Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in more detail.
The present invention adopts the method for similar bank management, personal data bank identifier (PDBID by a similar account No., Personal Data Bank ID) corresponding personal data space is managed, need not to adopt that the mode by absolute path manages the personal data space in the prior art.As shown in Figure 2, the synoptic diagram that the internet target data is conducted interviews for internet data access side among the present invention, the internet data access side conducts interviews to network data bank by the message that comprises personal data bank identifier, network data bank obtains internet target data in the corresponding personal data space according to the personal data bank identifier that comprises in the message, returns to the internet data access side.Among the present invention, access side and not knowing needs the memory address of the internet target data of visit, not directly to operations such as the internet target data conduct interviews; The internet target data are managed by network data bank, and the internet target data of access side's visit can be the storage spaces of distributing in the network data bank that is used to store personal data, also can be the storage spaces that is independent of network data bank.And network data bank externally provides disclosed server, and all-access side is all known, after the access side is known the address of this server, just can conduct interviews to this server.
According to different needs, personal data bank identifier can adopt different forms, for example can be words identification, bar code sign, number sign or picture identification etc.Suppose that personal data bank identifier is a picture identification, then represent different personal data bank identifiers with different pictures, this moment, picture was corresponding one by one with individual data banking addressing sign.Like this, the user need not to know that the absolute path in personal data space just can conduct interviews to the personal data space, has made things convenient for manipulating of user, and the access stencil variation.
The invention provides the management system of internet personal data silver technology, this system comprises network data bank and victim's client; The inner structure synoptic diagram of network data of the present invention bank has been shown among Fig. 3 a, here, suppose that network data bank realizes by network equipment, the disclosed server that the just aforesaid network data of network equipment bank externally provides, Fig. 3 b are the structural representation example of network equipment.
Described network equipment, be used to receive the sign application request that victim's client is initiated, for this victim's client is distributed personal data storing sub-units and identification information, to this victim's client feedback application response message, described identification information comprises individual data banking addressing sign (PDBAID, Personal Data Bank AccessID) and personal data bank identifier, described personal data bank identifier is corresponding one by one with described individual data banking addressing sign, described individual data banking addressing sign is used for addressing personal data storing sub-units one to one with it, and described application response message comprises personal data bank identifier;
Described victim's client is used for sending sign application request to network equipment, receives the application response message of network equipment feedback.Victim's client can have a plurality of personal data bank identifiers, individual data banking addressing sign is equivalent to the absolute position in the personal data storage unit of personal data storing sub-units, when the personal data storing sub-units is conducted interviews, send personal data bank identifier to network equipment, network equipment inquires corresponding individual data banking addressing sign by the personal data bank identifier that receives, be addressed to corresponding personal data storing sub-units by individual data banking addressing sign, then, just can the personal data storing sub-units that be addressed to be conducted interviews.Among the present invention, the personal data storage unit is the personal data space just, and the personal data storage unit comprises a plurality of personal data storing sub-units.
Alternatively, this network equipment comprises individual data banking administrative center, individual data banking database and personal data storage unit, and its structural representation is shown in Fig. 3 b.
Described individual data banking administrative center, be used to receive the sign application request that victim's client is initiated, be this victim's client allocation identification information, and control personal data storage unit is that this victim's client is distributed the personal data storing sub-units, identification information is stored in the individual data banking database, and to this victim's client feedback application response message, described identification information comprises the personal data bank identifier of individual data banking addressing sign and corresponding victim's client identification, described personal data bank identifier is corresponding one by one with described individual data banking addressing sign, described individual data banking addressing sign is used for addressing personal data storing sub-units one to one with it, and described application response message comprises personal data bank identifier;
Described individual data banking database is used under the control of individual data banking administrative center, saves as the identification information that this victim's client is distributed; The identification information of preserving in the individual data banking database comprises personal data bank identifier, the individual data banking addressing corresponding with personal data bank identifier sign and with the corresponding victim's client identification of personal data bank identifier etc., only mark the individual data banking addressing sign of corresponding personal data bank identifier among the figure in the individual data banking database, also comprised victim's client identification of corresponding each personal data bank identifier etc. certainly;
Described personal data storage unit is used under the control of individual data banking administrative center, for this victim's client is distributed the personal data storing sub-units.
Alternatively, described individual data banking administrative center comprises access modules, be used to receive the visit information that access client sends, this visit information comprises personal data bank identifier, from the individual data banking database, obtain the individual data banking addressing sign corresponding with the personal data bank identifier that comprises in the visit information, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing of obtaining sign, send the data of the personal data storage unit that is addressed to this access client.
Alternatively, described identification information comprises the individual data banking information revision pass (PDBMK corresponding with personal data bank identifier, Personal Data Bank Modify Key), described application response message comprises the individual data banking information revision pass, at this moment, described individual data banking administrative center comprises the revision module, be used to receive the revision information that victim's client sends, this revision information comprises sign, personal data bank identifier and the individual data banking information revision pass of the victim's client that sends this revision information; The revision module receives revision information, from the individual data banking database, obtain the corresponding victim's client identification and the individual data banking information revision pass of the personal data bank identifier with in the revision information of preservation, verify with the victim's client identification and the individual data banking information revision pass in the revision information, after checking is passed through, receive the revision of this victim's client.
This revision information removes sign, personal data bank identifier and the individual data banking information revision pass that comprises the victim's client that sends this revision information, the particular content that also comprises revision, this particular content comprises the operation that personal data bank identifier is made amendment, and perhaps comprises the data in the personal data storing sub-units are replaced, revise, deleted or operation such as increase.
Also can not comprise the sign and the individual data banking information revision pass of victim's client in the revision information,, after the revision module receives revision information, need not the individual data banking information pass is verified for situation not to be covered.For example, revision information comprises the particular content of personal data bank identifier and revision, this particular content comprises the modification to data in the personal data storing sub-units, after the revision module receives revision information, from the individual data banking database, obtain the corresponding individual data banking addressing sign of the personal data bank identifier with in the revision information of preservation, be addressed to the personal data storing sub-units by individual data banking addressing sign, the data of personal data storing sub-units made amendment according to Description of Revision.
Alternatively, this system comprises access client, and described network equipment comprises access modules, and described victim's client is further used for visit information is sent to access client, and described visit information comprises personal data bank identifier;
Described access client is used for sending visit information to access modules.Victim's client of the present invention comprises cell-phone customer terminal, applications client etc., and described applications client comprises QQ client, microsoft network service (MSN, Microsoft Network) client etc.
The present invention also provides the management method of internet personal data bank technology, and this method comprises:
Individual data banking administrative center receives the sign application request that victim's client is initiated;
Individual data banking administrative center is that this victim's client is distributed personal data storing sub-units and identification information, to this victim's client feedback application response message, described identification information comprises the personal data bank identifier of individual data banking addressing sign and corresponding victim's client identification, described personal data bank identifier is corresponding one by one with described individual data banking addressing sign, described individual data banking addressing sign is used for addressing personal data storing sub-units one to one with it, and described application response message comprises personal data bank identifier.
Individual data banking administrative center has distributed personal data storing sub-units and identification information for victim's client, and after victim's client has issued the application response message, victim's client or other clients except that victim's client can conduct interviews to the personal data storing sub-units by visit information, described visit information comprises personal data bank identifier, other clients except that victim's client is called access client here.For the situation that access client conducts interviews to the personal data storing sub-units, at first victim's client sends to access client with visit information; Access client conducts interviews to corresponding personal data storing sub-units by described visit information then, specifically comprise: individual data banking administrative center receives the visit information that access client sends, this visit information comprises personal data bank identifier, individual data banking administrative center obtain preservation with visit information in the corresponding individual data banking addressing sign of personal data bank identifier that comprises, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing of obtaining sign, send the data of the personal data storage unit that is addressed to this access client.Certainly, the visit information that access client receives can also be engaged in the primary client by other modes and obtain except that directly being engaged in the primary client acquisition.
Be illustrated below by the flow process of Fig. 4 management method to internet personal data bank technology of the present invention, this method may further comprise the steps:
Step 401, individual data banking administrative center receives the message based on personal data bank identifier that client sends.
In this step, described message based on personal data bank identifier (id) comprises by the sign application request of victim's client transmission, by the revision information that comprises individual data banking id of victim's client transmission or the visit information that is sent by access client.
Step 402, individual data banking administrative center handles respectively according to the message based on individual data banking id that receives, this processing is included as victim's client distribute data space and identification information, revises personal data bank identifier, revises the interior data of personal data storing sub-units, inquires about and obtain the data corresponding with individual data banking id.
Step 403, individual data banking administrative center feeds back to the client of transmission based on the message of individual data banking id according to result.
If the message based on individual data banking id in the step 401 is the sign application request that is sent by victim's client, then this step comprises: individual data banking administrative center distributes personal data storing sub-units and identification information for this victim's client, preserve identification information, to this victim's client feedback application response message.In this example, described identification information comprises the individual data banking addressing sign of personal data bank identifier, the individual data banking information revision pass and corresponding victim's client identification, personal data bank identifier is corresponding one by one with individual data banking addressing sign, described individual data banking addressing sign is corresponding one by one with the personal data storing sub-units, be used for the corresponding personal data storing sub-units of addressing, described application response message comprises personal data bank identifier.
If the message based on individual data banking id in the step 401 is revision information, this revision information comprises the sign of the victim's client that sends this revision information, the personal data bank identifier and the individual data banking information revision pass, the particular content that also comprises revision, this particular content of hypothesis is for to carry out deletion action to the specific data in the personal data storing sub-units in the present embodiment, then this step comprises: individual data banking administrative center receives revision information, obtain the corresponding victim's client identification and the individual data banking information revision pass of the personal data bank identifier with in the revision information of preservation, compare checking with the victim's client identification that comprises in the revision information and the individual data banking information revision pass, if comparative result is identical, then be proved to be successful, the specific data in the personal data storing sub-units is deleted.
If the message based on individual data banking id in the step 401 is visit information, this visit information comprises personal data bank identifier, then step comprises: individual data banking administrative center obtains the corresponding individual data banking addressing sign of the personal data bank identifier with in the visit information of preservation, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing of obtaining sign, send the data of the personal data storage unit that is addressed to this access client.
The identification information that individual data banking administrative center distributes for victim's client in the step 401 is except that comprising personal data bank identifier, can also comprise the individual data banking message reference pass corresponding with personal data bank identifier, correspondingly, the application response message that feeds back to victim's client also comprises the individual data banking message reference pass except that comprising personal data bank identifier, after individual data banking administrative center distributes personal data storing sub-units and identification information for victim's client, victim's client sends to access client with visit information, described visit information comprises the personal data bank identifier and the personal data bank identifier visit pass, and access client is sending visit information to individual data banking administrative center.Correspondingly, this step comprises: individual data banking administrative center receives the visit information that access client sends; Individual data banking administrative center is according to the personal data bank identifier that comprises in the visit information, obtain the corresponding individual data banking message reference pass of the personal data bank identifier with in the visit information of preservation, compare checking with the individual data banking message reference pass in the visit information; After checking is passed through, the corresponding individual data banking addressing sign of personal data bank identifier that comprises with visit information of obtaining preservation, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing of obtaining sign, the data of personal data storage unit are fed back to access client.
Flow process with Fig. 5 is an example below, and the access method of internet personal data bank technology of the present invention is described, and this method may further comprise the steps:
Step 501, access client sends visit information to individual data banking administrative center, and this visit information comprises personal data bank identifier.
Access client is just to individual data banking administrative center request visit data requests for content side.
Step 502 after individual data banking administrative center receives visit information, is extracted the individual data banking id that comprises in the visit information, in the individual data banking database, whether there is this individual data banking id from inquiry, if inquire, then execution in step 504, otherwise execution in step 503.
Step 503, individual data banking administrative center is to the information of the relevant individual data banking id failure of access client feedback.
Step 504, individual data banking administrative center obtains the corresponding individual data banking addressing sign of the personal data bank identifier with in the visit information of preservation, is addressed to corresponding personal data storing sub-units according to the individual data banking addressing sign of obtaining.
Step 505, individual data banking administrative center feeds back to this access client with the data of the personal data storage unit that is addressed to.
Personal data bank identifier shows as the electronic information data block with uniqueness, can comprise information such as striped, picture, two-dimension code or a series of literal.Personal data bank identifier can be with IC-card as carrier, correspondingly, after victim's client receives the application response message that comprises the personal data bank identifier and the personal data bank identifier visit pass of individual data banking administrative center feedback, by individual data banking IC-card read-write equipment the personal data bank identifier and the personal data bank identifier visit pass are stored in this individual data banking IC-card, during storage, the corresponding personal data bank identifier storage of the personal data bank identifier visit pass, then, from the individual data banking IC-card, read the personal data bank identifier and the personal data bank identifier visit pass of storage when needed.The equipment of described individual data banking IC-card read-write equipment for reading and writing canned data in the individual data banking IC-card is as mobile phone etc.Describe below by Fig. 6,7 and 8 pairs of individual data banking IC-card read-write schemes.
Referring to Fig. 6, be the browsing process figure of individual data banking IC-card reading/writing method of the present invention, in the present embodiment, individual data banking IC-card stored the personal data bank identifier and the individual data banking message reference pass, this flow process may further comprise the steps:
Step 601, individual data banking IC-card read-write equipment read the personal data bank identifier and the corresponding individual data banking message reference pass from the individual data banking IC-card.
Step 602, individual data banking IC-card read-write equipment sends visit information to individual data banking administrative center.
Described visit information comprises the personal data bank identifier and the individual data banking message reference pass.
Step 603, individual data banking administrative center verifies the personal data bank identifier in the visit information visit pass, and checking receives the visit of the individual data banking IC-card read-write equipment pair data corresponding with personal data bank identifier in the visit information by the back.
This step can specifically comprise: the corresponding individual data banking addressing sign of personal data bank identifier that comprises with visit information that individual data banking administrative center obtains preservation, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing of obtaining sign, the data of personal data storage unit are fed back to individual data banking IC-card read-write equipment.
Step 604, as individual data banking IC storing data information, corresponding personal data bank identifier writes in the individual data banking IC-card individual data banking IC-card read-write equipment with individual data banking administrative center feedback data.
This step is optional.
The individual data banking IC-card has been stored two parts information, one be personal data bank identifier with individual data banking the message reference card of communicating by letter, it two is the concrete data content corresponding with this personal data bank identifier, should be called individual data banking IC storing data information by concrete data content.At least store in the individual data banking IC-card personal data bank identifier with individual data banking the message reference card of communicating by letter, can also store individual data banking IC storing data information as required; The individual data banking IC storing data information of individual data banking IC-card stored can be that individual data banking IC-card read-write equipment obtains the passive individual data banking IC-card that writes in back from individual data banking administrative center, also can be determined initiatively to write the individual data banking IC-card behind the concrete data content by individual data banking IC-card read-write equipment.
Alternatively, also store individual data banking IC revised data information in the individual data banking IC-card.When the data of personal data storage unit in the individual data banking administrative center are revised, individual data banking IC-card read-write equipment reads the individual data banking IC revised data information that needs from the individual data banking IC-card, data to personal data storage unit in the individual data banking administrative center are revised, this revision flow process is shown in Figure 7, and it may further comprise the steps:
Step 701, individual data banking IC-card read-write equipment read personal data bank identifier and need from the individual data banking IC-card individual data banking IC revised data information.
Here, personal data bank identifier and the individual data banking IC revised data information that reads is referred to as revision information.
Step 702, individual data banking IC-card read-write equipment sends revision information to individual data banking administrative center.
Step 703, individual data banking administrative center revises the data of the personal data storage unit that is addressed to according to individual data banking IC revised data information.
This step can specifically comprise: the corresponding individual data banking addressing sign of personal data bank identifier that comprises with revision information that individual data banking administrative center obtains preservation, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing sign of obtaining, the individual data banking IC revised data information that comprises according to revision information is revised the data of the personal data storage unit that is addressed to, this revision comprises that the individual data banking IC revised data information stores that revision information is comprised is in the personal data storage unit that is addressed to, perhaps, specific data in the personal data storage unit that the individual data banking IC revised data information replacement that comprises with revision information is addressed to, or the like.
In the individual data banking IC-card reading/writing method of the present invention, also comprise in the individual data banking IC storing data information of individual data banking IC-card storage and the individual data banking administrative center data synchronization in the personal data storage unit.Synchronizing process is triggered by individual data banking administrative center, and individual data banking administrative center can regularly trigger, and also can trigger according to request, perhaps triggers at random.Comprise synchronously from the individual data banking IC-card to the personal data storage unit synchronously, and the personal data storage unit to the individual data banking IC-card synchronously, be described respectively below.
One, from the individual data banking IC-card to the personal data storage unit synchronously.
This synchronizing process is shown in Figure 8, may further comprise the steps:
Step 801, individual data banking IC-card read-write equipment reads personal data bank identifier, the individual data banking message reference pass and individual data banking IC storing data information from the individual data banking IC-card, send synchronization request to individual data banking administrative center.
Described synchronization request comprises described personal data bank identifier, the individual data banking message reference pass and individual data banking IC storing data information.
Step 802, individual data banking administrative center verifies the visit of the personal data bank identifier in the synchronization request pass, the corresponding individual data banking addressing sign of personal data bank identifier that comprises with synchronization request that checking is obtained preservation by back individual data banking administrative center is addressed to corresponding personal data storing sub-units according to the individual data banking addressing sign of obtaining.
Step 803, individual data banking administrative center upgrades the data of the personal data storing sub-units that is addressed to individual data banking IC storing data information.
Two, from the personal data storage unit to the individual data banking IC-card synchronously.
This synchronizing process is shown in Figure 9, may further comprise the steps:
Step 901, individual data banking administrative center notice individual data banking IC-card read-write equipment carries out data sync.
Step 902, individual data banking IC-card read-write equipment read the personal data bank identifier and the individual data banking message reference pass from the individual data banking IC-card, send synchronization request to individual data banking administrative center.
Described synchronization request comprises the visit information and the individual data banking message reference pass of described personal data bank identifier.
Step 903, individual data banking administrative center verifies the visit of the personal data bank identifier in the synchronization request pass, the corresponding individual data banking addressing sign of personal data bank identifier that comprises with synchronization request that checking is obtained preservation by back individual data banking administrative center, be addressed to corresponding personal data storing sub-units according to the individual data banking addressing of obtaining sign, the data with the personal data storing sub-units that is addressed to send to individual data banking IC-card read-write equipment then.
Step 904, the individual data banking IC storing data information of storing in the Data Update individual data banking IC-card read-write equipment of individual data banking IC-card read-write equipment with the transmission of individual data banking administrative center.
Referring to Figure 10, be the structural representation of individual data banking IC-card read-write equipment of the present invention, this equipment comprises individual data banking IC-card access unit, data processing unit and individual data banking access unit;
Described individual data banking IC-card access unit is used for carrying out data interaction with individual data banking IC-card and data processing unit;
Described individual data banking access unit is used for carrying out data interaction with data processing unit and individual data banking administrative center;
Described data processing unit, be used for reading the personal data bank identifier and the individual data banking message reference pass from the individual data banking IC-card by individual data banking IC-card access unit, send visit information by the individual data banking access unit to individual data banking administrative center, described visit information comprises the personal data bank identifier and the individual data banking message reference pass; Receive the data of the personal data storage unit of individual data banking administrative center feedback by the individual data banking access unit, the data of described personal data storage unit are verified the personal data bank identifier in the visit information visit pass by individual data banking administrative center, checking by after will be corresponding with the personal data bank identifier in the visit information the data of personal data storage unit feed back to the individual data banking access unit by the individual data banking access unit and obtain.
Can not comprise data processing unit in the individual data banking IC-card read-write equipment, when not comprising data processing unit, individual data banking IC-card read-write equipment is used to carry out the data transmission between individual data banking IC-card and the individual data banking system, and the data of transmitting between individual data banking IC-card and the individual data banking system is not handled.
Among Figure 10, the individual data banking system comprises individual data banking administrative center, individual data banking database and the personal data storage unit of network equipment.
Alternatively, described data processing unit comprises the data writing module, is used for individual data banking administrative center feedback data writing in the individual data banking IC-card by individual data banking IC-card access unit as individual data banking IC storing data information.
The present invention adopts the method for similar bank management, personal data bank identifier according to a similar account No. just can manage corresponding personal data storing sub-units, rather than the mode by the available technology adopting absolute path, data in the personal data storing sub-units are externally exploitation no longer directly, has improved the confidentiality of data in the personal data storing sub-units; Prevented that the assailant from directly attacking the data in the personal data space, improved safety of data in the personal data storing sub-units; And personal data bank identifier various informative enriched user's use.
Further, among the present invention, victim's client writes the personal data bank identifier and the individual data banking message reference pass among the individual data banking IC, then, individual data banking IC-card read-write equipment reads the personal data bank identifier and the individual data banking message reference pass from the individual data banking IC-card, send visit information to individual data banking administrative center; Individual data banking administrative center verifies the personal data bank identifier in the visit information visit pass, and checking receives the visit of the individual data banking IC-card read-write equipment pair data corresponding with personal data bank identifier in the visit information by the back.Like this, realized that individual data banking IC-card read-write equipment is by the visit of individual data banking IC-card to individual data banking administrative center.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.