CN104468531B - The authorization method of sensitive data, device and system - Google Patents

The authorization method of sensitive data, device and system Download PDF

Info

Publication number
CN104468531B
CN104468531B CN201410659741.0A CN201410659741A CN104468531B CN 104468531 B CN104468531 B CN 104468531B CN 201410659741 A CN201410659741 A CN 201410659741A CN 104468531 B CN104468531 B CN 104468531B
Authority
CN
China
Prior art keywords
sensitive data
list
user terminal
party server
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410659741.0A
Other languages
Chinese (zh)
Other versions
CN104468531A (en
Inventor
邱彼特
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201410659741.0A priority Critical patent/CN104468531B/en
Priority to PCT/CN2014/095384 priority patent/WO2016078182A1/en
Publication of CN104468531A publication Critical patent/CN104468531A/en
Application granted granted Critical
Publication of CN104468531B publication Critical patent/CN104468531B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a kind of authorization method of sensitive data, device and system, wherein, this method includes:Third-party server receives the sensitive data from client and asks for request, wherein, the sensitive data, which asks for request and carries content, asks for mark;After third-party server is upchecked to client progress legitimacy, mark generation sensitive data is asked for according to content and asks for inventory;Sensitive data is asked for inventory by client notification to user terminal by third-party server;Third-party server receives sensitive data and session identification from cloud storage service device;Wherein, the sensitive data is that cloud storage service device asks for inventory acquisition according to the sensitive data of user terminal uploads;Third-party server performs corresponding operation to sensitive data according to session identification, and operating result is sent into client and/or user terminal.By the present invention, the operation of user is simplified, improves the convenience and security of sensitive operation.

Description

Sensitive data authorization method, device and system
Technical Field
The invention relates to the field of communication, in particular to a method, a device (such as a server, a cloud storage server and a user terminal) and a system for authorizing sensitive data.
Background
With the development of network technology, more and more websites with various application functions are provided, and the application functions of these websites are usually only open to registered users, so that more and more user names (also called account numbers) and passwords and other information are registered by users at different websites.
When the user registers, a lot of personal data need to be filled in, and each time the user logs in, the user needs to input a correct user name and a correct password, some websites even need to input other authentication information, the steps involve frequent keyboard operation, the learning cost is high, and many netizens (especially old netizens) do not have the capability of independently completing the steps so far. Secondly, login, registration and personal data filling are high-frequency operations, but repeated information needs to be filled in each operation, the process is very complicated, and the user experience is very poor. Thirdly, one netizen often has dozens or even hundreds of network accounts, and in order to be convenient to remember, many netizens only use one group (or limited groups) of account passwords, which brings huge potential safety hazards, and once the account is lost in the A website, the B website is also involved. In addition, the attack means such as phishing websites, keyboard recording software, trojans and the like enable direct submission of accounts and personal data to website clients to become a high-risk operation.
In the method, a two-dimension code server provides a two-dimension code for a user to verify whether the identity of the user is legal or not, the user can scan the two-dimension code to the verification server, the verification server does not need to verify the account number and the password of the user, and the identity of the user is directly confirmed according to information such as the two-dimension code. The method avoids the step that the user frequently inputs the identity authentication information by scanning the two-dimensional code, simplifies the authentication process to a certain extent, but still cannot solve the complicated operation of the user registration and the user privacy information filling process.
The inventor finds in research that sensitive data operation in the existing communication has the problem of frequent participation of users.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method, an apparatus (e.g., a server, a cloud storage server, a user terminal) and a system for authorizing sensitive data, so as to simplify sensitive operations of a user on the basis of secure communication.
In a first aspect, an embodiment of the present invention provides a method for authorizing sensitive data, where the method includes: a third-party server receives a sensitive data request from a client, wherein the sensitive data request carries a content request identification; after the third-party server passes the validity check of the client, a sensitive data retrieval list is generated according to the content retrieval identification, wherein the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the third-party server informs the sensitive data retrieval list to the user terminal through the client; the third-party server receives the sensitive data and the session identification from the cloud storage server; the sensitive data are acquired by the cloud storage server according to a sensitive data retrieval list uploaded by the user terminal; and the third-party server executes corresponding operation on the sensitive data according to the session identification and sends the operation result to the client and/or the user terminal.
In a second aspect, an embodiment of the present invention further provides a method for authorizing sensitive data, including: the cloud storage server receives a sensitive data acquisition list uploaded by a user terminal, wherein the sensitive data acquisition list is generated by a third-party server according to a content acquisition identifier in a sensitive data acquisition request of a client and is notified to the user terminal through the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the cloud storage server acquires the sensitive data according to the identification of the third-party server and the content acquisition identification in the sensitive data acquisition list; and the cloud storage server sends the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, so that the third-party server executes corresponding operation on the sensitive data according to the session identifier.
In a third aspect, an embodiment of the present invention further provides a server, including: the request receiving module is used for receiving a sensitive data request from a client, wherein the sensitive data request carries a content request identification; the list generation module is used for generating a sensitive data retrieval list according to the content retrieval identifier after the client passes the validity check, wherein the sensitive data retrieval list comprises: the server identifier, the session identifier and the content acquisition identifier; the list notification module is used for notifying the sensitive data request list to the user terminal through the client; the data receiving module is used for receiving the sensitive data and the session identification from the cloud storage server; the sensitive data are acquired by the cloud storage server according to a sensitive data retrieval list uploaded by the user terminal; and the sensitive data processing module is used for executing corresponding operation on the sensitive data according to the session identification and sending the operation result to the client and/or the user terminal.
In a fourth aspect, an embodiment of the present invention further provides a cloud storage server, including: the list receiving module is used for receiving a sensitive data acquisition list uploaded by the user terminal, wherein the sensitive data acquisition list is generated by the third-party server according to a content acquisition identifier in a sensitive data acquisition request of the client and is notified to the user terminal through the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the sensitive data acquisition module is used for acquiring sensitive data according to the sensitive data acquisition list; and the data sending module is used for sending the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server so that the third-party server executes corresponding operation on the sensitive data according to the session identifier.
In a fifth aspect, an embodiment of the present invention further provides a system for authorizing sensitive data, including: a third party server and a cloud storage server; wherein the third party server is a server as provided in the third aspect above; the cloud storage server is as provided in the fourth aspect above.
In a sixth aspect, an embodiment of the present invention further provides a method for authorizing sensitive data, including: a third-party server receives a sensitive data request from a client, wherein the sensitive data request carries a content request identification; after the third-party server passes the validity check of the client, a sensitive data retrieval list is generated according to the content retrieval identification, wherein the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the third-party server informs the sensitive data retrieval list to the user terminal through the client; the third-party server receives sensitive data and a session identifier from the user terminal; the sensitive data are acquired by the user terminal from a local database or a cloud storage server according to a sensitive data retrieval list; and the third-party server executes corresponding operation on the sensitive data according to the session identification and sends the operation result to the client and/or the user terminal.
In a seventh aspect, an embodiment of the present invention further provides a method for authorizing sensitive data, including: the user terminal receives a sensitive data asking list notified by a third-party server through a client, wherein the sensitive data asking list is generated by the third-party server according to a content asking identifier in a sensitive data asking request of the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the user terminal acquires the sensitive data from a local database or a cloud storage server according to the identification of the third-party server and the content retrieval identification in the sensitive data retrieval list; and the user terminal sends the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, so that the third-party server executes corresponding operation on the sensitive data according to the session identifier.
In an eighth aspect, an embodiment of the present invention further provides a server, including: the system comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for receiving a sensitive data request from a client, and the sensitive data request carries a content request identification; the solicitation list generating module is used for generating a sensitive data solicitation list according to the content solicitation identifier after the client passes the validity check, wherein the sensitive data solicitation list comprises: the server identifier, the session identifier and the content acquisition identifier; the system comprises a request list notification module, a client and a user terminal, wherein the request list notification module is used for notifying the user terminal of a sensitive data request list through the client; the data and identification receiving module is used for receiving sensitive data and a session identification from a user terminal; the sensitive data are acquired by the user terminal from a local database or a cloud storage server according to a sensitive data retrieval list; and the processing module is used for executing corresponding operation on the sensitive data according to the session identification and sending an operation result to the client and/or the user terminal.
In a ninth aspect, an embodiment of the present invention further provides a user terminal, including: the system comprises a request list receiving module, a request list sending module and a response module, wherein the request list receiving module is used for receiving a sensitive data request list notified by a third-party server through a client, and the sensitive data request list is generated by the third-party server according to a content request identifier in a sensitive data request of the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the data acquisition module is used for acquiring the sensitive data from a local database or a cloud storage server according to the sensitive data retrieval list; and the data and identifier sending module is used for sending the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server so that the third-party server executes corresponding operation on the sensitive data according to the session identifier.
In a tenth aspect, an embodiment of the present invention further provides an authorization system for sensitive data, including a third-party server and a user terminal, where the third-party server is the server provided in the above eighth aspect, and the user terminal is the user terminal provided in the above ninth aspect.
In the method, the device and the system (such as the server, the cloud storage server and the user terminal) provided by the embodiment of the invention, after the third-party server receives the sensitive data request of the client, triggering the user terminal to inform the cloud storage server of acquiring corresponding sensitive data according to the list or triggering the user terminal to acquire corresponding sensitive data according to the list in a manner of issuing a sensitive data acquisition list, and sends the sensitive data to the third-party server, the whole sensitive data transmission process does not involve websites, thereby effectively preventing malicious websites or viruses from intercepting the sensitive data, meanwhile, the sensitive data is transmitted without excessive participation of the user, and the corresponding relation between the sensitive data and the third-party server is not required to be memorized by the user, so that the operation of the user is simplified, and the convenience and the safety of the sensitive operation are improved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a flow chart of a method for authorizing sensitive data described from a third party server side according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an authorization method for sensitive data described from a cloud storage server side according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating an authorization method for sensitive data according to an embodiment of the present invention;
FIG. 4 is a block diagram of a server according to an embodiment of the present invention;
fig. 5 shows a block diagram of a cloud storage server according to an embodiment of the present invention;
FIG. 6 is a block diagram illustrating an authorization system for sensitive data according to an embodiment of the present invention;
FIG. 7 is a flow chart of another method for authorizing sensitive data described from a third party server side according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating a method for authorizing sensitive data described from a user terminal according to an embodiment of the present invention;
fig. 9 is a block diagram illustrating another server according to an embodiment of the present invention;
fig. 10 is a block diagram illustrating a structure of a user terminal according to an embodiment of the present invention;
FIG. 11 is a block diagram illustrating another authorization system for sensitive data according to an embodiment of the present invention;
fig. 12 is a block diagram illustrating a structure of an authorization apparatus 120 for sensitive data according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Considering that a user often needs to register, log in and fill in some private information (for example, fill in information of a bank card or a credit card, fill in information of a mailing address, etc.) at each website, if the data are manually completed by the user, the efficiency is low, and the data are easy to be intercepted by a malicious website, so that the safety and the operation convenience are low. Based on this, the embodiment of the invention provides a method, a device (such as a server, a cloud storage server and a user terminal) and a system for authorizing sensitive data.
Referring to fig. 1, a flowchart of a method for authorizing sensitive data, which is described by way of example from a third-party server side, includes the following steps:
step S102, a third-party server receives a sensitive data request from a client, wherein the sensitive data request carries a content request identification;
after a user opens a sensitive data acquisition scene through a client, the client sends a sensitive data acquisition request carrying a content acquisition identifier to a third-party server, wherein the content acquisition identifier is used for indicating the current acquisition scene of the user, for example: the asking scene is one of the following: a user identity registration scene, a login authentication scene, or a user privacy information authorization (such as filling credit card information or filling mailing address) scene, etc.
The client is associated with a third-party server, and may be an application on the user terminal or an independent terminal device, for example: ATM or gate access, etc., through which the user may access the third party server.
Step S104, after the third-party server passes the validity check of the client, generating a sensitive data retrieval list according to the content retrieval identifier, wherein the sensitive data retrieval list comprises: an identifier of the third-party server, a session identifier and a content retrieval identifier.
The identifier of the third-party server can adopt a domain name, an IP address or an application key AppKey of the third-party server and the like; the session identifier may be a string of random numbers or a time hash value, etc.; in addition, the sensitive data retrieval list may further include a set of metadata, where the metadata may include: field names, format requirements, etc. of sensitive data. Or a prearranged mode can be adopted between the third-party server and the equipment for providing the sensitive data, namely each content asking identification corresponds to the respective field name and format requirement, and the construction of the sensitive data can meet the regulation as long as the content asking identification is determined by the third-party server and the equipment for providing the sensitive data, so that the sensitive data asking list can not carry the metadata.
The third-party server can verify the legality of the client by adopting the existing verification mode, and for the illegal client, the third-party server directly terminates the service requested by the client.
Step S106, the third-party server informs the user terminal of the sensitive data retrieval list through the client;
the specific way of notifying the sensitive data asking list by the third-party server can be one of the following ways:
(1) the third-party server converts the sensitive data asking list into a corresponding code pattern, and displays the code pattern to the user terminal through the client so that the user terminal can analyze the code pattern to obtain the sensitive data asking list;
(2) the third-party server sends the sensitive data asking list to the client in a text form, and triggers the client to convert the received sensitive data asking list in the text form into a corresponding code pattern to be displayed to the user terminal so that the user terminal can analyze the code pattern to obtain the sensitive data asking list;
wherein, the code pattern comprises one of the following: two-dimensional codes, three-dimensional codes, four-dimensional codes or bar codes and the like.
Taking the example of converting the sensitive data retrieval list into the two-dimensional code, the conversion operation can be performed by a third-party server, namely the third-party server converts the sensitive data retrieval list into the two-dimensional code, the two-dimensional code is issued to a client, the client displays the two-dimensional code to a user, and the user scans the two-dimensional code through a user terminal to analyze the sensitive data retrieval list; the other mode is that the sensitive data is converted by the client, namely, the third-party server issues the sensitive data asking list to the client in a text form, the client converts the sensitive data asking list in the text form into a two-dimensional code after receiving the sensitive data asking list in the text form, the two-dimensional code is displayed to a user, and the user scans the two-dimensional code through the user terminal to analyze the sensitive data asking list. In practical applications, the two modes can be selected optionally, and the embodiment of the invention is not limited thereto.
When the client displays the code pattern of the sensitive data request list to the user, the user can scan the code pattern through a user terminal (such as a mobile phone), and in order to increase the operation safety, the user terminal can verify the identity of the user before scanning the code pattern. The authentication means may include one of the following authentication means: (1) the user terminal verifies whether the biological characteristic information of the user is legal or not; (2) the user terminal verifies whether the user name and the password input by the user are legal or not; (3) the user terminal verifies whether the graph input by the user is legal.
Step S108, the third-party server receives the sensitive data and the session identification from the cloud storage server; the sensitive data are acquired by the cloud storage server according to a sensitive data retrieval list uploaded by the user terminal.
The cloud storage server receives a sensitive data acquisition list uploaded by the user terminal, acquires corresponding sensitive data according to the identification of the third-party server and the content acquisition identification in the sensitive data acquisition list, and sends the acquired sensitive data and the session identification to the third-party server according to the identification of the third-party server.
And step S110, the third-party server executes corresponding operation on the sensitive data according to the session identification, and sends an operation result to the client and/or the user terminal.
According to the method, after the third-party server receives the sensitive data asking request of the client, the user terminal is triggered to notify the cloud storage server to send the sensitive data corresponding to the list to the third-party server in a mode of issuing the sensitive data asking list, the website is not involved in the whole sensitive data transmission process, malicious websites or viruses are effectively prevented from intercepting the sensitive data, meanwhile, the sensitive data transmission process does not need to involve too much users, the corresponding relation between the sensitive data and the third-party server does not need to be memorized by the users, the operation of the users is simplified, and the convenience and the safety of sensitive operation are improved.
In order to enhance the effectiveness of the operation, the performing, by the third-party server, the corresponding operation on the sensitive data according to the session identifier may include: and the third-party server checks whether the service logic of the sensitive data is correct or not according to the session identifier, and if so, executes the operation corresponding to the session identifier on the sensitive data. For example: business logic mainly refers to business rules, such as: when the retrieval scene of the sensitive data is determined to be a user identity registration scene or a user privacy information authorization scene according to the session identifier, the third-party server checks whether each field of the sensitive data is legal; if the sensitive data are legal, determining that the service logic of the sensitive data is correct; and when the retrieval scene of the sensitive data is determined to be identity login authentication according to the session identifier, the third-party server checks whether the login account and the password of the sensitive data are legal or not, and if so, the service logic of the sensitive data is determined to be correct.
If the third-party server detects that the service logic of the sensitive data is incorrect, the current operation is terminated, and prompt information that the sensitive data is incorrect can be sent to the cloud storage server or sent to the client or the user terminal. Through the service logic checking mode, the third-party server can judge whether the received sensitive data is real and reliable, and guarantee is provided for subsequent sensitive operation.
And after the third-party server checks that the service logic of the sensitive data is correct, the third-party server executes the operation corresponding to the session identification on the sensitive data. For example: when a retrieval scene is determined to register for the user identity according to the session identifier, the third-party server fills the acquired sensitive data into corresponding entries one by one according to a preset filling format, if the relevant content of one entry is missing in the sensitive data, the entry can be skipped over and not filled, or the third-party server automatically generates a content to be filled into the entry, if the relevant content is missing in the sensitive data, the automatically generated content can be fed back to the cloud storage server, and the cloud storage server can directly store the information and can also send the information to the user terminal and store the information after the user confirms the information; when the retrieval scene is determined to be the user identity login authentication according to the session identifier, the third-party server sets the client to pass the login operation of the user; when the asking scene is determined to authorize the user privacy information according to the session identifier, the third-party server uses the received sensitive data to set corresponding operations on the client, such as filling in credit card information and the like.
Referring to a flow chart of a method for authorizing sensitive data shown in fig. 2, the method is described by taking a description from a cloud server side as an example, and includes the following steps:
step S202, a cloud storage server receives a sensitive data acquisition list uploaded by a user terminal, wherein the sensitive data acquisition list is generated by a third-party server according to a content acquisition identifier in a sensitive data acquisition request of a client and is notified to the user terminal through the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier; the specific content of each identifier is as described above, and is not described herein again.
Step S204, the cloud storage server acquires the sensitive data according to the identification of the third-party server and the content retrieval identification in the sensitive data retrieval list;
on a cloud storage server, sensitive data corresponding to different third-party servers of each user terminal are different, taking the sensitive data corresponding to the content request identification as login authentication data (an account and a login password) as an example, the account of login information of the user terminal 001 in hundred degrees (the third-party server) is Zhang III, and the login password is 123456; the account number of the user terminal 001 in the login information of the Tengcong is Zhang III 1, and the login password is 654321; the cloud storage server needs to acquire sensitive data according to the identifier and the content retrieval identifier of the third-party server currently corresponding to the user terminal.
Step S206, the cloud storage server sends the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, so that the third-party server executes corresponding operation on the sensitive data according to the session identifier.
According to the method, after the cloud server receives the sensitive data retrieval list uploaded by the user terminal, the corresponding sensitive data is obtained according to the content carried in the list and sent to the third-party server, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from intercepting the sensitive data, meanwhile, the sensitive data transmission process does not need to involve too much users, the corresponding relation between the sensitive data and the third-party server does not need to be memorized by the users, the operation of the users is simplified, and the convenience and the safety of sensitive operation are improved.
In the embodiment of the present invention, the cloud storage server may obtain the sensitive data according to the identifier of the third-party server and the content retrieval identifier in the sensitive data retrieval list in various forms, for example: the cloud storage server judges whether the cloud storage database has corresponding sensitive data according to the identification of the third-party server and the content retrieval identification in the sensitive data retrieval list, and if yes, the cloud storage server extracts the sensitive data from the cloud storage database; and if not, the cloud storage server generates corresponding sensitive data according to the identifier of the third-party server in the sensitive data retrieval list and the content retrieval identifier or acquires the corresponding sensitive data from the user terminal.
Considering that there are multiple sensitive data retrieval scenarios in practical application, the cloud storage server may also obtain the sensitive data according to the specific retrieval scenario, for example: (1) when the content acquisition identifier indicates that the acquired sensitive data are user identity registration data, the cloud storage server generates a login password, selects an account corresponding to the user terminal from the cloud storage database and registration information except the login password and the account, and takes the account, the login password and the registration information except the login password and the account as sensitive data corresponding to the sensitive data acquisition list; (2) when the content retrieval identification indicates that the retrieved sensitive data are login authentication data, the cloud storage server searches an account and a login password of the identification, corresponding to the third-party server, of the user terminal from a cloud storage database, and the account and the login password are used as sensitive data corresponding to a sensitive data retrieval list; (3) when the content retrieval identification indicates that the retrieved sensitive data is privacy authorized data, the cloud storage server searches corresponding privacy authorized data from the cloud storage database, and the privacy authorized data is used as the sensitive data corresponding to the sensitive data retrieval list.
In order to enhance the interactivity of the user, before the step of sending the sensitive data and the session identifier to the third-party server by the cloud storage server according to the identifier of the third-party server, the method further includes: and the cloud storage server sends the acquired sensitive data to the user terminal, and executes the step of sending the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server when receiving the confirmation information returned by the user terminal. If the confirmation information of the user is not received, the prompt information is sent to the user terminal or other processing modes are adopted.
In consideration that the user may be required to update or modify the sensitive data acquired by the cloud storage server at some time, before the cloud storage server sends the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, the method may further include: the cloud storage server sends the acquired sensitive data to the user terminal for modification; the cloud storage server receives the sensitive data which are returned by the user terminal and are modified by the user, the modified sensitive data are used as the sensitive data corresponding to the finally obtained sensitive data retrieval list, and the modified sensitive data are synchronized to the cloud storage database.
In consideration of various situations of the retrieval scene of the sensitive data, the embodiment of the invention provides a targeted sensitive data acquisition optimization mode for different retrieval scenes during specific implementation:
asking for scene one, user identity registration
(1) When the content asking mark indicates that a asking scene of sensitive data is user identity registration, the cloud storage server generates a login password, selects an account number corresponding to the user terminal and other registration information (such as sex, date of birth, academic calendar, mobile phone number, identity card number and the like) except the login password and the account number from the cloud storage database, and sends the account number, the login password and the other registration information to the user terminal as initial sensitive data corresponding to the mark of the third-party server;
(2) the user terminal displays the initial sensitive data to a user and waits for the user to modify or confirm the initial sensitive data;
(3) when receiving modification operation of a user, the user terminal uploads modified sensitive data to a cloud storage server; the cloud storage server receives the modified sensitive data, uses the modified sensitive data as sensitive data corresponding to the identification and the content retrieval identification of the third-party server, and synchronizes the modified sensitive data to the cloud storage database;
(4) and when receiving the confirmation operation of the user, the user terminal takes the initial sensitive data as sensitive data corresponding to the identifier of the third-party server and the content retrieval identifier, and synchronizes the initial sensitive data to the cloud storage database.
According to the method, the user can modify the sensitive data issued by the cloud storage server or directly confirm without modifying, the registration sensitive data on the third-party server can be synchronized to the cloud storage database, and the identification of the third-party server, the identification of the user terminal and the registration related sensitive data can be bound and stored in the database.
Second, identity login authentication in claim scene
(1) When the content asking identification indicates that a asking scene of sensitive data is user identity login authentication, the cloud storage server selects an account and a login password of an identification of a user terminal corresponding to the third-party server from the cloud storage database and sends the account and the login password to the user terminal;
(2) the user terminal displays an account and a login password to a user, and uploads a notification that the user confirms to the cloud storage server after receiving a confirmation operation of the user;
(3) and after receiving the notification, the cloud storage server takes the account and the login password as sensitive data corresponding to the identifier and the content retrieval identifier of the third-party server.
Third, authorization of user privacy information in third asking scene
(1) When the content asking identification indicates that a asking scene of the sensitive data is authorized for the user privacy information, the cloud storage server selects the privacy authorization information of the identification of the user terminal corresponding to the third-party server from the cloud storage database and sends the privacy authorization information to the user terminal;
(2) the user terminal displays the privacy authorization information to the user and waits for the user to modify or confirm the privacy authorization information;
(3) when modification operation of a user is received, the user terminal uploads the modified privacy authorization information to a cloud storage server; the cloud storage server receives the modified privacy authorization information, takes the modified privacy authorization information as sensitive data corresponding to the identification and the content retrieval identification of the third-party server, and synchronizes the modified privacy authorization information to the cloud storage database;
(4) when receiving the confirmation operation of the user, the user terminal takes the privacy authorization information (namely, the information selected by the cloud storage server in the step (1) and sent to the user terminal) as sensitive data corresponding to the identifier of the third-party server and the content retrieval identifier.
Referring to fig. 3, a schematic diagram of a method for authorizing sensitive data is shown, the method comprising the steps of:
step S302, the user accesses the third-party client and enters a sensitive data acquisition scene (such as login, registration, credit card information filling, mailing address filling and the like).
Step S304, the third party client sends the sensitive data retrieval scenario to the third party server through HTTP or Socket (which is equivalent to sending a sensitive data retrieval request to the third party server).
Step S306, the third-party server checks the validity of the third-party client (phishing websites, emulational websites and the like), and if the third-party client is not legal, the process is directly terminated; if it is legal, go to step S308.
In step S308, the third party server generates a sensitive data request list according to the scenario (e.g. request content identifier), where the list at least includes an identifier (domain name, IP address, AppKey, etc.) of the third party server, an identifier (corresponding to the session identifier, which may be a string of random numbers, or a time hash value, etc.) of the list, and metadata indicating the request scenario (corresponding to the request content identifier), where the metadata may further include a field name and format requirements of the sensitive data.
In step S310, the third-party server sends a sensitive data request list in a text form or a two-dimensional code (stack, matrix, etc.) form to the third-party client.
In step S312, the third party client displays the two-dimensional code of the sensitive data retrieval list to the user. Specifically, the third-party client loads the received two-dimensional code (or receives the text and converts the text into the two-dimensional code) into a page and displays the page to the user.
Step S314, the user logs in the personal terminal of the user (account password login, biological information login, gesture login and the like), scans and analyzes the two-dimensional code, and obtains a sensitive data asking list.
Step S316, the user personal terminal sends a sensitive data retrieval list to the cloud storage server.
Step S318, the cloud storage server obtains the required sensitive data (at this time, the data may be incomplete) according to the identification code and the metadata of the third-party server in the list; for example, by retrieving required sensitive data in a cloud storage database, if the user identity is registered, the cloud storage server may also automatically generate a login password, and add the generated login password to the sensitive data.
Step S320, the cloud storage server sends the sensitive data to the personal terminal of the user;
step S322, the user personal terminal displays the sensitive data to the user, and the user checks the data and makes necessary modification or supplement (for the sensitive data such as the internet name, the motto, etc., there may be a flow of intelligently generating default data to reduce the time of thinking by the user), or not modify.
In step S324, the user clicks to confirm after checking that the sensitive data is correct, and the user personal terminal sends the sensitive data updated and confirmed by the user to the cloud storage server.
In step S326, the cloud storage server synchronizes the updated sensitive data (modified, added) to the cloud storage database.
In step S328, the cloud storage server retrieves the interface address (Web API, Web Service, etc.) of the third-party server according to the identification code in the list.
In step S330, the cloud storage server sends the required sensitive data to the third-party server through the interface address.
Step S332, the third-party server receives the sensitive data and checks the service logic according to the scene (if the sensitive data is logged in, the account information is checked, and if the sensitive data is registered or the form is filled in, whether the field is legal is checked), and after the sensitive data passes the check, the operations required by the scene and the service are executed on the sensitive data.
In step S334, the third-party server sends the operation result to the third-party client (only notify the third-party client of one result, but not leak the sensitive data to the third-party client).
In step S336, the third-party client completes the whole process of the sensitive data retrieval scenario after receiving the result of the third-party server.
The third-party server can also send the verification result to the user personal terminal (possibly transferred by the cloud storage server).
According to the method, the website is not contacted with the sensitive data in the whole process, interception of hidden dangers such as phishing websites and keyboard record trojans and viruses to the sensitive data of the user is effectively prevented, the user can finish authorization of the sensitive data without contacting the keyboard (including a virtual keyboard) in the whole process or only touching a confirmation key, the method is convenient and rapid, the user does not need to memorize the corresponding relation between the sensitive data and the website and only needs to manage the sensitive data in the cloud storage server, meanwhile, the cloud storage server is used as a centralized user sensitive data storage server, if the user terminal is lost, the user can purchase a new user terminal, and then the sensitive data of the user terminal can be recovered from the cloud storage server, and the method has high practicability.
Corresponding to the third-party server in the foregoing method, an embodiment of the present invention further provides a server, where the server corresponds to the third-party server, and as shown in fig. 4, the server includes the following modules:
a request receiving module 41, configured to receive a sensitive data request from a client, where the sensitive data request carries a content request identifier; the content pickup identifier is used to indicate the current pickup scene of the user, for example: the asking scene is one of the following: a user identity registration scene, a login authentication scene, or a user privacy information authorization (such as filling credit card information or filling mailing address) scene, etc.
A list generating module 42, configured to generate a sensitive data retrieval list according to the content retrieval identifier after the client passes the validity check, where the sensitive data retrieval list includes: the server identifier, the session identifier and the content retrieval identifier;
a list notification module 43, configured to notify the sensitive data request list to the user terminal through the client;
a data receiving module 44, configured to receive the sensitive data and the session identifier from the cloud storage server; the sensitive data is acquired by the cloud storage server according to the sensitive data retrieval list uploaded by the user terminal;
and the sensitive data processing module 45 is configured to perform a corresponding operation on the sensitive data according to the session identifier, and send an operation result to the client and/or the user terminal.
After the server receives a sensitive data acquisition request of a client, the server triggers the user terminal to inform the cloud storage server of sending the sensitive data corresponding to the list to the server in a mode of issuing the sensitive data acquisition list, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from capturing the sensitive data, meanwhile, the sensitive data transmission process does not need the user to participate too much, the user does not need to memorize the corresponding relation between the sensitive data and the server, the operation of the user is simplified, and the convenience and the safety of sensitive operation are improved.
The list notification module 43 includes: the code pattern conversion and issuing unit is used for converting the sensitive data acquisition list into a corresponding code pattern, and displaying the code pattern to the user terminal through the client so that the user terminal analyzes the code pattern to obtain the sensitive data acquisition list; or comprises the following steps: the list text issuing unit is used for issuing the sensitive data request list to a client in a text form, triggering the client to convert the received sensitive data request list in the text form into a corresponding code pattern and display the code pattern to a user terminal so that the user terminal can analyze the code pattern to obtain the sensitive data request list; wherein, the code pattern comprises one of the following: two-dimensional codes, three-dimensional codes, four-dimensional codes or bar codes and the like.
The sensitive data processing module comprises: the service logic checking unit is used for checking whether the service logic of the sensitive data is correct or not according to the session identification; and the sensitive data processing unit is used for executing the operation corresponding to the session identifier on the sensitive data when the detection result of the service logic detection unit is correct.
Corresponding to the cloud storage server in the foregoing method, an embodiment of the present invention further provides a cloud storage server, and as shown in fig. 5, the cloud storage server includes the following modules:
the list receiving module 51 is configured to receive a sensitive data request list uploaded by a user terminal, where the sensitive data request list is generated by a third-party server according to a content request identifier in a sensitive data request from a client and is notified to the user terminal through the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier;
the sensitive data acquisition module 52 is configured to acquire sensitive data according to the sensitive data retrieval list;
and the data sending module 53 is configured to send the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, so that the third-party server performs a corresponding operation on the sensitive data according to the session identifier.
The cloud server of the embodiment acquires corresponding sensitive data according to the content carried in the list after receiving the sensitive data solicited list uploaded by the user terminal, and sends the sensitive data to the third-party server, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from intercepting the sensitive data, meanwhile, the sensitive data transmission process does not need the user to participate too much, the user does not need to remember the corresponding relation between the sensitive data and the third-party server, the operation of the user is simplified, and the convenience and the safety of sensitive operation are improved.
Preferably, the sensitive data acquisition module 52 includes: the sensitive data judging unit is used for judging whether the cloud storage database has corresponding sensitive data according to the sensitive data retrieval list; the sensitive data extracting unit is used for extracting the sensitive data from the cloud storage database when the judgment result of the sensitive data judging unit is in some cases; and the sensitive data acquisition unit is used for generating corresponding sensitive data according to the sensitive data retrieval list or acquiring the sensitive data corresponding to the sensitive data retrieval list from the user terminal when the judgment result of the sensitive data judgment unit is negative.
Preferably, the sensitive data acquisition module 52 includes: the registration data acquisition unit is used for generating a login password when the content acquisition identifier indicates that the acquired sensitive data are user identity registration data, selecting an account corresponding to the user terminal and registration information except the login password and the account from the cloud storage database, and taking the account, the login password and the registration information except the login password and the account as sensitive data corresponding to the sensitive data acquisition list; the login authentication data acquisition unit is used for searching an account and a login password of the identifier of the third-party server corresponding to the user terminal from the cloud storage database when the content acquisition identifier indicates that the acquired sensitive data are the login authentication data, and taking the account and the login password as the sensitive data corresponding to the sensitive data acquisition list; and the privacy authorized data acquisition unit is used for searching corresponding privacy authorized data from the cloud storage database when the content retrieval identification indicates that the retrieved sensitive data is the privacy authorized data, and using the privacy authorized data as the sensitive data corresponding to the sensitive data retrieval list.
The sensitive data in the embodiment of the invention is stored in the cloud storage server, and when a user needs to provide the sensitive data in the interaction process, the cloud storage server obtains the corresponding sensitive data through the sensitive data retrieval list sent by the third-party server and provides the sensitive data to the third-party server.
Corresponding to the above method and server, an embodiment of the present invention further provides a system for authorizing sensitive data, and referring to fig. 6, the system includes: a third party server 40 and a cloud storage server 50; the specific structure of the third-party server may adopt the server structure shown in fig. 4, and the structure of the cloud storage server 50 may refer to the cloud storage server structure shown in fig. 5.
After receiving a sensitive data retrieval request of a client, a third-party server in the system triggers a user terminal to inform a cloud storage server of sending sensitive data corresponding to a sensitive data retrieval list to the third-party server in a mode of issuing the sensitive data retrieval list, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from capturing the sensitive data, meanwhile, the sensitive data transmission process does not need to involve too much users, the users do not need to memorize the corresponding relation between the sensitive data and the third-party server, the operation of the users is simplified, and the convenience and the safety of sensitive operation are improved.
In the method and the system, the sensitive data is transmitted through the cloud storage server, and in practical application, the sensitive data can be transmitted directly through the user terminal. Based on this, the embodiment of the present invention further provides a method for authorizing sensitive data, referring to a flowchart of the method for authorizing sensitive data shown in fig. 7, where the method is described by taking the description from the third party server side as an example, and includes the following steps:
step S702, a third-party server receives a sensitive data request from a client, wherein the sensitive data request carries a content request identification;
step S704, after the third-party server passes the validity check of the client, generating a sensitive data retrieval list according to the content retrieval identifier, where the sensitive data retrieval list includes: the identifier of the third-party server, the session identifier and the content acquisition identifier;
step S706, the third-party server informs the user terminal of the sensitive data retrieval list through the client;
step S708, the third-party server receives the sensitive data and the session identifier from the user terminal; the sensitive data are acquired by the user terminal from a local database or a cloud storage server according to a sensitive data retrieval list;
step S710, the third party server executes corresponding operation to the sensitive data according to the session identification, and sends the operation result to the client and/or the user terminal.
The specific content of each identifier in the method is the same as that in the above embodiment, and is not described herein again.
In the method of the embodiment, after receiving a sensitive data retrieval request of a client, a third-party server triggers a user terminal to obtain sensitive data corresponding to a sensitive data retrieval list by issuing the sensitive data retrieval list and sends the sensitive data to the third-party server, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from capturing the sensitive data, meanwhile, the sensitive data transmission process does not need to involve too much users, the corresponding relation between the sensitive data and the third-party server does not need to be memorized by the users, the operation of the users is simplified, and the convenience and the safety of sensitive operation are improved.
Referring to fig. 8, a flowchart of a method for authorizing sensitive data, which is described by way of example from the user terminal side, includes the following steps:
step S802, a user terminal receives a sensitive data retrieval list notified by a third-party server through a client, wherein the sensitive data retrieval list is generated by the third-party server according to a content retrieval identifier in a sensitive data retrieval request of the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier;
step S804, the user terminal obtains the sensitive data from the local database or the cloud storage server according to the identification of the third-party server and the content retrieval identification in the sensitive data retrieval list;
step S806, the user terminal sends the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, so that the third-party server performs a corresponding operation on the sensitive data according to the session identifier.
In the method of the embodiment, after receiving the sensitive data solicited list notified by the third-party server, the user terminal acquires the corresponding sensitive data according to the content carried in the list and sends the sensitive data to the third-party server, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from intercepting the sensitive data, meanwhile, the sensitive data transmission process does not need the user to participate too much, the user does not need to memorize the corresponding relation between the sensitive data and the third-party server, the operation of the user is simplified, and the convenience and the safety of the sensitive operation are improved.
In a specific implementation, the receiving, by the user terminal through the client, the sensitive data retrieval list notified by the third-party server may include: a user terminal receives a code pattern of a sensitive data request list through a client; the code pattern is generated by a third-party server or a client according to a sensitive data retrieval list, and comprises one of the following steps: two-dimensional codes, three-dimensional codes, four-dimensional codes or bar codes and the like; the user terminal analyzes the code pattern to obtain a sensitive data asking list.
In order to enhance the security, the receiving, by the user terminal through the client, the code pattern of the sensitive data request list issued by the third-party server includes: when the user terminal receives the instruction of starting the scanning application from the user, the user terminal verifies whether the identity of the user is legal or not, and if the identity of the user is legal, the code pattern displayed on the client is scanned. The user terminal verifies whether the identity of the user is legal or not, and the method comprises one of the following verification modes: (1) the user terminal verifies whether the biological characteristic information of the user is legal or not; (2) the user terminal verifies whether the user name and the password input by the user are legal or not; (3) the user terminal verifies whether the graph input by the user is legal. By adding the identity authentication step, other people can be effectively prevented from operating legal user terminals and stealing related information in the communication process.
The obtaining, by the user terminal, the sensitive data from the cloud storage server may include: the user terminal sends the sensitive data request list to the cloud storage server so that the cloud storage server searches for the sensitive data according to the identification of the third-party server and the content request identification in the sensitive data request list or generates the sensitive data according to the identification of the third-party server and the content request identification in the sensitive data request list; and the user terminal receives the sensitive data issued by the cloud storage server.
Corresponding to the third-party server in the foregoing method, an embodiment of the present invention further provides a server, with reference to fig. 9, where the server includes the following modules:
a request receiving module 91, configured to receive a sensitive data request from a client, where the sensitive data request carries a content request identifier;
the retrieve list generating module 92 is configured to generate a sensitive data retrieve list according to the content retrieve identifier after the client passes the validity check, where the sensitive data retrieve list includes: the server identifier, session identifier and content retrieval identifier;
a request list notification module 93, configured to notify the sensitive data request list to the user terminal through the client;
a data and identity receiving module 94 for receiving sensitive data and session identity from the user terminal; the sensitive data are acquired by the user terminal from a local database or a cloud storage server according to a sensitive data retrieval list;
and the processing module 95 is configured to perform corresponding operations on the sensitive data according to the session identifier, and send an operation result to the client and/or the user terminal.
The server of the embodiment triggers the user terminal to acquire the sensitive data corresponding to the sensitive data request list and sends the sensitive data to the server in a manner of issuing the sensitive data request list after receiving the sensitive data request from the client, the whole sensitive data transmission process does not involve a website, malicious websites or viruses are effectively prevented from intercepting the sensitive data, meanwhile, the sensitive data transmission process does not need the user to participate too much, the user does not need to memorize the corresponding relation between the sensitive data and the server, the operation of the user is simplified, and the convenience and the safety of the sensitive operation are improved.
Corresponding to the above method, an embodiment of the present invention further provides a user terminal, referring to a structural block diagram of the user terminal shown in fig. 10, where the user terminal includes the following modules:
the asking list receiving module 12 is configured to receive, by the client, a sensitive data asking list notified by the third-party server, where the sensitive data asking list is generated by the third-party server according to a content asking identifier in a sensitive data asking request of the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content acquisition identifier;
the data acquisition module 14 is used for acquiring the sensitive data from a local database or a cloud storage server according to the sensitive data retrieval list;
and the data and identifier sending module 16 is configured to send the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server, so that the third-party server performs a corresponding operation on the sensitive data according to the session identifier.
The user terminal of the embodiment acquires the corresponding sensitive data according to the content carried in the list after receiving the sensitive data solicited list notified by the third-party server, and sends the sensitive data to the third-party server, the whole sensitive data transmission process does not involve websites, malicious websites or viruses are effectively prevented from capturing the sensitive data, meanwhile, the sensitive data transmission process does not need the user to participate too much, the user does not need to memorize the corresponding relation between the sensitive data and the third-party server, the operation of the user is simplified, and the convenience and the safety of the sensitive operation are improved.
The user terminal may further include: the user identity authentication module is used for authenticating whether the identity of the user is legal or not when receiving the scanning starting instruction of the user; the scanning module is used for scanning the code pattern of the sensitive data asking list when the user identity authentication module authenticates that the user is legal; and the analysis module is used for analyzing the code pattern to obtain a sensitive data retrieval list. When the user identity authentication module authenticates the user identity, the specific authentication method in the above method may be adopted, which is not described herein again.
Corresponding to the above method and apparatus (server and user terminal), the embodiment of the present invention further provides a sensitive data authorization system, which includes a third-party server and a user terminal, where, as shown in the structural block diagram of the sensitive data authorization system shown in fig. 11, the third-party server 90 may be implemented by using the server structure shown in fig. 9, and the user terminal 100 may be implemented by using the user terminal structure shown in fig. 10, and the specific functions of the third-party server and the user terminal in the system are similar to those in the above embodiment, and will not be described in detail here.
The technology provided by the embodiment can be applied to user identity registration, login, other privacy information authorization and the like, avoids operation of inputting sensitive data by a user through a keyboard in the application process, improves the possibility of being attacked by fishing to a certain extent, simultaneously enables filling of the sensitive data such as the login, the registration, the personal privacy information and the like to be converted into transmission of the sensitive data, enables the user to realize corresponding operation without learning an input method of the keyboard, reduces learning cost, is convenient for various users to use, and improves user experience.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Referring to fig. 12, an embodiment of the present invention further provides an authorization apparatus 120 for sensitive data, including: the system comprises a processor 20, a memory 21, a bus 22 and a communication interface 23, wherein the processor 20, the communication interface 23 and the memory 21 are connected through the bus 22; the processor 20 is arranged to execute executable modules, such as computer programs, stored in the memory 21.
The Memory 21 may include a high-speed Random Access Memory (RAM) and may further include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 23 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
The bus 22 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 12, but that does not indicate only one bus or one type of bus.
The memory 21 is configured to store a program, and the processor 20 executes the program after receiving an execution instruction, and the method executed by the apparatus (server, cloud server, or user terminal) defined by the process disclosed in any of the foregoing embodiments of the present invention may be applied to the processor 20, or implemented by the processor 20.
The processor 20 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 20. The Processor 20 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory 21, and the processor 20 reads the information in the memory 21 and performs the steps of the above method in combination with hardware thereof.
The embodiment of the present invention further provides a computer program product for performing a sensitive data authorization method, where the computer program product includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiment, and specific implementation may refer to the method embodiment, and is not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (24)

1. A method for authorizing sensitive data, comprising:
a third-party server receives a sensitive data request from a client, wherein the sensitive data request carries a content request identification;
after the third-party server passes the validity check of the client, a sensitive data retrieval list is generated according to the content retrieval identifier, wherein the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content retrieval identifier;
the third-party server informs the sensitive data retrieval list to the user terminal in a code mode through the client;
the third-party server receives the sensitive data and the session identification from the cloud storage server; the sensitive data are acquired by the cloud storage server according to the sensitive data retrieval list uploaded by the user terminal;
the third-party server executes corresponding operation on the sensitive data according to the session identification and sends an operation result to the client and/or the user terminal;
the content claim identification is used for indicating the current claim scene of the user.
2. The method of claim 1, wherein the third-party server informing the user terminal of the sensitive data retrieval list in a code pattern manner through the client comprises:
the third-party server converts the sensitive data asking list into a corresponding code pattern, and the code pattern is displayed to a user terminal through the client so that the user terminal can analyze the code pattern to obtain the sensitive data asking list; or the third-party server issues the sensitive data asking list to the client in a text form, and triggers the client to convert the received sensitive data asking list in the text form into a corresponding code pattern to be displayed to the user terminal, so that the user terminal analyzes the code pattern to obtain the sensitive data asking list;
wherein the code pattern comprises one of: two-dimensional codes, three-dimensional codes, four-dimensional codes or bar codes.
3. The method of claim 1, wherein the third-party server performing the corresponding operation on the sensitive data according to the session identifier comprises:
and the third-party server checks whether the service logic of the sensitive data is correct or not according to the session identifier, and if so, executes the operation corresponding to the session identifier on the sensitive data.
4. A method for authorizing sensitive data, comprising:
the method comprises the steps that a cloud storage server receives a sensitive data acquisition list uploaded by a user terminal, wherein the sensitive data acquisition list is generated by a third-party server according to a content acquisition identifier in a sensitive data acquisition request of a client and is notified to the user terminal through the client in a code pattern mode; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content retrieval identifier;
the cloud storage server acquires the sensitive data according to the identification of the third-party server in the sensitive data acquisition list and the content acquisition identification;
the cloud storage server sends the sensitive data and the session identification to the third-party server according to the identification of the third-party server, so that the third-party server executes corresponding operation on the sensitive data according to the session identification;
the content claim identification is used for indicating the current claim scene of the user.
5. The method of claim 4, wherein the cloud storage server obtaining the sensitive data according to the sensitive data retrieval list comprises:
the cloud storage server judges whether corresponding sensitive data exist in a cloud storage database or not according to the identification of the third-party server in the sensitive data retrieval list and the content retrieval identification, and if the corresponding sensitive data exist in the cloud storage database, the sensitive data are extracted from the cloud storage database; and if not, the cloud storage server generates corresponding sensitive data according to the identifier of the third-party server in the sensitive data retrieval list and the content retrieval identifier or acquires the corresponding sensitive data from the user terminal.
6. The method of claim 4, wherein the cloud storage server obtaining the sensitive data according to the sensitive data retrieval list comprises:
when the content asking identification indicates that the asked sensitive data is user identity registration data, the cloud storage server generates a login password, selects an account corresponding to the user terminal and registration information except the login password and the account from a cloud storage database, and takes the account, the login password and the registration information except the login password and the account as the sensitive data corresponding to the sensitive data asking list;
when the content retrieval identification indicates that the retrieved sensitive data is login authentication data, the cloud storage server searches an account and a login password of the identification, corresponding to the third-party server, of the user terminal from the cloud storage database, and takes the account and the login password as the sensitive data corresponding to the sensitive data retrieval list;
when the content retrieval identification indicates that the retrieved sensitive data is privacy authorized data, the cloud storage server searches corresponding privacy authorized data from the cloud storage database, and takes the privacy authorized data as the sensitive data corresponding to the sensitive data retrieval list.
7. The method of claim 5 or 6, wherein the method for the cloud storage server to send the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server further comprises:
and the cloud storage server sends the acquired sensitive data to the user terminal, and executes the step of sending the sensitive data and the session identification to the third-party server according to the identification of the third-party server when receiving confirmation information returned by the user terminal.
8. The method according to claim 5 or 6, wherein before the cloud storage server sends the sensitive data and the session identifier to the third party server according to the identifier of the third party server, the method further comprises:
the cloud storage server sends the acquired sensitive data to the user terminal for modification;
and the cloud storage server receives the sensitive data which is returned by the user terminal and is modified by the user, takes the modified sensitive data as the sensitive data corresponding to the finally obtained sensitive data retrieval list, and synchronizes the modified sensitive data to the cloud storage database.
9. A server, comprising:
the request receiving module is used for receiving a sensitive data request from a client, wherein the sensitive data request carries a content request identification;
the list generating module is configured to generate a sensitive data retrieval list according to the content retrieval identifier after the client passes the validity check, where the sensitive data retrieval list includes: the server identifier, the session identifier and the content retrieval identifier;
the list notification module is used for notifying the sensitive data request list to the user terminal in a code mode through the client;
the data receiving module is used for receiving the sensitive data and the session identification from the cloud storage server; the sensitive data are acquired by the cloud storage server according to the sensitive data retrieval list uploaded by the user terminal;
the sensitive data processing module is used for executing corresponding operation on the sensitive data according to the session identification and sending an operation result to the client and/or the user terminal;
the content claim identification is used for indicating the current claim scene of the user.
10. The server according to claim 9, wherein the manifest notification module comprises:
the code pattern conversion and issuing unit is used for converting the sensitive data acquisition list into a corresponding code pattern, and displaying the code pattern to a user terminal through the client so that the user terminal can analyze the code pattern to obtain the sensitive data acquisition list; or,
the list text issuing unit is used for issuing the sensitive data asking list to the client in a text form, triggering the client to convert the received sensitive data asking list in the text form into a corresponding code pattern to be displayed to the user terminal, and enabling the user terminal to analyze the code pattern to obtain the sensitive data asking list;
wherein the code pattern comprises one of: two-dimensional codes, three-dimensional codes, four-dimensional codes or bar codes.
11. The server according to claim 9, wherein the sensitive data processing module comprises:
the service logic checking unit is used for checking whether the service logic of the sensitive data is correct or not according to the session identification;
and the sensitive data processing unit is used for executing the operation corresponding to the session identifier on the sensitive data when the detection result of the service logic detection unit is correct.
12. A cloud storage server, comprising:
the system comprises a list receiving module, a list sending module and a list receiving module, wherein the list receiving module is used for receiving a sensitive data request list uploaded by a user terminal, the sensitive data request list is generated by a third-party server according to a content request identifier in a sensitive data request of a client and is notified to the user terminal through the client in a code pattern mode; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content retrieval identifier;
the sensitive data acquisition module is used for acquiring sensitive data according to the sensitive data acquisition list;
the data sending module is used for sending the sensitive data and the session identifier to the third-party server according to the identifier of the third-party server so that the third-party server executes corresponding operation on the sensitive data according to the session identifier;
the content claim identification is used for indicating the current claim scene of the user.
13. The cloud storage server of claim 12, wherein the sensitive data acquisition module comprises:
the sensitive data judging unit is used for judging whether the cloud storage database has corresponding sensitive data according to the sensitive data retrieval list;
the sensitive data extracting unit is used for extracting the sensitive data from the cloud storage database when the judgment result of the sensitive data judging unit is in some cases;
and the sensitive data acquisition unit is used for generating corresponding sensitive data according to the sensitive data retrieval list or acquiring the sensitive data corresponding to the sensitive data retrieval list from the user terminal when the judgment result of the sensitive data judgment unit is negative.
14. The cloud storage server of claim 12, wherein the sensitive data acquisition module comprises:
a registration data obtaining unit, configured to generate a login password when the content pickup identifier indicates that the picked up sensitive data is user identity registration data, select an account corresponding to the user terminal and registration information other than the login password and the account from a cloud storage database, and use the account, the login password, and the registration information other than the login password and the account as the sensitive data corresponding to the sensitive data pickup list;
a login authentication data acquisition unit, configured to search, when the content pickup identifier indicates that the picked up sensitive data is login authentication data, an account and a login password of the identifier of the third-party server corresponding to the user terminal from a cloud storage database, and use the account and the login password as the sensitive data corresponding to the sensitive data pickup list;
and the privacy authorized data acquisition unit is used for searching corresponding privacy authorized data from a cloud storage database when the content retrieval identification indicates that the retrieved sensitive data is privacy authorized data, and using the privacy authorized data as the sensitive data corresponding to the sensitive data retrieval list.
15. A system for authorizing sensitive data, comprising: a third party server and a cloud storage server; wherein the third party server is as claimed in any one of claims 9 to 11; the cloud storage server as claimed in any one of claims 12 to 14.
16. A method for authorizing sensitive data, comprising:
a third-party server receives a sensitive data request from a client, wherein the sensitive data request carries a content request identification;
after the third-party server passes the validity check of the client, a sensitive data retrieval list is generated according to the content retrieval identifier, wherein the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content retrieval identifier;
the third-party server informs the sensitive data retrieval list to the user terminal in a code mode through the client;
the third-party server receives sensitive data and the session identification from the user terminal; the sensitive data are acquired by the user terminal from a local database or a cloud storage server according to the sensitive data retrieval list;
the third-party server executes corresponding operation on the sensitive data according to the session identification and sends an operation result to the client and/or the user terminal;
the content claim identification is used for indicating the current claim scene of the user.
17. A method for authorizing sensitive data, comprising:
the method comprises the steps that a user terminal receives a sensitive data asking list notified by a third-party server in a code mode through a client, wherein the sensitive data asking list is generated by the third-party server according to a content asking identifier in a sensitive data asking request of the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content retrieval identifier;
the user terminal acquires the sensitive data from a local database or a cloud storage server according to the identifier of the third-party server and the content retrieval identifier in the sensitive data retrieval list;
the user terminal sends the sensitive data and the session identification to the third-party server according to the identification of the third-party server, so that the third-party server executes corresponding operation on the sensitive data according to the session identification;
the content claim identification is used for indicating the current claim scene of the user.
18. The method of claim 17, wherein the receiving, by the user terminal, the sensitive data solicitation list notified by the third-party server through the client comprises:
the user terminal receives the code pattern of the sensitive data request list through the client; the code pattern is generated by a third-party server or the client according to the sensitive data retrieval list, and comprises one of the following steps: two-dimensional codes, three-dimensional codes, four-dimensional codes or bar codes;
and the user terminal analyzes the code pattern to obtain the sensitive data asking list.
19. The method of claim 18, wherein the receiving, by the user terminal through the client, the code pattern of the sensitive data request list sent by the third-party server comprises:
and when the user terminal receives an instruction of starting the scanning application from the user, verifying whether the identity of the user is legal, and if so, scanning the code pattern displayed on the client.
20. The method according to claim 19, wherein the user terminal verifies whether the identity of the user is legal, comprising one of the following verification methods:
the user terminal verifies whether the biological characteristic information of the user is legal or not;
the user terminal verifies whether the user name and the password input by the user are legal or not;
and the user terminal verifies whether the graph input by the user is legal or not.
21. The method of claim 17, wherein the user terminal obtaining the sensitive data from the cloud storage server comprises:
the user terminal sends the sensitive data request list to a cloud storage server so that the cloud storage server searches for sensitive data according to the identifier of the third-party server in the sensitive data request list and the content request identifier or generates sensitive data according to the identifier of the third-party server in the sensitive data request list and the content request identifier;
and the user terminal receives the sensitive data issued by the cloud storage server.
22. A server, comprising:
the system comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for receiving a sensitive data request from a client, and the sensitive data request carries a content request identification;
the solicited list generating module is configured to generate a sensitive data solicited list according to the content solicited identifier after the client passes the validity check, where the sensitive data solicited list includes: the server identifier, the session identifier and the content retrieval identifier;
the request list notification module is used for notifying the sensitive data request list to a user terminal in a code mode through the client;
the data and identification receiving module is used for receiving sensitive data and the session identification from the user terminal; the sensitive data are acquired by the user terminal from a local database or a cloud storage server according to the sensitive data retrieval list;
the processing module is used for executing corresponding operation on the sensitive data according to the session identification and sending an operation result to the client and/or the user terminal;
the content claim identification is used for indicating the current claim scene of the user.
23. A user terminal, comprising:
the system comprises a request list receiving module, a request list sending module and a response module, wherein the request list receiving module is used for receiving a sensitive data request list notified by a third-party server in a code mode through a client, and the sensitive data request list is generated by the third-party server according to a content request identifier in a sensitive data request of the client; the sensitive data retrieval list comprises: the identifier of the third-party server, the session identifier and the content retrieval identifier;
the data acquisition module is used for acquiring the sensitive data from a local database or a cloud storage server according to the sensitive data retrieval list;
the data and identification sending module is used for sending the sensitive data and the session identification to the third-party server according to the identification of the third-party server so that the third-party server executes corresponding operation on the sensitive data according to the session identification;
the content claim identification is used for indicating the current claim scene of the user.
24. An authorization system for sensitive data, comprising a third party server and a user terminal, wherein the third party server is according to claim 22, and the user terminal is according to claim 23.
CN201410659741.0A 2014-11-18 2014-11-18 The authorization method of sensitive data, device and system Expired - Fee Related CN104468531B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410659741.0A CN104468531B (en) 2014-11-18 2014-11-18 The authorization method of sensitive data, device and system
PCT/CN2014/095384 WO2016078182A1 (en) 2014-11-18 2014-12-29 Authorization method, device and system for sensitive data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410659741.0A CN104468531B (en) 2014-11-18 2014-11-18 The authorization method of sensitive data, device and system

Publications (2)

Publication Number Publication Date
CN104468531A CN104468531A (en) 2015-03-25
CN104468531B true CN104468531B (en) 2017-11-21

Family

ID=52913903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410659741.0A Expired - Fee Related CN104468531B (en) 2014-11-18 2014-11-18 The authorization method of sensitive data, device and system

Country Status (2)

Country Link
CN (1) CN104468531B (en)
WO (1) WO2016078182A1 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610637A (en) * 2015-09-24 2016-05-25 百度在线网络技术(北京)有限公司 Sensitive information acquisition method and apparatus thereof
TWI560555B (en) * 2016-02-05 2016-12-01 Synology Inc Cloud service server and method for managing cloud service server
US10311245B2 (en) * 2016-03-08 2019-06-04 Kalpesh S. Patel Cyber security system and method for transferring data between servers without a continuous connection
CN106161095B (en) * 2016-07-15 2020-09-08 北京奇虎科技有限公司 Early warning method and device for data leakage
CN106330871A (en) * 2016-08-17 2017-01-11 成都聚美优品科技有限公司 Sensitive data protection method
CN107623671B (en) * 2016-12-05 2020-12-11 上海辉冠信息科技有限公司 Software licensing service implementing method
CN108270719A (en) * 2016-12-30 2018-07-10 广东精点数据科技股份有限公司 A kind of data safe transmission method and device based on digital signature
CN107196943B (en) * 2017-05-26 2019-09-20 浙江大学 A kind of security display implementation method of private data in third-party platform
CN107222509A (en) * 2017-07-17 2017-09-29 郑州云海信息技术有限公司 A kind of guard method of network Web service data and device based on cloud storage
CN110119632B (en) * 2018-02-05 2021-01-15 中国移动通信有限公司研究院 Sensitive data request method, device, system and computer readable storage medium
CN108664802B (en) * 2018-03-20 2021-10-08 西安烽火软件科技有限公司 Sensitive data protection method and system
CN108632258B (en) * 2018-04-16 2020-12-18 新华三信息安全技术有限公司 Access message processing method and device
CN109186040A (en) * 2018-09-14 2019-01-11 南京理工技术转移中心有限公司 A kind of metro environment remote monitoring system and its working method
CN108848117A (en) * 2018-09-14 2018-11-20 南京理工技术转移中心有限公司 A kind of cultivation surroundings monitoring system and its working method
CN111182015A (en) * 2018-11-12 2020-05-19 北京场景互娱传媒科技有限公司 User information acquisition and unification method and device and electronic equipment
CN110716971A (en) * 2019-08-28 2020-01-21 深圳壹账通智能科技有限公司 Data calling method for third-party database and related equipment
CN114679317B (en) * 2019-12-26 2024-07-05 支付宝(杭州)信息技术有限公司 Data viewing method and device
CN112329049A (en) * 2020-01-23 2021-02-05 北京沃东天骏信息技术有限公司 Business data management method, device, electronic equipment and medium
CN112513854B (en) * 2020-07-08 2023-02-28 华为技术有限公司 High-precision map, high-precision map generation method and application method
CN112671786B (en) * 2020-12-29 2022-06-28 科来网络技术股份有限公司 System and method for safe login based on third party authentication
CN113407998A (en) * 2021-07-07 2021-09-17 南京真我信息科技有限公司 Private data acquisition method and device, electronic equipment and readable storage medium
CN114222301B (en) * 2021-12-13 2024-04-12 奇安盘古(上海)信息技术有限公司 Fraud site processing method, fraud site processing device and storage medium
CN117390687B (en) * 2023-12-11 2024-04-02 闪捷信息科技有限公司 Sensitive data query method and device, storage medium and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095720A (en) * 2013-01-30 2013-05-08 中国科学院自动化研究所 Safety management method of cloud memory system based on session management server
CN103152330A (en) * 2013-02-07 2013-06-12 百度在线网络技术(北京)有限公司 Login method, login system and cloud server
CN103795690A (en) * 2012-10-31 2014-05-14 华为技术有限公司 Cloud access control method, proxy server, and cloud access control system
CN104113534A (en) * 2014-07-02 2014-10-22 百度在线网络技术(北京)有限公司 System and method for logging in applications (APPs)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8601265B2 (en) * 2010-11-22 2013-12-03 Netapp, Inc. Method and system for improving storage security in a cloud computing environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795690A (en) * 2012-10-31 2014-05-14 华为技术有限公司 Cloud access control method, proxy server, and cloud access control system
CN103095720A (en) * 2013-01-30 2013-05-08 中国科学院自动化研究所 Safety management method of cloud memory system based on session management server
CN103152330A (en) * 2013-02-07 2013-06-12 百度在线网络技术(北京)有限公司 Login method, login system and cloud server
CN104113534A (en) * 2014-07-02 2014-10-22 百度在线网络技术(北京)有限公司 System and method for logging in applications (APPs)

Also Published As

Publication number Publication date
CN104468531A (en) 2015-03-25
WO2016078182A1 (en) 2016-05-26

Similar Documents

Publication Publication Date Title
CN104468531B (en) The authorization method of sensitive data, device and system
CN103685311B (en) A kind of login validation method and equipment
US10657243B2 (en) Variation analysis-based public turing test to tell computers and humans apart
US8763101B2 (en) Multi-factor authentication using a unique identification header (UIDH)
KR101589192B1 (en) Identity authentication and management device and method thereof
CN107302539B (en) Electronic identity registration and authentication login method and system
CN104378343B (en) The password method for retrieving of network account, Apparatus and system
US20150222435A1 (en) Identity generation mechanism
WO2020041747A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
KR101214839B1 (en) Authentication method and authentication system
CN108449321B (en) Login method, server and client
CN109039987A (en) A kind of user account login method, device, electronic equipment and storage medium
CN104540129B (en) The registering and logging method and system of third-party application
CN106657068A (en) Login authorization method and device, login method and device
CN108234442B (en) Method, system and readable storage medium for acquiring contract
CN104348612A (en) Third-party website login method based on mobile terminal and mobile terminal
US9124571B1 (en) Network authentication method for secure user identity verification
CN105591744A (en) Network real-name authentication method and system
CN107786487B (en) Information authentication processing method, system and related equipment
WO2015039589A1 (en) User identity authorization system and authorization method based on bar codes
WO2017206524A1 (en) Electronic device control method, terminal and control system
WO2014161259A1 (en) Verification code processing method, device, terminal and server
CN105450592A (en) Safety verification method and device, server and terminal
CN110691085A (en) Login method, login device, password management system and computer readable medium
CN108390848B (en) Information witness method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171121