[go: up one dir, main page]

CN111600838A - Authority management system based on network database - Google Patents

Authority management system based on network database Download PDF

Info

Publication number
CN111600838A
CN111600838A CN202010278515.3A CN202010278515A CN111600838A CN 111600838 A CN111600838 A CN 111600838A CN 202010278515 A CN202010278515 A CN 202010278515A CN 111600838 A CN111600838 A CN 111600838A
Authority
CN
China
Prior art keywords
management system
terminal
authority management
network
platform server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010278515.3A
Other languages
Chinese (zh)
Inventor
许正根
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010278515.3A priority Critical patent/CN111600838A/en
Publication of CN111600838A publication Critical patent/CN111600838A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of network database authority management, and discloses an authority management system based on a network database, which comprises: network platform server S operating with authority management systemwfNetwork platform server SwfIs provided with a network database SiPC terminal U with authority management systemiPC terminal UiThrough network communication equipment, on authority management system and network platform server SwfRealizing communication connection among each other; the authority management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity passes the verification of the authority management system, and the network platform server SwfOnly allow the PC terminal UiTo network database SiOtherwise, the network platform server SwfRejecting PC terminal UiTo network numberDatabase SiTo access the data. The invention solves the technical problem that the data in the network database is illegally tampered.

Description

Authority management system based on network database
Technical Field
The invention relates to the technical field of network database authority management, in particular to an authority management system based on a network database.
Background
Computer networks are communication equipment and circuits, and connect computers which are located at different places and spatial positions and operate relatively independently, and then configure corresponding systems and application software, so that software and hardware resource sharing and information transmission are realized among originally independent computers. A database is a collection of related data organized according to a certain structure and rules, and is a repository for storing data. The two technologies are combined together to form a widely-used network database.
The security of a network database system has great similarity to the security requirements of other computer systems. In the process of running the network database system, because the database system has sharing property, unsafe factors from multiple aspects exist in practical application, and various safety problems can be caused, such as illegal tampering of the database data.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a network database-based authority management system to solve the technical problem that data in a network database is illegally tampered.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a rights management system based on a network database, comprising: network platform server S operating with authority management systemwfNetwork platform server SwfIs provided with a network database SiPC terminal U with authority management systemiPC terminal UiThrough network communication equipment, on authority management system and network platform server SwfRealizing communication connection among each other;
network platform server SwfAuthority management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt the network platform server SwfThe user registration is performed on the authority management system, which specifically comprises the following steps:
(1) authority management system pops up and PC terminal U on registration pageiA dialog box for interactive communication;
(2) PC terminal UiSetting large prime numbers α and β, calculating χ of α×β, and inputting χ into a dialog box, namely sending the χ to the authority management system;
step two: when PC terminal UiTo the network platform server SwfWhen sending access request, the authority management system starts to the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) authority management system pops up and PC terminal U on verification pageiA dialog box for interactive communication;
(2) the rights management system randomly generates a large integer η and calculates λ η4modχ、γ=η2mod χ, display λ within the dialog;
(3) PC terminal UiComputing
Figure BDA0002445675930000021
And inputting gamma' into the dialog box;
(4) the authority management system verifies whether the equation gamma is satisfied;
if the above equation is true, the PC terminal U is provediKnowing the private keys α and β, the rights management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity authentication of (1).
Preferably, the large prime numbers α and β are private keys, which are unique legal certification keys and are only PC terminals UiIndividually, i.e., the rights management system does not know the private keys α and β.
Preferably, in the second step, the step (2), the step (3) and the step (4) constitute one round of authentication, and k is repeatedly executediSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiThe authentication of the rights management system is not passed.
Preferably, the interactive communication dialog box has a traceless communication function, that is, all interactive communication contents in the dialog box have no backup record.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
the authority management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity passes the verification of the authority management system, and the network platform server SwfOnly allow the PC terminal UiTo network database SiAccess request of otherwise the networkPlatform server SwfRejecting PC terminal UiTo network database SiAn access request of (2);
and PC terminal UiAfter the user identity is verified by the authority management system, the authority management system only knows the U of the PC terminaliIf the identity of (2) is legal, it does not know the PC terminal Uiα and β, namely the PC terminal UiThe identity verification is completed on the premise of not revealing own private keys α and β;
therefore, the technical problem that the data in the network database is illegally tampered is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A rights management system based on a network database, comprising: network platform server S operating with authority management systemwfNetwork platform server SwfIs provided with a network database SiPC terminal U with authority management systemiPC terminal UiThrough network communication equipment, on authority management system and network platform server SwfRealizing communication connection among each other;
in order to prevent or avoid unauthorized PC terminals UiIllegal pair network platform server SwfNetwork database SiThe access is carried out, and the authority management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity passes the verification of the authority management system, and the network platform server SwfOnly allow the PC terminal UiTo network database SiOtherwise, the network platform server SwfRejecting PC terminalUiTo network database SiAn access request of (2);
network platform server SwfAuthority management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt the network platform server SwfThe user registration is performed on the authority management system, which specifically comprises the following steps:
(1) authority management system pops up and PC terminal U on registration pageiA dialog box for interactive communication;
(2) PC terminal UiSetting large prime numbers α and β, calculating χ of α×β, and inputting χ into a dialog box, namely sending the χ to the authority management system;
where the large prime numbers α and β are private keys, which are the only legitimate certification keys and are only PC terminals UiSeparately owned, i.e., the rights management system does not know the private keys α and β;
step two: when PC terminal UiTo the network platform server SwfWhen sending access request, the authority management system starts to the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) authority management system pops up and PC terminal U on verification pageiA dialog box for interactive communication;
(2) the rights management system randomly generates a large integer η and calculates λ η4modχ、γ=η2mod χ, display λ within the dialog;
(3) PC terminal UiComputing
Figure BDA0002445675930000051
And inputting gamma' into the dialog box;
(4) the authority management system verifies whether the equation gamma is satisfied;
if the above equation is true, the PC terminal U is provediKnowing the private keys α and β, the rights management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiOf (1)Verifying;
(5) forming a round of authentication by the step (2), the step (3) and the step (4), and repeatedly executing kiSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiIdentity authentication of the rights management system is not passed;
the interactive communication dialog box has a traceless communication function, namely all interactive communication contents in the dialog box have no backup record;
after the authentication is completed, the authority management system only knows the U of the PC terminaliIf the identity of (2) is legal, it does not know the PC terminal Uiα and β, namely the PC terminal UiAuthentication of identity is accomplished without revealing its own private keys α and β.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A rights management system based on a network database, comprising: network platform server S operating with authority management systemwfNetwork platform server SwfIs provided with a network database SiPC terminal U with authority management systemiPC terminal UiThrough network communication equipment, on authority management system and network platform server SwfRealizing communication connection among each other;
network platform server SwfAuthority management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt the network platform server SwfThe user registration is performed on the authority management system, which specifically comprises the following steps:
(1) authority management system on registration pagePop-up and PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiSetting large prime numbers α and β, calculating χ of α×β, and inputting χ into a dialog box, namely sending the χ to the authority management system;
step two: when PC terminal UiTo the network platform server SwfWhen sending access request, the authority management system starts to the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) authority management system pops up and PC terminal U on verification pageiA dialog box for interactive communication;
(2) the rights management system randomly generates a large integer η and calculates λ η4modχ、γ=η2mod χ, display λ within the dialog;
(3) PC terminal UiComputing
Figure FDA0002445675920000011
And inputting gamma' into the dialog box;
(4) the authority management system verifies whether the equation gamma is satisfied;
if the above equation is true, the PC terminal U is provediKnowing the private keys α and β, the rights management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity authentication of (1).
2. The rights management system of claim 1, wherein the large prime numbers α and β are private keys that are the only legitimate certification keys and are only PC terminals UiIndividually, i.e., the rights management system does not know the private keys α and β.
3. The rights management system based on network database of claim 1, wherein in the second step, the step (2), the step (3) and the step (4) constitute a round of authentication, and the k is repeatedly executediNext, at a certain round of verificationIn the process, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiThe authentication of the rights management system is not passed.
4. The system of claim 1, wherein the interactive communication dialog box is capable of traceless communication, i.e. no backup record is available for all interactive communication content in the dialog box.
CN202010278515.3A 2020-04-10 2020-04-10 Authority management system based on network database Withdrawn CN111600838A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010278515.3A CN111600838A (en) 2020-04-10 2020-04-10 Authority management system based on network database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010278515.3A CN111600838A (en) 2020-04-10 2020-04-10 Authority management system based on network database

Publications (1)

Publication Number Publication Date
CN111600838A true CN111600838A (en) 2020-08-28

Family

ID=72188664

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010278515.3A Withdrawn CN111600838A (en) 2020-04-10 2020-04-10 Authority management system based on network database

Country Status (1)

Country Link
CN (1) CN111600838A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217700A (en) * 2020-11-19 2021-01-12 曹明 Home-side control system of smart home

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10454939B1 (en) * 2016-06-30 2019-10-22 EMC IP Holding Company LLC Method, apparatus and computer program product for identifying excessive access rights granted to users
CN110941858A (en) * 2019-12-23 2020-03-31 上海源庐加佳信息科技有限公司 Personal network consumption information protection method based on zero-knowledge proof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10454939B1 (en) * 2016-06-30 2019-10-22 EMC IP Holding Company LLC Method, apparatus and computer program product for identifying excessive access rights granted to users
CN110941858A (en) * 2019-12-23 2020-03-31 上海源庐加佳信息科技有限公司 Personal network consumption information protection method based on zero-knowledge proof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
风行南方: "零知识证明介绍", 《HTTPS://BLOG.CSDN.NET/LANSOUL1987/ARTICLE/DETAILS/90744165》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217700A (en) * 2020-11-19 2021-01-12 曹明 Home-side control system of smart home

Similar Documents

Publication Publication Date Title
CN111429254B (en) Business data processing method and device and readable storage medium
CN115619403B (en) A secure blockchain-based method and system for trading surveillance video data.
US10587413B1 (en) Decentralized identities for cross-enterprise authentication and/or authorization
US20210133359A1 (en) Permission management method, permission verification method, and related apparatus
CN110083604B (en) Data right confirming method and device
US10212151B2 (en) Method for operating a designated service, service unlocking method, and terminal
CN111031365B (en) User authentication system suitable for cloud broadcast television network
CN111294796A (en) Smart phone login management system based on zero-knowledge proof
CN111695147A (en) Data security management system based on cloud storage technology
CN111898114A (en) Intelligent early warning type intellectual property monitoring management platform
Xiao et al. Blockchain‐based reliable image copyright protection
CN111600838A (en) Authority management system based on network database
CN111259351A (en) User identity verification system based on Access database login
CN105790935A (en) Independent-software-and-hardware-technology-based trusted authentication server
CN110572392A (en) Identity authentication method based on HyperLegger network
CN113836576B (en) User privacy data protection method for taxi taking software
CN111898113B (en) An intelligent interactive enterprise knowledge management system
CN117218746A (en) Intelligent lock control method and intelligent lock control system
Kirar et al. An efficient architecture and algorithm to prevent data leakage in Cloud Computing using multi-tier security approach
CN111581610A (en) Login management system based on database security
CN113068188A (en) External user identity authentication system based on wireless sensor node
CN111898112B (en) Intellectual property trading platform based on block chain technology
CN117240621B (en) Processing method and device of network request, computer readable medium and electronic equipment
CN111556028A (en) Access management system based on background database
CN111711953A (en) Prevent wireless network management and control system of rubbing net

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200828