[go: up one dir, main page]

CN108199866A - Social network system with strong secret protection - Google Patents

Social network system with strong secret protection Download PDF

Info

Publication number
CN108199866A
CN108199866A CN201711342942.8A CN201711342942A CN108199866A CN 108199866 A CN108199866 A CN 108199866A CN 201711342942 A CN201711342942 A CN 201711342942A CN 108199866 A CN108199866 A CN 108199866A
Authority
CN
China
Prior art keywords
user
module
network
data
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711342942.8A
Other languages
Chinese (zh)
Other versions
CN108199866B (en
Inventor
周洁
赵序琦
何凌云
洪良怡
陈湃卓
谢宇明
刘功申
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiao Tong University
Original Assignee
Shanghai Jiao Tong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiao Tong University filed Critical Shanghai Jiao Tong University
Priority to CN201711342942.8A priority Critical patent/CN108199866B/en
Publication of CN108199866A publication Critical patent/CN108199866A/en
Application granted granted Critical
Publication of CN108199866B publication Critical patent/CN108199866B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/044Network management architectures or arrangements comprising hierarchical management structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/52User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail for supporting social networking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of social network system with strong secret protection, including:P2P network layers, api layer and APP application layers, the api layer are connected to P2P network layers and APP application layers;The P2P network layers establish the decentralization peer to peer connection of social network system;The api layer determines application interface and provides the service function of social network system;The APP application layers generate application interface, and the application interface of api layer is called to provide interface response and integration of user interaction functionality.The present invention is based on P2P to realize social network structure, while has the function of user information dispersion storage, network link encipherment protection and publication content strategy control etc..The present invention ensures the demand for security of privacy, integrality and availability in community network, under the premise of ensureing that community network user appropriateness is convenient, while protects not invaded for its privacy information, and accomplish the harmony of application and safety.

Description

具有强隐私保护的社会网络系统Social Networking System with Strong Privacy Protection

技术领域technical field

本发明涉及社交网络系统,具体地,涉及一种基于P2P网络的具有强隐私保护的社会网络系统。The present invention relates to a social network system, in particular to a P2P network-based social network system with strong privacy protection.

背景技术Background technique

步入信息时代,在线社交网络逐渐成为了网络的主要载体,使用社交网络软件与他人交流聊天、获取信息和发布信息成为了现代社会中的主流生活方式。而在社会网络领域,由于在线社会网络的复杂结构、用户范围大和数据流量大的特性,隐私和便利如何均衡是两难问题。Entering the information age, online social networks have gradually become the main carrier of the Internet. Using social network software to communicate with others, obtain information and release information has become the mainstream way of life in modern society. In the field of social networks, due to the complex structure of online social networks, the large range of users and the characteristics of large data traffic, how to balance privacy and convenience is a dilemma.

如今主流的在线社会网络系统通常采用集中式的服务模式,使得服务器成为整个架构的核心组成,用户个人信息数据、聊天记录和社交动态数据都通过中心服务器进行转发和存储,这使得用户信息暴露于有权访问服务器的人员面前,集中式大数据的模式更给攻击者提供了方便,即使未获得用户所有的信息,通过数据挖掘和交叉对比的方式就能够获得用户的有关信息,因此在集中式社交网络架构中数据中心和服务器的安全则成为了整个架构中安全需求的核心,而其一旦被攻击者入侵所造成的海量数据丢失所带来的损失和后果则是难以估计的。Today's mainstream online social network systems usually adopt a centralized service model, making the server the core component of the entire architecture. Users' personal information data, chat records, and social dynamic data are forwarded and stored through the central server, which exposes user information to In front of the personnel who have access to the server, the centralized big data model provides more convenience for the attackers. Even if all the information of the user is not obtained, the relevant information of the user can be obtained through data mining and cross-comparison. Therefore, in the centralized The security of data centers and servers in the social network architecture has become the core of the security requirements in the entire architecture, and once it is invaded by an attacker, the loss and consequences of massive data loss caused by it are difficult to estimate.

因此,随着用户对个人信息和隐私保护的意识增强,分布式的社交网络也逐渐开始形成。分布式社交网络的发展中,得到了国内网广泛的探究,成型的模型和技术有国外的PeerSon和Safbook,国内的WebService等。可分为结构化的分布式社交网络、非结构化的分布式社交网络和混合式在线社交网络。结构化的分布式社交网络将部分计算机新能较高、储存空间大、宽带频域宽的节点设置为超级用户节点来维护其他用户节点的数据转发和存储。非结构化分布式社交网络取消了超级用户节点的概念,所有用户节点共同维护社交网络数据的存储和运行。混合式在线社交网络结合了集中式和分布式的特点,当集中式的服务器出现问题时转为分布式的服务方法,建立临时的分布式网络。Therefore, as users become more aware of personal information and privacy protection, distributed social networks are gradually beginning to take shape. The development of distributed social networks has been extensively explored by domestic networks, and the models and technologies formed include foreign PeerSon and Safbook, and domestic WebService. It can be divided into structured distributed social network, unstructured distributed social network and hybrid online social network. In the structured distributed social network, some nodes with high new computer performance, large storage space, and wide broadband frequency domain are set as super user nodes to maintain data forwarding and storage of other user nodes. The unstructured distributed social network cancels the concept of super user nodes, and all user nodes jointly maintain the storage and operation of social network data. The hybrid online social network combines the characteristics of centralized and distributed. When the centralized server has problems, it will switch to a distributed service method and establish a temporary distributed network.

在分布式网络中不通过中心服务器来进行数据传递,而是由用户之间建立点对点的通信和数据传递,由此用户的个人信息和隐私数据将会分布式的存储在社交网络中,但是这种方式又难以保证对于该分布式网络中用户行为的有效管理,用户聊天的信息难以进行追溯,且缺乏进行细粒度访问控制的意识。In the distributed network, data transmission is not carried out through the central server, but point-to-point communication and data transmission are established between users, so that the user's personal information and private data will be distributed and stored in the social network, but this However, it is difficult to ensure the effective management of user behavior in the distributed network, and it is difficult to trace the information of user chats, and there is a lack of awareness of fine-grained access control.

因此,如何在通过分布式网络保证用户个人信息的不公开和隐私的同时确保用户数据的完整性、机密性和可用性以及不可抵赖性是亟待解决的问题。Therefore, how to ensure the integrity, confidentiality, availability and non-repudiation of user data while ensuring the non-disclosure and privacy of user personal information through a distributed network is an urgent problem to be solved.

发明内容Contents of the invention

针对现有技术中存在的上述不足,本发明的目的是提供一种具有强隐私保护的社会网络系统,在脱离集中式中心服务器和数据中心的同时,提供分布式存储中的细粒度访问控制、数据完整性保护、网络结构保护和数据不可抵赖性保护,提升用户在分布式社交网络系统中隐私保护和个人信息的安全。In view of the above-mentioned deficiencies in the prior art, the purpose of the present invention is to provide a social network system with strong privacy protection, which provides fine-grained access control, Data integrity protection, network structure protection, and data non-repudiation protection improve user privacy protection and personal information security in distributed social network systems.

为实现上述目的,本发明是通过以下技术方案实现的。In order to achieve the above object, the present invention is achieved through the following technical solutions.

根据本发明的一个方面,提供了一种具有强隐私保护的社会网络系统,包括:P2P网络层、API层以及APP应用层,所述API层连接了P2P网络层和APP应用层;According to one aspect of the present invention, a social network system with strong privacy protection is provided, including: a P2P network layer, an API layer, and an APP application layer, and the API layer connects the P2P network layer and the APP application layer;

其中:in:

所述P2P网络层,建立社会网络系统的去中心化对等连接;The P2P network layer establishes a decentralized peer-to-peer connection of the social network system;

所述API层,确定应用接口和提供社会网络系统的服务功能;The API layer determines the application interface and provides the service function of the social network system;

所述APP应用层,通过应用开发,生成应用界面,调用API层的应用接口提供界面响应和用户交互功能。The APP application layer generates an application interface through application development, and calls the application interface of the API layer to provide interface response and user interaction functions.

优选地,所述P2P网络层包括数据分布式存储模块、访问控制模块、网络结构保护模块和路由算法模块;其中:Preferably, the P2P network layer includes a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module; wherein:

所述数据分布式存储模块,将文件和聊天数据存储在分散的网络中,形成分布式存储的文件和聊天数据;The data distributed storage module stores files and chat data in a decentralized network to form distributed stored files and chat data;

访问控制模块,保证分布式存储的文件和聊天数据的机密性和完整性,细粒度的保护用户隐私,确保连接用户可信;The access control module ensures the confidentiality and integrity of distributed stored files and chat data, fine-grained protection of user privacy, and ensures the trustworthiness of connected users;

网络结构保护模块,保证用户的节点信息、IP地址信息以及用户使用的数据信息的机密性,确保网络连接结构对于用户的透明性;The network structure protection module ensures the confidentiality of the user's node information, IP address information and data information used by the user, and ensures the transparency of the network connection structure to the user;

路由算法模块,高效正确的建立用户间的连接,确保数据下载链路建立,保证分布式存储数据的可用性。The routing algorithm module can efficiently and correctly establish connections between users, ensure the establishment of data download links, and ensure the availability of distributed storage data.

优选地,还包括如下任一项或任多项:Preferably, any one or more of the following is also included:

-所述分布式存储的聊天数据包括在P2P网络中的聊天记录副本文件和存储在用户本地的聊天记录文件,其中:-The chat data of the distributed storage includes the copy file of the chat record in the P2P network and the chat record file stored locally in the user, wherein:

所述在P2P网络中的聊天记录副本文件,分布式存储于一定数量的节点上,该部分聊天数据不受用户自身控制;The chat record copy file in the P2P network is distributed and stored on a certain number of nodes, and this part of the chat data is not controlled by the user itself;

所述存储在用户本地的聊天记录文件,脱离P2P网络,能够遭受到更改或删除;The chat record files stored locally in the user are separated from the P2P network and can be changed or deleted;

-访问控制模块在保证用户分布式存储的文件的机密性时,通过对称密钥加密保证文件的机密性,同时由非对称密钥通过协议方式进行文件传输前的身份验证。- When the access control module ensures the confidentiality of files stored by users in a distributed manner, it uses symmetric key encryption to ensure the confidentiality of files, and at the same time uses asymmetric keys to perform identity verification before file transmission through protocols.

优选地,所述API层包含如下功能模块:Preferably, the API layer includes the following functional modules:

用户注册模块、用户验证模块、用户登入退出模块、用户搜索模块、用户连接模块、即时通讯模块、记录验证模块、黑名单模块、分布式存储模块、消息发布模块;User registration module, user verification module, user login and exit module, user search module, user connection module, instant messaging module, record verification module, blacklist module, distributed storage module, message publishing module;

其中:in:

所述用户注册模块,填写导入用户数据,建立新用户并加入P2P网络层中成为新节点,并告知其他节点该新节点的建立;Described user registration module fills in and imports user data, establishes a new user and joins in the P2P network layer to become a new node, and informs other nodes of the establishment of the new node;

所述用户验证模块,对用户账号密码进行核验,并对好友的请求和连接的建立进行身份核验,对可信用户发布公钥;The user verification module verifies the user account password, and verifies the identity of the friend's request and the establishment of the connection, and issues a public key to the trusted user;

所述用户登入退出模块,对P2P网络层在线节点的添加和删除进行操作,对于即将下线的节点进行分布式存储信息在线完整度的核验,保证分布式存储信息的可用性;所述分布式存储信息包括:分布式存储的文件和聊天数据;The user logs in and exits the module to operate the addition and deletion of online nodes in the P2P network layer, and check the online integrity of distributed storage information for nodes that are about to go offline to ensure the availability of distributed storage information; the distributed storage Information includes: distributed storage files and chat data;

所述用户搜索模块,在用户A选定用户B进行即时通讯后,在P2P网络中迭代查找用户B,并在获取用户B的地址后再建立二者之间的链路;The user search module, after user A selects user B for instant messaging, searches for user B iteratively in the P2P network, and establishes a link between the two after obtaining the address of user B;

所述用户连接模块,在用户A获取用户B的IP地址和监听端口信息后,与用户B建立连接;The user connection module establishes a connection with user B after user A obtains the IP address and monitoring port information of user B;

所述即时通讯模块,在用户A和用户B建立通讯链路后,进行消息的发送与接收;The instant messaging module sends and receives messages after the user A and user B establish a communication link;

所述记录验证模块,在用户A和用户B建立连接后,对于用户A和用户B之前的存储在用户本地的聊天记录文件和在P2P网络中的聊天记录副本文件进行Md5码校验,比对其数据的完整性和保证聊天记录的不可抵赖性;Described record verification module, after user A and user B set up connection, carry out Md5 code verification for user A and user B's previous chat record file stored in user's locality and the chat record copy file in P2P network, compare The integrity of its data and the non-repudiation of guaranteed chat records;

所述黑名单模块,保证用户A能够阻止用户B进行的与用户A建立连接的尝试;The blacklist module ensures that user A can prevent user B from attempting to establish a connection with user A;

所述分布式存储模块,保证只有授权用户能够访问和下载存储于本地的分布式存储数据,确保自身存储于其他用户机器中的文件和聊天数据是加密和完整的;The distributed storage module ensures that only authorized users can access and download locally stored distributed storage data, and ensures that files and chat data stored in other user machines are encrypted and complete;

所述消息发布模块,对设定范围的选定对象进行消息通告,其中选定对象拥有一个特定公私钥对,使用公钥加密广播信息,只有获取过拥有对应私钥的用户才能得知信息的真实内容。The message publishing module performs message notification to selected objects within a set range, wherein the selected object has a specific public-private key pair, uses the public key to encrypt broadcast information, and only users who have obtained the corresponding private key can know the information. real content.

优选地,还包括如下任意一项或任意多项:Preferably, any one or more of the following is also included:

-所述用户搜索模块,在线过程中保留一定时间戳的未下线好友IP地址和端口信息,所有过程中好友节点的相关信息相对于用户自身具有全部的透明性,保证节点信息的隐私性;-The user search module retains the non-offline friend IP address and port information of a certain time stamp during the online process, and the relevant information of the friend node in all processes has full transparency relative to the user itself, ensuring the privacy of the node information;

-所述用户连接模块,连接过程对于用户透明,对方节点的IP地址和端口信息不公开,程序后台自动响应和连接,用户不可见相关信息;- the user connection module, the connection process is transparent to the user, the IP address and port information of the other node are not disclosed, the program background automatically responds and connects, and the user cannot see the relevant information;

-所述即时通讯模块,发送和接收的信息在TCP链路中为通过接收方公钥加密的信息,接收后使用私钥进行解密,因此在链路中传输内容保证了消息的机密性。-In the instant messaging module, the information sent and received in the TCP link is information encrypted by the receiver's public key, and the private key is used to decrypt the received information, so the content transmitted in the link ensures the confidentiality of the message.

优选地,当用户A和用户B连接并即时通讯时,首先在记录验证模块中对于用户A和用户B在此之前的存储在用户本地的聊天记录文件和在P2P网络中的聊天记录副本文件进行Md5码的对比校验,对于用户A和用户B是否存在更改或删除聊天记录的行为进行检验,通过记录验证模块检测存储在用户本地的聊天记录文件的完整性并通过界面响应告知用户A和用户B对方存储在用户本地的聊天记录文件的正确性。Preferably, when user A and user B are connected and communicate instantly, at first in the record verification module, for user A and user B, the chat record file stored in the user's locality and the chat record copy file in the P2P network before this are carried out The Md5 code comparison check checks whether user A and user B have the behavior of changing or deleting chat records, and uses the record verification module to detect the integrity of the chat record files stored locally in the user and inform user A and user through the interface response B The correctness of the chat record files stored locally by the other party in the user.

优选地,所述APP应用层,其中:Preferably, the APP application layer, wherein:

应用开发形式包括ios的APP、安卓平台的手机APP、windows应用软件、ubuntu应用软件和/或mac应用软件;The form of application development includes ios APP, mobile phone APP on Android platform, windows application software, ubuntu application software and/or mac application software;

应用形式包括界面操作和终端输入输出;Application form includes interface operation and terminal input and output;

应用开发中通过调用API层的各功能模块进行功能开发和应用。In the application development, function development and application are carried out by calling each function module of the API layer.

与现有技术相比,本发明具有如下的有益效果:Compared with the prior art, the present invention has the following beneficial effects:

采用本发明提供的具有强隐私保护的社会网络系统,可以脱离集中式中心服务器和数据中心的传统社交网络系统,大大降低个人信息和隐私数据暴露的危险,确保非授权用户无法得知或篡改分布式存储文件的内容,保证聊天数据存储的不可抵赖性,加强分布式社交网络中的用户有效管理和网络结构透明性,具体有如下:The social network system with strong privacy protection provided by the present invention can break away from the traditional social network system of centralized central server and data center, greatly reduce the risk of exposure of personal information and private data, and ensure that unauthorized users cannot know or tamper with the distribution The content of the file is stored in a format to ensure the non-repudiation of chat data storage, and to strengthen the effective management of users in the distributed social network and the transparency of the network structure. The details are as follows:

1、脱离传统集中式的社交网络系统1. Break away from the traditional centralized social network system

现有的主流社交网络软件基于集中式中心服务器的架构,通过中心服务器将用户数据进行转发存储,大数据的用户信息存储于数据中心,所有用户的交互信息由中心服务器来进行管理转发,这样集中式的方式将攻击者的目标聚焦在了数据中心和中心服务器上,且大数据时代中的数据挖掘和数据分析可将用户个人信息数据最大化的得以利用。因此选用分布式的社交网络系统,将用户的信息数据分散在网络中,可以大大降低数据暴露的危险性。The existing mainstream social networking software is based on the architecture of a centralized central server, which forwards and stores user data through the central server, stores big data user information in the data center, and manages and forwards all user interaction information by the central server. This method focuses the attacker's target on the data center and central server, and data mining and data analysis in the era of big data can maximize the use of user personal information. Therefore, choosing a distributed social network system to disperse user information and data in the network can greatly reduce the risk of data exposure.

2、细粒度的访问控制2. Fine-grained access control

用户分布式存储的文件面向其他用户进行权限控制,只有授权用户才能访问或下载。聊天记录文件分散加密存储因而他人不可见,但系统会进行Md5码计算来和本地的聊天记录文件进行比对。建立好友机制,对于黑名单内的用户禁止建立连接。The files stored by users in a distributed manner are subject to permission control for other users, and only authorized users can access or download them. The chat record files are distributed and encrypted and stored so that others cannot see them, but the system will perform Md5 code calculations to compare with the local chat record files. Establish a friend mechanism, and prohibit the establishment of connections for users in the blacklist.

3、网络结构透明性3. Transparency of network structure

用户节点的信息不对外公布,所有连接操作中获取的对方节点信息对用户不可见,网络连接结构信息等均对用户透明。The information of the user node is not released to the public, and the other node information obtained in all connection operations is invisible to the user, and the network connection structure information is transparent to the user.

附图说明Description of drawings

通过阅读参照以下附图对非限制性实施例所作的详细描述,本发明的其它特征、目的和优点将会变得更明显:Other characteristics, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments made with reference to the following drawings:

图1为系统设计框图;Figure 1 is a block diagram of the system design;

图2为路由机制原理图;Figure 2 is a schematic diagram of the routing mechanism;

图3为登录界面图;Figure 3 is a login interface diagram;

图4为即时通讯界面图;Fig. 4 is the instant messaging interface diagram;

图5为聊天数据比对告知图。Figure 5 is a notification diagram of chat data comparison.

具体实施方式Detailed ways

下面对本发明的实施例作详细说明:本实施例在以本发明技术方案为前提下进行实施,给出了详细的实施方式和具体的操作过程。应当指出的是,对本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。The following is a detailed description of the embodiments of the present invention: this embodiment is implemented on the premise of the technical solution of the present invention, and provides detailed implementation methods and specific operation processes. It should be noted that those skilled in the art can make several modifications and improvements without departing from the concept of the present invention, and these all belong to the protection scope of the present invention.

实施例Example

本实施例提供了一种具有强隐私保护的社会网络系统,包括:P2P网络层、API层以及APP应用层,所述API层连接了P2P网络层和APP应用层;This embodiment provides a social network system with strong privacy protection, including: a P2P network layer, an API layer, and an APP application layer, and the API layer is connected to the P2P network layer and the APP application layer;

其中:in:

所述P2P网络层,建立社会网络系统的去中心化对等连接,包含数据分布式存储模块、访问控制模块、网络结构保护模块和路由算法模块;The P2P network layer establishes a decentralized peer-to-peer connection of the social network system, including a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module;

所述API层,确定应用接口和提供社会网络系统服务功能,包含用户注册模块、用户验证模块、用户登入退出模块、用户搜索模块、用户连接模块、即时通讯模块、记录验证模块、黑名单模块、分布式存储模块、消息发布模块;The API layer determines the application interface and provides social network system service functions, including a user registration module, a user verification module, a user login and exit module, a user search module, a user connection module, an instant messaging module, a record verification module, a blacklist module, Distributed storage module, message publishing module;

所述APP应用层,通过应用开发,生成应用界面,调用API接口提供界面响应和用户交互功能。The APP application layer generates an application interface through application development, and calls an API interface to provide interface response and user interaction functions.

进一步地,所述P2P网络层包括数据分布式存储模块、访问控制模块、网络结构保护模块和路由算法模块,其中:Further, the P2P network layer includes a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module, wherein:

所述数据分布式存储模块,将文件和聊天数据存储在分布式网络中,形成分布式存储的文件和聊天数据。在本实例中,分布式网络的实现采用了分布式散列表(DHT)的技术,并采取了Kademlia协议实现,对于各种数据采用键-值对的方式进行存取;The data distributed storage module stores files and chat data in a distributed network to form distributed stored files and chat data. In this example, the realization of the distributed network adopts the distributed hash table (DHT) technology, and adopts the Kademlia protocol to realize, and uses key-value pairs to access various data;

访问控制模块,保证分布式存储的文件和聊天数据的机密性和完整性,细粒度的保护用户隐私,确保连接用户可信。在本实例中,用户节点在接入DHT网络时,首先要进行身份验证。身份的验证采用加密的私钥来进行,而每个用户的标识ID采用对应公钥的哈希值。对于某些隐私数据,采用公钥加密后并存放在DHT网络上,只有拥有对应私钥的用户才能获取并解密出原文;The access control module ensures the confidentiality and integrity of distributed stored files and chat data, fine-grained protection of user privacy, and ensures the trustworthiness of connected users. In this example, when a user node accesses the DHT network, it first needs to perform identity verification. Identity verification is performed using an encrypted private key, and each user's ID uses the hash value of the corresponding public key. For some private data, it is encrypted with the public key and stored on the DHT network. Only users with the corresponding private key can obtain and decrypt the original text;

网络结构保护模块,保证用户的节点信息、IP地址信息等用户相关的信息的机密性,确保网络连接结构对于用户的透明性。在本实例中,P2P网络架设在公用的Internet网络上,并且对于每一个节点采用NodeID来表示,并且节点之间的关系在逻辑上可以用二叉树来描述,是与Internet的网络结构解耦的;The network structure protection module ensures the confidentiality of user-related information such as user node information and IP address information, and ensures the transparency of the network connection structure for users. In this example, the P2P network is set up on the public Internet network, and NodeID is used to represent each node, and the relationship between nodes can be logically described by a binary tree, which is decoupled from the network structure of the Internet;

路由算法模块,高效正确的建立用户间的连接,确保数据下载链路建立,保证分布式存储数据的可用性。在本实例中,前述提到P2P网络的逻辑结构为二叉树结构,路由时,将二叉树进行拆分,从根节点开始,将不包含自己的子树一一拆分出来。对于每一个节点而言,完成子树拆分后会得到n个子树,对于每一个子树,选取K个节点作为该子树的代表节点,记录其信息。在进行路由时,则可以根据记录的节点进行递归查询,获取每一个节点的路由信息。The routing algorithm module can efficiently and correctly establish connections between users, ensure the establishment of data download links, and ensure the availability of distributed storage data. In this example, the aforementioned logical structure of the P2P network is a binary tree structure. When routing, the binary tree is split, starting from the root node, and the subtrees that do not contain itself are split one by one. For each node, after subtree splitting, n subtrees will be obtained, and for each subtree, K nodes are selected as representative nodes of the subtree, and their information is recorded. When performing routing, recursive query can be performed according to the recorded nodes to obtain the routing information of each node.

进一步地,所述API层包含用户注册模块、用户验证模块、用户登入退出模块、用户搜索模块、用户连接模块、即时通讯模块、记录验证模块、黑名单模块、分布式存储模块、消息发布模块,其中:Further, the API layer includes a user registration module, a user verification module, a user login and exit module, a user search module, a user connection module, an instant messaging module, a record verification module, a blacklist module, a distributed storage module, and a message release module, in:

所述用户注册模块,填写导入用户数据,建立新用户并加入P2P网络层中成为新节点,告知其他节点该节点的建立。在本实例中,底层网络节点的加入由P2P网络提供的接口完成,主要完成的工作为网络节点与用户账户的关联,需要在网络中记录对应身份标识ID的相关账户信息;The user registration module fills in and imports user data, establishes a new user and joins it in the P2P network layer as a new node, and informs other nodes of the establishment of the node. In this example, the joining of the underlying network node is completed by the interface provided by the P2P network. The main work is the association between the network node and the user account, and it is necessary to record the relevant account information corresponding to the identity ID in the network;

所述用户验证模块,对用户账号密码进行核验,并对好友的请求和连接的建立进行身份核验,对可信用户发布公钥。在本实例中,对主体用户的身份验证,每一个注册时分发的密钥代表了一个用户,私钥采用AES对称加密算法进行加密,通过提供私钥的解密口令,来验证用户的身份,并以此来加入网络;The user authentication module verifies the user account password, verifies the identity of the friend's request and the establishment of the connection, and issues the public key to the trusted user. In this example, for the identity verification of the main user, each key distributed during registration represents a user, and the private key is encrypted using the AES symmetric encryption algorithm, and the user's identity is verified by providing the decryption password of the private key, and to join the network;

所述用户登入退出模块,对P2P网络在线节点的添加和删除进行操作,对于即将下线的节点进行分布式存储信息在线完整度的核验,保证分布式存储信息的可用性。在本实例中,加入DHT网络需要与任一已在网络中的节点进行连接,需要提供一个永久开放的固定的BOOTSTRAP节点来提供对网络的接入,在连接BOOTSTARP节点后即可根据Kademlia协议加入网络;The user logs in and exits the module to operate the addition and deletion of online nodes in the P2P network, and check the online integrity of distributed storage information for nodes that are about to go offline, so as to ensure the availability of distributed storage information. In this example, to join the DHT network, you need to connect to any node already in the network, and you need to provide a permanently open and fixed BOOTSTRAP node to provide access to the network. After connecting to the BOOTSTARP node, you can join according to the Kademlia protocol network;

所述用户搜索模块,在用户A选定用户B进行通讯后,在P2P网络中迭代查找用户B,并在获取用户B的相关信息。在本实例中,用户信息都存储在DHT网络中,通过DHT网络中的键值对可以搜索到相应用户的信息;The user search module, after user A selects user B for communication, iteratively searches for user B in the P2P network, and obtains relevant information of user B. In this example, user information is stored in the DHT network, and the corresponding user information can be searched through the key-value pairs in the DHT network;

所述用户连接模块,在用户A获取用户B的IP地址和监听端口信息后,与用户B建立连接。在本实例中,用户A和用户B通过DHT网络作为中介来完成,借由DHT网络中对应每个用户唯一的键值对来完成用户二者间的连接;The user connection module establishes a connection with user B after user A obtains user B's IP address and monitoring port information. In this example, user A and user B are completed through the DHT network as an intermediary, and the connection between the two users is completed through the unique key-value pair corresponding to each user in the DHT network;

所述即时通讯模块,在用户A和用户B建立通讯链路后,进行消息的发送与接收。在本实例中,用户A和用户B之间的通信通过整个DHT网络为中介来完成,每一个用户都拥有一个唯一的键值对,用来接收其他用户向其传递的信息,传递的信息包括发送者身份标识、信息内容等数据。以此方式来完成用户之间的通信;The instant messaging module sends and receives messages after user A and user B establish a communication link. In this example, the communication between user A and user B is completed through the entire DHT network as an intermediary. Each user has a unique key-value pair to receive information transmitted by other users. The transmitted information includes Data such as the sender's identity and message content. To complete the communication between users in this way;

所述记录验证模块,在用户A和用户B建立连接后,对于用户A和用户B之前的聊天记录本地文件和网络中分布式存储的聊天记录副本文件进行Md5码校验,比对其数据的完整性和保证聊天记录的不可抵赖性。在本实例中,聊天信息内容由消息接收方生成的密钥进行加密分布存储于对应键值的节点上,当双方进行聊天记录比对时,对于分布存储在对应节点上的聊天记录副本和存储在消息发送方和消息接收方端的聊天记录文件进行Md5码的比对,可由此推断用户双方是否存在着聊天消息内容上的篡改,由此可得逞聊天数据的不可抵赖性;Described record verification module, after user A and user B set up connection, carry out Md5 code check for the chat record local file of user A and user B before the chat record copy file of distributed storage in the network, compare its data Integrity and guaranteed non-repudiation of chat transcripts. In this example, the content of the chat information is encrypted by the key generated by the message receiver and stored on the node corresponding to the key value. When the two parties compare the chat records, the copy of the chat records stored on the corresponding node and Comparing the Md5 codes between the chat record files of the message sender and the message receiver, it can be inferred whether there is any tampering of the content of the chat message on both sides of the user, so that the non-repudiation of the chat data can be achieved;

所述黑名单模块,保证用户A能够阻止用户B进行的与用户A建立连接的尝试。在本实例中,在用户搜索模块前加入一个起到过滤功能的黑名单模块,若进行搜索的用户处在所搜索的用户的黑名单内,则直接不进行实际搜索模块的调用,而是直接返回结束;The blacklist module ensures that user A can prevent user B from attempting to establish a connection with user A. In this example, a blacklist module with filtering function is added before the user search module. If the searched user is in the blacklist of the searched user, the actual search module will not be called directly, but directly return end;

所述消息发布模块,对一定范围的选定对象进行消息通告,其中对象拥有一个特定公私钥对,使用公钥加密广播信息,只有获取过拥有对应私钥的用户才能得知信息的真实内容。在本实例中,一组公私钥对标识出一组用户群体,他们之间相互发布的消息、动态是相互可见的,而处在此群组以外的用户则无法解密也无法看到其中的信息。The message release module performs message notification to a certain range of selected objects, wherein the object has a specific public-private key pair, uses the public key to encrypt broadcast information, and only users who have obtained the corresponding private key can know the true content of the information. In this example, a group of public-private key pairs identifies a group of user groups, and the messages and dynamics they publish to each other are mutually visible, while users outside this group cannot decrypt or see the information .

进一步地,应用开发形式可包括ios的APP、安卓平台的手机APP、windows应用软件、ubuntu应用软件、mac应用软件。应用形式可包括界面操作和终端输入输出。应用开发中通过调用API层的各功能进行功能开发和应用。Further, the application development form may include ios APP, Android platform mobile APP, windows application software, ubuntu application software, mac application software. Application form can include interface operation and terminal input and output. In application development, function development and application are carried out by calling various functions of the API layer.

下面结合附图对本实施例进一步描述。This embodiment will be further described below in conjunction with the accompanying drawings.

如图1所示,本实施例提供的强隐私保护的新型社会网络系统,包括三层设计,分别是P2P网络层、API层和应用层。其中,在图中右下至上为从底层架构到APP应用使用的层次递进,API层是三层的衔接。As shown in FIG. 1 , the novel social network system with strong privacy protection provided by this embodiment includes a three-layer design, which are P2P network layer, API layer and application layer. Among them, from the bottom right to the top in the figure is the hierarchical progression from the underlying architecture to the APP application, and the API layer is the connection of the three layers.

通过界面操作进行用户登录的操作,调用用户验证API,通过验证解密私钥正确后,通过DHT提供的接口接入P2P网络。首先跟预设的BOOTSTRAP节点建立连接,然后随机生成一个散列值作为NodeID,向BOOTSTRAP节点发出查询请求,建立起自己的路由表。Perform user login operation through interface operation, call user verification API, and access P2P network through the interface provided by DHT after verifying that the decryption private key is correct. First establish a connection with the preset BOOTSTRAP node, then randomly generate a hash value as NodeID, send a query request to the BOOTSTRAP node, and establish its own routing table.

登录后,用户则作为P2P网络的节点存在,此时可以进行一些应用所提供的操作,比如与为好友关系的另一名用户进行文字通信,在发送一条消息时,首先调用API进行用户验证,验证用户的身份标识以及好友关系(这些信息都存储在DHT网络中),验证通过后,调用即时通讯的API,通过底层DHT网络所提供的内容存储功能,将发送的文字内容、发送者的身份标识和时戳等内容纪录在DHT网络中目标用户的键值对上,而目标用户则始终在监听自己的键值对上的内容变化,对于新增的记录,对发送者、发送内容和发送时间进行解析后,呈现在程序的UI上。After logging in, the user exists as a node of the P2P network. At this time, some operations provided by the application can be performed, such as text communication with another user who is a friend. When sending a message, the API is first called for user verification. Verify the user's identity and friend relationship (these information are stored in the DHT network). After the verification is passed, call the API of instant messaging, and use the content storage function provided by the underlying DHT network to send the text content and sender's identity Content such as identification and time stamp is recorded on the key-value pair of the target user in the DHT network, and the target user is always monitoring the content changes on his own key-value pair. For new records, the sender, sending content and sending After the time is parsed, it is presented on the UI of the program.

下面进行模块详述。The modules are described in detail below.

a.分布式存储模块a. Distributed storage module

数据分布式存储模块用于将文件和聊天数据存储在分散分布式网络中,分布式网络的实现采用了分布式散列表(DHT)的技术,并采取了Kademlia协议实现,对于各种数据采用键-值对的方式进行存取。The data distributed storage module is used to store files and chat data in a decentralized distributed network. The realization of the distributed network adopts the technology of distributed hash table (DHT), and adopts the Kademlia protocol to realize, and uses keys for various data -value pairs are accessed.

在保存数据时,当某个节点得到了新加入的数据(K/V),它会先计算自己与新数据的key之间的“距离”;然后再计算它所知道的其它节点与这个key的距离。如果计算下来,自己与key的距离最小,那么这个数据就保持在自己这里,否则的话,把这个数据转发给距离最小的节点。收到数据的另一个节点,也采用上述过程进行处理(递归处理)。When saving data, when a node gets newly added data (K/V), it will first calculate the "distance" between itself and the key of the new data; then calculate the other nodes it knows and the key the distance. If it is calculated that the distance between itself and the key is the smallest, then the data will be kept here, otherwise, the data will be forwarded to the node with the smallest distance. Another node that receives the data also uses the above process for processing (recursive processing).

在获取数据时,当某个节点接收到查询数据的请求(key),它会先计算自己与key之间的“距离”;然后再计算它所知道的其它节点与这个key的距离。如果计算下来,自己与key的距离最小,那么就在自己这里找有没有key对应的value。有的话就返回value,没有的话就报错。否则的话,把这个数据转发给距离最小的节点。收到数据的另一个节点,也采用上述过程进行处理(递归处理)。When acquiring data, when a node receives a query data request (key), it will first calculate the "distance" between itself and the key; then calculate the distance between other nodes it knows and the key. If the calculation shows that the distance between you and the key is the smallest, then you can find out whether there is a value corresponding to the key here. If there is, it will return value, if not, it will report an error. Otherwise, forward the data to the node with the smallest distance. Another node that receives the data also uses the above process for processing (recursive processing).

b.路由算法模块b. Routing algorithm module

DHT网络的逻辑结构为二叉树结构,当一个节点在建立路由表时,从根节点开始,逐层把不包含自己的子树拆分出来,得到n个子树;对于每个子树,如果知道每一个子树中的一个节点,就可以利用这n个节点进行递归路由,从而能够达到整个二叉树。The logical structure of the DHT network is a binary tree structure. When a node is building a routing table, it starts from the root node and splits the subtrees that do not contain itself layer by layer to obtain n subtrees; for each subtree, if you know each A node in the subtree can use these n nodes for recursive routing, so that the entire binary tree can be reached.

由于分布式网络可能面临节点频繁上下线的问题,每个子树只记录一个节点显然不能满足健壮性的要求,所以对于每个子树记录其中的k个节点。要注意有的子树节点数量可能不足k个,所以对于此子树记录的节点可能达不到k个。Since the distributed network may face the problem of frequent nodes going online and offline, recording only one node in each subtree obviously cannot meet the robustness requirements, so k nodes are recorded for each subtree. It should be noted that the number of nodes in some subtrees may be less than k, so the number of nodes recorded for this subtree may not reach k.

c.(细粒度)访问控制模块c. (fine-grained) access control module

对于DHT网络中存储的数据,需要进行精细的访问控制。访问控制模块用于保证分布式存储的文件和聊天数据的机密性和完整性,细粒度的保护用户隐私,确保连接用户可信。用户节点在接入DHT网络时,首先要进行身份验证。身份的验证采用加密的私钥来进行,而每个用户的标识ID采用对应公钥的哈希值。对于某些隐私数据,采用公钥加密后并存放在DHT网络上,只有拥有对应私钥的用户才能获取并解密出原文;对于用户使用即时通讯所产生的聊天记录,分别采用各自接收方用户的密钥进行加密并存储在对应的键下面。For data stored in the DHT network, fine-grained access control is required. The access control module is used to ensure the confidentiality and integrity of distributed storage files and chat data, fine-grained protection of user privacy, and ensure the trustworthiness of connected users. When a user node accesses the DHT network, it must first perform identity verification. Identity verification is performed using an encrypted private key, and each user's ID uses the hash value of the corresponding public key. For some private data, it is encrypted with the public key and stored on the DHT network. Only users with the corresponding private key can obtain and decrypt the original text; The keys are encrypted and stored under the corresponding key.

采用本发明提供的强隐私保护的新型社会网络系统,可以脱离集中式中心服务器和数据中心的传统社交网络系统,大大降低个人信息和隐私数据暴露的危险,确保非授权用户无法得知或篡改分布式存储文件的内容,保证聊天数据存储的不可抵赖性,加强分布式社交网络中的用户有效管理和网络结构透明性,具体有如下优点:The new social network system with strong privacy protection provided by the present invention can break away from the traditional social network system of centralized central server and data center, greatly reduce the risk of exposure of personal information and private data, and ensure that unauthorized users cannot know or tamper with distribution The content of the file is stored in a format, which ensures the non-repudiation of chat data storage, and strengthens the effective management of users in the distributed social network and the transparency of the network structure. The specific advantages are as follows:

a.脱离传统集中式的社交网络系统a. Break away from the traditional centralized social network system

现有的主流社交网络软件基于集中式中心服务器的架构,通过中心服务器将用户数据进行转发存储,大数据的用户信息存储于数据中心,所有用户的交互信息由中心服务器来进行管理转发,这样集中式的方式将攻击者的目标聚焦在了数据中心和中心服务器上,且大数据时代中的数据挖掘和数据分析可将用户个人信息数据最大化的得以利用。因此选用分布式的社交网络系统,将用户的信息数据分散在网络中,可以大大降低数据暴露的危险性。The existing mainstream social networking software is based on the architecture of a centralized central server, which forwards and stores user data through the central server, stores big data user information in the data center, and manages and forwards all user interaction information by the central server. This method focuses the attacker's target on the data center and central server, and data mining and data analysis in the era of big data can maximize the use of user personal information. Therefore, choosing a distributed social network system to disperse user information and data in the network can greatly reduce the risk of data exposure.

b.细粒度的访问控制b. Fine-grained access control

用户分布式存储的文件面向其他用户进行权限控制,只有授权用户才能访问或下载。聊天记录文件分散加密存储因而他人不可见,但系统会进行Md5码计算来和本地的聊天记录文件进行比对。建立好友机制,对于黑名单内的用户禁止建立连接。The files stored by users in a distributed manner are subject to permission control for other users, and only authorized users can access or download them. The chat record files are distributed and encrypted and stored so that others cannot see them, but the system will perform Md5 code calculations to compare with the local chat record files. Establish a friend mechanism, and prohibit the establishment of connections for users in the blacklist.

c.网络结构透明性c. Network structure transparency

用户节点的信息不对外公布,所有连接操作中获取的对方节点信息对用户不可见,网络连接结构信息等均对用户透明。The information of the user node is not released to the public, and the other node information obtained in all connection operations is invisible to the user, and the network connection structure information is transparent to the user.

以上对本发明的具体实施例进行了描述。需要理解的是,本发明并不局限于上述特定实施方式,本领域技术人员可以在权利要求的范围内做出各种变形或修改,这并不影响本发明的实质内容。Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the specific embodiments described above, and those skilled in the art may make various changes or modifications within the scope of the claims, which do not affect the essence of the present invention.

Claims (7)

1.一种具有强隐私保护的社会网络系统,其特征在于,包括:P2P网络层、API层以及APP应用层,所述API层连接了P2P网络层和APP应用层;1. A social network system with strong privacy protection, is characterized in that, comprises: P2P network layer, API layer and APP application layer, described API layer is connected P2P network layer and APP application layer; 其中:in: 所述P2P网络层,建立社会网络系统的去中心化对等连接;The P2P network layer establishes a decentralized peer-to-peer connection of the social network system; 所述API层,确定应用接口和提供社会网络系统的服务功能;The API layer determines the application interface and provides the service function of the social network system; 所述APP应用层,通过应用开发,生成应用界面,调用API层的应用接口提供界面响应和用户交互功能。The APP application layer generates an application interface through application development, and calls the application interface of the API layer to provide interface response and user interaction functions. 2.根据权利要求1所述的具有强隐私保护的社会网络系统,其特征在于,所述P2P网络层包括:数据分布式存储模块、访问控制模块、网络结构保护模块和路由算法模块;其中:2. The social network system with strong privacy protection according to claim 1, wherein the P2P network layer comprises: a data distributed storage module, an access control module, a network structure protection module and a routing algorithm module; wherein: 所述数据分布式存储模块,将文件和聊天数据存储在分散的网络中,形成分布式存储的文件和聊天数据;The data distributed storage module stores files and chat data in a decentralized network to form distributed stored files and chat data; 访问控制模块,保证分布式存储的文件和聊天数据的机密性和完整性,细粒度的保护用户隐私,确保连接用户可信;The access control module ensures the confidentiality and integrity of distributed stored files and chat data, fine-grained protection of user privacy, and ensures the trustworthiness of connected users; 网络结构保护模块,保证用户的节点信息、IP地址信息以及用户使用的数据信息的机密性,确保网络连接结构对于用户的透明性;The network structure protection module ensures the confidentiality of the user's node information, IP address information and data information used by the user, and ensures the transparency of the network connection structure to the user; 路由算法模块,建立用户间的连接,确保数据下载链路建立,保证分布式存储数据的可用性。The routing algorithm module establishes connections between users, ensures the establishment of data download links, and ensures the availability of distributed storage data. 3.根据权利要求2所述的具有强隐私保护的社会网络系统,其特征在于,还包括如下任一项或任多项:3. The social network system with strong privacy protection according to claim 2, further comprising any one or more of the following: -所述分布式存储的聊天数据包括在P2P网络中的聊天记录副本文件和存储在用户本地的聊天记录文件,其中:-The chat data of the distributed storage includes the copy file of the chat record in the P2P network and the chat record file stored locally in the user, wherein: 所述在P2P网络中的聊天记录副本文件,分布式存储于一定数量的节点上,该部分聊天数据不受用户自身控制;The chat record copy file in the P2P network is distributed and stored on a certain number of nodes, and this part of the chat data is not controlled by the user itself; 所述存储在用户本地的聊天记录文件,脱离P2P网络,能够遭受到更改或删除;The chat record files stored locally in the user are separated from the P2P network and can be changed or deleted; -访问控制模块在保证用户分布式存储的文件的机密性时,通过对称密钥加密保证文件的机密性,同时由非对称密钥通过协议方式进行文件传输前的身份验证。- When the access control module ensures the confidentiality of files stored by users in a distributed manner, it uses symmetric key encryption to ensure the confidentiality of files, and at the same time uses asymmetric keys to perform identity verification before file transmission through protocols. 4.根据权利要求3所述的具有强隐私保护的社会网络系统,其特征在于,所述API层包含如下功能模块:4. the social network system with strong privacy protection according to claim 3, is characterized in that, described API layer comprises following function module: 用户注册模块、用户验证模块、用户登入退出模块、用户搜索模块、用户连接模块、即时通讯模块、记录验证模块、黑名单模块、分布式存储模块、消息发布模块;User registration module, user verification module, user login and exit module, user search module, user connection module, instant messaging module, record verification module, blacklist module, distributed storage module, message release module; 其中:in: 所述用户注册模块,填写导入用户数据,建立新用户并加入P2P网络层中成为新节点,并告知其他节点该新节点的建立;Described user registration module fills in and imports user data, establishes a new user and joins in the P2P network layer to become a new node, and informs other nodes of the establishment of the new node; 所述用户验证模块,对用户账号密码进行核验,并对好友的请求和连接的建立进行身份核验,对可信用户发布公钥;The user verification module verifies the user account password, and verifies the identity of the friend's request and the establishment of the connection, and issues a public key to the trusted user; 所述用户登入退出模块,对P2P网络层在线节点的添加和删除进行操作,对于即将下线的节点进行分布式存储信息在线完整度的核验,保证分布式存储信息的可用性;所述分布式存储信息包括:分布式存储的文件和聊天数据;The user logs in and exits the module to operate the addition and deletion of online nodes in the P2P network layer, and check the online integrity of distributed storage information for nodes that are about to go offline to ensure the availability of distributed storage information; the distributed storage Information includes: distributed storage files and chat data; 所述用户搜索模块,在用户A选定用户B进行即时通讯后,在P2P网络中迭代查找用户B,并在获取用户B的地址后再建立二者之间的链路;The user search module, after user A selects user B for instant messaging, searches for user B iteratively in the P2P network, and establishes a link between the two after obtaining the address of user B; 所述用户连接模块,在用户A获取用户B的IP地址和监听端口信息后,与用户B建立连接;The user connection module establishes a connection with user B after user A obtains the IP address and monitoring port information of user B; 所述即时通讯模块,在用户A和用户B建立通讯链路后,进行消息的发送与接收;The instant messaging module sends and receives messages after the user A and user B establish a communication link; 所述记录验证模块,在用户A和用户B建立连接后,对于用户A和用户B之前的存储在用户本地的聊天记录文件和在P2P网络中的聊天记录副本文件进行Md5码校验,比对其数据的完整性和保证聊天记录的不可抵赖性;Described record verification module, after user A and user B set up connection, carry out Md5 code verification for user A and user B's previous chat record file stored in user's locality and the chat record copy file in P2P network, compare The integrity of its data and the non-repudiation of guaranteed chat records; 所述黑名单模块,保证用户A能够阻止用户B进行的与用户A建立连接的尝试;The blacklist module ensures that user A can prevent user B from attempting to establish a connection with user A; 所述分布式存储模块,保证只有授权用户能够访问和下载存储于本地的分布式存储数据,确保自身存储于其他用户机器中的文件和聊天数据是加密和完整的;The distributed storage module ensures that only authorized users can access and download locally stored distributed storage data, and ensures that files and chat data stored in other user machines are encrypted and complete; 所述消息发布模块,对设定范围的选定对象进行消息通告,其中选定对象拥有一个特定公私钥对,使用公钥加密广播信息,只有获取过拥有对应私钥的用户才能得知信息的真实内容。The message publishing module performs message notification to selected objects within a set range, wherein the selected object has a specific public-private key pair, uses the public key to encrypt broadcast information, and only users who have obtained the corresponding private key can know the information. real content. 5.根据权利要求4所述的具有强隐私保护的社会网络系统,其特征在于,还包括如下任意一项或任意多项:5. The social network system with strong privacy protection according to claim 4, further comprising any one or more of the following: -所述用户搜索模块,在线过程中保留一定时间戳的未下线好友IP地址和端口信息,所有过程中好友节点的相关信息相对于用户自身具有全部的透明性,保证节点信息的隐私性;-The user search module retains the non-offline friend IP address and port information of a certain time stamp during the online process, and the relevant information of the friend node in all processes has full transparency relative to the user itself, ensuring the privacy of the node information; -所述用户连接模块,连接过程对于用户透明,对方节点的IP地址和端口信息不公开,程序后台自动响应和连接,用户不可见相关信息;- the user connection module, the connection process is transparent to the user, the IP address and port information of the other node are not disclosed, the program background automatically responds and connects, and the user cannot see the relevant information; -所述即时通讯模块,发送和接收的信息在TCP链路中为通过接收方公钥加密的信息,接收后使用私钥进行解密,因此在链路中传输内容保证了消息的机密性。-In the instant messaging module, the information sent and received in the TCP link is information encrypted by the receiver's public key, and the private key is used to decrypt the received information, so the content transmitted in the link ensures the confidentiality of the message. 6.根据权利要求4所述的具有强隐私保护的社会网络系统,其特征在于,所述记录验证模块在用户A和用户B连接并即时通讯时,首先对于用户A和用户B在此之前的存储在用户本地的聊天记录文件和在P2P网络中的聊天记录副本文件进行Md5码的对比校验,对于用户A和用户B是否存在更改或删除聊天记录的行为进行检验,通过检测存储在用户本地的聊天记录文件的完整性并通过界面响应告知用户A和用户B对方存储在用户本地的聊天记录文件的正确性。6. The social network system with strong privacy protection according to claim 4, characterized in that, when user A and user B are connected and instant messaged by the record verification module, at first for user A and user B before this The chat record file stored locally in the user and the copy file of the chat record in the P2P network are compared and verified with the Md5 code, and whether there is any behavior of changing or deleting the chat record between user A and user B is checked, and stored in the user's local area through detection The integrity of the chat record file and notify user A and user B of the correctness of the chat record file stored locally by the other party through the interface response. 7.根据权利要求1所述的具有强隐私保护的社会网络系统,其特征在于,所述APP应用层,其中:7. The social network system with strong privacy protection according to claim 1, characterized in that, the APP application layer, wherein: 应用开发形式包括ios的APP、安卓平台的手机APP、windows应用软件、ubuntu应用软件和/或mac应用软件;The form of application development includes ios APP, mobile phone APP on Android platform, windows application software, ubuntu application software and/or mac application software; 应用形式包括界面操作和终端输入输出;Application form includes interface operation and terminal input and output; 应用开发中通过调用API层的各功能模块进行功能开发和应用。In the application development, function development and application are carried out by calling each function module of the API layer.
CN201711342942.8A 2017-12-14 2017-12-14 A social network system with strong privacy protection Active CN108199866B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711342942.8A CN108199866B (en) 2017-12-14 2017-12-14 A social network system with strong privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711342942.8A CN108199866B (en) 2017-12-14 2017-12-14 A social network system with strong privacy protection

Publications (2)

Publication Number Publication Date
CN108199866A true CN108199866A (en) 2018-06-22
CN108199866B CN108199866B (en) 2020-06-12

Family

ID=62574321

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711342942.8A Active CN108199866B (en) 2017-12-14 2017-12-14 A social network system with strong privacy protection

Country Status (1)

Country Link
CN (1) CN108199866B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067905A (en) * 2018-09-05 2018-12-21 黄秋琼 A kind of implementation method of the network application of decentralization
CN110166350A (en) * 2019-06-06 2019-08-23 深圳市加农炮网络技术有限公司 A kind of open social network communication agreement
CN111092805A (en) * 2019-12-17 2020-05-01 北京众享比特科技有限公司 Instant messaging method, device, equipment and medium based on DHT network

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119271A (en) * 2007-07-05 2008-02-06 中国科学技术大学 A structured P2P application service platform and its implementation method
CN101867623A (en) * 2010-07-15 2010-10-20 上海交通大学 peer-to-peer network service primitive system
US20140279844A1 (en) * 2013-03-14 2014-09-18 Microsoft Corporation Available, scalable, and tunable document-oriented storage services
CN105590192A (en) * 2015-12-14 2016-05-18 苏州天平先进数字科技有限公司 Screen locking system having console game function
CN106570631A (en) * 2016-10-28 2017-04-19 南京邮电大学 Method and system of facing P2P platform operation risk estimation
CN107360238A (en) * 2017-07-25 2017-11-17 光载无限(北京)科技有限公司 Intelligent contract gateway based on block chain CPOW common recognition algorithms

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119271A (en) * 2007-07-05 2008-02-06 中国科学技术大学 A structured P2P application service platform and its implementation method
CN101867623A (en) * 2010-07-15 2010-10-20 上海交通大学 peer-to-peer network service primitive system
US20140279844A1 (en) * 2013-03-14 2014-09-18 Microsoft Corporation Available, scalable, and tunable document-oriented storage services
CN105590192A (en) * 2015-12-14 2016-05-18 苏州天平先进数字科技有限公司 Screen locking system having console game function
CN106570631A (en) * 2016-10-28 2017-04-19 南京邮电大学 Method and system of facing P2P platform operation risk estimation
CN107360238A (en) * 2017-07-25 2017-11-17 光载无限(北京)科技有限公司 Intelligent contract gateway based on block chain CPOW common recognition algorithms

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SAIKAT GUHA, KEVIN TANG,PAUL FRANCIS: "NOYB: Privacy in Online Social Networks", 《WORKSHOP ON ONLINE SOCIAL NETWORK》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067905A (en) * 2018-09-05 2018-12-21 黄秋琼 A kind of implementation method of the network application of decentralization
CN110166350A (en) * 2019-06-06 2019-08-23 深圳市加农炮网络技术有限公司 A kind of open social network communication agreement
CN110166350B (en) * 2019-06-06 2021-08-03 雷雨 Open social network communication method
CN111092805A (en) * 2019-12-17 2020-05-01 北京众享比特科技有限公司 Instant messaging method, device, equipment and medium based on DHT network

Also Published As

Publication number Publication date
CN108199866B (en) 2020-06-12

Similar Documents

Publication Publication Date Title
Cutillo et al. Privacy preserving social networking through decentralization
US12058122B2 (en) Password concatenation for secure command execution in a secure network device
US12267325B2 (en) Localized machine learning of user behaviors in network operating system for enhanced secure services in secure data network
US11924229B2 (en) Distributed security in a secure peer-to-peer data network based on real-time sentinel protection of network devices
US12058243B2 (en) Identity management system establishing two-way trusted relationships in a secure peer-to-peer data network
US11582241B1 (en) Community server for secure hosting of community forums via network operating system in secure data network
US11949717B2 (en) Distributed security in a secure peer-to-peer data network based on real-time navigator protection of network devices
US12081558B2 (en) Distributed security in a secure peer-to-peer data network based on real-time guardian protection of network devices
US12309146B2 (en) Secure peer-to-peer based communication sessions via network operating system in secure data network
US12126602B2 (en) Crypto-signed switching between two-way trusted network devices in a secure peer-to-peer data network
US12088590B2 (en) Secure keyboard resource limiting access of user input to destination resource requesting the user input
US12113785B2 (en) Directory server providing tag enforcement and network entity attraction in a secure peer-to-peer data network
US20230164121A1 (en) Autonomic distribution of hyperlinked hypercontent in a secure peer-to-peer data network
US12126728B2 (en) Anti-replay protection based on hashing encrypted temporal key in a secure peer-to-peer data network
CN108199866B (en) A social network system with strong privacy protection
US10785025B1 (en) Synchronization of key management services with cloud services
US11943211B2 (en) Device monitoring in accessing network
US20150242501A1 (en) Social network address book
US20230060803A1 (en) Secure device access recovery based on validating encrypted target password from secure recovery container in trusted recovery device
US20230199001A1 (en) Secure streaming media based on updating hypercontent in a secure peer-to-peer data network
Fazal et al. Blockchain Authentication Mechanism for Securing Internet of Things
Janiuk et al. Secure distributed data structures for peer-to-peer-based social networks
US20230125556A1 (en) Secure autonomic recovery from unusable data structure via a trusted device in a secure peer-to-peer data network
CN117395659A (en) Communication security system and method based on block chain data encryption algorithm
CN120387161A (en) Application method and related equipment of trusted sandbox in power edge computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant