CN117371023A - Service data acquisition method, device, computer equipment and storage medium - Google Patents

Abstract

The present application relates to a service data acquisition method, apparatus, computer device, storage medium and computer program product usable in the big data technical field. The method comprises the following steps: acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request; generating and sending a second service data acquisition request to the server based on the user identification; acquiring a service data message fed back by the server based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the server after the service data is encrypted according to an encryption key, and the encryption key is obtained by the server after the service data is queried from a blockchain based on the user identifier; inquiring a decryption key corresponding to the user identifier from the blockchain; and decrypting the encrypted service data based on the decryption key to obtain target service data. By adopting the method, the service data can be safely acquired.

Description

Service data acquisition method, device, computer equipment and storage medium

Technical Field

The present invention relates to the field of big data technologies, and in particular, to a service data acquisition method, apparatus, computer device, storage medium, and computer program product.

Background

With the development of big data technology, the application scenario of encrypting service data is gradually increasing. Taking a mobile phone verification code as an example, in general, the mobile phone verification code is transmitted to a mobile phone of a user in a plaintext manner, but the verification code is easy to intercept in the process, so that the verification code leaks, and a technology for encrypting the mobile phone verification code appears.

At present, the method for encrypting the service data such as the mobile phone verification code and the like can be as follows: the terminal uploads a service data acquisition request to the server, the server encrypts the service data by adopting a general encryption algorithm, and sends a decryption key corresponding to the encryption key and the encrypted service data to the terminal, the terminal receives the decryption key corresponding to the encryption key and the encrypted service data, and the decryption key is adopted to decrypt the encrypted service data. However, this method is not secure enough, and encryption of service data cannot be performed securely.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a secure business data encryption method, apparatus, computer device, computer readable storage medium, and computer program product.

In a first aspect, the present application provides a service data acquisition method, where the method includes:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to a server based on the user identification;

acquiring a service data message fed back by the service end based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the service end after the service data is encrypted according to an encryption key, and the encryption key is obtained by the service end based on the user identifier and inquired from a blockchain;

inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

In one embodiment, before the obtaining the first service data obtaining request uploaded by the user and extracting the user identifier carried in the first service data obtaining request, the method further includes:

when a registration request uploaded by a user is acquired, extracting a second user identifier and second terminal serial number information in the registration request, and randomly generating an encryption key pair, wherein the encryption key pair comprises an encryption key and a decryption key corresponding to the encryption key;

Associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table;

and sending the user key table to the blockchain.

In one embodiment, when obtaining the registration request uploaded by the user, extracting the second user identifier and the second terminal serial number information in the registration request includes:

pushing a user privacy information acquisition request when acquiring a registration request uploaded by a user;

and when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting a second user identification and second terminal serial number information in the registration request.

In one embodiment, the generating, based on the user identifier, and sending, to the server, a second service data acquisition request includes:

extracting first terminal serial number information carried in the first service data acquisition request, and acquiring a user key table from the blockchain;

inquiring second terminal serial number information corresponding to the user identifier from the user key table;

and generating and sending a second service data acquisition request to the server based on the user identifier when the first terminal serial number information is matched with the second terminal serial number information.

In one embodiment, the method further comprises:

inquiring a second user identifier matched with the user identifier from the user key table to obtain an inquiry result;

if the query result representation fails, pushing a data acquisition failure message;

and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

In one embodiment, the querying the blockchain for the decryption key corresponding to the user identifier includes:

invoking a block chain interface to acquire a user key table from the block chain;

and inquiring the decryption key corresponding to the user identifier from the user key table.

In a second aspect, the present application provides a service data acquisition apparatus, including:

the device comprises an identification acquisition module, a first service data acquisition module and a second service data acquisition module, wherein the identification acquisition module is used for acquiring a first service data acquisition request uploaded by a user and extracting a user identification carried in the first service data acquisition request;

the request generation module is used for generating and sending a second service data acquisition request to the server based on the user identification;

the data acquisition module is used for acquiring a service data message fed back by the server based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the server after the service data is encrypted according to an encryption key, and the encryption key is obtained by the server based on the user identifier and is inquired from a blockchain;

The key inquiry module is used for inquiring the decryption key corresponding to the user identifier from the blockchain;

and the data decryption module is used for decrypting the encrypted service data based on the decryption key to obtain target service data.

In a third aspect, the present application also provides a computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to a server based on the user identification;

acquiring a service data message fed back by the service end based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the service end after the service data is encrypted according to an encryption key, and the encryption key is obtained by the service end based on the user identifier and inquired from a blockchain;

inquiring a decryption key corresponding to the user identifier from the blockchain;

And decrypting the encrypted service data based on the decryption key to obtain target service data.

In a fourth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to a server based on the user identification;

acquiring a service data message fed back by the service end based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the service end after the service data is encrypted according to an encryption key, and the encryption key is obtained by the service end based on the user identifier and inquired from a blockchain;

inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

In a fifth aspect, the present application also provides a computer program product comprising a computer program which, when executed by a processor, performs the steps of:

Acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to a server based on the user identification;

acquiring a service data message fed back by the service end based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the service end after the service data is encrypted according to an encryption key, and the encryption key is obtained by the service end based on the user identifier and inquired from a blockchain;

inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

The service data acquisition method, the device, the computer equipment, the storage medium and the computer program product are characterized in that the service end inquires the encryption key from the blockchain based on the user identification to encrypt the service data, the encrypted service data is sent to the application end, the application end inquires the decryption key corresponding to the encrypted service data from the blockchain based on the user identification to decrypt the encrypted service data, namely the encryption key and the decryption key are stored in the blockchain, and only the accurate inquiry can be realized based on the user identification without transmitting the encryption key and the decryption key from the service end to the application end, so that the leakage of the key can be avoided, and the safe service data acquisition is realized.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for a person having ordinary skill in the art.

FIG. 1 is an application environment diagram of a business data acquisition method in one embodiment;

FIG. 2 is a flow chart of a method for acquiring service data in one embodiment;

FIG. 3 is a flowchart of a method for acquiring service data according to another embodiment;

FIG. 4 is a block diagram of a service data acquisition device in one embodiment;

fig. 5 is an internal structural diagram of a computer device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.

The service data acquisition method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Various applications exist on the terminal 102, the terminal 102 may communicate with the application end 104 of each application through a network, and the application end 104 communicates with the service end 106 through the network. The data storage system may store data that the server 106 needs to process. The data storage system may be integrated on the server 106 or may be located on a cloud or other network server.

The user operates on the terminal 102 and clicks a data acquisition key on the interface of the terminal 102; the terminal 102 obtains a user identifier based on the clicking behavior of the user, and generates a first service data obtaining request to the application end 104 based on the user identifier; the application end 104 acquires a first service data acquisition request uploaded by a user and extracts a user identifier carried in the first service data acquisition request; generating and sending a second service data acquisition request to the server 106 based on the user identifier; the server 106 obtains data based on the second service data obtaining request, queries and obtains an encryption key from the blockchain based on the user identifier, encrypts the service data by using the encryption key to obtain encrypted service data, generates a service data message according to the encrypted service data and the user identifier, and feeds back the service data message to the application 104; the application 104 inquires the decryption key corresponding to the user identifier from the blockchain; and decrypting the encrypted service data based on the decryption key to obtain target service data. Further, the application 104 may push the target service data to the terminal 102 to present the target service data to the user.

The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 106 may be implemented as a stand-alone server or as a server cluster comprising a plurality of servers.

In an exemplary embodiment, as shown in fig. 2, a service data acquisition method is provided, and an application of the method to the application end 104 in fig. 1 is taken as an example for explanation, which includes the following S200 to S600. Wherein:

s200, acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request.

Specifically, the user operates on the terminal and clicks a data acquisition key of an application interface on the terminal; because the clicking action of the user is performed by the user identity, the terminal can acquire the user identity based on the clicking action of the user and generate a first service data acquisition request to the application terminal based on the user identity, wherein the service data acquisition request can be service data such as verification codes, account balances, deposit records and the like; the application end acquires a first service data acquisition request uploaded by a user, analyzes the first service data acquisition request, and extracts a user identifier carried in the first service data acquisition request. Further, the application end can be a mobile phone bank application end or other application ends which can interact with the service end.

S300, based on the user identification, generating and sending a second service data acquisition request to the server.

Specifically, the server acquires the user identifier, and generates a second service data acquisition request based on the user identifier, wherein the second service data acquisition request carries the user identifier, and the second service data acquisition request is different from the first service data acquisition request in that: the first service data acquisition request is sent from the terminal to the application terminal, and the second service data acquisition request is sent from the application terminal to the server terminal. Further, the method and the device also judge whether the user identifier is legal or not, so that a second service data acquisition request carrying the legal user identifier can be sent to the server.

S400, the service end acquires the service data message which is requested to be fed back based on the second service data.

The service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by encrypting the service data by the service end according to an encryption key, and the encryption key is obtained by inquiring from the blockchain by the service end based on the user identifier.

Specifically, the server obtains data based on the second service data obtaining request, and queries and obtains an encryption key from the blockchain based on the user identifier, wherein the blockchain is a securely shared decentralized data ledger, and the blockchain technology supports a group of specific participation modes to share data. The service end encrypts the service data by adopting the encryption key to obtain encrypted service data, generates service data information according to the encrypted service data and the user identification, and feeds back the service data information to the application end.

Further, the server obtaining data based on the second service data obtaining request includes: after receiving the second service data request, the data to be acquired is queried or randomly generated. Taking the second service data acquisition request as an example of the verification code acquisition request, the server side randomly generates the verification code after receiving the second service data acquisition request. For another example, the server receives the account balance obtaining request, extracts the user identifier in the account balance obtaining request, and queries the account balance corresponding to the user identifier from the database.

S500, inquiring a decryption key corresponding to the user identifier from the blockchain.

Specifically, the application end obtains the encrypted service data and the user identifier at this time, and the application end needs to decrypt the encrypted service data to obtain the real service data. The service data is encrypted by the encryption key at the service end, and the encryption key is acquired in the blockchain based on the user identifier, so that a decryption key corresponding to the encryption key is acquired from the blockchain based on the user identifier to decrypt the encrypted service data. If the obtained decryption key corresponding to the user identifier is not obtained, the encrypted service data cannot be decrypted.

S600, decrypting the encrypted service data based on the decryption key to obtain the target service data.

Specifically, after the decryption key corresponding to the user identifier is queried, since the encrypted service data is encrypted by the encryption key corresponding to the decryption key, the decryption key can be used to decrypt the encrypted service data to obtain the target service data.

In the service data acquisition method, the service end inquires the encryption key from the blockchain based on the user identifier to encrypt the service data, the encrypted service data is sent to the application end, the application end inquires the decryption key corresponding to the encrypted service data from the blockchain based on the user identifier to decrypt the encrypted service data, namely the encryption key and the decryption key are stored in the blockchain, and only the accurate inquiry can be performed based on the user identifier without transmitting the encryption key and the decryption key from the service end to the application end, so that the leakage of the key can be avoided, and the safe service data acquisition is realized.

In an exemplary embodiment, as shown in fig. 3, S100 is further included before S200, and S100 includes S120 to S160. Wherein:

S120, when a registration request uploaded by a user is acquired, extracting a second user identification and second terminal serial number information in the registration request, and randomly generating an encryption key pair.

The terminal serial number information refers to serial number information of a terminal used by a user, and the serial number information includes, but is not limited to, characters in the form of numbers or letters. The encryption key pair includes a decryption key whose encryption key corresponds to the encryption key.

Specifically, before the user obtains service data, the user needs to be registered. Only registered users can acquire the target service data. Firstly, a user operates an application interface on a terminal, clicks a registration key of the application interface, generates a registration request based on a second user identifier and second terminal serial number information during registration, and sends the registration request to an application end to initialize the application end required to be used by the user, wherein the initialization refers to clearing registration information before the user in the application end and newly adding new registration information. The application end extracts the second user identification and the second terminal serial number information in the registration request, and takes the second user identification and the second terminal serial number information as new registration information. At this time, the encryption key pair may also be randomly generated. The encryption key may encrypt data, and the decryption key may decrypt data encrypted with the encryption key. In other words, the encryption key and the decryption key can be regarded as a public key and a private key.

And S140, associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table.

S160, the user key table is sent to the blockchain.

Specifically, the encryption key pair is associated with the user identifier and the second terminal serial number information in registration, and a user key table is obtained. The user key table refers to a second user identifier, second terminal serial number information and an encryption key pair which are associated in a table form. Taking an example that the user a sends a registration request to the application end, in a certain row in the user key table, there may be: user identification A, terminal serial number information of user identification A, encryption key pair of user identification A. Further, the user key table is sent to the blockchain for storage. Still further, a method of sending the user key table to the blockchain is to invoke the blockchain interface to send the user key table to the blockchain.

In this embodiment, the user identifier and the second terminal serial number information corresponding to the user identifier are registered and stored in the blockchain, so that the application end and the service end can obtain the registration information through the blockchain in a high-efficiency manner when in subsequent use, and the accuracy of the data can be improved due to the non-tamperability of the blockchain.

In an exemplary embodiment, when obtaining a registration request uploaded by a user, extracting the second user identifier and the second terminal serial number information in the registration request includes:

pushing a user privacy information acquisition request when acquiring a registration request uploaded by a user; and when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting the second user identification and the second terminal serial number information in the registration request.

Specifically, when the user uploads the registration request, the privacy information acquisition request pushed by the application end is acquired first, the user confirms authorization on the terminal interface based on the user privacy information acquisition request, so that the authorization message is uploaded to the application end, and after the application end acquires the authorization message, the second user identification and the second terminal serial number information in the registration request can be extracted. For example, when a user uses an application a on a terminal for the first time, registration is required, and when registration is performed, an application end obtains a user privacy consent form, and only after the user agrees to the user privacy consent form, the privacy data carried in the registration request can be processed, so that registration is performed.

Further, when the user uploads the authorization message based on the user privacy information acquisition request, the user can only browse the user privacy information acquisition request and perform the operation of confirming the authorization; the browsing time can be preset first, and when the actual browsing time exceeds the preset browsing time, the operation of confirming the authorization is performed; the operation of confirming the authorization may also be performed directly.

In this embodiment, by pushing the user privacy information acquisition request, when the user uploads the authorization message based on the user privacy information acquisition request, the second user identifier and the second terminal serial number information in the registration request can be extracted, instead of directly acquiring the privacy information in the registration request, so that the registration can be performed safely.

In an exemplary embodiment, generating, and sending, based on the user identification, a second service data acquisition request to the server includes:

extracting first terminal serial number information carried in a first service data acquisition request, and acquiring a user key table from a blockchain; inquiring second terminal serial number information corresponding to the user identifier from a user key table; and generating and sending a second service data acquisition request to the server based on the user identification when the first terminal serial number information is matched with the second terminal serial number information.

Specifically, when sending a second service data acquisition request carrying a user identifier to a server, it is required to determine whether a terminal serial number in a first service data acquisition request uploaded by a user at this time is a terminal serial number when the user registers before, that is, it is required to extract first terminal serial number information carried in the first service data acquisition request, and obtain second terminal serial number information pre-stored when the user registers before from a user key table in a blockchain, and compare whether the first terminal serial number information and the second terminal serial number information are matched.

Generally, since the user key table is the second user identifier, the second terminal serial number information, and the information associated with the encryption key pair, the terminal serial number pre-stored at the time of registration is acquired from the user key table in the blockchain and is queried by the user identifier in the first service data acquisition request.

If the first terminal serial number information is matched with the second terminal serial number information, a second service data acquisition request can be generated based on the user identification, and the second service data acquisition request is sent to the server. And if the first terminal serial number information is not matched with the second terminal serial number information, pushing the data acquisition failure message. The data acquisition failure message may be pushed to the terminal for presentation to the user.

In this embodiment, by determining whether the first terminal serial number information carried in the first service data acquisition request is matched with the second terminal serial number information pre-stored before, and sending the second service data acquisition request to the server to acquire data when the first terminal serial number information is matched with the second terminal serial number information, a security protection mechanism can be added to acquire data, and safe data acquisition can be realized.

In an exemplary embodiment, further comprising:

Inquiring a second user identifier matched with the user identifier from a user key table to obtain an inquiring result; if the query result representation fails, pushing a data acquisition failure message; and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

Specifically, when judging whether the first terminal serial number information carried in the first service data acquisition request is matched with the second terminal serial number information pre-stored in the user key table, the user identifier matched with the user identifier in the user key table can be queried based on the user identifier in the first service data acquisition request, so that whether the user identifier is matched is determined, and a query result is obtained. The query results include success or failure. If the query result is characterized successfully, namely, a second user identifier matched with the user identifier is queried, second terminal serial number information corresponding to the second user identifier can be obtained, and whether the second terminal serial number information is matched with the first terminal serial number information or not is judged; if the query result representation fails and the second user identification matched with the user identification cannot be queried, pushing the data acquisition failure message.

In this embodiment, the second terminal serial number information corresponding to the second user identifier is obtained by first querying the second user identifier matched with the user identifier in the user key table, so as to compare the second terminal serial number information with the first terminal serial number information, and double check can be performed on whether to generate the second service data obtaining request, thereby realizing safe obtaining of service data.

In one exemplary embodiment, querying the blockchain for the decryption key corresponding to the user identification includes:

invoking a block chain interface to acquire a user key table from a block chain; and inquiring the decryption key corresponding to the user identifier from the user key table.

Specifically, there is a user key table in the blockchain, and the user key table in the blockchain is obtained, where the user key table is information associated with a second user identifier, second terminal serial number information and an encryption key pair, and the second terminal serial number information and the encryption key pair corresponding to the user identifier can be queried from the user key table. After acquiring the required service data, the server side inquires an encryption key corresponding to the user identifier in the second service data acquisition request from a user key table, encrypts the service data by adopting the encryption key, thereby generating a service data message based on the encrypted service data and the user identifier, and feeding back the service data message to the application side.

At this time, the application end needs to decrypt the encrypted service data, that is, based on the user identifier in the service data message, the decryption key corresponding to the user identifier is queried from the blockchain, and because the encryption key corresponding to the user identifier and the decryption key are a pair of key pairs, the decryption key can be used to decrypt the service data encrypted by the encryption key, so as to obtain the target service data.

Further, the user key table is obtained from the blockchain, and can be an interface for calling the blockchain to call.

In this embodiment, by calling the interface of the blockchain, the user key table in the blockchain can be obtained efficiently, and further, the decryption key corresponding to the user identifier can be accurately queried from the user key table, so as to realize accurate decryption of the encrypted service data. And the service data is encrypted and decrypted by adopting the key, so that the safety in the service data acquisition process can be improved, furthermore, the key is stored in a user key table of a blockchain, and the corresponding key can be accurately inquired only by acquiring the user identifier corresponding to the key.

In one embodiment, taking service data as a short message verification code and an application end as a mobile banking app as an example, the service data acquisition method includes:

when a user uses the mobile banking app on the terminal for the first time, a registration key on the mobile banking app interface is clicked to register user information, at this time, the mobile banking app pushes a user privacy consent form to the terminal, after the user browses the user privacy consent form, the user clicks a confirmation authorization key to send an authorization message to the mobile banking app, the mobile banking app receives the authorization message, and after confirmation can acquire the user privacy information, the user identification and the terminal serial number information uploaded based on the user registration operation are extracted.

The mobile phone banking app takes the user identification and the terminal serial number information uploaded based on the user registration operation as registration information of the user, randomly generates an encryption key pair, invokes an interface of a far-end blockchain, and stores the encryption key pair, the user identification and the terminal serial number information in the blockchain.

When a user needs to acquire a short message verification code, clicking the short message acquisition verification code on the mobile banking app to send a short message verification code acquisition request to the mobile banking app, acquiring a user identifier carried in the short message verification code acquisition request, inquiring terminal serial number information corresponding to the user identifier stored in a far-end blockchain through the user identifier, comparing the terminal serial number information with current terminal serial number information carried in the current short message verification code acquisition request, and judging whether terminal equipment used by the current user is terminal equipment registered before the user, if so, sending the short message verification code acquisition request to a server, wherein the short message verification code acquisition request carries the user identifier; if not, the short message verification code acquisition failure message is pushed to the terminal.

The server side obtains a short message verification code obtaining request sent by the mobile phone banking app, randomly generates a short message verification code, extracts a user identifier from the short message verification code obtaining request, inquires an encryption key corresponding to the user identifier in the blockchain, so as to encrypt the short message verification code, sends the encrypted short message verification code and the user identifier to the mobile phone banking app, and inquires a decryption key corresponding to the user identifier from the blockchain through the received user identifier by the mobile phone banking app to decrypt the encrypted short message verification code to obtain the short message verification code.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a service data acquisition device for implementing the service data acquisition method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more service data obtaining devices provided below may refer to the limitation of the service data obtaining method hereinabove, and will not be repeated herein.

In an exemplary embodiment, as shown in fig. 4, there is provided a service data acquisition apparatus, including: the device comprises an identification acquisition module 200, a request generation module 300, a data acquisition module 400, a key inquiry module 500 and a data decryption module 600, wherein:

the identifier obtaining module 200 is configured to obtain a first service data obtaining request uploaded by a user, and extract a user identifier carried in the first service data obtaining request.

The request generating module 300 is configured to generate and send a second service data acquisition request to the server based on the user identifier.

The data acquisition module 400 is configured to acquire a service data message fed back by the server based on the second service data acquisition request, where the service data message includes encrypted service data and a user identifier, the encrypted service data is obtained by the server after encrypting the service data according to an encryption key, and the encryption key is obtained by the server by querying from the blockchain based on the user identifier.

And the key inquiry module 500 is used for inquiring the decryption key corresponding to the user identifier from the blockchain.

The data decryption module 600 is configured to decrypt the encrypted service data based on the decryption key to obtain the target service data.

In one embodiment, the service data acquisition device further includes a registration module, where the registration module is configured to extract, when a registration request uploaded by a user is acquired, a second user identifier and second terminal serial number information in the registration request, and randomly generate an encryption key pair, where the encryption key pair includes an encryption key and a decryption key corresponding to the encryption key; associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table; the user key table is sent to the blockchain.

In one embodiment, the registration module is further configured to push a user privacy information acquisition request when acquiring a registration request uploaded by a user; and when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting the second user identification and the second terminal serial number information in the registration request.

In one embodiment, the request generating module 300 is further configured to extract the first terminal serial number information carried in the first service data acquisition request, and acquire the user key table from the blockchain; inquiring second terminal serial number information corresponding to the user identifier from a user key table; and generating and sending a second service data acquisition request to the server based on the user identification when the first terminal serial number information is matched with the second terminal serial number information.

In one embodiment, the service data acquisition device further includes a user identifier query module, where the user identifier query module is configured to query a second user identifier matched with the user identifier from the user key table to obtain a query result; if the query result representation fails, pushing a data acquisition failure message; and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

In one embodiment, the key query module 500 is further configured to invoke a blockchain interface to obtain a user key table from a blockchain; and inquiring the decryption key corresponding to the user identifier from the user key table.

The above-mentioned various modules in the service data acquisition device may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one exemplary embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing data such as target business data. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a service data acquisition method.

It will be appreciated by those skilled in the art that the structure shown in fig. 5 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.

In one exemplary embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to the server based on the user identification;

acquiring a service data message fed back by the server based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the server after the service data is encrypted according to an encryption key, and the encryption key is obtained by the server after the service data is queried from a blockchain based on the user identifier;

Inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

In one embodiment, the processor when executing the computer program further performs the steps of:

when a registration request uploaded by a user is acquired, extracting a second user identifier and second terminal serial number information in the registration request, and randomly generating an encryption key pair, wherein the encryption key pair comprises an encryption key and a decryption key corresponding to the encryption key; associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table; the user key table is sent to the blockchain.

In one embodiment, the processor when executing the computer program further performs the steps of:

pushing a user privacy information acquisition request when acquiring a registration request uploaded by a user; and when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting the second user identification and the second terminal serial number information in the registration request.

In one embodiment, the processor when executing the computer program further performs the steps of:

extracting first terminal serial number information carried in a first service data acquisition request, and acquiring a user key table from a blockchain; inquiring second terminal serial number information corresponding to the user identifier from a user key table; and generating and sending a second service data acquisition request to the server based on the user identification when the first terminal serial number information is matched with the second terminal serial number information.

In one embodiment, the processor when executing the computer program further performs the steps of:

inquiring a second user identifier matched with the user identifier from a user key table to obtain an inquiring result; if the query result representation fails, pushing a data acquisition failure message; and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

In one embodiment, the processor when executing the computer program further performs the steps of:

invoking a block chain interface to acquire a user key table from a block chain; and inquiring the decryption key corresponding to the user identifier from the user key table.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to the server based on the user identification;

acquiring a service data message fed back by the server based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the server after the service data is encrypted according to an encryption key, and the encryption key is obtained by the server after the service data is queried from a blockchain based on the user identifier;

Inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

In one embodiment, the computer program when executed by the processor further performs the steps of:

when a registration request uploaded by a user is acquired, extracting a second user identifier and second terminal serial number information in the registration request, and randomly generating an encryption key pair, wherein the encryption key pair comprises an encryption key and a decryption key corresponding to the encryption key; associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table; the user key table is sent to the blockchain.

In one embodiment, the computer program when executed by the processor further performs the steps of:

pushing a user privacy information acquisition request when acquiring a registration request uploaded by a user; and when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting the second user identification and the second terminal serial number information in the registration request.

In one embodiment, the computer program when executed by the processor further performs the steps of:

extracting first terminal serial number information carried in a first service data acquisition request, and acquiring a user key table from a blockchain; inquiring second terminal serial number information corresponding to the user identifier from a user key table; and generating and sending a second service data acquisition request to the server based on the user identification when the first terminal serial number information is matched with the second terminal serial number information.

In one embodiment, the computer program when executed by the processor further performs the steps of:

inquiring a second user identifier matched with the user identifier from a user key table to obtain an inquiring result; if the query result representation fails, pushing a data acquisition failure message; and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

In one embodiment, the computer program when executed by the processor further performs the steps of:

invoking a block chain interface to acquire a user key table from a block chain; and inquiring the decryption key corresponding to the user identifier from the user key table.

In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to the server based on the user identification;

acquiring a service data message fed back by the server based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the server after the service data is encrypted according to an encryption key, and the encryption key is obtained by the server after the service data is queried from a blockchain based on the user identifier;

Inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

In one embodiment, the computer program when executed by the processor further performs the steps of:

when a registration request uploaded by a user is acquired, extracting a second user identifier and second terminal serial number information in the registration request, and randomly generating an encryption key pair, wherein the encryption key pair comprises an encryption key and a decryption key corresponding to the encryption key; associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table; the user key table is sent to the blockchain.

In one embodiment, the computer program when executed by the processor further performs the steps of:

pushing a user privacy information acquisition request when acquiring a registration request uploaded by a user; and when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting the second user identification and the second terminal serial number information in the registration request.

In one embodiment, the computer program when executed by the processor further performs the steps of:

extracting first terminal serial number information carried in a first service data acquisition request, and acquiring a user key table from a blockchain; inquiring second terminal serial number information corresponding to the user identifier from a user key table; and generating and sending a second service data acquisition request to the server based on the user identification when the first terminal serial number information is matched with the second terminal serial number information.

In one embodiment, the computer program when executed by the processor further performs the steps of:

inquiring a second user identifier matched with the user identifier from a user key table to obtain an inquiring result; if the query result representation fails, pushing a data acquisition failure message; and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

In one embodiment, the computer program when executed by the processor further performs the steps of:

invoking a block chain interface to acquire a user key table from a block chain; and inquiring the decryption key corresponding to the user identifier from the user key table.

It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use, and processing of the related data are required to meet the related regulations.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.

Claims (10)

1. A method for acquiring service data, the method comprising:

acquiring a first service data acquisition request uploaded by a user, and extracting a user identifier carried in the first service data acquisition request;

generating and sending a second service data acquisition request to a server based on the user identification;

acquiring a service data message fed back by the service end based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the service end after the service data is encrypted according to an encryption key, and the encryption key is obtained by the service end based on the user identifier and inquired from a blockchain;

Inquiring a decryption key corresponding to the user identifier from the blockchain;

and decrypting the encrypted service data based on the decryption key to obtain target service data.

2. The method of claim 1, wherein before the obtaining the first service data obtaining request uploaded by the user and extracting the user identifier carried in the first service data obtaining request, the method further comprises:

when a registration request uploaded by a user is acquired, extracting a second user identifier and second terminal serial number information in the registration request, and randomly generating an encryption key pair, wherein the encryption key pair comprises an encryption key and a decryption key corresponding to the encryption key;

associating the second user identifier, the second terminal serial number information and the encryption key pair to obtain a user key table;

and sending the user key table to the blockchain.

3. The method according to claim 2, wherein when obtaining the registration request uploaded by the user, extracting the second user identifier and the second terminal serial number information in the registration request includes:

pushing a user privacy information acquisition request when acquiring a registration request uploaded by a user;

And when acquiring the authorization message uploaded by the user based on the user privacy information acquisition request, extracting a second user identification and second terminal serial number information in the registration request.

4. The method of claim 1, wherein generating and sending a second service data acquisition request to a server based on the user identification comprises:

extracting first terminal serial number information carried in the first service data acquisition request, and acquiring a user key table from the blockchain;

inquiring second terminal serial number information corresponding to the user identifier from the user key table;

and generating and sending a second service data acquisition request to the server based on the user identifier when the first terminal serial number information is matched with the second terminal serial number information.

5. The method as recited in claim 4, further comprising:

inquiring a second user identifier matched with the user identifier from the user key table to obtain an inquiry result;

if the query result representation fails, pushing a data acquisition failure message;

and if the query result is successfully represented, acquiring second terminal serial number information corresponding to the second user identifier.

6. The method of claim 1, wherein querying the blockchain for the decryption key corresponding to the user identification comprises:

invoking a block chain interface to acquire a user key table from the block chain;

and inquiring the decryption key corresponding to the user identifier from the user key table.

7. A service data acquisition device, the device comprising:

the device comprises an identification acquisition module, a first service data acquisition module and a second service data acquisition module, wherein the identification acquisition module is used for acquiring a first service data acquisition request uploaded by a user and extracting a user identification carried in the first service data acquisition request;

the request generation module is used for generating and sending a second service data acquisition request to the server based on the user identification;

the data acquisition module is used for acquiring a service data message fed back by the server based on the second service data acquisition request, wherein the service data message comprises encrypted service data and a user identifier, the encrypted service data is obtained by the server after the service data is encrypted according to an encryption key, and the encryption key is obtained by the server based on the user identifier and is inquired from a blockchain;

the key inquiry module is used for inquiring the decryption key corresponding to the user identifier from the blockchain;

And the data decryption module is used for decrypting the encrypted service data based on the decryption key to obtain target service data.

8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.

9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.

10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.