CN116595502A

CN116595502A - User management method and related device based on intelligent contract

Info

Publication number: CN116595502A
Application number: CN202310689113.6A
Authority: CN
Inventors: 华崇鑫; 范建文
Original assignee: Jiangxi Kaichuang Digital Technology Co ltd
Current assignee: Jiangxi Kaichuang Digital Technology Co ltd
Priority date: 2023-06-12
Filing date: 2023-06-12
Publication date: 2023-08-15

Abstract

The invention relates to the technical field of blockchains, and discloses a user management method and a related device based on intelligent contracts, which are used for improving the safety and stability of user management. The method comprises the following steps: performing authority verification on the target user to generate an authority verification result; when the authority verification result is that the authority verification is passed, performing user type matching on the target user to obtain a user type; performing operation type matching on a target user through the user type to generate a target operation type set; acquiring operation behavior data of a target user, analyzing the user behavior risk degree of the target user through the operation behavior data, and generating the user risk degree of the target user; generating a right adjustment strategy for the target user through the user risk to obtain a corresponding right adjustment strategy; and carrying out user authority adjustment on the target user through the authority adjustment strategy, generating target user authority, and transmitting the target user authority to the user management terminal.

Description

User management method and related device based on intelligent contract

Technical Field

The invention relates to the technical field of blockchain, in particular to a user management method based on intelligent contracts and a related device.

Background

Conventional user management schemes suffer from a number of deficiencies. For example, some schemes require users to provide a large amount of personal information, which can present data privacy concerns. In addition, conventional user management schemes often rely on centralized control mechanisms, which can lead to delays and cost problems in authorization and approval. Furthermore, if the user information is hacked, data leakage may result in serious loss of user privacy and property.

The intelligent contract-based user management method can solve these problems. It can manage users in a decentralised manner while preserving user privacy. In addition, the smart contract allows the manager to set the right with the prefabricated condition so that the user cannot override the operation. However, the existing scheme has some disadvantages. First, as blockchain technology evolves, the complexity of the smart contracts increases, which may lead to increased computational costs and execution time. Second, since the smart contract is in an unalterable state, if a vulnerability or error exists therein, it may lead to irreversible consequences.

Disclosure of Invention

The invention provides a user management method based on intelligent contracts and a related device, which are used for improving the safety and stability of user management.

The first aspect of the present invention provides a user management method based on an intelligent contract, the user management method based on the intelligent contract includes: performing authority verification on the target user to generate a corresponding authority verification result;

when the authority verification result is that the authority verification is passed, performing user type matching on the target user to obtain a user type corresponding to the target user;

performing operation type matching on the target user through the user type to generate a target operation type set corresponding to the target user;

collecting operation behavior data of the target user, and analyzing the user behavior risk degree of the target user through the operation behavior data to generate the user risk degree of the target user;

generating a right adjustment strategy for the target user through the user risk degree to obtain a corresponding right adjustment strategy;

and carrying out user permission adjustment on the target user through the permission adjustment strategy, generating target user permission, and transmitting the target user permission to a user management terminal.

With reference to the first aspect, in a first implementation manner of the first aspect of the present invention, the performing authority verification on the target user, generating a corresponding authority verification result includes:

Receiving a permission authentication request sent by a target user, analyzing the permission authentication request, and generating private key information and request data of the target user;

carrying out public key matching from a preset public key database through the private key information to generate a corresponding matching result;

when the matching result is that the matching public key exists, encrypting the request data to generate encrypted request data;

decrypting the encryption request data through a preset intelligent contract based on the matching public key to obtain target decryption data;

and carrying out digital signature on the target decryption data to generate signature decryption data, and carrying out authority authentication on the target user through the signature decryption data to generate the authority verification result.

With reference to the first aspect, in a second implementation manner of the first aspect of the present invention, the performing, by the user type, operation type matching on the target user, to generate a target operation type set corresponding to the target user includes:

performing first operation type screening on the target user based on the user type, and determining an initial operation type set corresponding to the target user;

And screening the operation type set for a second operation type through a preset intelligent contract function, and determining a target operation type set corresponding to the target user.

With reference to the second implementation manner of the first aspect, in a third implementation manner of the first aspect of the present invention, the collecting operation behavior data of the target user, and performing user behavior risk analysis on the target user according to the operation behavior data, to generate a user risk of the target user includes:

collecting operation behavior data of the target user, and performing operation type matching on the operation behavior data to generate a corresponding actual operation type set;

and based on the target operation type set, analyzing the user behavior risk degree of the actual operation type set, and generating the user risk degree of the target user.

With reference to the first aspect, in a fourth implementation manner of the first aspect of the present invention, the generating, by the user risk, the permission adjustment policy for the target user, to obtain a corresponding permission adjustment policy includes:

inputting the user risk into a preset user behavior prediction model to predict the user behavior, and generating predicted user behavior data;

Performing operation behavior feature analysis on the predicted user behavior data to determine operation behavior features;

calculating the data security degree of the operation behavior characteristics based on a preset intelligent contract, and generating a corresponding data security degree;

and generating the right adjustment strategy for the target user through the data security, and obtaining a corresponding right adjustment strategy.

With reference to the fourth implementation manner of the first aspect, in a fifth implementation manner of the first aspect of the present invention, the generating, by the data security, the permission adjustment policy for the target user, to obtain a corresponding permission adjustment policy, includes:

performing threshold analysis on the data security to generate a threshold analysis result;

performing dangerous behavior tag matching on the data security through the threshold analysis result to generate a corresponding tag set;

performing authority adjustment item number analysis on the target user through the tag set to generate a corresponding authority adjustment item set;

and generating the authority adjustment strategy of the target user through the authority adjustment item set to obtain a corresponding authority adjustment strategy.

With reference to the fifth implementation manner of the first aspect, in a sixth implementation manner of the first aspect of the present invention, the generating, by the permission adjustment item set, a permission adjustment policy for the target user, to obtain a corresponding permission adjustment policy includes:

Traversing the right adjustment item set to obtain a right code corresponding to each right adjustment item;

performing low-code matching through the authority codes corresponding to each authority adjustment item to generate a low-code set;

and generating the right adjustment strategy for the target user through the low code set to obtain a corresponding right adjustment strategy.

A second aspect of the present invention provides an intelligent contract-based user management system, including:

a third aspect of the present invention provides an intelligent contract-based user management apparatus, including: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the smart contract-based user management device to perform the smart contract-based user management method described above.

A fourth aspect of the present invention provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the above-described smart contract-based user management method.

In the technical scheme provided by the invention, the target user is subjected to authority verification, and an authority verification result is generated; when the authority verification result is that the authority verification is passed, performing user type matching on the target user to obtain a user type; performing operation type matching on a target user through the user type to generate a target operation type set; acquiring operation behavior data of a target user, analyzing the user behavior risk degree of the target user through the operation behavior data, and generating the user risk degree of the target user; generating a right adjustment strategy for the target user through the user risk to obtain a corresponding right adjustment strategy; the invention uses intelligent contract to realize automatic identity verification and authority adjustment, thereby reducing human intervention factors, improving processing efficiency, and better protecting user privacy, wherein data in the intelligent contract is stored in a distributed mode, and is encrypted and verified by using cryptography technology, thus having higher security and confidentiality, and different authority control strategies are set by the intelligent contract to limit the access of users to sensitive data, thereby better protecting the privacy and data security of users.

Drawings

FIG. 1 is a schematic diagram of one embodiment of a user management method based on smart contracts in an embodiment of the present invention;

FIG. 2 is a flow chart of operation type matching in an embodiment of the present invention;

FIG. 3 is a flow chart of user behavior risk analysis in an embodiment of the present invention;

FIG. 4 is a flowchart of generating a rights adjustment policy in an embodiment of the present invention;

FIG. 5 is a schematic diagram of one embodiment of a smart contract-based user management system in accordance with an embodiment of the invention;

FIG. 6 is a schematic diagram of one embodiment of a smart contract-based user management device in an embodiment of the invention.

Detailed Description

The embodiment of the invention provides a user management method based on intelligent contracts and a related device, which are used for improving the safety and stability of user management. The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.

For ease of understanding, a specific flow of an embodiment of the present invention is described below with reference to fig. 1, where an embodiment of a user management method based on smart contracts in an embodiment of the present invention includes:

s101, performing authority verification on a target user to generate a corresponding authority verification result;

it will be appreciated that the execution subject of the present invention may be a user management system based on intelligent contracts, and may also be a terminal or a server, which is not limited herein. The embodiment of the invention is described by taking a server as an execution main body as an example.

Specifically, the server reads a user authority list stored in the intelligent contract. In a smart contract, each user is assigned a set of rights, such as read, write, or manage, etc. These rights are saved in the smart contract for later verification of the user's request. A user request is received. When a user submits a request through the management terminal, the smart contract may read the request. In the request, it is necessary to include the identity information of the user and the type of request, such as read data or write data. And verifying the identity of the user. After receiving the user request, the smart contract needs to verify the identity of the user. This may be accomplished by comparing the identity information in the request with the user identity information maintained in the smart contract. If the identity of the user is legitimate, then a further verification may be performed. If the identity of the user is not legal, the request is denied and an error message is returned. And verifying the user authority. After verifying the user's identity, the smart contract needs to verify that the user has the rights required to perform the requested operation. This may be accomplished by comparing the type of operation in the request to a list of user rights maintained in the smart contract. If the user has the right to the type of operation requested, it can continue. If the user does not have the required rights, the request is denied and an error message is returned. And generating a permission verification result. After user identity verification and rights verification are completed, the smart contract may generate rights verification results. If the user passes the authentication and authorization, an authorization message may be returned and the user is allowed to perform the requested operation. If the user fails authentication or authorization, an error message needs to be returned and the reason for rejecting the request is explained.

S102, when the right verification result is that the right verification is passed, performing user type matching on the target user to obtain a user type corresponding to the target user;

specifically, a user type list stored in the intelligent contract is read. In a smart contract, each user is assigned a user type or role, such as an administrator, a general user, or a privileged user, etc. These user types are saved in the smart contract for subsequent matching. User identity information is received. When a user submits a request through the management terminal, the intelligent contract can read the identity information of the user. The identity information includes information such as a user ID. And verifying the identity of the user. After receiving the user request, the smart contract needs to verify the identity of the user. This may be accomplished by comparing the identity information in the request with the user identity information maintained in the smart contract. If the identity of the user is legitimate, then a further verification may be performed. If the identity of the user is not legal, the request is denied and an error message is returned. Matching the user type. After verifying the user identity, the smart contract needs to match the user type. This may be accomplished by comparing the user identity information in the request with a list of user types maintained in the smart contract. If the identity information of the user is matched with the identity information of a certain user stored in the intelligent contract, the user type corresponding to the user is identified. The smart contract returns the result of one user type for further operation type matching. And generating a user type result. After user authentication and user type matching are completed, the smart contract may generate user type results. If the user passes the identity verification and the user type match, a user type result can be returned, and the specific role of the user in the system can be identified. If the user fails authentication or the user type matches, an error message needs to be returned and the reason for rejecting the request is explained. For example: taking an e-commerce platform as an example, the platform gives different offers to the commodity price according to different user types. When logging in the platform, the user submits authentication information and requests to access the commodity price. The smart contract first verifies the identity by verifying the integrity of the audit information. Next, the smart contract will read the user list and the corresponding user type list. According to the identity information submitted by the user, the intelligent contract identifies the user type of the user and returns prompt information required by the operation. If the user is a new user and has no user type, the smart contract will return an error annotation and prompt the user to go to view his profile to determine the user type. The embodiment can realize price preference customized for different user types by the electronic commerce platform more accurately, and improves user shopping experience.

S103, performing operation type matching on the target user through the user type to generate a target operation type set corresponding to the target user;

specifically, a list of operation types stored in the smart contract is read. In an intelligent contract, each user type or role is assigned a set of operation types. These operation types will be saved in the smart contract for subsequent matches. A user type is received. The smart contract may obtain the user type from the user identity information. In the user type, a specific role of the user in the user management system is included. Matching the operation type. According to the user type of the user, the smart contract will read a list of operation types associated with the user type. The requested operation type is compared to the list of operation types. If the requested operation type matches an operation type in the list of operation types, the user is authorized to use the operation type. If the requested operation type does not match any of the operation types in the list of operation types, the request is denied and an error message is returned. A set of target operation types is generated. Upon completion of the user type matching and the operation type matching, the smart contract may generate a set of target operation types. The set of target operation types consists of operation types that match the user types. These types of operations authorize specific operations performed by the user. If the user passes the operation type verification, an authorization message may be returned and the user is allowed to perform the requested operation. If the user does not pass the operation type verification, the smart contract will return an error message and explain the reason for rejecting the request. For example, a large organization uses a smart contract-based user management system that allows different levels of users to access and modify different data. In this case, the different rights and data visibility will be determined by the user type match and the operation type match. For example, in this organization, all employees are assigned to a basic employee role, and administrators are assigned to an administrator role. The technician is assigned to the technician role. Basic staff can read and modify their personal information, administrators can read and modify information of all staff, and technicians can read and modify information of all staff and administrators. When an employee submits a modification request through the management terminal, the intelligent contract checks the validity of the request through identity verification, user type matching and operation type matching. If the request is legitimate, the smart contract will return a set of target operation types to authorize the employee to perform the requested operation. If the request is not legal, the smart contract will reject the request. By means of the intelligent contract, the authority and the data visibility of each employee in the employee management system can be controlled more accurately by the organization, and therefore the data security and confidentiality are improved.

S104, acquiring operation behavior data of a target user, and analyzing the user behavior risk degree of the target user through the operation behavior data to generate the user risk degree of the target user;

specifically, user behavior data is collected. By monitoring the operation behaviors of the user in the system, the user behavior data can be collected, including the operations of logging in, reading, writing, managing and the like of the user. The collected data may be stored in a smart contract or in a distributed database. User behavior data is cleaned and processed. The collected user behavior data needs to be cleaned and processed to remove unwanted data and noise. This step can be accomplished using data processing and cleaning tools. After the data is purged, the data needs to be converted to a format that can be used for analysis. Data analysis and modeling. All collected user behavior data are analyzed and modeled. This step may use machine learning algorithms such as clustering and classification to classify the data or identify patterns. On the other hand, this step also requires the use of big data analysis techniques, such as association rule analysis, to determine relationships and patterns between operational behaviors. And (5) behavioral analysis. After data analysis and modeling, user behavior can be analyzed. Behavioral analysis includes two main tasks: determining dangerous habits and detecting malicious behavior. Dangerous habits refer to those actions that may lead to a danger, such as repeated logging in and frequent modification of sensitive data. Malicious behavior refers to clearly malicious behavior, such as unauthorized access or technical attacks. And (5) risk assessment. According to dangerous habits of the user behaviors and detection of malicious behaviors, the risk degree of the user can be calculated. The data are collected together and analyzed by the intelligent contract to calculate the risk of the target user. At the same time, the user's behavior can also be monitored and the risk assessment updated according to its behavior. For example, a social media platform may use smart contracts to implement user behavior risk analysis to detect and prevent fraudulent behavior. On this platform, users can share their text, pictures, and audio data. The intelligent contract records all operation behaviors such as login, posting, comment and the like of a user, and after the behavior data are cleaned and processed, data analysis and modeling are carried out. The intelligent appointments then analyze the user's behavior, including detecting those activities and behaviors that may increase fraud. For example, if a user frequently deletes his or her own information and reissues, the smart contract will treat the activity as dangerous habits. If the user is found to misuse a particular vocabulary in the comment, the smart contract will treat this behavior as malicious. And finally, calculating the risk of the target user every day according to the analyzed result, and if the risk of the target user is higher than a certain threshold value, triggering an alarm by the system and informing an administrator to process, thereby improving the safety of the system and the user experience.

S105, generating a right adjustment strategy for the target user through the user risk degree to obtain a corresponding right adjustment strategy;

specifically, a permission adjustment policy list stored in the intelligent contract is read. In an intelligent contract, each user type or role is assigned a set of rights adjustment policies. These policies will be saved in the smart contract for subsequent matches. And receiving the risk degree information of the target user. When the result of the risk assessment is available, the smart contract will receive risk information for the target user from the risk analyzer. The risk information here includes information such as a risk score of the target user and a color code corresponding to the risk score, for further judgment and calculation. And matching the authority adjustment strategy. And according to the risk score information of the target user, the intelligent contract reads the authority adjustment strategy list corresponding to the risk score. The risk score is compared to a corresponding threshold in the policy list. If the risk score is less than or equal to a certain threshold, the user will be authorized to use the corresponding policy and corresponding operating rights. If the risk score is greater than any of the thresholds, the corresponding policy will not be authorized for use. And generating a right adjustment strategy result. After completing user risk analysis and rights adjustment policy matching, the intelligent contract may generate the rights adjustment policy for the target user. If the risk of the target user is less than or equal to a certain threshold, a set of corresponding authority adjustment strategy information can be returned to change the authority level and access limit of the user. If the risk of the target user is higher than any threshold, the permission adjustment policy list is empty. The smart contract may send a warning notification to the target user or administrator to alert them to possible security problems and risks. For example, a bank may use smart contracts to implement rights adjustment policies based on user behavior risk to help improve bank customer access control and information security. In this case, the bank may define different risk thresholds, such as "low", "medium", and "high", and assign a corresponding operation and access right to each level. When a client submits a login request through a login interface, the intelligent contract of the bank performs identity verification on the client according to authentication and identity verification information submitted by the client, and calculates the risk score of the client through the behavior footprint of the client. The smart contracts will then derive rights adjustment policies from the bank smart contracts based on the risk scores and the color codes corresponding to the risk scores, and alter the rights and access levels of the customers accordingly. When the risk score exceeds a specified maximum threshold, the bank intelligence contract will reject the customer's request and notify the administrator once for finer adjustments and solutions. The embodiment can realize that the bank can better protect personal and financial information of clients and strengthen access control and information security.

S106, user permission adjustment is carried out on the target user through a permission adjustment strategy, the target user permission is generated, and the target user permission is transmitted to the user management terminal.

Specifically, the server generates a set of rights for the target user according to the rights adjustment policy. These rights will be adjusted according to the risk of the target user and the requirements of the application. The set of permissions will include a list of user approved applications, files, directories and other resources. And transmitting the target user authority. The transmission of the target user rights to the user management terminal is achieved by using a secure encryption scheme during the transmission. This encryption process may be accomplished by a variety of algorithms, such as AES, RSA, SHA, to ensure the security and confidentiality of the data transfer process. And the user management terminal decrypts. The user management terminal decrypts the received target user permission to obtain an unencrypted permission set. The decryption process requires the use of decryption algorithms and keys to ensure the integrity and accuracy of the data. And (5) adjusting the user permission. After decryption, the user management terminal adjusts the authority of the target user according to the authority set of the user. This process includes adding, deleting and modifying user rights to meet their specific access and operational needs. And updating the user authority. Once the rights adjustment is completed, the user management terminal will transmit the updated rights information back into the smart contract. This means that the rights information of the user has been updated on the smart contract. For example, a hospital may use smart contracts to implement rights adjustment based on risk analysis, adjusting each employee's data access rights based on their risk. The intelligent contracts of the hospital will calculate the risk of the staff according to the role and the behavior analysis result of the staff in the hospital system and generate the proper rights adjustment strategy. For example, if the risk assessment of an employee indicates that the employee may be at risk of malicious or inattentive activity, the smart contract will reduce the employee's rights to a lower level according to the corresponding policy. The intelligent contract will then let the user management terminal receive the issued rights information to update the employee's rights in the hospital system. In this way, the smart contracts can help hospitals protect the data security of their patients and staff, and maintain the overall security and stability of the system.

In the embodiment of the invention, the target user is subjected to authority verification, and an authority verification result is generated; when the authority verification result is that the authority verification is passed, performing user type matching on the target user to obtain a user type; performing operation type matching on a target user through the user type to generate a target operation type set; acquiring operation behavior data of a target user, analyzing the user behavior risk degree of the target user through the operation behavior data, and generating the user risk degree of the target user; generating a right adjustment strategy for the target user through the user risk to obtain a corresponding right adjustment strategy; the invention uses intelligent contract to realize automatic identity verification and authority adjustment, thereby reducing human intervention factors, improving processing efficiency, and better protecting user privacy, wherein data in the intelligent contract is stored in a distributed mode, and is encrypted and verified by using cryptography technology, thus having higher security and confidentiality, and different authority control strategies are set by the intelligent contract to limit the access of users to sensitive data, thereby better protecting the privacy and data security of users.

In a specific embodiment, the process of executing step S101 may specifically include the following steps:

(1) Receiving a permission authentication request sent by a target user, analyzing the permission authentication request, and generating private key information and request data of the target user;

(2) Public key matching is carried out from a preset public key database through private key information, and a corresponding matching result is generated;

(3) When the matching result is that the matching public key exists, encrypting the request data to generate encrypted request data;

(4) Decrypting the encrypted request data through a preset intelligent contract based on the matched public key to obtain target decrypted data;

(5) And carrying out digital signature on the target decryption data to generate signature decryption data, and carrying out authority authentication on the target user through the signature decryption data to generate an authority verification result.

Specifically, the server target user sends a permission authentication request. When the user uses the system service, the user client side sends a permission authentication request to the intelligent contract through the user management terminal. And resolving the permission authentication request. The smart contract will parse the rights authentication request received from the target user and generate a set of random keys based on the data in the request and the application information. The consumer contract will then encrypt the user request data using this random key and store the key in the smart contract. And generating a matching result. The consumer contract will read a pre-set public key database that will contain the public key used to authenticate the user request. Each public key will be associated with a unique private key. The consumer contract matches the public key in the pre-set public key database with the public key extracted from the target user's request. If the match is successful, the consumer contract will generate a match result and store it in the smart contract. The request data is encrypted. After matching the public keys, the consumer contract will encrypt the request data using the matched public key. The encrypted request data will be stored in the smart contract for further use. The request data is decrypted. Upon entering the correct private key, the consumer contract will decrypt the encrypted request data using the matching public key and store the decrypted request data in the smart contract. And (5) verifying the digital signature. Finally, the smart contract will digitally sign the target decrypted data using a preset digital signature verification mechanism. The digital signature will be stored in the smart contract as a result of the rights verification to indicate that the user has successfully passed the rights authentication. For example, an online payment system may use smart contracts to implement digital signature based rights authentication. When a user makes a payment using an online payment system, the user client will send a rights authentication request to the smart contract, including request data for authentication and identification. The smart contract will extract the public key, user ID, user request information, etc. from the request data and generate a set of random keys. The consumer contract will encrypt the requested data using this random key and associate a matching public key with each private key for backup. The consumer contract will then read the matching public key and the corresponding private key before verifying the request data, decrypt the encrypted request data with the public key if a match is found, and sign the request using a digital signature verification mechanism. The signature decryption data is then stored in the smart contract and passed back to the user management terminal. The terminal decrypts the verification signature into data, and generates a right verification result according to the verification result so as to enable the user to pay. The embodiment can realize that the online payment system ensures the safety and the reliability of the payment system, thereby protecting the financial data and the information of the user.

In a specific embodiment, as shown in fig. 2, the process of performing step S103 may specifically include the following steps:

s201, screening a first operation type of a target user based on a user type, and determining an initial operation type set corresponding to the target user;

s202, performing second operation type screening on the operation type set through a preset intelligent contract function, and determining a target operation type set corresponding to a target user.

Specifically, the server determines the user type. In smart contracts, various user types need to be defined, such as manager, general staff, visitor, etc. These user types need to be classified according to their roles in the system and access requirements. An initial operation type is determined. For each user type, the smart contract will define a list of operation types associated with that user type. The list contains all operation types that the user type can access and operate. The allocation of the initial operation type to the user type is performed by reading and analyzing the corresponding entitlement policy stored in the smart contract. And screening the first operation type. After receiving the request of the target user, the intelligent contract performs first operation type screening according to the type of the target user, so as to create the initial operation type of the target user. This process is performed by parsing request data submitted by a user and then matching a list of operation types operable by a target user from a list of corresponding operation types of user types. And screening the second operation type. Next, the smart contract will use the built-in smart contract function to check the initial operation type owned by the target user and further screen and limit the operation type of the target user by matching the access needs and operation type list of the target user. And finishing the screening of the target operation type set. After this is done, the smart contract will generate the final set of operation types for the target user. This set limits the type of operation of the target user based on its user type and actual access requirements to ensure that the target user can only access and operate the appropriate type of operation that is necessary. For example, an enterprise may use smart contracts to implement operation type screening based on user types to better control access and operation of enterprise resources by its employees. In this case, the enterprise may define a plurality of user types, such as manager, technical support, sales person, etc., and configure different initial operation types for each user type. For example, only the manager has access to approve and modify the document, the technical support has access to the technical document and solves the problem, and the sales person can only access the sales document and perform sales operations. Then, when an employee submits a request to access a resource, the smart contract will first locate the employee's initial set of operation types based on the user type and filter out the operation types that are initially available. The smart contracts will then use built-in smart contract mechanisms to further screen and limit the types of operations available to ensure that employees can only perform the necessary types of operations. The embodiment can realize that enterprises strengthen the operation control and information security management of the enterprises to staff, thereby minimizing the risk generated by staff operation.

In a specific embodiment, as shown in fig. 3, the process of executing step S104 may specifically include the following steps:

s301, collecting operation behavior data of a target user, and performing operation type matching on the operation behavior data to generate a corresponding actual operation type set;

s302, analyzing the user behavior risk degree based on the target operation type set, and generating the user risk degree of the target user.

Specifically, the server collects operational behavior data. When the target user accesses and operates the system resources, the user management terminal will collect data about the user's access and operation of the resources, such as using an application program, viewing and modifying files, etc. And performing operation type matching. Operation type information is extracted from the collected operation behavior data and compared with an initial operation type set of the target user to determine an actual operation type set of the target user. User behavior risk analysis. According to the actual operation type set of the target user, the intelligent contract analyzes the risk of the operation behavior of the target user through analysis methods such as pattern recognition, machine learning and the like. This process takes into account the correlation between the current and previous operational behaviors of the target user, as well as the risk of the current operational behavior of the target user to local resources and network security. After the analysis is completed, the smart contract will generate and store the user risk of the target user in the smart contract. For example, a cyber-security company may use smart contracts to implement a user risk analysis system to evaluate the security health index of its customers. The company's smart contracts will collect operational behavior data from the client devices and compare it to access policies and real-time situations. After performing operation type matching and user behavior risk analysis on the detected operation behaviors, the intelligent contract creates a user risk index reflecting the current state of the target user. If the risk assessment of a certain customer indicates that it is at risk for security and has suspicious operational behavior, the security company may recommend and suggest necessary security management measures based on the results. The embodiment can realize that the network security company can timely discover and prevent potential threats and risks, and ensure the data security and information confidentiality of clients.

In a specific embodiment, as shown in fig. 4, the process of performing step S105 may specifically include the following steps:

s401, inputting the user risk into a preset user behavior prediction model to predict the user behavior, and generating predicted user behavior data;

s402, performing operation behavior feature analysis on predicted user behavior data to determine operation behavior features;

s403, calculating the data security degree of the operation behavior characteristic based on a preset intelligent contract, and generating a corresponding data security degree;

s404, generating a right adjustment strategy for the target user through the data security, and obtaining a corresponding right adjustment strategy.

Specifically, the server user behavior predicts. Firstly, the intelligent contract uses the collected user risk as input, and predicts the behavior of the target user by using a preset user behavior prediction model. The model is trained using collected operational behavior data and machine learning algorithms based on historical data. The predicted user behavior will be stored in the smart contract. Operational behavior feature analysis. After predicting the user behavior data, the smart contract will perform operational behavior feature analysis on the data. This process will extract key features in the user behavior data such as time stamps, file paths, file access rights, etc. These features will be used to calculate the security of the data to help the smart contract generate the appropriate tuning strategy. And (5) calculating the data security degree. And calculating the data security degree of the operation behavior characteristics based on a preset intelligent contract. This process will use a number of metrics, such as access control rights, access time, etc., to calculate the data security of the target user. The calculation results will be stored in the smart contract. And generating a right adjustment strategy. Finally, the intelligent contract generates a proper authority adjustment strategy according to the data security calculation result. The policy will determine the access rights, resource access restrictions, data protection measures, etc. of the target user to ensure the security and compliance of its operation. For example, a hospital may use smart contracts to enable secure management of patient medical data. When suspicious dangerous behaviors exist in patient medical data reviewed by a hospital, the intelligent contract can use a preset user behavior prediction model to conduct user behavior prediction. Based on the prediction result, the intelligent contract analyzes the operation behavior characteristics, and calculates the security of the target user data based on the preset intelligent contract. Finally, the smart contract will generate an adjustment policy, such as limiting access rights to sensitive data, limiting use of patient data, and various data security measures, among others. The embodiment can realize the protection of hospitals, reduce the risks of data leakage and unauthorized access, and protect the privacy of patients and the safety of medical data.

In a specific embodiment, the process of executing step S404 may specifically include the following steps:

(1) Performing threshold analysis on the data security to generate a threshold analysis result;

(2) Dangerous behavior tag matching is carried out on the data security through a threshold analysis result, and a corresponding tag set is generated;

(3) Performing authority adjustment item number analysis on the target user through the tag set to generate a corresponding authority adjustment item set;

(4) And generating the authority adjustment strategy for the target user through the authority adjustment item set to obtain a corresponding authority adjustment strategy.

The threshold value analysis is performed. First, the smart contract will analyze the data security score using a preset threshold and generate a corresponding threshold analysis result. The threshold analysis results are generated according to the access rights and security requirements of the target user. Dangerous behavior tag matching. The intelligent contract compares the threshold analysis result with the operation behaviors of the target user by using a preset data security tag library, so as to determine a dangerous behavior tag set of the target user. The data security tag library will include various possible dangerous behavior tags, such as illegal access, unauthorized behavior, malware attacks, etc. These tags will be ranked according to their relevance to the target user and security risk and a set of tags is generated. And (5) analyzing the number of rights adjustment items. According to the generated tag set, the intelligent contract analyzes and calculates the authority adjustment item of the target user. The permission adjustment items generate corresponding permission adjustment item numbers and weights according to factors such as dangerous behavior labels and data access types. This process will check and weigh factors such as security risk in the tag and the purpose of the target user accessing the data. And generating a right adjustment strategy. Finally, the intelligent contract will generate a proper rights adjustment policy based on the calculated set of rights adjustment items. The policy will determine the access rights, resource access restrictions, data protection measures, etc. of the target user to ensure the security and compliance of its operation. For example, a bank may use smart contracts to enable secure management of customer sensitive data. When the bank detects that suspicious data access behaviors exist, the intelligent contract can use a preset threshold value and a label library to perform threshold analysis and dangerous behavior label matching on the data security. Based on the calculated tag set, the smart contract will analyze and calculate the rights adjustment terms of the target client. The calculated result can pay attention to suspicious behavior tags such as illegal access or data leakage and the like, and weight distribution is carried out on the suspicious behavior tags. Finally, the smart contract will generate an adjustment policy, such as restricting access to the relevant data, locking the account, or other targeted operations. The embodiment can realize the bank discovery and treatment of potential security risks and provide a targeted solution.

In a specific embodiment, the executing step generates the permission adjustment policy for the target user through the permission adjustment item set, and the process of obtaining the corresponding permission adjustment policy may specifically include the following steps:

(1) Traversing the right adjustment item set to obtain a right code corresponding to each right adjustment item;

(2) Performing low-code matching through the authority codes corresponding to each authority adjustment item to generate a low-code set;

(3) And generating the permission adjustment policy of the target user through the low code set to obtain a corresponding permission adjustment policy.

Specifically, the set of rights adjustment items is traversed. The smart contract will traverse and parse the generated set of rights adjustment items to determine the rights information contained by each rights adjustment item. This process will use the traversal and parsing functions of the smart contract to process and store the results in the smart contract. Generating a right code. After parsing the rights information, the smart contract will encode each rights adjustment item and store it in the smart contract. The rights code will be generated in accordance with the security requirements of the target user and the type of data access, each rights code will typically contain definitions of rights, resources and data since the same rights typically access different data. A low code set is generated. Based on the rights code corresponding to each rights adjustment item, the intelligent contract will perform a low code match and generate a corresponding low code set. This process will use the existing code library in the smart contract to match the rights code into a specific code implementation. By this matching, the smart contract will generate a low code set that will contain code implementations corresponding to each rights adjustment item. And generating a right adjustment strategy. Finally, the smart contract will use the low code set to generate the rights adjustment policy for the target user. The policy will determine the access rights, resource access restrictions, data protection measures, etc. of the target user to ensure the security and compliance of its operation. For example, an insurance company may use smart contracts to implement rights management for customer data. When the insurer detects suspicious data access behavior, the intelligent contract can automatically generate a related rights adjustment policy by traversing the rights adjustment item set and the generation of the rights code and the implementation of low code matching. The policy will take into account factors such as the data access type, security requirements and access rights of the client and will use a pre-set low code library for rights setting. For example, if a customer accesses a data type that does not match his access permissions, the insurance company's smart contract will automatically generate a limit-authority code to limit access to the relevant data. The embodiment can realize timely discovery and response of the insurance company to potential security risks and help the insurance company to automate the data management flow.

The above describes the user management method based on the intelligent contract in the embodiment of the present invention, and the following describes the user management system based on the intelligent contract in the embodiment of the present invention, referring to fig. 5, an embodiment of the user management system based on the intelligent contract in the embodiment of the present invention includes:

the data verification module 501 is configured to perform authority verification on a target user, and generate a corresponding authority verification result;

the type matching module 502 is configured to perform user type matching on the target user when the authority verification result is that authority verification is passed, so as to obtain a user type corresponding to the target user;

a set generating module 503, configured to perform operation type matching on the target user through the user type, and generate a target operation type set corresponding to the target user;

the behavior analysis module 504 is configured to collect operation behavior data of the target user, and perform user behavior risk analysis on the target user according to the operation behavior data, so as to generate a user risk of the target user;

the policy generation module 505 is configured to generate a right adjustment policy for the target user according to the user risk, so as to obtain a corresponding right adjustment policy;

And the permission adjustment module 506 is configured to adjust the user permission of the target user according to the permission adjustment policy, generate a target user permission, and transmit the target user permission to a user management terminal.

Performing authority verification on the target user through the cooperative cooperation of the components, and generating an authority verification result; when the authority verification result is that the authority verification is passed, performing user type matching on the target user to obtain a user type; performing operation type matching on a target user through the user type to generate a target operation type set; acquiring operation behavior data of a target user, analyzing the user behavior risk degree of the target user through the operation behavior data, and generating the user risk degree of the target user; generating a right adjustment strategy for the target user through the user risk to obtain a corresponding right adjustment strategy; the invention uses intelligent contract to realize automatic identity verification and authority adjustment, thereby reducing human intervention factors, improving processing efficiency, and better protecting user privacy, wherein data in the intelligent contract is stored in a distributed mode, and is encrypted and verified by using cryptography technology, thus having higher security and confidentiality, and different authority control strategies are set by the intelligent contract to limit the access of users to sensitive data, thereby better protecting the privacy and data security of users.

The above fig. 5 describes the smart contract-based user management system in the embodiment of the present invention in detail from the point of view of the modularized functional entity, and the following describes the smart contract-based user management device in the embodiment of the present invention in detail from the point of view of hardware processing.

Fig. 6 is a schematic structural diagram of a smart contract-based user management device 600 according to an embodiment of the present invention, where the smart contract-based user management device 600 may have a relatively large difference due to configuration or performance, and may include one or more processors (central processing units, CPU) 610 (e.g., one or more processors) and a memory 620, and one or more storage media 630 (e.g., one or more mass storage devices) storing applications 633 or data 632. Wherein the memory 620 and the storage medium 630 may be transitory or persistent storage. The program stored on the storage medium 630 may include one or more modules (not shown), each of which may include a series of instruction operations on the smart contract-based user management device 600. Still further, the processor 610 may be configured to communicate with the storage medium 630 to execute a series of instruction operations in the storage medium 630 on the smart contract-based user management device 600.

The smart contract-based user management device 600 may also include one or more power supplies 640, one or more wired or wireless network interfaces 650, one or more input/output interfaces 660, and/or one or more operating systems 631, such as Windows Server, macOS X, unix, linux, freeBSD, and the like. It will be appreciated by those skilled in the art that the smart contract-based user management device architecture illustrated in FIG. 6 does not constitute a limitation of smart contract-based user management devices, and may include more or fewer components than illustrated, or may combine certain components, or a different arrangement of components.

The present invention also provides a smart contract-based user management apparatus, including a memory and a processor, where the memory stores computer-readable instructions that, when executed by the processor, cause the processor to perform the steps of the smart contract-based user management method in the above embodiments.

The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, and may also be a volatile computer readable storage medium, in which instructions are stored which, when executed on a computer, cause the computer to perform the steps of the smart contract-based user management method.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (randomacceS memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments is still modified or some technical features thereof are replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A user management method based on an intelligent contract, characterized in that the user management method based on the intelligent contract comprises the following steps:

performing authority verification on the target user to generate a corresponding authority verification result;

2. The smart contract-based user management method of claim 1, wherein performing rights verification on the target user to generate a corresponding rights verification result includes:

3. The intelligent contract-based user management method according to claim 1, wherein the performing operation type matching on the target user through the user type, generating a target operation type set corresponding to the target user, includes:

4. The intelligent contract-based user management method of claim 1, wherein the collecting operational behavior data of the target user and performing user behavior risk analysis on the target user through the operational behavior data, generating the user risk of the target user, includes:

5. The intelligent contract-based user management method according to claim 1, wherein the performing rights adjustment policy generation on the target user through the user risk degree to obtain a corresponding rights adjustment policy includes:

6. The intelligent contract-based user management method according to claim 5, wherein the performing rights adjustment policy generation on the target user through the data security degree, to obtain a corresponding rights adjustment policy, includes:

7. The intelligent contract-based user management method of claim 6, wherein the performing, by the set of rights adjustment items, rights adjustment policy generation on the target user to obtain a corresponding rights adjustment policy includes:

8. A smart contract-based user management system, the smart contract-based user management system comprising:

the data verification module is used for carrying out authority verification on the target user and generating a corresponding authority verification result;

the type matching module is used for carrying out user type matching on the target user when the authority verification result is that the authority verification is passed, so as to obtain the user type corresponding to the target user;

The set generation module is used for performing operation type matching on the target user through the user type and generating a target operation type set corresponding to the target user;

the behavior analysis module is used for collecting operation behavior data of the target user, analyzing the user behavior risk degree of the target user through the operation behavior data and generating the user risk degree of the target user;

the policy generation module is used for generating the right adjustment policy for the target user through the user risk degree to obtain a corresponding right adjustment policy;

and the permission adjustment module is used for adjusting the user permission of the target user through the permission adjustment strategy, generating the target user permission and transmitting the target user permission to the user management terminal.

9. A smart contract-based user management apparatus, the smart contract-based user management apparatus comprising: a memory and at least one processor, the memory having instructions stored therein;

the at least one processor invoking the instructions in the memory to cause the smart contract-based user management apparatus to perform the smart contract-based user management method of any of claims 1-7.

10. A computer readable storage medium having instructions stored thereon, which when executed by a processor implement the smart contract-based user management method of any of claims 1-7.