[go: up one dir, main page]

CN119358023A - A geological data access control method and system based on information encryption - Google Patents

A geological data access control method and system based on information encryption Download PDF

Info

Publication number
CN119358023A
CN119358023A CN202411561394.8A CN202411561394A CN119358023A CN 119358023 A CN119358023 A CN 119358023A CN 202411561394 A CN202411561394 A CN 202411561394A CN 119358023 A CN119358023 A CN 119358023A
Authority
CN
China
Prior art keywords
data
user
access
key
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411561394.8A
Other languages
Chinese (zh)
Inventor
覃天意
曲柄宇
王建斌
王书辉
张光炎
曹彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Communications Information Technology Group Co ltd
Original Assignee
China Communications Information Technology Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Communications Information Technology Group Co ltd filed Critical China Communications Information Technology Group Co ltd
Publication of CN119358023A publication Critical patent/CN119358023A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及信息安全和加密技术技术领域,尤其是涉及一种基于信息加密的地质数据访问控制方法及系统,其包括:数据采集模块、数据分类模块、数据加密模块、身份验证和权限管理模块、数据访问控制模块和访问记录和审计模块;所述数据采集模块用于获取地质数据;所述数据分类模块用于根据数据的不同属性对地质数据进行分类;所述数据加密模块用于使用AES和HSM对分类后的数据进行加密处理;所述身份验证和权限管理模块用于在用户登录时进行多因素身份验证,根据用户角色分配不同的数据访问权限,并在用户通过验证后,根据用户权限检索并提供相应的加密密钥;所述数据访问控制模块用于在用户请求访问地质数据时,检查用户权限,确定用户是否有权访问请求的数据,并根据权限为用户分配相应的加密密钥;在用户使用分配的加密密钥对数据进行解密后,将解密后的明文数据提供给用户;所述访问记录和审计模块用于记录用户的访问行为。

The invention relates to the technical field of information security and encryption technology, and in particular to a geological data access control method and system based on information encryption, which comprises: a data acquisition module, a data classification module, a data encryption module, an identity authentication and authority management module, a data access control module and an access record and audit module; the data acquisition module is used to acquire geological data; the data classification module is used to classify geological data according to different attributes of the data; the data encryption module is used to encrypt the classified data using AES and HSM; the identity authentication and authority management module is used to perform multi-factor identity authentication when a user logs in, allocate different data access rights according to user roles, and retrieve and provide corresponding encryption keys according to user rights after the user passes the verification; the data access control module is used to check user rights when a user requests to access geological data, determine whether the user has the right to access the requested data, and allocate corresponding encryption keys to the user according to the rights; after the user uses the allocated encryption key to decrypt the data, the decrypted plaintext data is provided to the user; and the access record and audit module is used to record the user's access behavior.

Description

Geological data access control method and system based on information encryption
Technical Field
The invention relates to the technical field of information security and encryption, in particular to a geological data access control method and system based on information encryption.
Background
With the development of geological exploration and modeling techniques, the secure storage and access control of geological data is becoming an important issue. Conventional geological data management systems generally have a risk of data leakage, and it is difficult to ensure the integrity and security of data. In the prior art, although some encryption and access control methods exist, most of the encryption and access control methods are complex and low in efficiency, and the requirements of modern geological data management are difficult to meet. The information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
Disclosure of Invention
The invention aims to provide a geological data access control method and system based on information encryption, which are used for solving the technical problems in the prior art.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
In a first aspect, the present invention provides a geological data access control method based on information encryption, which includes the following steps:
S1, data encryption processing comprises the following steps:
s11, obtaining geological data;
s12, classifying the data, namely classifying the geological data according to different attributes of the data;
S13, encrypting the data, namely encrypting the classified data by using AES and HSM;
s2, identity verification and authorization, including:
s21, multi-factor authentication, namely, the user needs to be subjected to multi-factor authentication when accessing the system;
s22, authority management, namely the system distributes different data access authorities according to the roles of the users;
S23, after the user passes the verification, the system retrieves the corresponding encryption key according to the user authority;
s3, data access control, which comprises the following steps:
S31, processing the access request, namely selecting the data type to be accessed by a user in the system, checking the authority of the user by the system, and determining whether the user has the right to access the requested data or not;
s32, decrypting the data by using the distributed encryption key by the user to obtain the needed geological data;
S33, providing data and safety access, wherein the system provides decrypted plaintext data for a user, and the provided data is recorded as an access event to ensure the transparency of use;
S34, accessing the record, namely recording the access behavior of the user and realizing the traceability of the access record.
Preferably, in step S1:
S11, obtaining geological data, including:
collecting geological data from a geological exploration, wherein the geological data comprises drilling data, geological profile data, soil sample data and groundwater level data;
S12, classifying the data, namely classifying the geological data according to different attributes of the data, wherein the generated classification attribute information comprises soil component data, geological horizon data and groundwater level data;
The soil composition data includes chemical composition and physical properties of the soil;
the geological horizon data comprises rock types and horizon information of different strata;
the groundwater level data comprises water level height and water quality parameters;
S13, encrypting the data, namely encrypting the classified data by using AES and HSM.
Preferably, in step S13, the encryption processing using AES includes:
Key generation-a 192-bit random key is generated using a secure random number generator, and the unpredictability of the key is ensured using a secure random number generator (cspng). The generated key is stored in an HSM key management system in an encrypted mode so as to prevent unauthorized access;
data partitioning, namely dividing data to be encrypted into blocks (192 bits in general) with fixed sizes to adapt to an AES encryption algorithm;
The encryption process comprises the steps of 1, key expansion, generating a group of round keys (key schedule) for encryption operation of each round through a key expansion algorithm, 2, initial round, performing initial round transformation on a data block, wherein the initial round comprises byte substitution and row shift operation of the initial round, 3, main round, 12-round main round transformation, each round comprises byte substitution, row shift, column mixing and key addition operation, and 4, final round, and final round transformation which does not comprise column mixing;
After encryption, outputting a ciphertext data block, and storing the ciphertext data block together with a data block index and a time stamp to ensure the integrity and traceability of the data;
Key management the generated keys (such as K1, K2 and K3) are stored in the private key management system after being encrypted. The system adopts a Hardware Security Module (HSM) based solution to ensure the security of the key access process.
Preferably, in step S13, the HSM use includes:
the key generation and storage are used for generating an AES encryption key and storing the key in an encryption mode to prevent unauthorized access, wherein the key generation process is carried out in the HSM, and the randomness and the security of the key are ensured by utilizing a built-in hardware random number generator;
The key access control, namely, the HSM ensures that only authorized users and applications can access the key through Access Control List (ACL) and user role management, and the generation, access and use of the key are recorded in the log of the HSM each time to provide a complete audit trail;
The key backup and recovery method comprises the steps that the HSM supports the key backup and recovery functions, the key backup is carried out on a physically isolated secure medium and needs multiple authentications for recovery, and the HSM ensures the recovery capability of the key in case of hardware failure through supporting multiple backup strategies.
Preferably, in step S13, the process of the present invention,
Performing AES encryption on the soil component data to generate an encryption key K1;
AES encryption is carried out on geological horizon data, and an encryption key K2 is generated;
AES encryption is performed on the groundwater level data, generating an encryption key K3.
Preferably, in step S2:
S21, multi-factor authentication, wherein the user needs to be subjected to multi-factor authentication when accessing the system, and the multi-factor authentication comprises the following steps:
When a user logs in a system, firstly, password verification is carried out;
after the password passes the verification, performing biological feature verification;
after the biological characteristics pass verification, a temporary access token is generated, and the user is authorized to access corresponding data;
s22, authority management, namely the system distributes different data access authorities according to the roles of the users;
The administrator has complete access rights, and can read and modify all data;
wherein a geological engineer has access to data related to exploration and analysis;
wherein the common user is limited to viewing public information or low sensitivity data;
s23, obtaining the key, namely after the user passes the verification, the system searches and provides the corresponding encryption key according to the user authority, and when the user requests to access the specific data, the system provides the corresponding encryption key.
Preferably, in step S3:
S31, processing the access request, namely selecting the data type to be accessed by a user in the system, checking the authority of the user by the system, and determining whether the user has the right to access the requested data or not;
S32, decrypting the data by using the distributed encryption key to acquire the needed geological data, wherein the decryption process comprises the steps of downloading the encrypted geological data block from the system by the user, decrypting by using the acquired AES key, and restoring the plaintext data according to the process opposite to the encryption process;
S33, providing data and safety access, wherein the system provides decrypted plaintext data for a user, and the provided data is recorded as an access event to ensure the transparency of use;
s34, recording access behaviors of a user, and realizing traceability of the access records;
wherein the system records each access operation of the user, including access time, user identity, type of data accessed, and decryption key.
The log information is stored in a safe log system and is used for subsequent security audit and access tracing;
The access activity of the system is monitored in real time through log analysis, abnormal behaviors are detected, and timely response is conducted.
Preferably, in step S32, the AES decryption flow includes:
The method comprises the steps of initial preparation, namely dividing an encrypted data block into 192-bit blocks, and preparing for decryption;
The decryption round comprises the steps of performing inverse key addition operation firstly, performing exclusive OR operation on the last round of key and ciphertext block, performing inverse column mixing, namely, applying inverse column mixing operation to restore a data structure in each round of inverse operation, performing inverse shift operation on data lines in each round of inverse operation, performing inverse byte substitution, namely, replacing bytes with original values through an inverse S box, and performing round circulation, namely, repeating the inverse operation until the original plaintext data block is restored;
And verifying the integrity of the decrypted data by using a built-in Message Authentication Code (MAC), and after the verification is passed, confirming that the data is not tampered and preparing for analysis.
The invention provides an information encryption-based geological data access control system which comprises a data acquisition module, a data classification module, a data encryption module, an identity verification and authority management module, a data access control module and an access record and audit module, wherein the data acquisition module is used for acquiring geological data, the data classification module is used for classifying the geological data according to different attributes of the data, the data encryption module is used for conducting encryption processing on the classified data by using AES and HSM, the identity verification and authority management module is used for conducting multi-factor identity verification when a user logs in, different data access authorities are distributed according to user roles, and after the user passes verification, the corresponding encryption keys are searched and provided according to the user authorities, the data access control module is used for checking the user authorities when the user requests to access the geological data, determining whether the user has the right to access requested data and distributing the corresponding encryption keys according to the authorities, after the user decrypts the data by using the distributed encryption keys, the decrypted plaintext data is provided for the user, and the access record and the module is used for recording the access behaviors of the user.
By adopting the technical scheme, the invention has the following beneficial effects:
The invention provides a geological data access control method and system based on information encryption, which utilize advanced encryption technology and a multi-factor authentication mechanism to realize the safe storage and access control of geological data, thereby reducing the risk of data leakage and improving the safety and reliability of the system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will briefly explain the drawings needed in the embodiments or the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of an overall architecture of a geological data access control system based on information encryption according to an embodiment of the present invention;
FIG. 2 is a flow chart of data encryption provided in an embodiment of the present invention;
FIG. 3 is a flowchart of authentication and rights management provided by an embodiment of the present invention;
Fig. 4 is a flow chart of data access control according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made apparent and fully in view of the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The following describes specific embodiments of the present invention in detail with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
Examples
Referring to fig. 1 to 4, the present embodiment provides a geological data access control method based on information encryption, which includes the following steps:
S1, data encryption processing comprises the following steps:
s11, obtaining geological data;
collecting geological data from a geological exploration, wherein the geological data comprises drilling data, geological profile data, soil sample data and groundwater level data;
the collected data is transmitted in real time in a wired or wireless mode before being transmitted to a data processing system, so that timeliness and integrity of the data are ensured.
S12, data classification:
Geological data is classified according to different attributes of the data so as to carry out targeted encryption, such as soil components, geological horizons, groundwater levels and the like. The generated classification attribute information comprises soil component data, geological horizon data and groundwater level data;
The soil composition data includes chemical composition and physical properties of the soil;
the geological horizon data comprises rock types and horizon information of different strata;
the groundwater level data comprises water level height and water quality parameters;
S13, data encryption:
the classified data is encrypted using AES (advanced encryption standard) and HSM (hardware security module), and preferably a 192-bit encryption key is selected to balance security and performance.
Therein, preferably, in step S13, the encryption processing using AES includes:
Key generation-a 192-bit random key is generated using a secure random number generator, and the unpredictability of the key is ensured using a secure random number generator (cspng). The generated key is stored in an HSM key management system in an encrypted mode so as to prevent unauthorized access;
data partitioning, namely dividing data to be encrypted into blocks (192 bits in general) with fixed sizes to adapt to an AES encryption algorithm;
The encryption process comprises the steps of 1, key expansion, generating a group of round keys (key schedule) for encryption operation of each round through a key expansion algorithm, 2, initial round, performing initial round transformation on a data block, wherein the initial round comprises byte substitution and row shift operation of the initial round, 3, main round, 12-round main round transformation, each round comprises byte substitution, row shift, column mixing and key addition operation, and 4, final round, and final round transformation which does not comprise column mixing;
After encryption, outputting a ciphertext data block, and storing the ciphertext data block together with a data block index and a time stamp to ensure the integrity and traceability of the data;
Key management the generated keys (such as K1, K2 and K3) are stored in the private key management system after being encrypted. The system adopts a Hardware Security Module (HSM) based solution to ensure the security of the key access process.
Wherein, preferably, in step S13,
Performing AES encryption on the soil component data to generate an encryption key K1;
AES encryption is carried out on geological horizon data, and an encryption key K2 is generated;
AES encryption is performed on the groundwater level data, generating an encryption key K3.
Wherein, preferably, in step S13, the HSM use includes:
the key generation and storage are used for generating an AES encryption key and storing the key in an encryption mode to prevent unauthorized access, wherein the key generation process is carried out in the HSM, and the randomness and the security of the key are ensured by utilizing a built-in hardware random number generator;
The key access control, namely, the HSM ensures that only authorized users and applications can access the key through Access Control List (ACL) and user role management, and the generation, access and use of the key are recorded in the log of the HSM each time to provide a complete audit trail;
The key backup and recovery method comprises the steps that the HSM supports the key backup and recovery functions, the key backup is carried out on a physically isolated secure medium and needs multiple authentications for recovery, and the HSM ensures the recovery capability of the key in case of hardware failure through supporting multiple backup strategies.
S2, identity verification and authorization, including:
s21, multi-factor authentication, namely the user needs to be subjected to multi-factor authentication when accessing the system, and the method specifically comprises the following steps:
step 1, password verification:
the user inputs his personal password through the secure input interface.
The system performs hash operation on the password and compares the password with the password hash stored in the database.
If the matching is successful, the next step of verification is carried out, otherwise, access is refused and login attempt is recorded.
Step 2, biometric authentication (fingerprint identification):
the user needs to verify his identity through a fingerprint identifier.
Fingerprint data is collected through a sensor and is compared with a prestored encrypted fingerprint template.
After verification is successful, the system records a successful authentication event.
Step 3, temporary access token generation:
The system generates a time-based temporary access token (TOTP) and communicates it to the user's registration device.
The user enters a token to complete the final authentication step.
After successful generation and input of the token, the user obtains temporary access of the corresponding rights.
S22, authority management, namely the system distributes different data access authorities according to the roles of the users;
The administrator has complete access rights, and can read and modify all data;
Wherein a geological engineer has access to data related to exploration and analysis, such as geologic horizons and groundwater levels;
wherein the common user is limited to viewing public information or low sensitivity data;
S23, obtaining the key, namely after the user passes the verification, the system searches the corresponding encryption key according to the user authority, and when the user requests to access the specific data, the system provides the corresponding encryption key.
S3, data access control, which comprises the following steps:
S31, processing the access request, namely selecting the data type to be accessed by a user in the system, checking the authority of the user by the system, and determining whether the user has the right to access the requested data or not;
S32, decrypting the data by using the distributed encryption key to acquire the needed geological data, wherein the decryption process comprises the steps of downloading the encrypted geological data block from the system by the user, decrypting by using the acquired AES key, and restoring the plaintext data according to the process opposite to the encryption process;
preferably, in step S32, the AES decryption flow includes:
The method comprises the steps of initial preparation, namely dividing an encrypted data block into 192-bit blocks, and preparing for decryption;
The decryption round comprises the steps of performing inverse key addition operation firstly, performing exclusive OR operation on the last round of key and ciphertext block, performing inverse column mixing, namely, applying inverse column mixing operation to restore a data structure in each round of inverse operation, performing inverse shift operation on data lines in each round of inverse operation, performing inverse byte substitution, namely, replacing bytes with original values through an inverse S box, and performing round circulation, namely, repeating the inverse operation until the original plaintext data block is restored;
And verifying the integrity of the decrypted data by using a built-in Message Authentication Code (MAC), and after the verification is passed, confirming that the data is not tampered and preparing for analysis.
S33, providing data and safety access, wherein the system provides decrypted plaintext data for a user, and the provided data is recorded as an access event to ensure the transparency of use;
S34, accessing the record, namely recording the access behavior of the user and realizing the traceability of the access record.
Wherein the system records each access operation of the user, including access time, user identity, type of data accessed, and decryption key.
The log information is stored in a safe log system and is used for subsequent security audit and access tracing;
The access activity of the system can be monitored in real time through log analysis, and abnormal behaviors are detected and responded in time.
In summary, the advantages of the invention are mainly reflected in the following aspects:
The technical effects are as follows:
1. The data security is obviously improved:
The invention realizes high-intensity encryption of geological data by combining the advanced encryption standard of AES and a Hardware Security Module (HSM), and greatly enhances the security of the data. The AES algorithm is selected and used due to high efficiency and strong safety, and the 192-bit secret key generated and managed by the HSM is combined, so that the encryption process is prevented from being interfered by the outside, and the risk of data leakage is effectively prevented. Compared with the traditional software encryption method, the method has the advantages of higher encryption processing speed and higher encryption strength, and further improves the security of geological data.
2. Multi-factor authentication provides higher security:
The invention integrates multi-factor authentication mechanisms, including password authentication, fingerprint recognition, facial recognition and other biometric authentication. The multi-factor authentication mechanism provides multiple security guarantees while ensuring the authenticity of the identity of the user, and effectively prevents unauthorized access. Compared with the traditional authentication method which only depends on a single password, the multi-factor authentication mechanism of the invention greatly improves the security of the system.
3. Detailed access records and traceability:
The invention designs a detailed access recording function, and records the information such as time of each data access, user identity, type of data accessed, decryption key and the like. These records are stored in a log system to enable traceability and security auditing of data access. Through detailed access records, each data access operation can be traced, the safety and reliability of the system are enhanced, and the potential security threat can be found and processed in time.
Economic effect:
1. The geological data management efficiency is improved:
The efficient AES encryption algorithm and flexible key management system greatly improve the management efficiency of the geological data. The data encryption and decryption processes are quick, and the user authentication and the authority management are flexible and convenient, so that the geological data can be stored, transmitted and accessed more efficiently.
2. The risk of data leakage and related costs are reduced:
According to the invention, through multi-level security measures, the risk of geological data leakage is obviously reduced. Data leakage can present serious economic loss and legal risks, the invention effectively prevents data leakage and reduces the related cost and risk.
3. Support a wide range of engineering applications:
The concrete application example of the invention in the geological survey of highway engineering shows the remarkable effect in the actual engineering. Through safe management and efficient access to the geological data, the method and the device support wide engineering application, and improve the management level and the data utilization efficiency of geological engineering projects.
Social effects:
1. Improving the geological data safety awareness:
The invention improves the safety level of geological data management and the importance of users and industries on the data safety through advanced encryption technology and multi-factor authentication mechanism. A secure and reliable data management system helps establish and promote standards and specifications for geological data management.
2. Promote technical progress and innovation:
the invention promotes the application and development of information security technology in geological data management in terms of data encryption, identity verification, authority management and the like. By the technical scheme, the improvement and application innovation of the information security technology are promoted, and the information security technology has important demonstration and introduction effects.
3. Enhancing public trust and satisfaction:
Through the high-efficiency and safe geological data management system, the transparency and reliability of data management are effectively improved, and the trust and satisfaction degree of public on geological data management are enhanced. The reliable geological data management system not only ensures the safety of data, but also provides better service and support for the public and industry.
Examples
As shown in fig. 1 to 4, the second embodiment provides a geological data access control system based on information encryption based on the first embodiment. The second embodiment includes the technical content disclosed in the first embodiment, and the technical content of the second embodiment that is the same as that of the first embodiment is not repeated, and the differences between the second embodiment and the first embodiment are described below.
The embodiment provides an information encryption-based geological data access control system which is used for executing the information encryption-based geological data access control method in the first embodiment, and specifically comprises a data acquisition module, a data classification module, a data encryption module, an identity verification and authority management module, a data access control module and an access record and audit module, wherein the data acquisition module is used for acquiring geological data, the data classification module is used for classifying the geological data according to different attributes of the data, the data encryption module is used for conducting encryption processing on the classified data by using AES and HSM, the identity verification and authority management module is used for conducting multi-factor identity verification when a user logs in, different data access authorities are distributed according to user roles, and after the user passes verification, the data access control module is used for searching and providing corresponding encryption keys according to the user authorities, checking whether the user authorities have the right to access the requested data when the user requests access to the geological data, distributing the corresponding encryption keys according to the authorities, after the user decrypts the data by using the distributed encryption keys, the decrypted data is provided for the user, and the data and the access record and the user behavior module is used for accessing the audit record.
Examples
Referring to fig. 1 to fig. 4, a third embodiment provides a geological data access control system based on information encryption based on the first embodiment and the second embodiment, and the application example of highway engineering geological survey is as follows:
1) And (3) data acquisition:
geological data in highway surveys are collected, including borehole data, geological profile data, and soil sample data.
The drilling data includes drilling depth, soil layer thickness, groundwater level, etc.
The geologic profile data includes geologic horizons, rock types, formation dip angles, and the like.
Soil sample data includes soil composition, soil density, moisture content, and the like.
2) Encryption of data:
The AES algorithm is used to encrypt different types of data, generate an encryption key, and store the encryption key.
The borehole data is encrypted to generate an encryption key K4.
The geological profile data is encrypted to generate an encryption key K5.
The soil sample data is encrypted to generate an encryption key K6.
The generated encryption keys K4, K5, K6 are stored in the key management system, respectively.
3) Access control:
when the constructor needs to access the geological data, multi-factor identity verification is performed first.
When constructors log in the system, firstly, password verification is carried out.
And after the password passes verification, fingerprint identification or facial identification is carried out.
After passing the multi-factor authentication, the system generates a temporary access token, and authorizes constructors to access corresponding data.
The system retrieves and provides the corresponding encryption key according to its rights.
When the constructor requests access to the borehole data, the system retrieves the encryption key K4.
And the constructor decrypts the drilling data by using the secret key K4 to acquire detailed information.
And the constructor decrypts the drilling data by using K4 to obtain the decrypted drilling depth, soil layer thickness, groundwater level and other information.
The system provides decrypted plaintext data, and ensures the safe access and use of the data.
4) Accessing the record:
the system records each data access activity including access time, user identity and data type of access.
The time, identity and decryption key K4 of each access to the borehole data by the constructor is recorded.
These records are stored in a log system for subsequent security audit and access tracebacks.
In summary, the innovation points and advantages of the invention are as follows:
1. application of AES advanced encryption standard in combination with Hardware Security Module (HSM) in geological data encryption:
According to the invention, the advanced encryption standard of AES is combined with the Hardware Security Module (HSM) to encrypt the geological data, so that the security of the data is greatly improved. The AES encryption algorithm encrypts geological data, and AES is known in terms of high efficiency and strong safety, so that leakage risks of the data in the transmission and storage processes can be effectively prevented. The HSM is responsible for generating and storing AES encryption keys, with its built-in Hardware Random Number Generator (HRNG) ensuring the randomness and security of the keys.
Compared with the traditional soft encryption scheme, the invention improves the security and reliability of key management through the hardware-level key protection provided by the HSM. The use of the HSM ensures that the secret key in the encryption process is not exposed to the external environment, reduces the risk of secret key leakage, and remarkably improves the overall security of geological data. The system has the advantages of higher encryption processing speed and higher encryption strength, can effectively cope with external attack, and can meet the requirements of the modern geological data management system on high efficiency and safety.
By combining an AES encryption algorithm and an HSM technology, the invention not only realizes strong encryption of geological data, but also obviously improves the confidentiality and the integrity of the data through perfect key management flow and hardware level security. This gives the present invention significant advantages in protecting against data leakage and unauthorized access.
2. Integration of multi-factor authentication mechanisms:
the invention integrates multi-factor authentication mechanisms, including password authentication, fingerprint recognition, facial recognition and other biometric authentication. Multi-factor authentication provides multiple security guarantees that only tightly authenticated users can access sensitive geological data. Compared with the traditional single-factor authentication, the multi-factor authentication greatly improves the security of the system.
3. Detailed access records and traceability:
The invention designs a detailed access recording function, and records the information such as time of each data access, user identity, type of data accessed, decryption key and the like. These records are stored in a log system to enable traceability and security auditing of data access. Through the detailed access record, each data access operation can be traced, and the safety and reliability of the system are enhanced.
It should be noted that the above embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those skilled in the art that the technical solution described in the above embodiments may be modified or some or all of the technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the scope of the technical solution of the embodiments of the present invention.

Claims (9)

1.一种基于信息加密的地质数据访问控制方法,其特征在于,包括如下步骤:1. A geological data access control method based on information encryption, characterized in that it comprises the following steps: S1、数据加密处理,包括:S1. Data encryption processing, including: S11、获取地质数据;S11, obtaining geological data; S12、数据分类:根据数据的不同属性对地质数据进行分类;S12. Data classification: Classify geological data according to different attributes of the data; S13、数据加密:使用AES和HSM对分类后的数据进行加密处理;S13, data encryption: use AES and HSM to encrypt the classified data; S2、身份验证和授权,包括:S2, Authentication and Authorization, including: S21、多因素身份验证:用户访问系统时需经多因素身份验证;S21. Multi-factor authentication: Users are required to undergo multi-factor authentication when accessing the system; S22、权限管理:系统根据用户角色分配不同的数据访问权限;S22. Permission management: The system assigns different data access permissions based on user roles; S23、密钥获取:用户通过验证后,系统根据用户权限检索相应的加密密钥;S23, key acquisition: after the user passes the verification, the system retrieves the corresponding encryption key according to the user's authority; S3、数据访问控制,包括:S3, data access control, including: S31、访问请求处理:用户在系统中选择所需访问的数据类型;系统检查用户权限,确定用户是否有权访问请求的数据;系统根据权限为用户分配相应的加密密钥;S31, access request processing: the user selects the type of data to be accessed in the system; the system checks the user's authority to determine whether the user has the right to access the requested data; the system assigns the corresponding encryption key to the user according to the authority; S32、数据解密:用户使用分配的加密密钥对数据进行解密,获取所需的地质数据;S32, data decryption: the user uses the allocated encryption key to decrypt the data and obtain the required geological data; S33、数据提供与安全访问:系统将解密后的明文数据提供给用户,提供的数据被记录为一次访问事件,确保使用的透明性;S33, Data provision and secure access: The system provides the decrypted plaintext data to the user, and the provided data is recorded as an access event to ensure transparency of use; S34、访问记录:记录用户的访问行为,实现访问记录的可追溯性。S34, access records: record the user's access behavior and achieve traceability of access records. 2.根据权利要求1所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S1中:2. The geological data access control method based on information encryption according to claim 1 is characterized in that in step S1: S11、获取地质数据,包括:S11. Obtain geological data, including: 从地质勘探项目中采集地质数据,所述地质数据包括钻孔数据、地质剖面数据、土壤样本数据和地下水位数据;Collecting geological data from geological exploration projects, the geological data including borehole data, geological profile data, soil sample data and groundwater level data; S12、数据分类:根据数据的不同属性对地质数据进行分类,生成的分类属性信息包括:土壤成分数据、地质层位数据和地下水位数据;S12, data classification: classify the geological data according to different attributes of the data, and generate classification attribute information including: soil composition data, geological layer data and groundwater level data; 所述土壤成分数据包括土壤的化学成分和物理性质;The soil composition data includes the chemical composition and physical properties of the soil; 所述地质层位数据包括不同地层的岩石类型和层位信息;The geological stratum data include rock types and stratum information of different strata; 所述地下水位数据包括水位高度和水质参数;The groundwater level data include water level height and water quality parameters; S13、数据加密:使用AES和HSM对分类后的数据进行加密处理。S13. Data encryption: Use AES and HSM to encrypt the classified data. 3.根据权利要求2所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S13中,使用AES的加密处理包括:3. The geological data access control method based on information encryption according to claim 2 is characterized in that, in step S13, the encryption process using AES includes: 密钥生成:使用安全随机数生成器生成一个192位的随机密钥;生成的密钥将在HSM密钥管理系统中进行加密存储;Key generation: Use a secure random number generator to generate a 192-bit random key; the generated key will be encrypted and stored in the HSM key management system; 数据分块:将待加密的数据分成固定大小的块以适配AES加密算法;Data segmentation: Divide the data to be encrypted into blocks of fixed size to adapt to the AES encryption algorithm; 加密过程包括:步骤1:密钥扩展;将192位密钥通过密钥扩展算法生成一组轮密钥,用于各轮的加密操作;步骤2:初始轮;对数据块进行初始轮变换,包括初始轮的字节替代和行移位操作;步骤3:主要轮;进行12轮主要轮变换,每轮包括字节替代、行移位、列混合和密钥加操作;步骤4:最终轮;进行不包含列混合的最后一轮变换;The encryption process includes: Step 1: key expansion; the 192-bit key is used to generate a set of round keys through the key expansion algorithm for encryption operations in each round; Step 2: initial round; the data block is transformed in the initial round, including byte substitution and row shift operations in the initial round; Step 3: main round; 12 rounds of main round transformation are performed, each round includes byte substitution, row shift, column mixing and key addition operations; Step 4: final round; the last round of transformation without column mixing is performed; 密文生成:加密后,输出密文数据块,并将其与数据块索引和时间戳一同存储,以确保数据的完整性和可追溯性;Ciphertext generation: After encryption, the ciphertext data block is output and stored together with the data block index and timestamp to ensure data integrity and traceability; 密钥管理:生成的密钥在加密后存储于专用密钥管理系统中。Key management: The generated keys are encrypted and stored in a dedicated key management system. 4.根据权利要求2所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S13中,HSM使用包括:4. The geological data access control method based on information encryption according to claim 2 is characterized in that, in step S13, the HSM usage includes: 密钥生成与存储:HSM用于生成AES加密密钥,并以加密形式存储密钥,防止未经授权的访问;密钥生成过程在HSM内部进行,利用其内置的硬件随机数生成器确保密钥的随机性和安全性;Key generation and storage: HSM is used to generate AES encryption keys and store them in encrypted form to prevent unauthorized access. The key generation process is performed inside the HSM, using its built-in hardware random number generator to ensure the randomness and security of the key. 密钥访问控制:HSM通过访问控制列表和用户角色管理,确保只有经过授权的用户和应用才能访问密钥;每次密钥的生成、访问和使用都被记录在HSM的日志中,提供完整的审计跟踪;Key access control: HSM uses access control lists and user role management to ensure that only authorized users and applications can access keys. Each key generation, access, and use is recorded in the HSM log, providing a complete audit trail. 密钥备份与恢复:HSM支持密钥的备份和恢复功能,密钥备份在物理隔离的安全介质上进行,并需要多重认证进行恢复;通过支持多种备份策略,HSM确保密钥在硬件故障时的恢复能力。Key backup and recovery: HSM supports key backup and recovery functions. Key backup is performed on physically isolated secure media and requires multiple authentications for recovery. By supporting multiple backup strategies, HSM ensures the key's ability to recover in the event of hardware failure. 5.根据权利要求1所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S13中,5. The geological data access control method based on information encryption according to claim 1 is characterized in that in step S13, 对土壤成分数据进行AES加密,生成加密密钥K1;Perform AES encryption on soil composition data to generate encryption key K1; 对地质层位数据进行AES加密,生成加密密钥K2;Perform AES encryption on the geological layer data to generate encryption key K2; 对地下水位数据进行AES加密,生成加密密钥K3。The groundwater level data is encrypted using AES to generate the encryption key K3. 6.根据权利要求1所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S2中:6. The geological data access control method based on information encryption according to claim 1, characterized in that in step S2: S21、多因素身份验证:用户访问系统时需经多因素身份验证,包括:S21. Multi-factor authentication: Users are required to undergo multi-factor authentication when accessing the system, including: 用户登录系统时,首先进行密码验证;When a user logs into the system, password verification is first performed; 密码验证通过后,进行生物特征验证;After the password verification is passed, biometric verification is performed; 生物特征验证通过后,生成临时访问令牌,授权用户访问相应的数据;After the biometric verification is passed, a temporary access token is generated to authorize the user to access the corresponding data; S22、权限管理:系统根据用户角色分配不同的数据访问权限;S22. Permission management: The system assigns different data access permissions based on user roles; 其中,管理员具有完全访问权限,能够读取和修改所有数据;Among them, administrators have full access rights and can read and modify all data; 其中,地质工程师能够访问与勘探和分析相关的数据;Among them, geological engineers have access to data relevant to exploration and analysis; 其中,普通用户仅限于查看公共信息或低敏感度数据;Among them, ordinary users are limited to viewing public information or low-sensitivity data; S23、密钥获取:用户通过验证后,系统根据用户权限检索并提供相应的加密密钥;用户请求访问特定数据时,系统提供相应的加密密钥。S23, key acquisition: After the user passes the verification, the system retrieves and provides the corresponding encryption key according to the user's authority; when the user requests to access specific data, the system provides the corresponding encryption key. 7.根据权利要求1所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S3中:7. The geological data access control method based on information encryption according to claim 1 is characterized in that in step S3: S31、访问请求处理:用户在系统中选择所需访问的数据类型;系统检查用户权限,确定用户是否有权访问请求的数据;系统根据权限为用户分配相应的加密密钥;S31, access request processing: the user selects the type of data to be accessed in the system; the system checks the user's authority to determine whether the user has the right to access the requested data; the system assigns the corresponding encryption key to the user according to the authority; S32、数据解密:用户使用分配的加密密钥对数据进行解密,获取所需的地质数据;解密过程包括:用户从系统中下载加密的地质数据块;使用获取的AES密钥进行解密,按照与加密相反的过程还原明文数据;S32, data decryption: the user uses the assigned encryption key to decrypt the data to obtain the required geological data; the decryption process includes: the user downloads the encrypted geological data block from the system; uses the obtained AES key to decrypt, and restores the plaintext data according to the reverse process of encryption; S33、数据提供与安全访问:系统将解密后的明文数据提供给用户,提供的数据被记录为一次访问事件,确保使用的透明性;S33, Data provision and secure access: The system provides the decrypted plaintext data to the user, and the provided data is recorded as an access event to ensure transparency of use; S34、访问记录:记录用户的访问行为,实现访问记录的可追溯性;S34, access records: record the user's access behavior and realize the traceability of access records; 其中,系统记录用户的每次访问操作,包括访问时间、用户身份、访问的数据类型和解密密钥;Among them, the system records each user's access operation, including access time, user identity, accessed data type and decryption key; 其中,日志信息存储在安全的日志系统中,用于后续的安全审计和访问追溯;The log information is stored in a secure log system for subsequent security audits and access tracing; 其中,通过日志分析,实时监控系统的访问活动,检测异常行为并进行及时响应。Among them, through log analysis, the system access activities are monitored in real time, abnormal behaviors are detected and responded to in a timely manner. 8.根据权利要求7所述的基于信息加密的地质数据访问控制方法,其特征在于,在步骤S32中,AES解密流程包括:8. The geological data access control method based on information encryption according to claim 7 is characterized in that, in step S32, the AES decryption process includes: 初始准备:将加密数据块按192位分块,准备进行解密;确认解密密钥的完整性和有效性;Initial preparation: Divide the encrypted data block into 192-bit blocks in preparation for decryption; confirm the integrity and validity of the decryption key; 解密轮次:逆密钥加:首先进行逆密钥加操作,将最后一轮密钥与密文块进行异或运算;逆列混合:在每轮逆操作中,应用逆列混合操作以还原数据结构;逆行移位:在每轮逆操作中,对数据行进行逆移位操作;逆字节替代:通过逆S盒将字节替换为原始值;轮次循环:重复上述逆操作,直至恢复原始明文数据块;Decryption rounds: Inverse key addition: First, perform the inverse key addition operation to XOR the last round key with the ciphertext block; Inverse column mixing: In each inverse operation, apply the inverse column mixing operation to restore the data structure; Inverse row shift: In each inverse operation, perform an inverse shift operation on the data row; Inverse byte substitution: Replace the byte with the original value through the inverse S-box; Round loop: Repeat the above inverse operations until the original plaintext data block is restored; 数据完整性验证:使用内置的消息认证码对解密后的数据进行完整性验证;验证通过后,确认数据未被篡改,准备进行分析。Data integrity verification: Use the built-in message authentication code to verify the integrity of the decrypted data; after verification, it is confirmed that the data has not been tampered with and is ready for analysis. 9.一种基于信息加密的地质数据访问控制系统,其特征在于,包括:数据采集模块、数据分类模块、数据加密模块、身份验证和权限管理模块、数据访问控制模块和访问记录和审计模块;9. A geological data access control system based on information encryption, characterized by comprising: a data acquisition module, a data classification module, a data encryption module, an identity authentication and authority management module, a data access control module and an access record and audit module; 所述数据采集模块用于获取地质数据;所述数据分类模块用于根据数据的不同属性对地质数据进行分类;所述数据加密模块用于使用AES和HSM对分类后的数据进行加密处理;所述身份验证和权限管理模块用于在用户登录时进行多因素身份验证,根据用户角色分配不同的数据访问权限,并在用户通过验证后,根据用户权限检索并提供相应的加密密钥;所述数据访问控制模块用于在用户请求访问地质数据时,检查用户权限,确定用户是否有权访问请求的数据,并根据权限为用户分配相应的加密密钥;在用户使用分配的加密密钥对数据进行解密后,将解密后的明文数据提供给用户;所述访问记录和审计模块用于记录用户的访问行为。The data acquisition module is used to acquire geological data; the data classification module is used to classify geological data according to different attributes of the data; the data encryption module is used to encrypt the classified data using AES and HSM; the identity authentication and authority management module is used to perform multi-factor identity authentication when the user logs in, assign different data access rights according to the user role, and retrieve and provide the corresponding encryption key according to the user authority after the user passes the verification; the data access control module is used to check the user authority when the user requests to access geological data, determine whether the user has the right to access the requested data, and assign the corresponding encryption key to the user according to the authority; after the user uses the assigned encryption key to decrypt the data, the decrypted plaintext data is provided to the user; the access record and audit module is used to record the user's access behavior.
CN202411561394.8A 2024-08-14 2024-11-04 A geological data access control method and system based on information encryption Pending CN119358023A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202411112409 2024-08-14
CN2024111124092 2024-08-14

Publications (1)

Publication Number Publication Date
CN119358023A true CN119358023A (en) 2025-01-24

Family

ID=94312185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411561394.8A Pending CN119358023A (en) 2024-08-14 2024-11-04 A geological data access control method and system based on information encryption

Country Status (1)

Country Link
CN (1) CN119358023A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120541040A (en) * 2025-07-24 2025-08-26 卓望数码技术(深圳)有限公司 Traceable file watermark generation method, device, computer equipment and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120541040A (en) * 2025-07-24 2025-08-26 卓望数码技术(深圳)有限公司 Traceable file watermark generation method, device, computer equipment and medium

Similar Documents

Publication Publication Date Title
JP6606156B2 (en) Data security service
US7890993B2 (en) Secret file access authorization system with fingerprint limitation
US7792300B1 (en) Method and apparatus for re-encrypting data in a transaction-based secure storage system
JP6678457B2 (en) Data security services
CN111768522B (en) CTID-based intelligent door lock unlocking method and system
Muthurajkumar et al. Secured temporal log management techniques for cloud
TW201329779A (en) Method and system for secure data access among two devices
CN1283827A (en) Universal electronic information network authentication system and method
JP2015504222A (en) Data protection method and system
CN110445840B (en) File storage and reading method based on block chain technology
Doshi et al. A review paper on security concerns in cloud computing and proposed security models
CN106533693B (en) Access method and device of railway vehicle monitoring and overhauling system
CN119358023A (en) A geological data access control method and system based on information encryption
CN119004426A (en) Multi-dimension factor safety management system for government affair files
EP3949252A1 (en) Cryptographic systems
CN116566663B (en) Threat data dynamic processing and efficient sharing method suitable for industrial control system
CN113938281A (en) A system for issuing quantum security identity, method for issuing and using method
Shekhtman et al. EngraveChain: Tamper-proof distributed log system
CN119402290B (en) A real-name information management method supporting multi-level authentication
Said et al. A multi-factor authentication-based framework for identity management in cloud applications
CN114826702B (en) Database access password encryption method and device and computer equipment
TW201426395A (en) Data security system and method
Suthar et al. EncryScation: A novel framework for cloud iaas, daas security using encryption and obfuscation techniques
US20230327859A1 (en) System and method for distributed custody access token management
KR20030097550A (en) Authorization Key Escrow Service System and Method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination