CN112118221A - Block chain-based privacy data sharing-oriented capability access control method - Google Patents
Block chain-based privacy data sharing-oriented capability access control method Download PDFInfo
- Publication number
- CN112118221A CN112118221A CN202010789050.8A CN202010789050A CN112118221A CN 112118221 A CN112118221 A CN 112118221A CN 202010789050 A CN202010789050 A CN 202010789050A CN 112118221 A CN112118221 A CN 112118221A
- Authority
- CN
- China
- Prior art keywords
- data
- enterprise
- user
- token
- capability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a block chain-based privacy data sharing-oriented property access control method. And (3) building a server in the VMware virtual machine, configuring a CA on the server, and building a CA service for the invention. The enterprise A and the enterprise B apply for the digital identity certificates of the enterprises through the built CA service, and subsequent safe operation is facilitated. The invention has high authority management efficiency and stronger expandability, is more suitable for enterprise user private data sharing, namely a one-to-one special scene, and effectively avoids network attack and data leakage in the transaction process; meanwhile, the authorization use record of the data is defined, and a non-repudiation certificate is provided for relevant links of data opening and use.
Description
Technical Field
The invention relates to the field of access control, the field of data sharing and a alliance chain technology, in particular to a data sharing scheme realized based on an access control model of alliance chain and energy under the scene of enterprise user private data sharing.
Background
The rapidly developed mobile internet is gradually permeating the aspects of work and life of people, various mobile internet applications are rapidly developed, the data presentation exponential growth is realized by huge user quantity, the era of big data comes, and huge value is stored behind the data. In order to fully release the value of the data, circulation sharing of the data must be realized. While data sharing circulation presupposes explicit ownership of the data. Data in the enterprise is divided into desensitization data and non-desensitization data from ownership, data ownership of the desensitization data is the enterprise, the non-desensitization data belongs to user privacy data, and ownership is attributed to a user person. The national legal level requires that private data of users cannot be disclosed privately when data transaction between enterprises is carried out without authorization of the users. Therefore, when the enterprises deal with the private data of the users, the premise is that the data owner can not deal with the private data if the data owner approves the private data.
With the increasing importance of enterprises on mining data values and increasing market demands, it is a trend to obtain business benefits through user data. In order to solve the problem of sharing private data of users in enterprises, an authorization link of the users is indispensable. As one of the basic technologies for data protection, an access control mechanism can ensure that data can only be accessed by a user with authority, and a user authorization link is added in the data sharing process, so that the ownership of the data can be clarified, the safe and legal sharing of the data is realized, and the personal privacy of the user is protected. Common access control mechanisms include Access Control Lists (ACLs), role-based access control (RBACs), attribute-based access control mechanisms (ABACs), and the like. Early ACLs were created by assigning corresponding rights to each particular principal. The biggest problem of this mode is that the control of the authority is relatively dispersed and is not easy to manage. Later, the introduction of ABAC addressed this problem by assigning rights to roles, which were then assigned to principals, rather than granting rights directly to principals. However, as the number of subjects and resources increases, the scene becomes more complex, and more roles to be managed become necessary, which may lead to misuse of roles and may make control and management difficult. The ABAC realizes finer access control in a complex scene by introducing attributes, but the model is obviously complex, has poor flexibility and extensibility, and is not suitable for one-to-one control management. Most of the control models have the problems of lack of flexibility, poor expansibility, high overhead and the like, and are obviously not suitable for sharing private data of enterprise users.
In view of this, the present invention implements a scheme for enterprise user private data sharing based on a federation chain and a capability access control mechanism. The access control model based on the capability realizes one-to-one access control, and can greatly simplify authorized access of resources under the condition of not increasing the complexity of the access control model. Meanwhile, a alliance chain technology is introduced, chain certificates are stored in links such as data access control and the like, and non-repudiatable certificates are provided for links of data opening and authorized use. This solution solves the problem between data sharing and privacy protection.
Disclosure of Invention
The invention mainly aims to provide a scheme for sharing user privacy data (data which is not desensitized) in an enterprise, and aims to solve the problems of data sharing and user privacy protection, so that the data which is not desensitized in the enterprise can be shared and circulated, and the value is created. The system structure is shown in fig. 1.
The technical scheme adopted by the invention is the combination of the access control model based on the capability and the alliance chain, and the sharing and circulation of the private data of enterprise users are realized. The scheme is realized by taking an enterprise data sharing platform as a carrier. The platform is realized in a front-end and back-end separation mode, the front end is realized by an Vue framework, the back end is used for calling a front-end page in a restful API (application program interface) service mode realized based on SpringBoot + Mybatis, the database adopts a mainstream relational database Mysql due to weaker performance and storage of a block chain, and for selection of the type of the block chain, the characteristics of a private chain, a public chain and a alliance chain are considered, and a special scene is shared by enterprise data in combination, so the scheme selects the alliance chain as a bottom chain, a alliance chain network is built in a Docker container mode, the development language of a chain code contract is selected to be Go, the data on the chain is stored in a LevelDB database on a block chain link point, and the platform realizes on-chain, under-chain storage and inquiry audit through the Mysql and the alliance chain.
The specific scheme is shown in fig. 3, and the whole scheme mainly has the following roles:
1 data requestor
In the enterprise private data sharing scenario, the data requester is a certain enterprise that needs user private data. Referred to herein as enterprise a.
2 data owner
In the enterprise private data sharing scenario, the data owner is an enterprise storing user private data, and the enterprise does not have authority to share and use the user private data, referred to as enterprise B.
3 data owner
Under the enterprise private data sharing scene, the data owner is a user individual, and the data ownership is owned by the user individual, namely, the data ownership is not authorized by a user main body and cannot be transacted privately. Here denoted user C.
The scheme is realized as follows:
firstly, in the established alliance chain, an enterprise B establishes an alliance, different business channels are established aiming at enterprises which request data, and when the enterprise A requests the data, the enterprise A and the enterprise B are jointly added into the same data business channel.
And secondly, establishing a Windows Server2008 server in the VMware virtual machine, configuring a CA on the Windows Server2008 server, and establishing a CA service for the invention. The enterprise A and the enterprise B apply for the digital identity certificates of the enterprises through the built CA service, and subsequent safe operation is facilitated.
S1) the data sharing platform of the enterprise B displays the data list;
1) attaching category labels to the background sensitive data;
2) displaying to a sharing platform by label classification;
s2) enterprise a registering a platform account;
1) registering a platform account;
2) applying for a digital certificate;
s3) enterprise a requests data;
1) viewing a list of available data;
2) sending a data request;
s4) the platform controls the data ability;
1) applying for a permission token;
2) verifying the authority token;
3) energy entrusting;
s5) inquiring audit;
1) checking data transaction on the chain;
2) a linked query data transaction;
in the above steps, the specific implementation method is as follows:
s1), the content is displayed on the data sharing platform in the form of a label, for example, by analyzing and classifying the data in the background database in the data sharing platform of the enterprise B, such as the classification of the position trajectory data, the credit information data, the personal preference data, and the like, as shown in fig. 4.
S2), the content is that enterprise a registers account information on the data sharing platform of enterprise B, and the registration information includes description information such as enterprise name and enterprise scale, and generates a platform account private to company a. In addition, company a applies for a certificate to the CA service, the private key itself being stored locally for subsequent encryption operations, as shown in fig. 4 and 5.
S3), logging in the data sharing platform of enterprise B after enterprise a registers the account, and checking the existing user privacy data list, and meanwhile, searching the specified user data privacy information list according to the user keyword. When enterprise A needs private data of a certain user, click and apply for, fill in a data request, the data request content includes requester information, the purpose of the requested data, the name of the user, whether the authority token is available or not, and a digital certificate of the user. The data request information is encapsulated into JSON format and sent out, and chain storage is carried out through a storage contract, as shown in fig. 7.
S4), the authority control process for the data access of the enterprise A is the key point of the invention. The method mainly comprises three parts, namely application of the ability token, auditing of the ability token and authorization delegation.
For the application of the capability token, after the enterprise A submits a data request, the platform packages the data request information of the enterprise A and sends the data request information to a designated user in the form of a short message, after the user receives the short message, the user checks the content of the short message and opens a Web authorization link in the short message, as shown in FIG. 8, if the user agrees, the corresponding authorization information is filled in for generating the capability token; and if not, clicking to reject the data access request. When the platform collects the content of the Web authorization page, if the authorization is agreed, the data sharing platform generates a capability token according to the collected user authorization information, and the token information is encrypted through a digital certificate of an enterprise A and then carries a signature of the token information to be sent to an account of the enterprise A; and if the authorization is not agreed, returning the rejection information to the account of the enterprise A. In addition, the authorization result information of the user and the hash of the capability token are uploaded for storage. The JSON content format of the capability token is as follows,
wherein, "t _ ID" represents ID of the capability token, "issuers" represents issuer of the token, "dig _ sign" represents digital signature of the token, "issuers _ time" represents generation time of the token, "expire _ time" represents expiration time of the token, "encrypt" represents encryption type and public key of the token, and is _ delete represents whether delegation is performed.
For the verification of the authority token, when the enterprise A does not obtain the authority token, the enterprise A firstly needs to apply for the authority token through the steps, and after the authority token is applied for obtaining, when the enterprise A sends a data request in the data sharing platform, the applied authority token is encrypted through a sharing platform certificate and then is sent together with the data request. And the platform receives the data request information of the enterprise A, decrypts the data request information to obtain the capability token, and verifies the token. After the verification is passed, the private data acquisition link is encrypted by the enterprise A certificate and then sent to the A. And if the verification fails, returning request failure information. The processing result links chain storage and evidence through a storage and evidence contract.
For the delegation of the capability, the owner of the private data himself may delegate the proxy of the enterprise B by specifying the capability delegate or enterprise, for example, enterprise B, in the authorization link, and if the owner wants to revoke the capability of the capability delegate, the capability is revoked through the authorization link. And when the data sharing platform receives the capability revocation information of the user, updating the content of the capability token and setting the capability delegation field as false.
S5), storing hash of data sharing transaction record and capability token on the sharing platform database and the block chain, inquiring transaction information through a background for auditing by the sharing platform, and inquiring on the chain to verify the authenticity of the token and trace source and responsibility of data transaction.
Compared with the access control scheme in the existing data sharing scene, the access control scheme for the user privacy data provided by the invention has the following benefits:
the scheme of the invention is based on the alliance chain and the access control of the authority, is lighter and more flexible, has high authority management efficiency and stronger expandability compared with the traditional access control scheme, and is more suitable for the one-to-one special scene of enterprise user private data sharing.
The invention introduces CA certificate service in the right access control and data flow process, guarantees the authenticity of data through asymmetric encryption technology and digital signature technology, and effectively avoids network attack and data leakage in the transaction process.
The invention introduces the alliance chain technology in the data storage, the alliance chain has higher processing speed compared with a public chain, in addition, the information such as data transaction and the like is chain-stored by virtue of the non-falsification characteristic of the alliance chain, the authorization use record of the data is determined, and the non-repudiation certificate is provided for the relevant links of data opening and use.
Drawings
Fig. 1 is a system architecture diagram.
Fig. 2 is a functional block diagram.
FIG. 3 is a diagram of a capability control scheme.
Fig. 4 is a schematic diagram of data presentation.
FIG. 5 is a diagram of a registration page.
FIG. 6 is a diagram illustrating a certificate application
FIG. 7 is a schematic diagram of a data request.
Fig. 8 is a diagram illustrating user authorization.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the invention, reference should be made to the following detailed description taken in conjunction with the accompanying drawings. The specific steps of the implementation case are as follows:
step 001: the enterprise a opens the website of the data sharing platform of the enterprise B, fills in registration information, and registers an account, as shown in fig. 5.
Step 002: enterprise a opens a certificate service website and applies for a digital certificate. As shown in fig. 6.
Step 003: enterprise a browses sharable user data listed on the platform, clicks on application data, fills in request information, and imports its digital certificate, as shown in fig. 7.
Step 004: the data owner user receives the data request authorization short message, opens the link in the short message, and fills in the authority authorization information, as shown in fig. 8.
Step 005: the data sharing platform of enterprise B generates a capability token and securely encrypts the capability token to the account of enterprise a.
Step 006: and the enterprise A carries the capability token to send a data request, the sharing platform verifies successfully, the data owner is informed of the user private data use information through a short message, the private data obtaining interface link is returned, and the enterprise A obtains the interface address through certificate decryption to obtain the data. And if the shared platform fails to verify, returning verification failure information.
Step 007: enterprise a verifies the authenticity of the token and the transaction record by querying on the chain.
Step 008: and the data owner user clicks the ability to cancel the link, cancels the previous authorization information, and the sharing platform updates the token information in time.
In the implementation case of the invention, data related to user privacy in an internal database of an enterprise are selected, the data comprise privacy data information such as user credit, user track, user browsing record and the like, a multi-machine Fabric Block Link network is built on 3 Centos7 servers, and a CA service is built on a WindowServer2008 server. The enterprise a of the data requester applies for data through step 003, the enterprise B notifies the data owner user of the request message, the user authorizes through step 004, the enterprise B sends the token to the enterprise a through step 005, and the enterprise a acquires the data through step 006.
Claims (10)
1. Firstly, in a built alliance chain, an enterprise B establishes an alliance, different business channels are established for enterprises requesting data differently, and when the enterprise A requests data, the enterprise A and the enterprise B are jointly added into the same data business channel;
secondly, a server is built in the VMware virtual machine, a CA is configured on the server, and a CA service is built; the enterprise A and the enterprise B apply for own digital identity certificates through the built CA service; the method is characterized in that: the method comprises the following concrete implementation steps:
s1) the data sharing platform of the enterprise B displays the data list;
1) attaching category labels to the background sensitive data;
2) displaying to a sharing platform by label classification;
s2) enterprise a registering a platform account;
1) registering a platform account;
2) applying for a digital certificate;
s3) enterprise a requests data;
1) viewing the acquired data list;
2) sending a data request;
s4) the platform controls the data ability;
1) applying for a permission token;
2) verifying the authority token;
3) energy entrusting;
s5) inquiring audit;
1) checking data transaction on the chain;
2) and (5) performing offline query data transaction.
2. The block chain-based privacy data sharing-oriented capability access control method according to claim 1, wherein: the content in the S1) is displayed on the data sharing platform of the enterprise B in a label mode by analyzing and classifying the data in the background database in the data sharing platform.
3. The block chain-based privacy data sharing-oriented capability access control method according to claim 1, wherein: the content in the S2) is account information registered by the enterprise A on a data sharing platform of the enterprise B, the registered information comprises an enterprise name and enterprise scale description information, and a platform account private to the enterprise A is generated; in addition, company a applies for a certificate to the CA service, the private key itself being stored locally for subsequent encryption operations.
4. The block chain-based privacy data sharing-oriented capability access control method according to claim 1, wherein: s3), logging in a data sharing platform of an enterprise B after the enterprise A registers the account, checking a user privacy data list, and searching a specified user data privacy information list according to the user keyword; when enterprise A needs private data of a certain user, clicking application, filling a data request, wherein the data request content comprises requester information, the purpose of the requested data, the name of the user, whether a capability token exists or not and a digital certificate of the user; and encapsulating the data request information into a JSON format and sending the JSON format, and chaining the chain storage certificate through a storage certificate contract.
5. The block chain-based privacy data sharing-oriented capability access control method according to claim 1, wherein: s4), the content is a data sharing platform of the enterprise B, and the process of controlling the authority of the data access of the enterprise A is divided into three parts: application of the ability token, auditing of the ability token and delegation of the ability.
6. The block chain-based privacy data sharing-oriented capability access control method according to claim 5, wherein: for the application of the ability token, after the enterprise A submits a data request, the platform packages the data request information of the enterprise A and sends the data request information to a designated user in the form of a short message, after the user receives the short message, the user checks the content of the short message and opens a Web authorization link in the short message, and if the user agrees, corresponding authorization information is filled in for generating the ability token; if not, clicking to reject the data access request; when the platform collects the content of the Web authorization page, if the authorization is agreed, the data sharing platform generates a capability token according to the collected user authorization information, and the token information is encrypted through a digital certificate of an enterprise A and then carries a signature to be sent to an account of the enterprise A; if not, returning the refusal information to the account of the enterprise A; in addition, the authorization result information of the user and the hash of the capability token are uploaded for storage.
7. The block chain-based privacy data sharing-oriented capability access control method according to claim 5, wherein: for the examination and verification of the authority token, when the enterprise A does not obtain the authority token, firstly, the enterprise A needs to apply for the authority token through the steps, and after the authority token is applied for obtaining, when the enterprise A sends a data request in the data sharing platform, the applied authority token is encrypted through a sharing platform certificate and then is sent together with the data request; the platform receives the data request information of the enterprise A, decrypts the data request information to obtain a capability token, and verifies the token; after the verification is passed, the private data acquisition link is encrypted by the enterprise A certificate and then is sent to the A; if the verification fails, returning request failure information; the processing result links chain storage and evidence through a storage and evidence contract.
8. The block chain-based privacy data sharing-oriented capability access control method according to claim 5, wherein: for the authorization of the capability, the owner user of the privacy data designates the capability principal or enterprise in the authorization link, and if the owner user wants to revoke the right of the capability principal, the owner user revokes the capability through the authorization link; and when the data sharing platform receives the capability revocation information of the user, updating the content of the capability token and setting the capability delegation field as false.
9. The block chain-based privacy data sharing-oriented capability access control method according to claim 1, wherein: s5), storing hash of data sharing transaction record and capability token on the sharing platform database and the block chain, inquiring transaction information through a background for auditing by the sharing platform, and inquiring on the chain to verify the authenticity of the token and trace source and responsibility of data transaction.
10. The block chain-based privacy data sharing-oriented capability access control method according to claim 1, wherein: based on the combination of the access control model of the right and the alliance chain, the sharing and circulation of private data of enterprise users are realized; the method for controlling the access to the right facing to the private data sharing is realized by taking an enterprise data sharing platform as a carrier; the enterprise data sharing platform is realized in a front-end and back-end separation mode, the front end is realized by an Vue framework, the back end is realized in a restful API interface service mode realized based on SpringBoot + Mybatis for calling of a front-end page, the database adopts a mainstream relational database Mysql due to weaker performance and storage of a block chain, the alliance chain is selected as a bottom chain, an alliance chain network is established in a Docker container mode, the development language of a chain code contract is selected to be Go, data on the chain is stored in a LevelDB database on a block chain link point, and the platform realizes on-chain, off-chain storage and inquiry auditing through the Mysql and the alliance chain;
the method has the following roles:
the data requester: in an enterprise private data sharing scene, a data requester is an enterprise needing user private data;
the data owner: in the enterprise private data sharing scene, a data owner is an enterprise for storing user private data, and the enterprise does not have the authority to share and use the user private data;
data owner: under the enterprise private data sharing scene, the data owner is a user individual, and the data ownership is owned by the user individual, namely, the data ownership is not authorized by a user main body and cannot be transacted privately.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010789050.8A CN112118221B (en) | 2020-08-07 | 2020-08-07 | Block chain-based privacy data sharing-oriented capability access control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010789050.8A CN112118221B (en) | 2020-08-07 | 2020-08-07 | Block chain-based privacy data sharing-oriented capability access control method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112118221A true CN112118221A (en) | 2020-12-22 |
CN112118221B CN112118221B (en) | 2022-11-04 |
Family
ID=73803731
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010789050.8A Active CN112118221B (en) | 2020-08-07 | 2020-08-07 | Block chain-based privacy data sharing-oriented capability access control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112118221B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113139198A (en) * | 2021-05-08 | 2021-07-20 | 钦州云之汇大数据科技有限公司 | Enterprise management information sharing system based on Internet |
CN113315837A (en) * | 2021-05-27 | 2021-08-27 | 广联达科技股份有限公司 | Enterprise data sharing platform |
CN113329003A (en) * | 2021-05-24 | 2021-08-31 | 广州大学 | Access control method, user equipment and system for Internet of things |
CN113572794A (en) * | 2021-09-27 | 2021-10-29 | 江苏荣泽信息科技股份有限公司 | Trusted transmission sharing system and method for standing book data |
WO2022161124A1 (en) * | 2021-01-29 | 2022-08-04 | 北京京东拓先科技有限公司 | Data sharing method and apparatus |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110222518A (en) * | 2019-05-30 | 2019-09-10 | 北京工业大学 | Credible powers and functions access control method based on block chain |
CN110299195A (en) * | 2019-06-11 | 2019-10-01 | 中国矿业大学 | The electronic health record shared system and application method with secret protection based on alliance's chain |
CN110692228A (en) * | 2019-03-01 | 2020-01-14 | 阿里巴巴集团控股有限公司 | Method and equipment for protecting transaction activity sensitive data based on intelligent contracts in blockchain |
CN111062807A (en) * | 2019-12-17 | 2020-04-24 | 北京工业大学 | Internet of things data service credit assessment method based on block chain |
US20200195645A1 (en) * | 2019-07-24 | 2020-06-18 | Alibaba Group Holding Limited | Blockchain-based account management |
CN111444261A (en) * | 2020-02-13 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Enterprise data sharing model based on block chain |
-
2020
- 2020-08-07 CN CN202010789050.8A patent/CN112118221B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110692228A (en) * | 2019-03-01 | 2020-01-14 | 阿里巴巴集团控股有限公司 | Method and equipment for protecting transaction activity sensitive data based on intelligent contracts in blockchain |
CN110222518A (en) * | 2019-05-30 | 2019-09-10 | 北京工业大学 | Credible powers and functions access control method based on block chain |
CN110299195A (en) * | 2019-06-11 | 2019-10-01 | 中国矿业大学 | The electronic health record shared system and application method with secret protection based on alliance's chain |
US20200195645A1 (en) * | 2019-07-24 | 2020-06-18 | Alibaba Group Holding Limited | Blockchain-based account management |
CN111062807A (en) * | 2019-12-17 | 2020-04-24 | 北京工业大学 | Internet of things data service credit assessment method based on block chain |
CN111444261A (en) * | 2020-02-13 | 2020-07-24 | 江苏荣泽信息科技股份有限公司 | Enterprise data sharing model based on block chain |
Non-Patent Citations (1)
Title |
---|
周艺华等: "基于区块链的数据管理方案", 《信息安全研究》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022161124A1 (en) * | 2021-01-29 | 2022-08-04 | 北京京东拓先科技有限公司 | Data sharing method and apparatus |
CN113139198A (en) * | 2021-05-08 | 2021-07-20 | 钦州云之汇大数据科技有限公司 | Enterprise management information sharing system based on Internet |
CN113139198B (en) * | 2021-05-08 | 2023-03-31 | 上海埃林哲软件系统股份有限公司 | Enterprise management information sharing system based on Internet |
CN113329003A (en) * | 2021-05-24 | 2021-08-31 | 广州大学 | Access control method, user equipment and system for Internet of things |
CN113329003B (en) * | 2021-05-24 | 2022-02-11 | 广州大学 | Access control method, user equipment and system for Internet of things |
CN113315837A (en) * | 2021-05-27 | 2021-08-27 | 广联达科技股份有限公司 | Enterprise data sharing platform |
CN113572794A (en) * | 2021-09-27 | 2021-10-29 | 江苏荣泽信息科技股份有限公司 | Trusted transmission sharing system and method for standing book data |
CN113572794B (en) * | 2021-09-27 | 2022-03-29 | 江苏荣泽信息科技股份有限公司 | Trusted transmission sharing system and method for standing book data |
Also Published As
Publication number | Publication date |
---|---|
CN112118221B (en) | 2022-11-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112118221B (en) | Block chain-based privacy data sharing-oriented capability access control method | |
CN111488598B (en) | Access control method, device, computer equipment and storage medium | |
US10735202B2 (en) | Anonymous consent and data sharing on a blockchain | |
US8015596B2 (en) | Shared credential store | |
US10263987B2 (en) | Techniques for sharing virtual machine (VM) resources | |
US9209973B2 (en) | Delegate authorization in cloud-based storage system | |
EP1460511B1 (en) | Reviewing cached user-group information in connection with issuing a digital rights management (DRM) license for content | |
CN105516110B (en) | Mobile device security data transmission method | |
US8171558B2 (en) | Inter-program authentication using dynamically-generated public/private key pairs | |
US8990896B2 (en) | Extensible mechanism for securing objects using claims | |
US20120036360A1 (en) | System and method establishing trusted relationships to enable secure exchange of private information | |
US10148637B2 (en) | Secure authentication to provide mobile access to shared network resources | |
JP2003022253A (en) | Server, information processor, its access control system and method | |
JP2003228520A (en) | Method and system for offline access to secured electronic data | |
CN103563294A (en) | Authentication and authorization methods for cloud computing platform security | |
JP2003228519A (en) | Method and architecture for providing pervasive security for digital asset | |
JP2010538365A (en) | Restricted security tokens that can be transferred | |
US20040034769A1 (en) | Vault controller supervisor and method of operation for managing multiple independent vault processes and browser sessions for users in an electronic business system | |
US11757877B1 (en) | Decentralized application authentication | |
Fugkeaw | Achieving privacy and security in multi-owner data outsourcing | |
Wise et al. | Cloud docs: secure scalable document sharing on public clouds | |
WO2017008640A1 (en) | Method for issuing access token and related device | |
Miller et al. | Security for the Meteor workflow management system | |
Kaffel-Ben Ayed et al. | A generic Kerberos-based access control system for the cloud | |
WO2022144024A1 (en) | Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |