction process is as follows:
Creating a block aiming at a node A-a node N in a block chain storage module, and initializing;
Configuring each node;
starting the node A, and linking other nodes to the node A;
Successful link completes private chain construction.
2. The private chain based authorization and access auditing system of claim 1, wherein the biometric information comprises: finger vein, facial features.
3. The private chain based authorization and access auditing system of claim 1, wherein the user registration information includes: name, phone number, belonging hospital, belonging ward, belonging department.
4. The private chain based authorization and access auditing system of claim 1, wherein the initializing comprises: deployment ipfs executes files, generates point-to-point keys, creates data directories, creates IPFS nodes.
5. The private chain based authorization and access auditing system of claim 1, wherein the configuration comprises: importing node id and configuring cross-domain resource sharing.
6. A private chain based authorization and access auditing method, implemented by a private chain based authorization and access auditing system according to any of claims 1-5, comprising: the method comprises the steps of a user trust process and a trust verification process:
The user credit granting process comprises the following steps:
The user management module receives the new user authorization request, acquires the biological characteristic information submitted by the new user and the user registration information, and submits the biological characteristic information and the user registration information to the desensitization service module;
The desensitization service module receives a new user authorization request, extracts sensitive fields in the biological characteristic information and the user registration information according to preset sensitive fields, and converts the sensitive fields into ciphertext in an encryption mode; meanwhile, a desensitization service module randomly generates a unique user ID for the user, and the user ID and the characteristic information ciphertext are combined to generate a user characteristic code;
after receiving the new user authorization request and the user feature code, the certificate service module issues a user certificate, generates a public key and a corresponding private key, and secondarily encrypts the user feature code through the certificate for transmission; submitting the encrypted data and the corresponding public key to a uplink module;
the data uplink module stores the received new user authorization data after encryption and the corresponding public key into the block chain;
The data uplink module returns uplink success information to the certificate service module;
The certificate service module returns the user private key and the user ID to the desensitization service module;
The desensitization service module inquires related feature codes in a local system through the user ID returned by the certificate service module, and the related feature codes and a private key returned by the certificate service module are assembled into a data structure body in a JSON format in the module; returning authorization information to the user management module;
The user management module receives the user private KEY and the user ID, stores the user private KEY and the user ID in the management database, returns the user ID, the private KEY and the user feature code, burns the USB-KEY, and submits the user ID, the burning condition and the timestamp information to the data uploading module;
And the data uplink module stores the user ID, the burning condition and the time stamp into the blockchain module.
7. The private chain-based authorization and access auditing method of claim 6, wherein the trust verification process steps are as follows:
The user management module receives user login information, verifies whether the login information is correct, directly feeds back login verification failure if the login information is incorrect, acquires related content in a USB-KEY submitted by a user if the login verification is passed, transmits verification data for authentication to the data uplink module, and receives and returns a verification result;
the verification data used for authentication is data encrypted by a private key;
the data uplink module receives the verification data for authentication;
The block chain storage module acquires encrypted data information according to verification data submitted by a user, and sends the acquired encrypted data information to the data uplink module;
the data uplink module compares the encrypted data information transmitted by the block chain storage module, if the comparison result is correct, the data uplink module returns a verification result to the user management module, and submits a user verification condition record to the block chain module; if the comparison result is incorrect, directly returning authentication failure;
And the block chain storage module receives the user verification condition record submitted by the uplink module.
CN202011114782.3A 2020-10-16 2020-10-16 Authorization and access auditing system and method based on private chain Active CN112347188B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011114782.3A CN112347188B (en) 2020-10-16 2020-10-16 Authorization and access auditing system and method based on private chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011114782.3A CN112347188B (en) 2020-10-16 2020-10-16 Authorization and access auditing system and method based on private chain

Publications (2)

Publication Number Publication Date
CN112347188A CN112347188A (en) 2021-02-09
CN112347188B true CN112347188B (en) 2024-07-30

Family

ID=74362029

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011114782.3A Active CN112347188B (en) 2020-10-16 2020-10-16 Authorization and access auditing system and method based on private chain

Country Status (1)

Country Link
CN (1) CN112347188B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112861162B (en) * 2021-03-15 2024-05-03 深圳市互联在线云计算股份有限公司 Block chain storage safety guarantee system based on distributed storage
CN113132362B (en) * 2021-03-31 2022-03-22 青岛中瑞汽车服务有限公司 Trusted authorization method, trusted authorization device, electronic equipment and storage medium
CN113592497A (en) * 2021-08-23 2021-11-02 中国银行股份有限公司 Financial transaction service security authentication method and device based on block chain
CN116781266A (en) * 2022-01-06 2023-09-19 西安链科信息技术有限公司 Data security private cloud control system, control method, medium, equipment and terminal
CN114091109B (en) * 2022-01-19 2022-05-20 豆沙包科技(深圳)有限公司 Cross-border e-commerce platform data verification method, system, terminal and storage medium
CN115001801B (en) * 2022-05-30 2023-05-30 北京沸铜科技有限公司 Digital content heterogeneous chain cross-chain authorization method based on blockchain
CN118350017B (en) * 2024-06-18 2024-10-01 南湖实验室 Large-model security and reliability using method and system based on confidential calculation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274592A (en) * 2020-01-19 2020-06-12 山东超越数控电子股份有限公司 Electronic medical record system based on block chain and biological characteristics
CN111552955A (en) * 2020-04-29 2020-08-18 合肥井创数字科技有限公司 Personal identity authentication method and device based on block chain and IPFS
CN111651791A (en) * 2020-07-02 2020-09-11 武汉市云链智慧区块链科技有限公司 Block chain private key storage and identity authentication device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107947922B (en) * 2017-11-29 2020-07-21 中国科学院合肥物质科学研究院 Digital file management method and system based on block chain technology
CN110278462B (en) * 2019-06-20 2021-07-09 北京工业大学 Block chain-based mobile showing authorization management method
CN111478769A (en) * 2020-03-18 2020-07-31 西安电子科技大学 Distributed credible identity authentication method, system, storage medium and terminal
CN111488619A (en) * 2020-04-16 2020-08-04 医遛健康咨询(上海)有限公司 Health data privacy protection and sharing system based on block chain

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111274592A (en) * 2020-01-19 2020-06-12 山东超越数控电子股份有限公司 Electronic medical record system based on block chain and biological characteristics
CN111552955A (en) * 2020-04-29 2020-08-18 合肥井创数字科技有限公司 Personal identity authentication method and device based on block chain and IPFS
CN111651791A (en) * 2020-07-02 2020-09-11 武汉市云链智慧区块链科技有限公司 Block chain private key storage and identity authentication device

Also Published As

Publication number Publication date
CN112347188A (en) 2021-02-09

Similar Documents

Publication Publication Date Title
CN112347188B (en) Authorization and access auditing system and method based on private chain
US11937081B2 (en) Quorum-based secure authentication
Siddiqui et al. Smart environment as a service: three factor cloud based user authentication for telecare medical information system
CN110086608A (en) User authen method, device, computer equipment and computer readable storage medium
CN110868301B (en) Identity authentication system and method based on state cryptographic algorithm
US6959394B1 (en) Splitting knowledge of a password
CN110049016B (en) Data query method, device, system, equipment and storage medium of block chain
CN102932136B (en) Systems and methods for managing cryptographic keys
CN109145540B (en) Intelligent terminal identity authentication method and device based on block chain
KR102177848B1 (en) Method and system for verifying an access request
US9467293B1 (en) Generating authentication codes associated with devices
CN110191153B (en) Social communication method based on block chain
US6952771B1 (en) Shared data initialization query system and method
CN105224417A (en) The tape backup method improved
IES20020190A2 (en) a biometric authentication system and method
JP2009510644A (en) Method and configuration for secure authentication
CN103384196A (en) Secure data parser method and system
EP3701668A1 (en) Methods for recording and sharing a digital identity of a user using distributed ledgers
KR20210095093A (en) Method for providing authentification service by using decentralized identity and server using the same
CN101540757A (en) Method and system for identifying network and identification equipment
CN109981287A (en) A kind of code signature method and its storage medium
CN109492424A (en) Data assets management method, data assets managing device and computer-readable medium
KR20190132120A (en) Simple login method and system using private domain name
US7958548B2 (en) Method for provision of access
CN112565265A (en) Authentication method, authentication system and communication method between terminal devices of Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant