CN111612467A - Data management method and device - Google Patents

Data management method and device Download PDF

Info

Publication number
CN111612467A
CN111612467A CN201910140792.5A CN201910140792A CN111612467A CN 111612467 A CN111612467 A CN 111612467A CN 201910140792 A CN201910140792 A CN 201910140792A CN 111612467 A CN111612467 A CN 111612467A
Authority
CN
China
Prior art keywords
transaction
identity
party
identifier
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910140792.5A
Other languages
Chinese (zh)
Inventor
陈善席
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201910140792.5A priority Critical patent/CN111612467A/en
Publication of CN111612467A publication Critical patent/CN111612467A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data management method and device. The data management method can comprise the following steps: receiving first conversion information sent by a terminal, wherein the first conversion information comprises a first identity identifier and a first transaction identifier, the first identity identifier is a user identity identifier of the terminal, the first transaction identifier is used for identifying a first transaction, and the first transaction comprises transaction contents of the terminal and a third party; determining a replacement identity corresponding to the first identity according to the first conversion information, wherein the replacement identity is used for the third party to identify the first identity; and if a transaction confirmation instruction sent by the third party is received, sending the replacement identity identifier and the first transaction identifier to the third party, wherein the transaction confirmation instruction is used for indicating that the first transaction is valid. The embodiment of the application protects the safety and privacy of the user identity information and avoids unnecessary disturbance.

Description

Data management method and device
Technical Field
The present application relates to the field of internet technologies, and in particular, to a data management method and apparatus.
Background
At present, the society has rapidly entered the information society, which is a novel society based on electronic information technology, information resources as basic development resources, information service industry as basic social industry, and a basic social communication mode of digitalization and networking, and people can easily enjoy convenient services. However, with the arrival of the information society, at the same time, individuals face more and more opportunities and requirements for releasing personal information (such as mobile phone numbers, home addresses, sex, hobby information, identification numbers, bank accounts and the like) and even privacy of the individuals to the outside, and when the users release the personal information to the outside and are obtained by third parties, the third parties may re-transmit the personal information of the users to the outside without permission of the users.
However, there is no effective method for protecting personal privacy or preventing personal information from being leaked and harassing during the transaction process of the user. Therefore, how to protect the security and privacy of the user and avoid harassment in the transaction process is an urgent problem to be solved.
Disclosure of Invention
In view of the above, the present application is proposed to provide a data management method and apparatus that overcomes or at least partially solves the above problems.
In a first aspect, an embodiment of the present application provides a data management method, which may include:
receiving first conversion information sent by a terminal, wherein the first conversion information comprises a first identity identification and a first transaction identification, the first identity identification is a user identity identification of the terminal, the first transaction identification is used for identifying a first transaction, and the first transaction comprises transaction contents of the terminal and a third party.
And determining a replacement identity corresponding to the first identity according to the first conversion information, wherein the replacement identity is used for the third party to identify the first identity.
And if a transaction confirmation instruction sent by the third party is received, sending the replacement identity identifier and the first transaction identifier to the third party, wherein the transaction confirmation instruction is used for indicating that the first transaction is valid.
By the method provided by the first aspect, the replacement identity corresponding to the identity can be determined according to the identity and the transaction identity sent by the terminal. Further, if a transaction confirmation instruction sent by a third party is received, the replacement identity and the first transaction identifier may be sent to the third party. The replacement identity is used for the third party to identify the first identity, so that the replacement identity can play a role of hiding the first identity in the third party, control unnecessary diffusion of personal data and even avoid privacy leakage, and can provide better transaction service for the user. Furthermore, the personal information submitted by the user to the third party and the service data recorded in the related system of the third party after triggering interaction and transaction can hide the first identity identification of the user, so that the security and privacy of the target user are protected, and harassment is avoided.
In a possible implementation manner, before the receiving the first conversion information sent by the terminal, the method further includes: receiving the first identity mark, and generating the replacement identity mark according to the first identity mark and a preset rule; and determining and storing the mapping relation between the first identity and the replacement identity.
In a possible implementation manner, the determining, according to the first conversion information, an alternative id corresponding to the first id includes: and determining a replacement identity corresponding to the first identity according to the first identity and a stored mapping relation between the first identity and the replacement identity.
In a possible implementation manner, after the sending the replacement identifier and the first transaction identifier to the third party if the transaction confirmation instruction sent by the third party is received, the method further includes: receiving a first transaction record sent by the third party, wherein the first transaction record is a transaction record after the terminal and the third party complete the first transaction, and the first transaction record comprises the replacement identity and the first transaction; and determining and storing a first check code of the first transaction record according to the first transaction record, wherein the first check code is generated after the first transaction record is encrypted according to an encryption rule.
In one possible implementation, the method further includes: receiving a row right operation instruction of the first transaction record sent by the terminal, wherein the row right operation instruction comprises the first transaction identifier, a row right operation code and a second check code, and the row right operation code is used for indicating to execute one or more of the following operations of deleting, migrating and deeply anonymizing the first transaction record; and if the second check code is consistent with the first check code, verifying whether the row right operation instruction can be executed.
In one possible implementation, the method further includes: and if the transaction record is executable, executing the operation command of the bank right, and synchronously updating the first transaction record in the terminal and/or the third party into a second transaction record after the operation command of the bank right is executed on the first transaction record.
In one possible implementation, the method further includes: if the operation is executable, the operation instruction of the row right is sent to the third party; and receiving a second transaction record after the first transaction record is executed with the right-of-way operation instruction and sent by the third party, and updating the first transaction record into the second transaction record.
In a second aspect, an embodiment of the present application provides a data management apparatus, which may include:
the first receiving unit is used for receiving first conversion information sent by a terminal, wherein the first conversion information comprises a first identity mark and a first transaction mark, the first identity mark is a user identity mark of the terminal, the first transaction mark is used for identifying a first transaction, and the first transaction comprises transaction contents of the terminal and a third party.
A first determining unit, configured to determine, according to the first conversion information, a replacement identifier corresponding to the first identifier, where the replacement identifier is used for the third party to identify the first identifier.
And the sending unit is used for sending the replacement identity and the first transaction identifier to the third party if a transaction confirmation instruction sent by the third party is received, wherein the transaction confirmation instruction is used for indicating that the first transaction is valid.
In one possible implementation, the apparatus further includes: a second receiving unit, configured to receive the first identity identifier before receiving the first conversion information sent by the terminal, and generate the replacement identity identifier according to the first identity identifier and a preset rule; and the second determining unit is used for determining and storing the mapping relation between the first identity and the replacement identity.
In a possible implementation manner, the first determining unit is specifically configured to determine, according to a first identity and a stored mapping relationship between the first identity and a replacement identity, a replacement identity corresponding to the first identity.
In one possible implementation, the apparatus further includes: a third receiving unit, configured to receive a first transaction record sent by a third party after sending the replacement identity and the first transaction identity to the third party if a transaction confirmation instruction sent by the third party is received, where the first transaction record is a transaction record after the terminal and the third party complete the first transaction, and the first transaction record includes the replacement identity and the first transaction; and the third determining unit is used for determining and storing a first check code of the first transaction record according to the first transaction record, wherein the first check code is generated after the first transaction record is encrypted according to an encryption rule.
In one possible implementation, the apparatus further includes: a fourth receiving unit, configured to receive a right-of-way operation instruction of the first transaction record sent by the terminal, where the right-of-way operation instruction includes the first transaction identifier, a right-of-way operation code, and a second check code, and the right-of-way operation code is used to instruct to perform one or more of the following operations of deleting, migrating, and deeply anonymizing the first transaction record; and the verification unit is used for verifying whether the row right operation instruction can be executed or not if the second check code is consistent with the first check code.
In one possible implementation, the apparatus further includes: and the execution unit is used for executing the operation instruction of the bank right if the execution unit can execute the operation instruction of the bank right, and synchronously updating the first transaction record in the terminal and/or the third party into a second transaction record after the operation instruction of the bank right is executed on the first transaction record.
In one possible implementation, the apparatus further includes: the execution sending unit is used for sending the row right operation instruction to the third party if the execution sending unit can execute the row right operation instruction; and the execution receiving unit is used for receiving a second transaction record which is sent by the third party and is obtained after the first transaction record is executed with the right-of-way operation instruction, and updating the first transaction record into the second transaction record.
In a third aspect, an embodiment of the present application provides a data management apparatus, which includes a processing component, a storage component, and a communication module component, where the processing component, the storage component, and the communication module component are connected to each other, where the storage component is used to store a data processing code, and the communication component is used to perform information interaction with an external device; the processing component is configured to invoke the program code to perform the method of the first aspect, which is not described herein again.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores program instructions, and when the program instructions are executed by a processor, the processor executes the method of the first aspect, and details are not described here.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or the background art of the present application, the drawings required to be used in the embodiments or the background art of the present application will be described below.
FIG. 1 is a schematic diagram of a data management system architecture provided by an embodiment of the present application;
FIG. 2A is a diagram illustrating a software layer system architecture for data management according to an embodiment of the present application;
FIG. 2B is a diagram of another software-level system architecture for data management provided by an embodiment of the present application;
fig. 3 is a schematic diagram of a data management method flow provided in an embodiment of the present application;
FIG. 4A is a schematic diagram of another data management method flow provided by an embodiment of the present application;
fig. 4B is a schematic diagram of a first phase flow of a data management method according to an embodiment of the present application;
FIG. 4C is a schematic diagram of a first stage flow of another data management method provided in the embodiments of the present application;
fig. 4D is a schematic diagram of a second stage process of a data management method according to an embodiment of the present application;
FIG. 4E is a diagram illustrating a second stage flow of another data management method according to an embodiment of the present application;
fig. 4F is a schematic diagram of a third stage process of a data management method according to an embodiment of the present application;
fig. 4G is a schematic diagram of a user interface of a terminal according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data management apparatus according to an embodiment of the present application;
fig. 6 is a schematic physical device structure diagram of a simplified data management device according to an embodiment of the present application.
Detailed Description
The embodiments of the present application will be described below with reference to the drawings.
The terms "first," "second," "third," and "fourth," etc. in the description and claims of this application and in the accompanying drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, "include" and "have" and any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
As used in this application, the terms "server," "unit," "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a server may be, but is not limited to, a processor, a data processing platform, a computing device, a computer, two or more computers, or the like; a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component can be localized on one computer and/or distributed between 2 or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from two components interacting with another component in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
First, some terms in the present application are explained so as to be easily understood by those skilled in the art.
(1) Information leakage: may refer to the streaming of privacy-related information between unauthorized/licensed parties. For example: the mobile phone number of the user a is originally provided only to the service broker B, which provides the information including the mobile phone number of a to the brokered service C without authorization.
(2) User portrait: the user portrait is also called a user role and is an effective tool for delineating target users and connecting user appeal and design direction, and the user portrait is widely applied to various fields. Or analyzing and extracting the characteristics of the user in certain scale data, and delineating the target user according to the characteristics. As a virtual representation of an actual user, the user roles formed by user portrayal are not constructed outside products and markets, and the formed user roles need to represent the main audience and target groups of the products. Because there is a relationship between people and there is a certain degree of influence between people in reality, the user portrait depends on the data scale, and the larger the total data scale is, the higher the accuracy of portrait is.
Secondly, the technical problems and application scenarios to be solved by the application are provided. At present, after personal information is leaked, a user may receive harassing calls, harassing short messages, multimedia messages and the like of fraud, scare, commercial promotion and the like, and even may be used by lawbreakers to perform illegal and illegal activities by utilizing the leaked personal information. The common characteristics of the personal information leakage are as follows: personal information that is not authorized by the target user or is not within the intended scope of the target user is leaked. However, in the information society, people recognize the abundance and convenience of exchanging certain personal information for goods and services. However, the exchange of personal information is premised on privacy protection. The most central requirement of privacy protection is that the personal information eventually swapped out does not exceed the scope of explicit notification. Conversely, concerns about privacy leaks exist in this case: there is no way to prove that the actual personal data that is disseminated just does not exceed those that explicitly tell will be collected and processed. For the provider of the transaction/service, the aforementioned certification cannot be completed at all, i.e. the user cannot be relieved of any doubt of privacy disclosure, in the course of the transaction without any intervening or supervising parties.
For example, in some application scenarios, in acquiring a certain service, a user exchanges personal information with a service provider intermediary and the like, including a first identity of the user (e.g., a mobile phone number, a home address, an identity card number, and the like), but the user does not want the first identity of the user to be leaked by the service intermediary and the like. However, if the user does not directly provide the first identity to the service intermediary, some important information or important services that the user wishes to know about or obtain may be missed. If the user directly provides the first identity to the service intermediary, the user cannot know whether the service intermediary will utilize or reveal the first identity, which may have irreparable consequences for the user. Therefore, how to meet the will and requirements of the user under the conditions of protecting the privacy of the user from being illegally utilized and avoiding the user from being harassed is an urgent problem to be solved.
Therefore, the following specifically analyzes and solves the technical problems proposed in the present application in combination with the system architecture for data management provided in the present application and a data management method flow provided by the system architecture based on data management.
One of the data management system architectures on which the embodiments of the present application are based will be described below. Referring to fig. 1, fig. 1 is a schematic diagram of a data management system architecture according to an embodiment of the present application, including: a data management apparatus 101, a terminal 102, and a third party 103.
The data generation and management apparatus 101 may be a service device that brings various conveniences to third-party use on the basis of interactive data by rapidly acquiring, processing, analyzing, and extracting valuable, massive, and diversified data, for example, the apparatus 101 for data management may be a server. When the data management apparatus 101 is a server, first conversion information sent by the terminal 102 may be received, where the first conversion information includes a first identity identifier and a first transaction identifier, the first identity identifier is a user identity identifier of the terminal 102, the first transaction identifier is used to identify a first transaction, and the first transaction includes transaction contents of the terminal 102 and a third party 103; determining a replacement identity corresponding to the first identity according to the first conversion information, wherein the replacement identity is used for the third party 103 to identify the first identity; and if a transaction confirmation instruction sent by the third party 103 is received, sending the replacement identity and the first transaction identifier to the third party 103, wherein the transaction confirmation instruction is used for indicating that the first transaction is valid.
The terminal 102 may be a device located at the outermost periphery of the network in a computer network, and may be used for inputting information and outputting a processing result. And may also be referred to as a system, subscriber unit, subscriber station, mobile station, remote terminal, mobile device, User terminal, mobile terminal, wireless communication device, User agent, User device, serving device, or User Equipment (UE). For example, the terminal may be a cellular phone, a mobile phone, a cordless phone, a smart watch, a wearable device (wearable device), a tablet device, a soft phone terminal (e.g., a soft phone terminal of an IP softphone module or a program application, one type of which may be a Session Initiation Protocol (SIP) based Session Initiation Protocol (SIP) developed), a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with Wireless communication capability, a computing device, a vehicle communication module, a smart meter, or other processing device connected to a Wireless modem.
For example, the terminal 102 may send a first identity to the data management device 101; first conversion information may be sent to the data management apparatus 101, where the first conversion information includes a first identity identifier and a first transaction identifier, the first identity identifier is a user identity identifier of the terminal, the first transaction identifier is used to identify a first transaction, and the first transaction includes transaction contents of the terminal and a third party; a first check code sent by the data management device 101 may be received, where the first check code is generated by encrypting the first transaction record according to an encryption rule; a row right operation instruction of the first transaction record may also be sent to the data management apparatus 101, where the row right operation instruction includes the first transaction identifier, a row right operation code and a second check code, and the row right operation code is used to instruct one or more of the following operations of deleting, migrating and deeply anonymizing the first transaction record to be performed.
The third party 103 may be a dedicated computer that provides some kind of service to a Client (Client) in a network environment, and the Server is a computer installed with a network operating system (e.g., Windows 2000Server, Linux, Unix, etc.) and various Server application system software (e.g., Web service, email service). For example, the third party 103 may be a server for conducting a business/transaction. When the third party 103 is a transaction server, a first identity may be identified according to the replacement identity, the first identity being a user identity of the terminal 102; a transaction confirmation instruction may be sent to the data management device 101 indicating that the first transaction is valid. It will be appreciated that the third party 103 may be a server or servers providing one or more of the different services to the user of the terminal.
It is further understood that the data management system architecture of fig. 1 is only a partial exemplary implementation manner in the embodiments of the present application, and the data management system architecture in the embodiments of the present application includes, but is not limited to, the above data management system architecture.
Referring to fig. 2A, fig. 2A is a schematic diagram of a software layer system architecture for data management according to an embodiment of the present application, which can be applied to the system architecture shown in fig. 1. The data management device 101 in the system architecture of fig. 1 corresponds to a background (data protector) system in a software-level system architecture; the terminal 102 in the system architecture of fig. 1 corresponds to a user (data body) side in a software layer system architecture; the third party 103 in the system architecture of fig. 1 corresponds to the service (data controller) side in the software layer system architecture.
The background system comprises: A. and the service collector is used for collecting the services of the issued service businesses (the service businesses can be service organizations which attract the VIP, members and the like in favor and even require the user to provide personal information including the registration number of the mobile phone under necessary conditions) and pushing the services to the user end at proper time. B. The user integrator mainly realizes the indexing and management of user information (such as the first identity identification and the replacement identity identification) so as to facilitate the relevant data operation request initiated from the user terminal (such as the first conversion information initiated by the user terminal). C. The business mapper mainly implements the indexing and management of the business data (such as the first transaction record), so as to convert the data row right operation request sent by the user end into the operation which can be completed by the background system or the server end, and quickly respond to the data row right operation request. For example: the data authorization operation request may initiate an authorization operation command of the first transaction record for the user side.
The user side includes: A. the user local manager may also be referred to as a user personal data and manager. The manager is used for managing and maintaining basic and static information about the user data body, such as: a first identity identification and a first transaction identification, etc. B. And the service number container is used for managing and placing client code/software entities of the service business number, and comprises business data and a business function agent. The service function agent may be a client code/software of a service provider, and mainly provides a service/transaction operation interface and a service/transaction process management for a user of a client, for example: the transaction contents of the client and the server, and other transaction function agents embodied by the transaction data (e.g., the first transaction record). For example: an entitlement operation instruction for the first transaction record may be initiated to the backend system. The transaction data may be the transaction/transaction data (e.g., the first transaction record), etc.
The server side comprises: A. the service interface, also called a service enable interface, is used to drive the final service/transaction in the service system to occur and take effect (e.g., to cause the first transaction to complete). B. The data interface, also called data access interface, is used to drive the change and effect of the final business/transaction data in the service system (e.g. recording or modifying the first transaction record). C. And the user management module has a general function of user management in the service system. D. A data rule module for managing and maintaining basic and static information about the business/transaction, such as: a first transaction identification and a first transaction record, etc. E. And the business data management mainly realizes the indexing and management of business data (such as the first transaction record) so as to convert the data row right operation request sent by the background system into a performable operation and quickly respond to the data row right operation request. For example: the data row right operation request can be a row right operation instruction sent by a background system.
It is understood that the service business container at one user terminal side may be adapted to support data protection of multiple businesses. Referring to fig. 2B, fig. 2B is a schematic diagram of another software layer system architecture for data management according to an embodiment of the present application, which can be applied to the system architecture shown in fig. 1. The terminal 101 in the system architecture of fig. 1 corresponds to a background system in a software layer system architecture; the terminal 102 in the system architecture of fig. 1 corresponds to a user terminal in the software layer system architecture; the third party 103 in the system architecture of fig. 1 corresponds to a server in the software layer system architecture.
In addition to the software modules shown in fig. 2A, in the software layer system architecture shown in fig. 2B, the background system further includes a user monitoring module, a service mapping module, a user mapping module, a version management module, and a version management module. Wherein, user monitoring includes: A. and receiving a conversion request of the identity identification information in the transaction information sent by the data body end. For example: converting the first identity into the replacement identity; B. and tracking the synchronism of the client service function and the server function. For example: after the background system/the server executes the right operation instruction, the background system synchronously updates the transaction record in the user side into the transaction record after the right operation instruction is executed. The service monitoring mainly comprises: A. sending the identity identification information in the converted transaction information to a corresponding server; and B, tracking the synchronism of the user side service function and the service system side function. For example: and after the background system executes the right-of-bank operation instruction, the background system synchronously updates the transaction record in the server to the transaction record after the right-of-bank operation instruction is executed. Or after the server executes the right operation instruction, the background system synchronously updates the stored transaction record into the transaction record after the right operation instruction is executed. The service collector also comprises a service mapping module which is specifically used for collecting the issued service business numbers; the user integrator also comprises a user mapping module, a version management module and a user information management module, wherein the user mapping module is specifically used for indexing and managing user information, and the version management module is specifically used for a related data operation request initiated by a user side; the business mapper further comprises a version management module, which is specifically used for indexing and managing the business data, and the version management module is specifically used for monitoring and updating the first transaction record after the data row right operation request.
The user terminal further includes a user service agent and a data body management, i.e., a data body DB. Wherein, the user service agent includes: A. the exchange and confirmation of the business/transaction information (such as the first transaction) between the user terminal and the service terminal ensures the consistency of the operation target of the user and the response content of the service system. For example: the reconciliation of the response content may be valid for the first transaction. Namely, the server can meet the transaction request of the user side; B. and requesting conversion of the identification information in the service/transaction information. For example: the conversion request may be first conversion information; C. the synchronization function of the former two information. The data body DB may be used to store management identity and transaction data, etc., such as a first identity and a first transaction, etc.
The server also includes a service data broker and a data controller management, i.e., a data controller DB. Wherein, the service data agent includes: A. exchanging and confirming service information between the service system and the user terminal to ensure that the response content of the service system is consistent with the operation target of the user; B. and receiving a conversion result of the first identity identification of the user in the transaction process. For example: receiving a replacement identity mark and a first transaction mark sent by a background system; C. the former two information are synchronized function if necessary. The data controller DB is used to store and manage user data and service data, etc., such as the replacement identity and the first transaction, etc.
Referring to fig. 3, fig. 3 is a schematic diagram of a data management method flow provided in an embodiment of the present application. Applicable to the system in fig. 1 described above, the following will describe, with reference to fig. 3, from a single side of the data management apparatus 101, taking as an example that the execution subject is the data management apparatus 101. The method may include the following steps S301 to S303.
Step S301: and receiving first conversion information sent by the terminal.
Specifically, the data management device receives first conversion information sent by a terminal, where the first conversion information includes a first identity identifier and a first transaction identifier, and the first identity identifier is a user identity identifier of the terminal, and for example, the identity identifier may be user information with identification characteristic attributes, such as a telephone number, an identity card number, a bank account, a mailbox address, and the like, and may be used to indicate real identity information of a user. The first transaction identification is used for the data management device to identify a first transaction, the first transaction comprises transaction contents of the terminal and a third party, and for example, the transaction contents can be two double 38-size sports shoes transacted on Taobao. It should be noted that, the data management apparatus may identify the first transaction performed between the user of the terminal and the third party according to the first transaction identifier, but the first transaction identifier does not include the identification information of the user, so as to protect the privacy and security of the user information. For example, the first transaction identifier may be a transaction code generated by the terminal, an order number of a panning order, a logistics number of a logistics order, and the like.
Step S302: and determining a replacement identity corresponding to the first identity according to the first conversion information.
Specifically, the data management device determines a replacement identity corresponding to the first identity according to first conversion information sent by the terminal, where the replacement identity is used for the third party to identify the first identity. The third party may store a replacement id, where the replacement id is determined by the first id according to a preset rule, and further, the replacement id may be used to indicate the first id, for example: the alternative identity may be considered as an explicit identity of the first identity. Thus, the replacement identity instead of the first identity is used in the third party to identify the user's identity, which may protect the user's privacy while ensuring that the transaction is completed. Optionally, the data management apparatus may determine the replacement identifier corresponding to the first identity identifier according to the first identity identifier and a stored mapping relationship between the first identity identifier and the replacement identity identifier.
Step S303: and if a transaction confirmation instruction sent by the third party is received, sending the replacement identity identifier and the first transaction identifier to the third party.
Specifically, if the data management apparatus receives the transaction confirmation instruction, the replacement identity and the first transaction identifier may be sent to the third party. Wherein the transaction confirmation instruction is to indicate that the first transaction is valid. That is, the data management device will send the replacement identity and the first transaction identifier to the third party only after receiving the transaction confirmation instruction sent by the third party. At this time, the first transaction identifier is used to identify that the first transaction is valid as a transaction determination instruction determined by the third party in the case that the third party's facilitator can complete a transaction with the user of the terminal. For example, when the kyoto (third party) makes a purchase, if the kyoto determines that the goods in the transaction request from the terminal are in stock, and can smoothly deliver the goods according to the order, the kyoto sends a transaction confirmation instruction to the data management device. Optionally, the third party receives the replacement identity and the first transaction identity sent by the data management device, may identify the first transaction according to the first transaction identity, and may determine complete first transaction information according to the first transaction and the replacement identity. Further, the third party can complete the transaction according to the complete first transaction information to generate a first transaction record.
Optionally, if the data management apparatus does not receive the transaction confirmation instruction sent by the third party within a preset time period after receiving the first conversion information sent by the terminal. Or when the data management device receives a transaction invalid instruction sent by a third party, determining a transaction failure record according to the transaction invalid instruction. Wherein the transaction invalidation instructions are to indicate that the first transaction is invalid. Further, when the data management device does not receive the transaction confirmation instruction, the data management device does not send the replacement identity and the first transaction identity to the third party, which indicates that the current transaction fails.
By implementing the embodiment of the application, the data management device can determine the replacement identity corresponding to the identity according to the identity and the transaction identity sent by the terminal. Further, if a transaction confirmation instruction sent by a third party is received, the replacement identity and the first transaction identifier may be sent to the third party. The replacement identity is used for identifying the first identity by the third party, and the replacement identity can hide the first identity in the third party, so that unnecessary diffusion of personal data can be controlled, privacy leakage is avoided, and better business service is provided for users. Furthermore, the personal information submitted by the user to the third party and the service data recorded in the related system of the third party after triggering interaction and transaction can hide the first identity identification of the user, so that the security and privacy of the target user are protected, and harassment is avoided.
Referring to fig. 4A, fig. 4A is a schematic diagram of another data management method flow provided in the embodiment of the present application. Applicable to the system in fig. 1 described above, the following will describe, with reference to fig. 4A, from a single side of the data management apparatus 101, taking as an example that the execution subject is the data management apparatus 101. The method may include the following steps S401 to S410.
Step S401: a first identity is received.
Specifically, the data management apparatus receives the first identity identifier sent by the terminal, where the first identity identifier is a user identity identifier of the terminal and may also be understood as real identity information of the user. For example: the identity can be telephone number, identification card number, bank account number, mailbox address and other user information with identification characteristic attribute and capable of being used for generating user portrait.
Step S402: and determining and storing the mapping relation between the first identity and the replacement identity.
Specifically, after receiving the first identity identifier, the data management apparatus may determine a replacement identity identifier according to the first identity identifier by using a preset rule, and further determine a mapping relationship between the first identity identifier and the replacement identity identifier.
Optionally, referring to fig. 4B, fig. 4B is a schematic diagram of a first stage flow of a data management method according to an embodiment of the present application, and the first stage flow can be applied to the system architecture in fig. 1 and the software system architectures in fig. 2A and fig. 2B. Optionally, the data management apparatus may further receive a service number and a potential customer list sent by a third party, where the service number and the potential customer list may include a first identity of the customer, and the like. After a user activates a protection agent from a terminal, registers and submits related information of a protection main body to a data protector, the data protector (the data management device 101) firstly matches a registered user list in the data main body (the terminal 102) and a data controller (a third party 103), on one hand, after a potential client of the data controller is identified, a bearer service software package or a prepositive installation component is pushed to a target potential user, on the other hand, a potential first identity identification of the data controller is converted, and the converted replacement identity identification is sent to the data controller, so that the data controller replaces the saved first identity identification of the registered user. Referring to fig. 4C, fig. 4C is a schematic diagram of a first-stage flow of another data management method according to an embodiment of the present application, which can be applied to the system architecture shown in fig. 1 and the software system architectures shown in fig. 2A and fig. 2B. The data protector can provide the technical implementation of input and conversion of user identity information for data control. Therefore, after the data main body receives the personal information which needs to be registered by the user after the user inputs the personal information, wherein the personal information can be a first identity identifier, and the data main body sends the first identity identifier to the data protector; after receiving the first identity identifier, the data protector extracts identity attribute information contained in the first identity identifier for conversion, namely generating a replacement identity identifier; after the first identity is converted into the replacement identity, the data protector sends the replacement identity required by the service provider (third party) to the data controller, and the data protector can establish a mapping relation between the data main body and the data controller about the first identity. For example: a mapping relationship of the first identity to the replacement identity.
Step S403: and receiving first conversion information sent by the terminal.
Step S404: and determining a replacement identity corresponding to the first identity according to the first conversion information.
Step S405: and if a transaction confirmation instruction sent by the third party is received, sending the replacement identity identifier and the first transaction identifier to the third party.
Specifically, the above description of step S403 to step S405 may correspond to the description of step S301 to step S303 in fig. 3, and is not repeated herein.
Step S406: and receiving a first transaction record sent by a third party.
Specifically, the data management device receives a first transaction record, where the first transaction record is a transaction record after the terminal and the third party complete the first transaction, and the first transaction record includes the replacement identifier and the first transaction.
Optionally, referring to fig. 4D, fig. 4D is a schematic diagram of a second stage flow of a data management method according to an embodiment of the present application, and the second stage flow can be applied to the system architecture in fig. 1 and the software system architectures in fig. 2A and fig. 2B. When a user submits a transaction, a data body (terminal 102) sends related data packages from the data body to a data controller (third party 103) and a data protector (data management device 101), wherein the related data can be a first identity identifier, a first transaction identifier and the like. The data sent by the data main body to the data controller is data such as a first transaction identifier and transaction content related to a service/transaction, and after the data controller obtains the transaction content of the user, the data controller determines whether to support the first transaction to ensure the consistency of the transaction content, for example: for determining a transaction confirmation instruction; the data main body sends identity data, transaction identification data and the like of the user to the data protector, namely a first identity identification, a first transaction identification and the like, the data protector obtains the first identity identification, then converts the first identity identification into a replacement identity identification according to a mapping relation prestored by the data main body in a system of the data protector, and then sends the converted replacement identity identification to the data controller. The data controller obtains the converted replacement identification, and combines the converted replacement identification with the transaction related data to form complete transaction information. After the transaction is completed, the data controller may send the first transaction record to the data main body and the data protector, respectively.
Optionally, referring to fig. 4E, fig. 4E is a schematic diagram of a second-stage flow of another data management method according to an embodiment of the present application, and the second-stage flow can be applied to the system architecture in fig. 1 and the software system architectures in fig. 2A and fig. 2B. When a user submits a transaction demand, in order to reduce the identifiability of a third party to the identity information of the data body of the related data, the data body (terminal 102) can send the related data package from the data body to the data controller (third party 103), or the data body (terminal 102) forwards the related data package from the data body to the data controller (third party 103) through the data protector (data management device 101). The related data may be data such as a first transaction identifier and transaction content related to the service/transaction/service, so that after the data controller obtains the transaction content of the user, it is determined whether the first transaction is supported to ensure consistency of the transaction content. For example: the related data can be temporarily variable identity information attached to a data packet containing transaction data, and the data body attaches the temporarily variable identity information to the data packet containing the transaction data and sends the data packet to the data controller; another example is: the related data can be transaction data which is processed by a data main body by using a floating IP and a floating password (floating ID) and is sent to a data controller, wherein the floating IP is equivalent to a dynamic IP and refers to a mode of allocating an IP address when needed; for another example: the data main body sends the first identity identification and the transaction data to the data protector, and after the data protector performs relevant processing on the first identity identification to obtain a replacement identity identification, the replacement identity identification and the transaction data are sent to the data controller, so that the data protector controls the identifiability of any third party to the identity of the data main body within an allowable range, wherein the relevant data can be the replacement identity identification and the transaction data. Optionally, the related data and the transmission mode are not limited herein.
Step S407: and determining and storing a first check code of the first transaction record according to the first transaction record.
Specifically, the data management device determines and stores a first check code of the first transaction record according to the first transaction record. The first check code is generated after the first transaction record is encrypted according to an encryption rule. The first check code is mainly used for protecting the integrity of the first transaction record and the modifiable authority of the first transaction record, and preventing the first transaction record from being tampered or lost or being illegally utilized by lawbreakers and the like.
Step S408: and receiving the right-of-way operation instruction of the first transaction record sent by the terminal.
Specifically, the data management device receives a row right operation instruction, wherein the row right operation instruction comprises the first transaction identifier, a row right operation code and a second check code, and the row right operation code is used for indicating to execute one or more of the following operations of deleting, migrating and deeply anonymizing the first transaction record. The second check code is a check code of the first transaction record received by the terminal after the first transaction is completed. It is understood that the operation of right of way is a related operation made on the first transaction record, and the application is not limited to the operations of deleting, migrating and deep anonymizing. Optionally, referring to fig. 4F, fig. 4F is a schematic diagram of a third stage flow of a data management method according to an embodiment of the present application, and the third stage flow can be applied to the system architecture in fig. 1 and the software system architectures in fig. 2A and fig. 2B. The support data body carries out relevant row right operation processing on the data belonging to the first transaction record of the support data body, and the row right operations can be deletion, migration, deep anonymization and the like. The row right operation starts from the user interface of the data body, please refer to fig. 4G, and fig. 4G is a schematic diagram of the user interface of a terminal according to an embodiment of the present application. When the client operates the interface of history browsing or history browsing in some form, after selecting some or some group of data, further determining the type of the right-of-way operation on the history data. And then the data body sends the row right operation instruction with the transaction identifier, the row right operation code and the check code to the data protector.
Step S409: and if the second check code is consistent with the first check code, verifying whether the row right operation instruction can be executed.
Specifically, if the data management device determines that the second check code is consistent with the first check code, it is further verified whether the row right operation instruction is executable. The second check code is the check code of the first transaction record received by the terminal after the first transaction is completed, so that if the second check code is consistent with the first check code generated after the first transaction record is encrypted according to the encryption rule, it can be said that the first transaction record is not tampered or lost, and further, it can be verified whether the authorization operation instruction is executable. Executable, the third party can support the bank operation in the bank operation instruction on the first transaction record. For example: under certain conditions, the facilitator a can only support the operation of performing deep anonymization on the first transaction record, and cannot support the operation of performing deletion on the first transaction record. Therefore, when the row right operation in the row right operation instruction is deep anonymization, the data management device verifies that the row right operation instruction of the first transaction record is executable.
Step S410: and if the transaction record is executable, executing the operation command of the bank right, and synchronously updating the first transaction record in the terminal and/or the third party into a second transaction record after the operation command of the bank right is executed on the first transaction record.
Specifically, if the data management device verifies that the authorization operation instruction for the first transaction record is executable, the data management device may execute the authorization operation instruction, and further, synchronously update the second transaction record after the authorization operation instruction is executed to the terminal and/or the third party. Optionally, if the data management apparatus verifies that the operation instruction of the right of way of the first transaction record is executable, the data management apparatus may send the operation instruction of the right of way to the third party; and after the third party executes the operation command of the right of way, sending a second transaction record after the operation command of the right of way is executed to the data management device. The data management device receives a second transaction record after the third party sends the first transaction record and the right of way operation instruction is executed, and further, the first transaction record in the data management device/terminal can be updated to the second transaction record.
By implementing the embodiment of the application, the data management device can determine the replacement identity corresponding to the first identity according to the received first conversion information sent by the terminal and the stored mapping relationship between the first identity and the replacement identity. Wherein the replacement identity may serve to hide the first identity in a third party. If the data management device receives a transaction confirmation instruction indicating that the first transaction is valid, the replacement identity and the first transaction identity may be sent to a third party. Further, after the third party completes the transaction according to the replacement identity and the first transaction identifier, the third party sends the first transaction record to the data management device, and the data management device can determine and store the first check code of the first transaction record according to the first transaction record. Therefore, the data management device can compare whether the second check code is consistent with the first check code stored before according to the received operation instruction of the right of way of the first transaction record; if so, verifying whether the transaction record is feasible. And after the data management device verifies that the transaction record is valid and feasible, executing the operation command of the bank right, and synchronously updating the first transaction record in the terminal and/or the third party into a second transaction record after the operation command of the bank right is executed. The right-of-bank operation instruction comprises a first transaction identifier, a right-of-bank operation code and a second check code, wherein the right-of-bank operation code is used for indicating to execute one or more of the following operations of deleting, migrating and deeply anonymizing the first transaction record; and the first check code is generated after the first transaction record is encrypted according to the encryption rule. The data management device verifies whether the transaction record is valid by comparing the second check code with the first check code; and further verifying whether the transaction record is feasible after the verification is effective, and executing an authorization operation instruction on the transaction record according to a verification result. Therefore, the embodiment of the application can support the user to perform related copyright operation on the transaction record, and can prevent lawbreakers from tampering/acquiring the user characteristic information through the transaction record. More importantly, the replacement identity can replace the first identity for identifying the identity information of the user by the third party, so that the identity information of the user can be hidden, the identity can be better served to the individual, the unnecessary diffusion of personal data is controlled, and even the privacy leakage is avoided, thereby protecting the safety privacy of the identity information of the user and avoiding unnecessary harassment.
The method of the embodiment of the present application is explained in detail above, and the following provides a data management apparatus related to the embodiment of the present application, where the data management apparatus may be a service device that provides various conveniences for third party to use based on interactive data by quickly acquiring, processing, analyzing, and extracting valuable data. Referring to fig. 5, fig. 5 is a schematic structural diagram of a data management device according to an embodiment of the present application. May include a first receiving unit 501, a first determining unit 502, a sending unit 503; the method can also comprise the following steps: a second receiving unit 504, a second determining unit 505, a third receiving unit 506, a third determining unit 507, a fourth receiving unit 508, a verifying unit 509, an executing unit 510, an executing transmitting unit 511, and an executing receiving unit 512.
The first receiving unit 501 is configured to receive first conversion information sent by a terminal, where the first conversion information includes a first identity identifier and a first transaction identifier, the first identity identifier is a user identity identifier of the terminal, the first transaction identifier is used to identify a first transaction, and the first transaction includes transaction contents of the terminal and a third party.
A first determining unit 502, configured to determine, according to the first conversion information, a replacement identifier corresponding to the first identifier, where the replacement identifier is used for the third party to identify the first identifier.
A sending unit 503, configured to send the replacement identifier and the first transaction identifier to the third party if a transaction confirmation instruction sent by the third party is received, where the transaction confirmation instruction is used to indicate that the first transaction is valid.
In one possible implementation, the apparatus further includes: a second receiving unit 504, configured to receive the first identity identifier before the first conversion information sent by the receiving terminal, and generate the replacement identity identifier according to the first identity identifier and a preset rule; a second determining unit 505, configured to determine and store a mapping relationship between the first identity and the replacement identity.
In a possible implementation manner, the first determining unit 502 is specifically configured to determine, according to a first identity and a stored mapping relationship between the first identity and a replacement identity, a replacement identity corresponding to the first identity.
In one possible implementation, the apparatus further includes: a third receiving unit 506, configured to receive a first transaction record sent by the third party after the replacement identifier and the first transaction identifier are sent to the third party if a transaction confirmation instruction sent by the third party is received, where the first transaction record is a transaction record after the terminal and the third party complete the first transaction, and the first transaction record includes the replacement identifier and the first transaction; a third determining unit 507, configured to determine and store a first check code of the first transaction record according to the first transaction record, where the first check code is generated after the first transaction record is encrypted according to an encryption rule.
In one possible implementation, the apparatus further includes: a fourth receiving unit 508, configured to receive a row right operation instruction of the first transaction record sent by the terminal, where the row right operation instruction includes the first transaction identifier, a row right operation code, and a second check code, and the row right operation code is used to instruct to perform one or more of the following operations of deleting, migrating, and deeply anonymizing the first transaction record; a verification unit 509, configured to verify whether the row right operation instruction is executable if the second check code is identical to the first check code.
In one possible implementation, the apparatus further includes: the execution unit 510 is configured to execute the operation instruction of the bank right if the execution unit is executable, and synchronously update the first transaction record in the terminal and/or the third party to a second transaction record after the operation instruction of the bank right is executed on the first transaction record.
In one possible implementation, the apparatus further includes: an execution sending unit 511, configured to send the row right operation instruction to the third party if the execution sending unit is executable; the execution receiving unit 512 is configured to receive a second transaction record obtained by sending the first transaction record by the third party after the right-of-bank operation instruction is executed, and update the first transaction record to the second transaction record.
It should be noted that implementation of each operation may also correspond to corresponding description of the method embodiments shown in fig. 3 to fig. 4G, and details are not described here again.
Referring to fig. 6, fig. 6 is a schematic physical device structure diagram of a simplified data management device according to an embodiment of the present application, for easy understanding and convenience of illustration, in which the device 60 of fig. 6 may include one or more of the following components: a storage component 601, a processing component 602, a communication component 603.
The storage component 601 may include one or more storage units, each of which may include one or more memories, which may be used to store programs and various data and enable high-speed, automated access to the programs or data during operation of the device 60. Physical devices having two stable states, denoted "0" and "1", respectively, may be employed to store information. When the apparatus 60 shown in fig. 6 is the data management apparatus 101 shown in fig. 1, the storage element may be used to store the first identity, the first transaction identity, the replacement identity, and other related data.
A processing component 602, which may also be referred to as a processor, a processing unit, a processing board, a processing module, a processing device, etc. The Processing component may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. When the apparatus 60 shown in fig. 6 is the data management apparatus 101 shown in fig. 1, the processing component 602 is configured to call the data of the storage component 601 to perform the related description of the method described in fig. 3 to fig. 4G, which is not described herein again.
The communication component 603, which may also be referred to as a transceiver, or transceiver, etc., may include elements for wireless, wired, or other communication. Alternatively, the device for implementing the receiving function in the part 603 may be regarded as a receiving unit, and the device for implementing the transmitting function may be regarded as a transmitting unit, that is, the part 603 may include partial functions of the first receiving unit 501, the transmitting unit 503, the second receiving unit 504, the third receiving unit 506, the fourth receiving unit 508, the execution transmitting unit 511, the execution receiving unit 512, and the like.
It should be noted that specific implementation of each operation may also correspond to corresponding description of the method embodiments shown in fig. 3 to fig. 4G, and details are not described here again.
In this application, the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.
In addition, functional components in the embodiments of the present application may be integrated into one component, or each component may exist alone physically, or two or more components may be integrated into one component. The integrated components can be realized in a form of hardware or a form of software functional units.
The integrated components, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially or partially implemented in the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application. While the present application has been described herein in conjunction with various embodiments, other variations to the disclosed embodiments may be understood and effected by those skilled in the art in practicing the present application as claimed herein.

Claims (10)

1. A method for managing data, comprising:
receiving first conversion information sent by a terminal, wherein the first conversion information comprises a first identity identifier and a first transaction identifier, the first identity identifier is a user identity identifier of the terminal, the first transaction identifier is used for identifying a first transaction, and the first transaction comprises transaction contents of the terminal and a third party;
determining a replacement identity corresponding to the first identity according to the first conversion information, wherein the replacement identity is used for the third party to identify the first identity;
and if a transaction confirmation instruction sent by the third party is received, sending the replacement identity identifier and the first transaction identifier to the third party, wherein the transaction confirmation instruction is used for indicating that the first transaction is valid.
2. The method of claim 1, wherein before receiving the first conversion information sent by the terminal, the method further comprises:
receiving the first identity mark, and generating the replacement identity mark according to the first identity mark and a preset rule;
and determining and storing the mapping relation between the first identity and the replacement identity.
3. The method of claim 2, wherein the determining the alternative id corresponding to the first id according to the first conversion information comprises:
and determining a replacement identity corresponding to the first identity according to the first identity and a stored mapping relation between the first identity and the replacement identity.
4. The method according to any one of claims 1 to 3, wherein after sending the replacement identity and the first transaction identity to the third party if receiving the transaction confirmation instruction sent by the third party, further comprising:
receiving a first transaction record sent by the third party, wherein the first transaction record is a transaction record after the terminal and the third party complete the first transaction, and the first transaction record comprises the replacement identity and the first transaction;
and determining and storing a first check code of the first transaction record according to the first transaction record, wherein the first check code is generated after the first transaction record is encrypted according to an encryption rule.
5. The method of claim 4, further comprising:
receiving a row right operation instruction of the first transaction record sent by the terminal, wherein the row right operation instruction comprises the first transaction identifier, a row right operation code and a second check code, and the row right operation code is used for indicating to execute one or more of the following operations of deleting, migrating and deeply anonymizing the first transaction record;
and if the second check code is consistent with the first check code, verifying whether the row right operation instruction can be executed.
6. The method of claim 5, further comprising:
and if the transaction record is executable, executing the operation command of the bank right, and synchronously updating the first transaction record in the terminal and/or the third party into a second transaction record after the operation command of the bank right is executed on the first transaction record.
7. The method of claim 5, further comprising:
if the operation is executable, the operation instruction of the row right is sent to the third party;
and receiving a second transaction record after the first transaction record is executed with the right-of-way operation instruction and sent by the third party, and updating the first transaction record into the second transaction record.
8. A data management apparatus, comprising
The first receiving unit is used for receiving first conversion information sent by a terminal, wherein the first conversion information comprises a first identity identifier and a first transaction identifier, the first identity identifier is a user identity identifier of the terminal, the first transaction identifier is used for identifying a first transaction, and the first transaction comprises transaction contents of the terminal and a third party;
a first determining unit, configured to determine, according to the first conversion information, a replacement identifier corresponding to the first identifier, where the replacement identifier is used for the third party to identify the first identifier;
and the sending unit is used for sending the replacement identity and the first transaction identifier to the third party if a transaction confirmation instruction sent by the third party is received, wherein the transaction confirmation instruction is used for indicating that the first transaction is valid.
9. The data management device is characterized by comprising a processing component, a storage component and a communication module component, wherein the processing component, the storage component and the communication module component are connected with each other, the storage component is used for storing data processing codes, and the communication component is used for carrying out information interaction with external equipment; the processing component is configured for invoking program code for performing the method according to any one of claims 1-7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores program instructions that, when executed by a processor, cause the processor to perform the method of any of claims 1-7.
CN201910140792.5A 2019-02-26 2019-02-26 Data management method and device Pending CN111612467A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910140792.5A CN111612467A (en) 2019-02-26 2019-02-26 Data management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910140792.5A CN111612467A (en) 2019-02-26 2019-02-26 Data management method and device

Publications (1)

Publication Number Publication Date
CN111612467A true CN111612467A (en) 2020-09-01

Family

ID=72201297

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910140792.5A Pending CN111612467A (en) 2019-02-26 2019-02-26 Data management method and device

Country Status (1)

Country Link
CN (1) CN111612467A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888600A (en) * 2009-05-14 2010-11-17 华为技术有限公司 Method and device for concealing subscriber number
CN102124767A (en) * 2008-10-10 2011-07-13 上海贝尔股份有限公司 Method and apparatus for providing user of communication terminal with identity confidentiality protection
CN104579668A (en) * 2013-10-28 2015-04-29 深圳市腾讯计算机系统有限公司 User identity verification method, password protection device and verification system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102124767A (en) * 2008-10-10 2011-07-13 上海贝尔股份有限公司 Method and apparatus for providing user of communication terminal with identity confidentiality protection
CN101888600A (en) * 2009-05-14 2010-11-17 华为技术有限公司 Method and device for concealing subscriber number
CN104579668A (en) * 2013-10-28 2015-04-29 深圳市腾讯计算机系统有限公司 User identity verification method, password protection device and verification system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张德时: "地方高校教育信息化建设与应用创新", 31 December 2010, 东南大学出版社, pages: 245 *
明日科技: "JavaWeb项目开发实战入门全彩版", 30 April 2017, 吉林大学出版社, pages: 161 *

Similar Documents

Publication Publication Date Title
CN108810006B (en) Resource access method, device, equipment and storage medium
CN102394887B (en) OAuth protocol-based safety certificate method of open platform and system thereof
CN108923908B (en) Authorization processing method, device, equipment and storage medium
CN108763921B (en) A kind of method of application software and SDK control
WO2015027781A1 (en) Communication method, data processing platform and communication system
CN112016106B (en) Authentication calling method, device and equipment of open interface and readable storage medium
CN111383018B (en) Node group creating method and node group-based transaction method in alliance chain network
CN108307333B (en) Method and device for transmitting intermediate number for mobile communication equipment and storage medium
CN110908786A (en) Intelligent contract calling method, device and medium
EP3937040A1 (en) Systems and methods for securing login access
JP2019510316A (en) Method and device for providing account linking and service processing
CN108718323A (en) A kind of identity identifying method and system
CN111260475A (en) Data processing method, block chain node point equipment and storage medium
US9197591B2 (en) Method and system for validating email from an internet application or website
US11736299B2 (en) Data access control for edge devices using a cryptographic hash
Chauhan Iot network identity management using smart contract and blockchain technology
JP2009070020A (en) Online service provision system, personal terminal, management server, online service providing method and program
CN109802927B (en) Security service providing method and device
CN111612467A (en) Data management method and device
WO2021037112A1 (en) Short message processing method and system, and terminal device and storage medium
CN114861144A (en) Data authority processing method based on block chain
CN106534047A (en) Information transmitting method and apparatus based on Trust application
CN114024692A (en) Signing method, device and system
JP2007249690A (en) Member management system, service providing terminal and its method
JP2020004011A (en) Information management system and information management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination