CN115051805A - Block chain security access control method based on zero trust security framework - Google Patents
Block chain security access control method based on zero trust security framework Download PDFInfo
- Publication number
- CN115051805A CN115051805A CN202210158887.1A CN202210158887A CN115051805A CN 115051805 A CN115051805 A CN 115051805A CN 202210158887 A CN202210158887 A CN 202210158887A CN 115051805 A CN115051805 A CN 115051805A
- Authority
- CN
- China
- Prior art keywords
- block chain
- zero
- browsing
- content
- trust
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000002159 abnormal effect Effects 0.000 claims abstract description 8
- 238000012790 confirmation Methods 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain security access control method based on a zero trust security framework, which comprises the following steps: A. identity confirmation is safely logged in based on a zero trust system; B. the system identifies and records block chain reference information; C. the system divides a plurality of block chain registration contents; D. block chain continuous security access record alerts; E. actively judging whether the login is abnormal or not according to the access habit of the client; F. warning the user to browse the block chain content and the browsing duration; the method mainly aims to realize zero-trust fast login, actively judges according to the content of a blockchain browsed by a login user and the browsing habit of an accessor, ensures that the accessor is the user, simultaneously, divides and registers according to the content of the blockchain, and reminds the user to log in for visiting and browsing for a long time, ensures that the blockchain can be safely visited in a zero-trust safety frame, and avoids the problem of controlling safety visiting caused by abnormal login.
Description
Technical Field
The invention relates to the technical field of block chain security access control, in particular to a block chain security access control method based on a zero-trust security framework.
Background
With the development of network technology, communication between cities becomes more, distances between people are shortened, more business opportunities are developed through a network, the network is a double-edged sword, convenience can be brought, certain dangerousness is attached, in the practical application of the network, a part of network resources are used for illegal crimes, for example, information of other people is embezzled through Trojan viruses, or illegal information is diffused through network propaganda, at the present of rapid development of a block chain internet, how to avoid non-self login or how to avoid network browsing illegal videos or characters is achieved, and network security access is popularized to practice, so that how to effectively solve the problems becomes a difficult problem which is urgently needed to be solved at present.
Disclosure of Invention
The invention aims to provide a zero-trust safety frame-based block chain safety access control method which mainly aims to realize zero-trust quick login, make active judgment according to the content of a block chain browsed by a login user and the browsing habit of an accessor, ensure that the accessor is the user, divide and register according to the content of the block chain, remind the user to log in for accessing and browsing for a long time, ensure that the block chain can be safely accessed in a zero-trust safety frame and avoid the problem of safety access control caused by abnormal login.
In order to achieve the purpose, the invention provides the following technical scheme: a block chain security access control method based on a zero trust security framework comprises the following steps:
A. identity confirmation is safely logged in based on a zero trust system;
B. the system identifies and records block chain reference information;
C. the system divides a plurality of block chain registration contents;
D. block chain continuous security access record alerts;
E. actively judging whether the login is abnormal or not according to the access habit of the client;
F. the user is alerted to the browsing blockchain content and the browsing duration.
Preferably, the step a is based on zero trust system secure login identity confirmation:
a. the user finds a network entry port and clicks to enter;
b. registering or inputting a registered account number and a password;
c. and finally binding the fingerprint of the hand by selecting and remembering the password to finish basic authentication login.
Preferably, the step B system identifies the record blockchain reference information:
a. the system records the consulting condition of the client through the terminal;
b. the system enters a background subdivision field along with the block chain, and the browsing record of the client in the block chain network system is copied, recorded and stored;
c. and merging and storing the client identity information and the client browsing and consulting information content.
Preferably, the step C system divides several block chain registration contents:
a. the system divides the browsing content of the client from a large field to a small field;
b. judging the personal preference of a login user of the client according to the browsing content;
c. blockchain content that is frequently viewed and similar content are recorded.
Preferably, step D block chain continuous security access records alert:
a. alerting after 2H continued unauthenticated login use;
b. the password does not need to be input again, and only fingerprint reconfirmation is needed;
c. fingerprint authentication does not pass that will stop further access or force a logoff.
Preferably, the step E actively determines whether the login is abnormal according to the access habit of the client: a. The system self-judges whether the account is stolen and logged in or not by recording the previous consulted content and browser preference; b. Continuously browsing the information in the new block chain in a normal use state, and actively judging by the system;
c. the client user needs to perform fingerprint verification.
Preferably, step F alerts the user to browse blockchain content and browse duration:
a. warning that information issued inside a browsing block chain is suspected to be illegal;
b. warning that the blockchain content is being accessed too long;
c. and actively exiting the browsed page or directly warning the end to directly exit to the initial interface of the block chain platform.
Compared with the prior art, the invention has the beneficial effects that:
(1) the invention can realize the quick login of the user based on a zero-trust security framework, the system can track and position records according to the content of the block chain consulted by the user after the basic login is completed, the system can actively carry out identity secondary confirmation when the browsing content is not compliant and the associated content is not compliant or illegal content is involved, and the system can forcedly go off the line when finding that the account is not logged in by the user, thereby protecting the security of the account of the user to the maximum extent and avoiding the illegal crime by utilizing the account.
(2) Meanwhile, the method is based on the block chain technology, through the correlation of the searched contents, the system automatically records, if the information searched by the account is suspected to be illegal, the browsing records are recorded and uploaded to a network police system, and the network safety and the block chain content safety access can be guaranteed to the maximum extent.
Drawings
Fig. 1 is a schematic view of the overall structure of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an operation control method of a blockchain security access control method based on a zero-trust security framework includes the steps of:
A. confirming the safe login identity based on a zero trust system;
B. the system identifies and records block chain reference information;
C. the system divides a plurality of block chain registration contents;
D. block chain continuous security access record alerts;
E. actively judging whether the login is abnormal or not according to the access habit of the client;
F. and warning the user to browse the contents of the block chain and the browsing time.
Step A, identity confirmation based on safe login of a zero trust system:
a. the user finds a network entry port and clicks to enter;
b. registering or inputting a registered account number and a password;
c. and finally binding the fingerprint of the hand by selecting and remembering the password to finish basic authentication login.
Step B, the system identifies and records block chain reference information:
a. the system records the consulting condition of the client through the terminal;
b. the system enters a background subdivision field along with the block chain, and the browsing record of the client in the block chain network system is copied, recorded and stored;
c. and merging and storing the client identity information and the client browsing and consulting information content.
Step C, the system divides a plurality of block chain registration contents:
a. the system divides the browsing content of the client from a large field to a small field;
b. judging the personal preference of a login user of the client according to the browsing content;
c. the frequently browsed blockchain content and similar content are recorded.
Step D, block chain continuous safe access record warning:
a. alerting after 2H continued unauthenticated login use;
b. the password does not need to be input again, and only the fingerprint is confirmed again;
c. fingerprint authentication does not pass that will stop further access or force a logoff.
Step E, actively judging whether the login is abnormal according to the access habit of the client:
a. the system self-judges whether the account is stolen and logged in or not by recording the previous consulted content and browser preference; b. continuously browsing the information in the new block chain in a normal use state, and actively judging by the system;
c. the client user needs to perform fingerprint verification.
Step F, the user is warned to browse the content of the block chain and the browsing duration:
a. warning that information issued inside a browsing block chain is suspected to be illegal;
b. warning that the blockchain content is being accessed too long;
c. and actively exiting the browsed page or directly warning the end to directly exit to the initial interface of the block chain platform.
The above embodiments are only preferred embodiments of the present invention, and are not intended to limit the technical solutions of the present invention, so long as the technical solutions can be realized on the basis of the above embodiments without creative efforts, and should be considered to fall within the protection scope of the patent claims of the present invention.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A block chain security access control method based on a zero trust security framework comprises the following steps:
A. identity confirmation is safely logged in based on a zero trust system;
B. the system identifies and records block chain reference information;
C. the system divides a plurality of block chain registration contents;
D. block chain continuous security access record alerts;
E. actively judging whether the login is abnormal or not according to the access habit of the client;
F. the user is alerted to the browsing blockchain content and the browsing duration.
2. The method for controlling blockchain security access based on zero-trust security framework according to claim 1, wherein the step of identifying the specific operation comprises: the step A is based on the identity confirmation of the safe login of the zero trust system:
a. the user finds a network entry port and clicks to enter;
b. registering or inputting a registered account number and a password;
c. and finally binding the fingerprint of the hand by selecting and remembering the password to finish basic authentication login.
3. The method for controlling blockchain security access based on zero-trust security framework according to claim 1, wherein the step of identifying the specific operation comprises: b, the system identifies and records block chain reference information:
a. the system records the consulting condition of the client through the terminal;
b. the system enters a background subdivision field along with the block chain, and the browsing record of the client in the block chain network system is copied, recorded and stored;
c. and merging and storing the client identity information and the client browsing and consulting information content.
4. The method for controlling blockchain security access based on zero-trust security framework according to claim 1, wherein the step of identifying the specific operation comprises: the step C system divides a plurality of block chain registration contents:
a. the system divides the browsing content of the client from a large field to a small field;
b. judging the personal preference of a login user of the client according to the browsing content;
c. blockchain content that is frequently viewed and similar content are recorded.
5. The method for controlling blockchain security access based on zero-trust security framework according to claim 1, wherein the step of identifying the specific operation comprises: step D, a block chain continuous security access record warning:
a. alerting after 2H continued unauthenticated login use;
b. the password does not need to be input again, and only fingerprint reconfirmation is needed;
c. fingerprint authentication does not pass that will stop further access or force a logoff.
6. The method for controlling blockchain security access based on zero-trust security framework according to claim 1, wherein the step of identifying the specific operation comprises: and E, actively judging whether the login is abnormal according to the access habit of the client:
a. the system self-judges whether the account is stolen and logged in or not by recording the previous consulted content and browser preference;
b. continuously browsing the information in the new block chain in a normal use state, and actively judging by the system;
c. the client user needs to perform fingerprint verification.
7. The method according to claim 1, wherein the step of identifying the specific operation of the blockchain security access control method based on the zero-trust security framework comprises: step F, the user is warned to browse the block chain content and the browsing duration:
a. warning that information issued inside a browsing block chain is suspected to be illegal;
b. warning that the blockchain content is being accessed too long;
c. and actively exiting the browsed page or directly exiting to the initial interface of the block chain platform after the direct warning is finished.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210158887.1A CN115051805A (en) | 2022-02-21 | 2022-02-21 | Block chain security access control method based on zero trust security framework |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210158887.1A CN115051805A (en) | 2022-02-21 | 2022-02-21 | Block chain security access control method based on zero trust security framework |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115051805A true CN115051805A (en) | 2022-09-13 |
Family
ID=83157317
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210158887.1A Pending CN115051805A (en) | 2022-02-21 | 2022-02-21 | Block chain security access control method based on zero trust security framework |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115051805A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117195301A (en) * | 2023-09-21 | 2023-12-08 | 北京中普达技术有限公司 | Clinical data privacy management system based on blockchain |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080086887A (en) * | 2008-07-15 | 2008-09-26 | 넷스타 가부시키가이샤 | Web access monitoring method and its program |
US20120151565A1 (en) * | 2010-12-10 | 2012-06-14 | Eric Fiterman | System, apparatus and method for identifying and blocking anomalous or improper use of identity information on computer networks |
CN111786991A (en) * | 2020-06-29 | 2020-10-16 | 平安国际智慧城市科技股份有限公司 | Block chain-based platform authentication login method and related device |
CN112653689A (en) * | 2020-12-16 | 2021-04-13 | 北京观数科技有限公司 | Terminal zero trust security control method and system |
CN113051350A (en) * | 2021-04-26 | 2021-06-29 | 湖南链聚信息科技有限责任公司 | Zero trust network access system based on block chain |
CN114024704A (en) * | 2020-10-28 | 2022-02-08 | 北京八分量信息科技有限公司 | Certificate distribution method in zero trust architecture |
-
2022
- 2022-02-21 CN CN202210158887.1A patent/CN115051805A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080086887A (en) * | 2008-07-15 | 2008-09-26 | 넷스타 가부시키가이샤 | Web access monitoring method and its program |
US20120151565A1 (en) * | 2010-12-10 | 2012-06-14 | Eric Fiterman | System, apparatus and method for identifying and blocking anomalous or improper use of identity information on computer networks |
CN111786991A (en) * | 2020-06-29 | 2020-10-16 | 平安国际智慧城市科技股份有限公司 | Block chain-based platform authentication login method and related device |
CN114024704A (en) * | 2020-10-28 | 2022-02-08 | 北京八分量信息科技有限公司 | Certificate distribution method in zero trust architecture |
CN112653689A (en) * | 2020-12-16 | 2021-04-13 | 北京观数科技有限公司 | Terminal zero trust security control method and system |
CN113051350A (en) * | 2021-04-26 | 2021-06-29 | 湖南链聚信息科技有限责任公司 | Zero trust network access system based on block chain |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117195301A (en) * | 2023-09-21 | 2023-12-08 | 北京中普达技术有限公司 | Clinical data privacy management system based on blockchain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US12024124B2 (en) | Multi-modal context based vehicle management | |
US10380374B2 (en) | System and method for preventing identity theft or misuse by restricting access | |
EP1980049B1 (en) | Wireless authentication | |
US7272857B1 (en) | Method/system for preventing identity theft or misuse by restricting access | |
US20060015501A1 (en) | System, method and program product to determine a time interval at which to check conditions to permit access to a file | |
US20070101426A1 (en) | Device function restricting method and system in specific perimeters | |
WO2017045386A1 (en) | Fingerprint recognition method and device for touch screen, and touch screen | |
US8904551B2 (en) | Control of access to files | |
CN109484355B (en) | Method and device for forbidding vehicle key | |
CN1992596A (en) | User authentication device and method | |
CN115051805A (en) | Block chain security access control method based on zero trust security framework | |
JP4903386B2 (en) | Searchable information content for pre-selected data | |
CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
KR102188775B1 (en) | Method and system for remotely controlling client terminals using face recognition and face recognition terminal | |
CN108399710A (en) | A kind of fingerprint recognition alarm method, system and terminal device | |
CN113890762B (en) | Method and system for detecting web crawler behaviors based on flow data | |
US10430612B2 (en) | Electronic preemptive evidentiary escrow platform | |
US20210303667A1 (en) | Facilitating secure unlocking of a computing device | |
CN112507304A (en) | Information management system for retired soldiers | |
CN110365642B (en) | Method and device for monitoring information operation, computer equipment and storage medium | |
US8353032B1 (en) | Method and system for detecting identity theft or unauthorized access | |
CN216122450U (en) | Power grid safety audit system | |
US20220335154A1 (en) | Predictive response-generation systems to facilitate timely compliance with information-disclosure laws | |
CN110570535B (en) | Card punching management method and related device | |
US8627072B1 (en) | Method and system for controlling access to data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |