CN116167079A - Block chain-based data security prevention and control method, device and storage medium - Google Patents
Block chain-based data security prevention and control method, device and storage medium Download PDFInfo
- Publication number
- CN116167079A CN116167079A CN202310096592.0A CN202310096592A CN116167079A CN 116167079 A CN116167079 A CN 116167079A CN 202310096592 A CN202310096592 A CN 202310096592A CN 116167079 A CN116167079 A CN 116167079A
- Authority
- CN
- China
- Prior art keywords
- data
- target
- preset database
- blockchain
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a data security prevention and control method, device and storage medium based on a blockchain, relates to the field of communication, and can solve the problem that data security cannot be found timely and accurately. The method comprises the following steps: receiving a service access request of a target user, wherein the service access request is used for the target user to request to access a target service; acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service; and under the condition that the first authority data is matched with second authority data in a preset database and a target block chain, executing the access operation of the target service, wherein the preset database and the target block chain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is the authority data corresponding to the target service in the at least one authority data. The embodiment of the application is used in the process of monitoring data security.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method and an apparatus for controlling data security based on blockchain, and a storage medium.
Background
At present, data has become a fifth major production element, and information security is important to complete marketing configuration of data.
In the prior art, a common security defense technology is that a user identity authentication is passed, a computer system is entered after the authentication is successful, and then resources such as files and catalogs in the computer system are accessed according to user identity information, role information and access rights.
However, the security protection technique has a risk of being tampered with by a person, for example, if the access record of the temporary access is deleted after the temporary user is authorized to access the system, the data security problem cannot be found timely and accurately.
Disclosure of Invention
The application provides a data security prevention and control method, device and storage medium based on a blockchain, which can solve the problem that data security cannot be found timely and accurately.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, the present application provides a blockchain-based data security prevention and control method, the method comprising: receiving a service access request of a target user, wherein the service access request is used for the target user to request to access a target service; acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service; and under the condition that the first authority data is matched with second authority data in a preset database and a target block chain, executing the access operation of the target service, wherein the preset database and the target block chain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is the authority data corresponding to the target service in the at least one authority data.
Based on the above technical solution, according to the data security prevention and control method based on blockchain provided in the embodiments of the present application, a service access request of a target user is received, where the service access request is used for the target user to request access to a target service; acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service; and under the condition that the first authority data is matched with second authority data in a preset database and a target block chain, executing the access operation of the target service, wherein the preset database and the target block chain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is the authority data corresponding to the target service in the at least one authority data. Because the blockchain technology has the characteristic of non-falsification, the data stored in the target blockchain cannot be falsified, so that when a service is accessed, double verification of a database and the blockchain is carried out, whether the service access is legal or not can be timely found, and the data security problem can be timely and accurately found.
In a first possible implementation manner of the first aspect, before the receiving a service access request of a target user, the method further includes: creating the target block chain, wherein the target block chain comprises a safety calling interface, and the safety calling interface is used for transmitting data; uploading at least one first data in the preset database to the target block chain through the safety calling interface for storage, wherein the at least one first data comprises the at least one authority data, and each first data comprises one authority data.
In a second possible implementation manner of the first aspect, the preset database and the target blockchain further include user data, where the user data is used to characterize a history access user of the preset database and the target blockchain; after the access operation of the target service is executed, the method further includes: and under the condition that the preset database is not matched with the user data in the target blockchain, determining that unauthorized illegal users exist in the historical access users of the preset database.
In a third possible implementation manner of the first aspect, the preset database and the target blockchain further include log data, where the log data is used to characterize a historical operation record of the preset database and the target blockchain; after the access operation of the target service is executed, the method further includes: and under the condition that the preset database is matched with the log data in the target block chain, determining the log data in the preset database as the credible log data.
In a fourth possible implementation manner of the first aspect, after the determining that the log data in the preset database is trusted log data, the method further includes: and executing an audit operation on the preset database based on the trusted log data, wherein the audit operation is used for verifying the security of the preset database.
In a second aspect, the present application provides a blockchain-based data security protection and control device, the device comprising: the device comprises a receiving unit, an acquisition unit and an execution unit, wherein: the receiving unit is configured to receive a service access request of a target user, where the service access request is used for the target user to request access to a target service; the acquiring unit is configured to acquire first permission data of the target service, where the first permission data is used to characterize a user allowed to access the target service; the executing unit is configured to execute an access operation of the target service when the first permission data acquired by the acquiring unit is matched with second permission data in a preset database and a target blockchain, where the preset database and the target blockchain each include at least one permission data, each permission data is used for characterizing a user allowed to access a service, and the second permission data is permission data corresponding to the target service in the at least one permission data.
In a first possible implementation manner of the second aspect, the apparatus further includes: a transmission unit in which: the execution unit is further configured to create the target blockchain before the receiving unit receives a service access request of a target user, where the target blockchain includes a security call interface, and the security call interface is used to transmit data; the sending unit is configured to upload at least one first data in the preset database to the target blockchain through the secure call interface for storage, where the at least one first data includes the at least one permission data, and each first data includes one permission data.
In a second possible implementation manner of the second aspect, the preset database and the target blockchain further include user data, where the user data is used to characterize historical access users of the preset database and the target blockchain; the execution unit is further configured to determine that an unauthorized illegal user exists among the historical access users of the preset database if the preset database is not matched with the user data in the target blockchain after the access operation of the target service is performed.
In a third possible implementation manner of the second aspect, the preset database and the target blockchain further include log data, where the log data is used to characterize a historical operation record of the preset database and the target blockchain; the execution unit is further configured to determine that the log data in the preset database is trusted log data when the preset database matches the log data in the target blockchain after the access operation of the target service is performed.
In a fourth possible implementation manner of the second aspect, the execution unit is further configured to, after determining that the log data in the preset database is trusted log data, perform an audit operation on the preset database based on the trusted log data, where the audit operation is used to verify security of the preset database.
In a third aspect, the present application provides a blockchain-based data security protection and control device, the device comprising: a processor and a communication interface; the communication interface is coupled to a processor for running a computer program or instructions to implement the blockchain-based data security prevention and control method as described in any one of the possible implementations of the first aspect and the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium having instructions stored therein which, when run on a terminal, cause the terminal to perform a blockchain-based data security prevention method as described in any one of the possible implementations of the first aspect and the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product comprising instructions that, when run on a blockchain-based data security device, cause the blockchain-based data security device to perform a blockchain-based data security control method as described in any of the first aspect and any of the possible implementations of the first aspect.
In a sixth aspect, embodiments of the present application provide a chip comprising a processor and a communication interface, the communication interface and the processor being coupled, the processor being configured to execute a computer program or instructions to implement a blockchain-based data security prevention method as described in any one of the possible implementations of the first aspect and the first aspect.
Specifically, the chip provided in the embodiments of the present application further includes a memory, configured to store a computer program or instructions.
Drawings
FIG. 1 is a method flow chart of a data security prevention and control method based on a blockchain according to an embodiment of the present application;
FIG. 2 is one of the internal flowcharts of a block chain based data security prevention and control method according to an embodiment of the present application;
FIG. 3 is a second internal flow chart of a block chain based data security control method according to an embodiment of the present application;
FIG. 4 is a third internal flow chart of a block chain based data security control method according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a data security protection and control device based on a blockchain according to an embodiment of the present application;
FIG. 6 is a schematic diagram of another block chain based data security and protection device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a chip according to an embodiment of the present application.
Detailed Description
The data security prevention and control method, device and storage medium based on the blockchain provided by the embodiment of the application are described in detail below with reference to the accompanying drawings.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
The terms "first" and "second" and the like in the description and in the drawings are used for distinguishing between different objects or for distinguishing between different processes of the same object and not for describing a particular sequential order of objects.
Furthermore, references to the terms "comprising" and "having" and any variations thereof in the description of the present application are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more.
The following explains the terms related to the embodiments of the present application, so as to facilitate the understanding of the reader.
(1) Blockchain techniques
The block chain technology has the characteristics of non-falsification, multiparty consensus, disclosure transparency and the like, lays a technical foundation for creating trust among multiple subjects, and can better ensure the rights and interests of ownership in the use process of the data crossing institutions and prevent the data from being falsified or illegally used.
(2) Information security
Information security, the definition of the international organization for standardization is: technical, administrative security is established and employed for data processing systems in order to protect computer hardware, software, data from tampering, alteration, and leakage by accidental and malicious causes.
Currently, the main issues of information security concern are confidentiality, integrity, and availability of data. Common security defense technologies include intrusion detection technologies, firewall and virus protection technologies, digital signature and biometric technologies, information encryption processing and access control technologies, security audit technologies, and the like. In the related art, the common security defense technology has the risk of being breached by a hacker from outside to some extent, and the risk of being breached by "inside-outside combination" is further exacerbated for the situations of internal human intervention and the like. For the risks of asymmetry or opacity, the current technical means are difficult to bring up, and are difficult to discover in time after the occurrence of the security problem. Specifically:
Access control techniques are the most common method of access control and rights management. For example, role-based access control refers to a user accessing a computer system through identity authentication, and accessing resources such as files and directories in the computer system according to the identity of the user, roles and resource access rights. The method has potential risks of manual tampering, illegal authorization and the like, so that illegal access is caused.
For example, the administrator temporarily increases the query authority of a certain important resource to the common user a, and after the common user a completes the illegal query, the temporary authority data is deleted, which makes it difficult to track and locate after the security problem occurs in the system.
The security audit technique is exemplified by a common logging method. The log data stored in the database may present a risk of being tampered with from the source, which will also greatly reduce the effectiveness of the security audit.
For example, after the system is broken by a hacker, the access log records of the important resources are deleted, so that the failure of the inspection and audit means in the aspect of service safety operation can not be found in time after the system safety problem occurs.
In order to solve the problem that the data security cannot be found timely and accurately in the prior art, the application provides a data security prevention and control method based on a block chain, which is used for receiving a service access request of a target user, wherein the service access request is used for the target user to request to access a target service; acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service; and under the condition that the first authority data is matched with second authority data in a preset database and a target block chain, executing the access operation of the target service, wherein the preset database and the target block chain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is the authority data corresponding to the target service in the at least one authority data. Because the blockchain technology has the characteristic of non-falsification, the data stored in the target blockchain cannot be falsified, so that when a service is accessed, double verification of a database and the blockchain is carried out, whether the service access is legal or not can be timely found, and the data security problem can be timely and accurately found.
As shown in fig. 1, a flowchart of a blockchain-based data security prevention and control method according to an embodiment of the present application is provided, and the method includes the following steps S101 to S103:
s101, receiving a service access request of a target user.
In this embodiment of the present application, the service access request is used for the target user to request access to a target service.
The target user may be a user of other electronic devices, or may be a user of a local electronic device.
Illustratively, the service access request may include: query requests, download requests, upload requests, etc.
In the embodiment of the present application, the above service access request may be classified into two types: legal access requests and illegal access requests.
Illustratively, the legal access request is used to indicate that the access request is authorized to be allowed.
Illustratively, the above-described illegitimate access request is used to indicate that the access request is not authorized to be allowed.
S102, acquiring first authority data of a target service.
In this embodiment of the present application, the first permission data is used to characterize a user allowed to access the target service.
The access request corresponding to the user allowed to access the target service is a legal access request.
And S103, executing access operation of the target service under the condition that the first authority data is matched with the second authority data in the preset database and the target block chain.
In this embodiment of the present application, the preset database and the target blockchain each include at least one permission data.
In the embodiment of the application, each authority data is used for characterizing a user allowed to access a service.
In this embodiment of the present application, the second permission data is permission data corresponding to the target service in the at least one permission data.
The preset database may be a service database, which may store data information corresponding to the service.
In the embodiment of the present application, the target blockchain may be newly created for the user. For a detailed description of the blockchain, reference is made to the description of the noun interpretation section described above, and no further description is given here.
For example, as shown in fig. 2, when a service access request is received, a double check of a database authority check (i.e. the preset database) and a blockchain authority check (i.e. the target blockchain) is performed, and if the double check checks are successful (i.e. all match), the service access request is determined to be a legal access request, so as to execute a corresponding access operation.
In the data security prevention and control based on the blockchain, a service access request of a target user is received, wherein the service access request is used for the target user to request to access a target service; acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service; and under the condition that the first authority data is matched with second authority data in a preset database and a target block chain, executing the access operation of the target service, wherein the preset database and the target block chain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is the authority data corresponding to the target service in the at least one authority data. Because the blockchain technology has the characteristic of non-falsification, the data stored in the target blockchain cannot be falsified, so that when a service is accessed, double verification of a database and the blockchain is carried out, whether the service access is legal or not can be timely found, and the data security problem can be timely and accurately found.
Optionally, in the embodiment of the present application, before step S101, the data security protection and control method based on blockchain provided in the embodiment of the present application may further include the following step S201 and step S202:
s201, creating a target blockchain.
In an embodiment of the present application, the target blockchain includes a secure invocation interface.
In this embodiment of the present application, the security call interface is used to transmit data.
In the embodiment of the application, a blockchain can be built first, and then a secure certificate calling interface is provided for the outside in a alliance chain mode.
S202, uploading at least one first data in a preset database to a target block chain through a safe calling interface for storage.
In an embodiment of the present application, the at least one first data includes the at least one permission data.
It should be noted that each of the first data includes one permission data.
The first data may include data about organization, users, roles, rights, and logs, for example.
In the embodiment of the application, related data of organization, users, roles, authorities and logs can be stored in the target blockchain through the certificate calling interface so as to ensure that two sets of completely consistent data exist on a business database and the blockchain from a data source head.
Therefore, the data in the block chain can be kept unchanged all the time by storing the data into the block chain, and the validity of a verification result is ensured when the verification is performed subsequently.
Optionally, in the embodiment of the present application, the preset database and the target blockchain further include user data; after the step S103, the data security prevention and control method based on blockchain provided in the embodiment of the present application may further include the following step S104:
and S104, under the condition that the preset database is not matched with the user data in the target blockchain, determining that unauthorized illegal users exist in the historical access users of the preset database.
In this embodiment of the present application, the user data is used to characterize the preset database and the historical access users of the target blockchain.
Illustratively, after a user makes a business access to a preset database, the preset database stores user data for the user.
For example, as shown in fig. 3, the comparison inspection on the preset database and the target blockchain can be performed at regular time or in real time, for example, the database user table (i.e. the user data of the preset database) and the blockchain user table (i.e. the user data of the target blockchain) are compared one by one, and in the case that the two user tables are different, the presence of an illegal user in the database user table is proved.
In the embodiment of the application, the user data in the preset database and the target blockchain are compared and checked, so that the data are transparent abnormally, visualized, risks such as illegal authorization and the like are exposed in advance, and the potential safety hazard of the system is reduced.
Therefore, whether an illegal user exists or not can be clearly determined by comparing historical access users in the database and the blockchain, and the safety of data is ensured.
Optionally, in an embodiment of the present application, the preset database and the target blockchain further include log data; after the step S103, the data security prevention and control method based on blockchain provided in the embodiments of the present application may further include the following step S105:
s105, under the condition that the preset database is matched with the log data in the target block chain, determining that the log data in the preset database is the credible log data.
In this embodiment of the present application, the log data is used to characterize the preset database and the historical operating record of the target blockchain.
The above log data may be a log file or a log table, for example.
Illustratively, after an operation is performed on a preset database, the preset database generates log data corresponding to the operation, and stores the log data.
For example, taking the above-mentioned preset database as a website database, various operations of a visitor when browsing the website, for example, browsing a certain webpage, will be written into a file in a recorded line, and the file is stored in the website database.
For example, as shown in fig. 4, the database log table (i.e., the log data of the preset database) and the blockchain log table (i.e., the log data of the target blockchain) may be compared one by one, and in the case that the two log tables are the same, it is determined that the database log table is trusted for subsequent operations.
Therefore, by comparing the log data in the database with the log data in the blockchain, whether the log data in the database is the trusted data can be determined, and the effectiveness of subsequent operation is ensured.
Optionally, in the embodiment of the present application, after step S105, the data security protection and control method based on blockchain provided in the embodiment of the present application may further include the following step S106:
s106, based on the trusted log data, performing audit operation on a preset database.
In this embodiment of the present application, the audit operation is used to verify the security of the preset database.
The audit operation is, for example, a process of checking, examining and verifying the environment and activity of the operation event corresponding to the preset database, thereby discovering system vulnerabilities, intrusion behaviors or improving system performance.
In the embodiment of the application, before the audit operation is performed, the log data in the preset database and the log data in the target blockchain can be compared to determine that the log data in the preset database is accurate, so that the result obtained by the audit operation performed according to the log data can be effective.
Therefore, only when the log data is determined to be credible, the audit operation is performed, invalid audit is effectively avoided, and audit efficiency is improved.
According to the embodiment of the application, the functional modules or functional units of the data security protection and control device based on the blockchain can be divided according to the method example, for example, each functional module or functional unit can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware, or in software functional modules or functional units. The division of the modules or units in the embodiments of the present application is merely a logic function division, and other division manners may be implemented in practice.
Fig. 5 is a schematic structural diagram of a data security protection and control device based on a blockchain according to an embodiment of the present application, where the device includes: a receiving unit 201, an acquiring unit 202, and an executing unit 203.
Wherein, the receiving unit 201 is configured to receive a service access request of a target user, where the service access request is used for the target user to request access to a target service; the acquiring unit 202 is configured to acquire first permission data of the target service, where the first permission data is used to characterize a user allowed to access the target service; the executing unit 203 is configured to execute the access operation of the target service when the first permission data acquired by the acquiring unit 202 is matched with second permission data in a preset database and a target blockchain, where each of the preset database and the target blockchain includes at least one permission data, each permission data is used for characterizing a user allowed to access a service, and the second permission data is permission data corresponding to the target service in the at least one permission data.
Optionally, in an embodiment of the present application, the above-mentioned data security protection and control device based on a blockchain further includes: a transmission unit in which: the executing unit 203 is further configured to create the target blockchain before the receiving unit 201 receives the service access request of the target user, where the target blockchain includes a security call interface, and the security call interface is used to transmit data; the sending unit is configured to upload at least one first data in the preset database to the target blockchain through the secure call interface for storage, where the at least one first data includes the at least one permission data, and each first data includes one permission data.
Optionally, in an embodiment of the present application, the preset database and the target blockchain further include user data, where the user data is used to characterize historical access users of the preset database and the target blockchain; the executing unit 203 is further configured to determine that an unauthorized illegal user exists among the historical access users of the preset database if the preset database is not matched with the user data in the target blockchain after the access operation of the target service is executed.
Optionally, in an embodiment of the present application, the preset database and the target blockchain further include log data, where the log data is used to characterize historical operation records of the preset database and the target blockchain; the executing unit 203 is further configured to determine that the log data in the preset database is trusted log data when the preset database matches the log data in the target blockchain after the executing the access operation of the target service.
Optionally, in this embodiment of the present application, the executing unit 203 is further configured to, after determining that the log data in the preset database is trusted log data, execute an audit operation on the preset database based on the trusted log data, where the audit operation is used to verify security of the preset database.
In the data security prevention and control device based on the blockchain, a service access request of a target user is received, wherein the service access request is used for the target user to request to access a target service; acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service; and under the condition that the first authority data is matched with second authority data in a preset database and a target block chain, executing the access operation of the target service, wherein the preset database and the target block chain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is the authority data corresponding to the target service in the at least one authority data. Because the blockchain technology has the characteristic of non-falsification, the data stored in the target blockchain cannot be falsified, so that when a service is accessed, double verification of a database and the blockchain is carried out, whether the service access is legal or not can be timely found, and the data security problem can be timely and accurately found.
When implemented in hardware, the receiving unit 201 in the embodiments of the present application may be integrated on a communication interface, and the acquiring unit 202 and the executing unit 203 may be integrated on a processor. A specific implementation is shown in fig. 6.
Fig. 6 shows a schematic diagram of still another possible architecture of the blockchain-based data security protection and control device involved in the above embodiment. The data security prevention and control device based on the block chain comprises: a processor 302 and a communication interface 303. The processor 302 is configured to control and manage the actions of the blockchain-based data security device, e.g., perform the steps performed by the acquisition unit 202 and the execution unit 203 described above, and/or perform other processes of the techniques described herein. The communication interface 303 is used to support communication between the blockchain-based data security control device and other network entities, for example, to perform the steps performed by the receiving unit 201. The blockchain-based data security device may further include a memory 301 and a bus 304, the memory 301 for storing program codes and data of the blockchain-based data security device.
Wherein the memory 301 may be a memory in a blockchain-based data security protection device or the like, which may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, hard disk or solid state disk; the memory may also comprise a combination of the above types of memories.
The processor 302 described above may be implemented or executed with various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor may also be a combination that performs the function of a computation, e.g., a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, etc.
Fig. 7 is a schematic structural diagram of a chip 170 according to an embodiment of the present application. Chip 170 includes one or more (including two) processors 1710 and communication interfaces 1730.
Optionally, the chip 170 further includes a memory 1740, the memory 1740 may include read-only memory and random access memory, and provides operating instructions and data to the processor 1710. A portion of memory 1740 may also include non-volatile random access memory (non-volatilerandom accessmemory, NVRAM).
In some implementations, memory 1740 stores the elements, execution modules or data structures, or a subset thereof, or an extended set thereof.
In the present embodiment, the corresponding operations are performed by invoking operational instructions stored in memory 1740 (which may be stored in the operating system).
Wherein the processor 1710 may implement or perform various exemplary logic blocks, units, and circuits described in connection with the present disclosure. The processor may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, units and circuits described in connection with this disclosure. The processor may also be a combination that performs the function of a computation, e.g., a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, etc.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
Embodiments of the present application provide a computer program product comprising instructions that, when executed on a computer, cause the computer to perform the blockchain-based data security protection method of the method embodiments described above.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions, and when the instructions run on a computer, the computer is caused to execute the data security prevention and control method based on the blockchain in the method flow shown in the method embodiment.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RandomAccess Memory, RAM), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (ErasableProgrammableReadOnlyMemory, EPROM), a register, a hard disk, an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing, or any other form of computer readable storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (ApplicationSpecificIntegrated Circuit, ASIC). In the context of the present application, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Embodiments of the present invention provide a computer program product comprising instructions that, when executed on a computer, cause the computer to perform a blockchain-based data security prevention method as described in fig. 1-4.
Since the blockchain-based data security control device, the computer readable storage medium and the computer program product in the embodiments of the present invention can be applied to the above method, the technical effects that can be obtained by the blockchain-based data security control device and the computer readable storage medium can also refer to the above method embodiments, and the embodiments of the present invention are not described herein again.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, indirect coupling or communication connection of devices or units, electrical, mechanical, or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. A blockchain-based data security prevention and control method, the method comprising:
receiving a service access request of a target user, wherein the service access request is used for the target user to request to access a target service;
Acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service;
and executing access operation of the target service under the condition that the first authority data is matched with second authority data in a preset database and a target blockchain, wherein the preset database and the target blockchain comprise at least one authority data, each authority data is used for representing a user allowed to access one service, and the second authority data is authority data corresponding to the target service in the at least one authority data.
2. The method of claim 1, wherein prior to receiving the service access request of the target user, the method further comprises:
creating the target blockchain, wherein the target blockchain comprises a security call interface, and the security call interface is used for transmitting data;
uploading at least one first data in the preset database to the target blockchain through the secure call interface for storage, wherein the at least one first data comprises the at least one authority data, and each first data comprises one authority data.
3. The method of claim 1 or 2, further comprising user data in the preset database and the target blockchain, the user data being used to characterize historical access users of the preset database and the target blockchain;
after the access operation of the target service is executed, the method further comprises:
and under the condition that the preset database is not matched with the user data in the target blockchain, determining that unauthorized illegal users exist in the historical access users of the preset database.
4. The method of claim 1 or 2, wherein the preset database and the target blockchain further comprise log data, wherein the log data is used for representing historical operation records of the preset database and the target blockchain;
after the access operation of the target service is executed, the method further comprises:
and under the condition that the preset database is matched with the log data in the target blockchain, determining that the log data in the preset database is credible log data.
5. The method of claim 4, wherein after the determining that the log data in the preset database is trusted log data, the method further comprises:
And executing audit operation on the preset database based on the trusted log data, wherein the audit operation is used for verifying the security of the preset database.
6. A blockchain-based data security prevention and control device, the device comprising: the device comprises a receiving unit, an acquisition unit and an execution unit, wherein:
the receiving unit is used for receiving a service access request of a target user, wherein the service access request is used for the target user to request to access a target service;
the acquiring unit is used for acquiring first authority data of the target service, wherein the first authority data is used for representing a user allowed to access the target service;
the execution unit is configured to execute an access operation of the target service when the first permission data acquired by the acquisition unit is matched with second permission data in a preset database and a target blockchain, where each of the preset database and the target blockchain includes at least one permission data, each permission data is used for characterizing a user allowed to access one service, and the second permission data is permission data corresponding to the target service in the at least one permission data.
7. The apparatus of claim 6, wherein the apparatus further comprises: a transmission unit in which:
the execution unit is further configured to create the target blockchain before the receiving unit receives a service access request of a target user, where the target blockchain includes a security call interface, and the security call interface is used to transmit data;
the sending unit is configured to upload at least one first data in the preset database to the target blockchain through the secure call interface for storage, where the at least one first data includes the at least one permission data, and each first data includes one permission data.
8. The apparatus of claim 6 or 7, further comprising user data in the preset database and the target blockchain, the user data being used to characterize historical access users of the preset database and the target blockchain;
the execution unit is further configured to determine that an unauthorized illegal user exists among the historical access users of the preset database if the preset database is not matched with the user data in the target blockchain after the access operation of the target service is executed.
9. The apparatus of claim 6 or 7, further comprising log data in the preset database and the target blockchain, the log data being used to characterize historical operating records of the preset database and the target blockchain;
the execution unit is further configured to determine that the log data in the preset database is trusted log data if the preset database is matched with the log data in the target blockchain after the access operation of the target service is executed.
10. The apparatus of claim 9, wherein the device comprises a plurality of sensors,
the execution unit is further configured to execute an audit operation on the preset database based on the trusted log data after the log data in the preset database is determined to be the trusted log data, where the audit operation is used for verifying the security of the preset database.
11. A blockchain-based data security prevention and control device, comprising: a processor and a communication interface; the communication interface is coupled to the processor for executing a computer program or instructions to implement the blockchain-based data security prevention and control method as recited in any of claims 1-5.
12. A computer readable storage medium having instructions stored therein, wherein when executed by a computer, the computer performs the blockchain-based data security protection method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310096592.0A CN116167079A (en) | 2023-01-20 | 2023-01-20 | Block chain-based data security prevention and control method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310096592.0A CN116167079A (en) | 2023-01-20 | 2023-01-20 | Block chain-based data security prevention and control method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116167079A true CN116167079A (en) | 2023-05-26 |
Family
ID=86412759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310096592.0A Pending CN116167079A (en) | 2023-01-20 | 2023-01-20 | Block chain-based data security prevention and control method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116167079A (en) |
-
2023
- 2023-01-20 CN CN202310096592.0A patent/CN116167079A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2007252841B2 (en) | Method and system for defending security application in a user's computer | |
| US8601580B2 (en) | Secure operating system/web server systems and methods | |
| CA3138850A1 (en) | Mitigation of ransomware in integrated, isolated applications | |
| KR20100003234A (en) | Method and system for a platform-based trust verifying service for multi-party verification | |
| JP4636607B2 (en) | How to protect sensitive files in security application | |
| US11658996B2 (en) | Historic data breach detection | |
| CN114297708A (en) | Access control method, device, equipment and storage medium | |
| US20160335433A1 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| CN101324913B (en) | Method and apparatus for protecting computer file | |
| CN115310084A (en) | Tamper-proof data protection method and system | |
| CN101308700A (en) | Divulging secret prevention U disk | |
| Wueest et al. | Mistakes in the IaaS cloud could put your data at risk | |
| Kaczmarek et al. | Operating system security by integrity checking and recovery using write‐protected storage | |
| US20090204544A1 (en) | Activation by trust delegation | |
| CN116167079A (en) | Block chain-based data security prevention and control method, device and storage medium | |
| US11611570B2 (en) | Attack signature generation | |
| Lourida et al. | Assessing database and network threats in traditional and cloud computing | |
| Pill | 10 Database Attacks | |
| KR102358099B1 (en) | A method for interception of hacker | |
| US11582248B2 (en) | Data breach protection | |
| Mardjan et al. | Open Reference Architecture for Security and Privacy Documentation | |
| Fgee et al. | My Security for Dynamic Websites in Educational Institution | |
| Feng et al. | Security audit in mobile apps security design | |
| CN117235818A (en) | Encryption authentication method and device based on solid state disk, computer equipment and medium | |
| Chi et al. | Baseline Technical Measures for Data Privacy INthe Cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |