CN107026819A - The authorization method and information verification mandate platform of a kind of users personal data - Google Patents

The authorization method and information verification mandate platform of a kind of users personal data Download PDF

Info

Publication number
CN107026819A
CN107026819A CN201610067525.6A CN201610067525A CN107026819A CN 107026819 A CN107026819 A CN 107026819A CN 201610067525 A CN201610067525 A CN 201610067525A CN 107026819 A CN107026819 A CN 107026819A
Authority
CN
China
Prior art keywords
authorization
data
user
platform
mandate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610067525.6A
Other languages
Chinese (zh)
Inventor
徐苛杰
张航友
苏伟杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Sichuan Co Ltd
Original Assignee
China Mobile Group Sichuan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Sichuan Co Ltd filed Critical China Mobile Group Sichuan Co Ltd
Priority to CN201610067525.6A priority Critical patent/CN107026819A/en
Publication of CN107026819A publication Critical patent/CN107026819A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a kind of authorization method of users personal data, methods described includes:Obtain user and handle the mandate contract information and ID authorized during target service;Wherein, it is described to authorize contract information to include the license confirmation of authorization message and user for the authorization message;The authorization message includes authorization data scope and authorization object ID;According to the authorization object ID and ID generation key, the key and the corresponding relation of the authorization message are stored;Receive service platform transmission carries query key user profile inquiry request;The corresponding relation of query key and authorization message, obtains the authorization data scope in the corresponding authorization message of the query key;The users personal data in the range of authorization data in the corresponding authorization message is obtained, the users personal data in the corresponding authorization message in the range of authorization data is sent to the service platform.The embodiment of the invention also discloses a kind of information verification mandate platform.

Description

The authorization method and information verification mandate platform of a kind of users personal data
Technical field
The present invention relates to the authorization method and information of data security arts, more particularly to a kind of users personal data Verification mandate platform.
Background technology
In the environment of current mobile Internet, it is frequent all the more to be related to the situation that users personal data uses, but It is in use, there are a large amount of phenomenons for not conforming to regulation, one kind is authorized arbitrarily using use without user Family personal data, although another is that user authorizes, the scope of authority is not consistent with Shi Jishiyong scope, Used in the presence of going beyond one's commission.Existing solution can be by authorizing, such as directly displaying out on line on line Whether terms of service illustrate, allow user to directly select and receive;It can also be by papery protocol mode under line, For example going to bank to handle loan needs to sign the power of attorney.These existing technical schemes can be to a certain extent Problem is licensed in solution.
But, papery protocol requirement signing place for user, need to arrive the site scene of enterprise, extremely Inconvenience, and subsequent protocol takes care of and retrieval also has higher requirements, cost is high.And electronics is assisted on common line View is typically the electronic protocol that user is showed when various application programs are installed, and user must click on Agreement Protocol Clause could continue, and agreement is all changeless, it is impossible to flexible personalized customization, and the scope of authority is often , there is despot in one maximum scope, it is impossible to use principle of minimum authorizing to protect user benefit from user perspective King's clause problem.
The content of the invention
In view of this, the embodiment of the present invention expects that the authorization method and information that provide a kind of users personal data are tested It is true to authorize platform, it is convenient and swift and authorization data scope is flexibly controllable.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of authorization method of users personal data, methods described includes:
Obtain user and handle the mandate contract information and ID authorized during target service;Wherein, it is described to authorize Contract information includes authorization message and user is directed to the license confirmation of the authorization message;The authorization message Including authorization data scope and authorization object ID;
According to the authorization object ID and ID generation key, the key and the authorization message are stored Corresponding relation;
Receive service platform transmission carries query key user profile inquiry request;
The corresponding relation of query key and authorization message, is obtained in the corresponding authorization message of the query key Authorization data scope;
The users personal data in the range of authorization data in the corresponding authorization message is obtained, by the correspondence Authorization message in users personal data in the range of authorization data be sent to the service platform.
In such scheme, the acquisition user handles the mandate contract letter authorized during the target service of service platform Breath and ID, including:
The user for receiving user terminal transmission by wap page or public number mode handles the target of service platform The authorization message and ID authorized during business;License confirmation is sent to the user terminal by Short Message Service Gateway Request, receives the license confirmation that the user terminal is returned, and obtains and authorizes contract information;The license confirmation The authorization message is carried in request;
Or, the user for receiving Short Message Service Gateway transmission handles the mandate conjunction authorized during the target service of service platform With information and ID.
In such scheme, also include in the authorization message:Licensing term;It is described to obtain described corresponding award The users personal data in the range of authorization data in information is weighed, including:
In licensing term in the corresponding authorization message of the query key, described corresponding award is obtained Weigh the users personal data in the range of authorization data in information.
In such scheme, the user in the range of the authorization data obtained in the corresponding authorization message Personal data, including:
The cache request of the authorization data scope carried in the corresponding authorization message is sent into data to put down Platform, receives the user in the range of authorization data in the corresponding authorization message that the data platform is returned Personal data.
In such scheme, obtain when user handles target service the mandate contract information that authorizes and ID it Afterwards, methods described also includes:
Sent to user terminal and authorize success notification information.
A kind of information verification mandate platform, described information verification mandate platform includes:
Acquiring unit, the mandate contract information and ID authorized for obtaining when user handles target service; Wherein, it is described to authorize contract information to include the license confirmation of authorization message and user for the authorization message; The authorization message includes authorization data scope and authorization object ID;
Generation unit, authorization object ID and ID for being obtained according to the acquiring unit generate key;
Memory cell, the key for storing the Key generating unit generation is corresponding with the authorization message Relation;
Receiving unit, for receive service platform transmission carry query key user profile inquiry request;
Query unit, the corresponding relation for inquiring about the key stored in the memory cell and authorization message, Obtain the authorization data scope in the corresponding authorization message of query key that the receiving unit is received;
Data acquiring unit, for obtaining the use in the range of the authorization data that the query unit is inquired Family personal data;
Transmitting element, for the user in the range of the authorization data that obtains the data acquiring unit Personal data is sent to the service platform.
In such scheme, the acquiring unit, specifically for receiving use by wap page or public number mode The user that family terminal is sent handles the authorization message authorized during the target service of service platform and ID;Pass through Short Message Service Gateway sends license confirmation request to the user terminal, and the mandate for receiving the user terminal return is true Recognize, obtain and authorize contract information;The authorization message is carried in the license confirmation request;Or, connect Harvest the user that sends of Short Message Service Gateway handle the mandate contract information that is authorized during the target service of service platform and ID.
In such scheme, also include in the authorization message:Licensing term;Then,
The data acquiring unit, specifically for what is inquired in the query unit, the query key pair In licensing term in the authorization message answered, authorization data scope in the corresponding authorization message is obtained Interior users personal data.
In such scheme, the transmitting element is additionally operable to carry described in the query unit inquires The cache request of authorization data scope in corresponding authorization message is sent to data platform,
The data acquiring unit, corresponding authorize returned specifically for receiving the data platform is believed Users personal data in breath in the range of authorization data.
In such scheme, the transmitting element is additionally operable to handle target industry in acquiring unit acquisition user After the mandate contract information and ID that are authorized during business, sent to user terminal and authorize success notification information.
The embodiments of the invention provide a kind of authorization method of users personal data and information verification mandate platform, This method flow is to carry out authentication mode under user's authorization identifying, the line compared to before based on channel on line to improve Business handling efficiency and feasibility, more conform to current internet overall situation.Due to authorization message be by with What family was independently selected, by user according to target service it needs to be determined that going out authorization data scope and authorization object, in fact Show flexible personalized customization, principle of minimum authorizing can be used from user perspective to protect user benefit, and Ensure that users personal data information is minimized to use, reduce the disclosure risk of individual privacy information.And it is raw Into key, there is key querying flow, only authorization object could generate correct key, and then inquire about acquisition User gives the users personal data in the range of authorization data, and the corresponding users personal data of key only has mandate Object can be used, and solve the problem of using of going beyond one's commission;And key is to correspond with authorization data scope , authorization object can only also obtain the data in the range of the corresponding authorization data of key, and key is corresponding to be authorized Data outside data area can not be queried acquisition.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the authorization method for users personal data that the embodiment of the present invention 1 is provided;
Fig. 2 is that a kind of various scenes of the authorization method for users personal data that the embodiment of the present invention 2 is provided are shown It is intended to;
Fig. 3 is a kind of system tray for authorization method for realizing users personal data that the embodiment of the present invention 2 is provided Structure;
Fig. 4 is that a kind of wap flows of the authorization method for users personal data that the embodiment of the present invention 2 is provided are shown It is intended to;
Fig. 5 is a kind of public number flow of the authorization method for users personal data that the embodiment of the present invention 2 is provided Schematic diagram;
Fig. 6 is that a kind of short message flow of the authorization method for users personal data that the embodiment of the present invention 2 is provided is shown It is intended to;
Fig. 7 is a kind of structured flowchart of information verification platform provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear Chu, it is fully described by.
Embodiment 1
The embodiments of the invention provide a kind of authorization method of users personal data, as shown in figure 1, this implementation The handling process of example method comprises the following steps:
Step 101, acquisition user handle the mandate contract information and ID authorized during target service.
In the present embodiment method, authority checking flow when user handles target service is all based on channel on line Carry out, information verification mandate platform can provide user to the user terminal of user and handle respective objects business When the link of corresponding wap (Wireless Application Protocol, WAP) or wechat it is public Many numbers etc., user can pass through the wap page or wechat when handling the target service of the service platform Public number etc. fills in the authorization message needed when handling target service i.e. authorization data scope and authorization object ID These authorization messages are carried by the mode such as wap page or wechat public number Deng, user operation user terminal When being sent to described information verification mandate platform, ID is carried in the information of submission, the ID is used The user of the target service is handled in mark, so, described information verification mandate platform is obtained with user Handle the authorization message authorized during the target service and ID.
Certainly, described information verification mandate platform also need to obtain user for the authorization message mandate it is true Recognize, and license confirmation is achieved to the legal basis authorized as user together with authorization message, it is ensured that the mandate Information is legally authorized by user.
Above-mentioned authorization message is all independently filled in by user, and flexibly controllable, user can be according to target service The need for determine authorization data scope, it can be ensured that the minimum of users personal data is used, and is reduced The disclosure risk of people's privacy information.
Step 102, key generated according to the authorization object ID and ID, store the key and institute State the corresponding relation of authorization message.
Described information verification mandate platform obtains user and handles the mandate conjunction authorized during the target service of service platform After information and ID, it is possible to which the default algorithmic rule of application is according to authorization object ID and ID Key is generated, and stores the corresponding relation of the key and the authorization message.
What step 103, reception service platform were sent carries query key user profile inquiry request.
The target of the service platform is all pre-set in the service platform and described information verification mandate platform The corresponding same algorithmic rule of business, so, the service platform for providing the user target service is done to user , it is necessary to first using default same algorithmic rule is according to service object ID and handles this when managing the target service The ID of the user of target service generates a query key, and will carry query key user profile and look into Ask request and be sent to information verification mandate platform, to inquire about the individual subscriber needed for the target service is handled in acquisition Data.
If herein it should be noted that the authorization object ID used in information verification mandate platform is service Platform ID, then default service object ID is also service platform ID during service platform generation query key, if The authorization object ID used in information verification mandate platform is service platform ID and target service ID, then services Default service object ID is also service platform ID+ target services ID when platform generates query key;Believe All pre-set in breath verification mandate platform and service platform and same algorithmic rule is applied when handling target service Key is generated with identical ID types.
Step 104, the inquiry key and the corresponding relation of the authorization message, obtain the query key Authorization data scope in corresponding authorization message.
Described information verification mandate platform possesses data buffer storage function, can cache the key and authorization message Corresponding relation, so when receive service platform transmission query key after, the mandate of described information verification put down Platform just can directly inquire about the various keys of its caching and the corresponding relation of authorization message, obtain the inquiry close The corresponding authorization message of key, and then obtain the authorization data scope in the corresponding authorization message of the query key.
Users personal data in step 105, the acquisition corresponding authorization message in the range of authorization data, Users personal data in the corresponding authorization message in the range of authorization data is sent to the service platform.
Optionally, described information verification mandate platform possesses data buffer storage function, can cache certain customers' A small amount of users personal data, if being cached with the corresponding authorization message in described information verification mandate platform Users personal data in the range of middle authorization data, then described information verification mandate platform, which can be inquired about directly, obtains Users personal data in the corresponding authorization message in the range of authorization data, and by the query key The users personal data in the range of authorization data in corresponding authorization message is sent to the service platform.Institute State service platform to obtain after corresponding users personal data, be considered as user's Authorization Service Platform using the user Personal data handle this target service to user.Service platform just can handle the target industry for user accordingly Business.
Because the key that information verification mandate platform is generated is generated according to authorization object ID, key and mandate Information is one-to-one, therefore the query key that only authorization object is generated according to authorization object ID could be inquired about The corresponding authorization message of the key is obtained, this ensures that the user in the range of the authorization data in the authorization message Personal data can only be exported to specific authorization object, and unauthorized object can not obtain these users personal datas, Prevent users personal data is gone beyond one's commission from using;And the authorization data scope in authorization message is independently selected by user Select or fill in, user can need to be estimated according to target service, and decision-making goes out to handle awarding for the target service Which users personal data is power data area need when being and determining and handle the target service, it can be ensured that authorize Users personal data minimum, reduce the disclosure risk of individual subscriber privacy information.Key and mandate Information is one-to-one, and authorization object can only also obtain the authorization data in the corresponding authorization message of the key In the range of users personal data, anyone can not obtain any user inside and outside the authorization data scope Personal data.
Embodiment 2
Authority checking flow during user's transacting business is all to be carried out using user terminal based on channel on line, Authentication mode improves business handling efficiency and feasibility under line compared to before, more conforms to current internet Overall situation;Its specific usage scenario is as shown in Fig. 2 by taking bank as an example, the way of contact of user and bank To remove bank counter and not removing bank counter, when user actively removes bank counter application user terminal transacting business, For the user terminal that can not be surfed the Net, short message-authorized flow is directly entered, for the user terminal that can be surfed the Net, Quick Response Code can be swept into wap pages of contract authorization flow or public number authorization flow;User does not remove bank counter When, bank actively can issue the short message whether inquiry user handles target service to the user terminal of user, There are wap links and the reply of pure short message mode to illustrate in short message, for the user terminal that can not be surfed the Net, directly Answer short message enters short message-authorized flow, for the user terminal that can be surfed the Net, can click on wap and be linked into Wap pages of contract authorization flow.
As shown in figure 3, the system architecture to realize the present embodiment method, the system includes:Service platform 31 Information verification mandate platform 32, user terminal 33, Short Message Service Gateway 34 and data platform 35;Wherein, it is described Information verification mandate platform 32 includes information verification mandate gateway 321 and KV (Key Value, key assignments) numbers According to interactive gateway 322.
Present embodiments provide a kind of authorization method of users personal data, the application scenarios of the present embodiment method Need to enter wap authorization flows, as shown in figure 4, the handling process of the present embodiment method comprises the following steps:
Step 401, user terminal obtain wap links, show that the wap links corresponding wap contracts page Face, obtains the authorization message that user authorizes, and the authorization message is submitted into information verification mandate platform.
System architecture with reference to shown in Fig. 3, user terminal 33 obtains wap chains and is connected to two kinds of situations, a kind of When situation is that user handles target service using the initiative of user terminal 33, user terminal 33 can pass through Sweep the modes such as Quick Response Code or internet searching and obtain wap links.
Another situation is whether bank active inquiry user needs to handle target service, such as handle loan, The business such as credit card, now bank can to user user terminal 33 send short message be inquired;Service platform 31 i.e. bank's platform can give the transmission business handling of Short Message Service Gateway 34 with bank's target service official short message number Short message request is inquired, it is described herein it should be noted that official's short message number is provided by Short Message Service Gateway 34 Business handling inquiry short message asks to be used to ask Short Message Service Gateway 34 to handle inquiry to the issuing service of user terminal 33 Ask short message.Short Message Service Gateway 34 be connected to official's short message number business handling inquiry short message request after, will to Family terminal 33 issues business handling inquiry short message corresponding with bank's target service, the business handling inquiry Linked in short message comprising wap, can also be included in certainly described business handling inquiry short message and authorize reason such as to do The brief informations such as title, the authorization object of the target service of reason.Example, short message content can be XX silver Row credit card business is handled, wap links.
User terminal 33 is obtained after wap links, if to handle corresponding target service, user can point The wap links hit on user terminal 33, user terminal 33 shows that the wap links corresponding wap contracts Electronic contract is presented to user, the wap contracts page by page, wap contracts page by the form of wap webpages Authorization data scope option, the authorization object for requiring to authorize when the bank handles the target service are shown on face Option, or also licensing term option etc., can be according to mesh when user needs to handle this target service Mark business needs to assess and decision-making goes out authorization data scope, it is ensured that the minimum of users personal data is used, together When, user also needs to determine authorization object, or can also set licensing term, is then filled out signature, Signature typically all fills in name and cell-phone number, after the completion of user fills in, and the user terminal 33 can just be obtained The authorization message that user authorizes is obtained, authorization message described here includes authorization data scope, authorization object ID And licensing term;Then, the user terminal 33 can just be put forward the authorization message by wap webpages Give the information verification mandate gateway 321 in information verification mandate platform 32.
Step 402, information verification mandate platform obtain the target that user handles service platform by wap page The authorization message and ID authorized during business.
It is by the information verification in information verification mandate platform 32 that the wap, which links the corresponding wap contracts page, Authorize what gateway 321 was provided, user has filled in authorization data scope, authorization object, licensing term and confirmed Afterwards, these authorization messages that user terminal 33 will fill in user, and ID are sent to information and tested In the true information verification mandate gateway 321 authorized in platform 32, such described information verification mandate platform 32 Information verification mandate gateway 321 just obtain user handle the authorization message needed during target service and ID.
Step 403, information verification mandate platform send license confirmation to user terminal by Short Message Service Gateway and asked.
Information verification mandate gateway 321 in information verification mandate platform 32 obtains user and handles service platform After the authorization message and ID that are authorized during target service, first license confirmation will be sent to Short Message Service Gateway 34 Short message is asked, and carries the authorization message in the license confirmation short message request, Short Message Service Gateway 34 is received After license confirmation short message request, license confirmation request will be sent to the user terminal 33, it is described to authorize The authorization message, i.e. authorization data scope, licensing term, authorization object etc. is carried in confirmation request to believe Breath.
Example, the form that Short Message Service Gateway 34 is sent to the license confirmation request of user terminal 33 is short message, Content can be:If user confirms in the licensing term data grant in the range of by some to described Authorization object, then return to identifying code 445896.
Step 404, information verification mandate platform receive the license confirmation that the user terminal is returned, and acquisition is awarded Weigh contract information.
User terminal 33 is received after said short message, if user agrees to carry out the mandate described in said short message, Then user inputs the identifying code 445896 on wap contracts page and clicks on confirmation, the user terminal 33 will submit to the identifying code information verification mandate gateway 321 in information verification mandate platform 32, Information verification mandate gateway 321 in described information verification mandate platform 32 receives the user terminal 33 and returned After the identifying code returned is license confirmation, the authorization message and license confirmation that user is authorized achieve to authorize together Contract information, the legal basis authorized as user, it is ensured that the authorization message is legally authorized by user.
Step 405, information verification mandate platform send to user terminal and authorize success notification information.
Information verification mandate gateway 321 in described information verification mandate platform 32, which is obtained, to be authorized after contract information, It can be sent to user terminal 33 and authorize success notification information, optionally, in information verification mandate platform 32 Information verification mandate gateway 321 can ask Short Message Service Gateway 34 to issue mandate success notification to user terminal 33 Information, Short Message Service Gateway 34, which is received, issues mandate success notification information to user terminal 33 after the request, with Achieved for user terminal 33.Short Message Service Gateway 34 believes the mandate success notification for being handed down to user terminal 33 simultaneously Breath is synchronized to the information verification mandate gateway 321 in information verification mandate platform 32, informs that the mandate is successfully led to Know that information has been notified to user terminal 33, the information verification mandate gateway 321 in information verification mandate platform 32 Achieved, be used as legal basis.
Said process is user's authorization flow, in above-mentioned flow, and user is in core leading position all the time, Key node, which is had to pass through after user knows and authorized, could perform subsequent operation, and correlated process has and possesses method The file record of effect is restrained, users personal data belongs to legal and is supplied to authorization object to use.
Step 406, information verification mandate platform generate key according to the authorization object ID and ID, Store the corresponding relation of the key and the authorization message.
In the present embodiment method, in described information verification mandate platform 32 and service platform 31 i.e. bank's platform The ID types of the default authorization object and service object are service platform ID and traffic ID, same algorithm Rule can be blending algorithm.
Therefore the information verification mandate gateway 321 in information verification mandate platform 32 is after step 403, information Information verification mandate gateway 321 in verification mandate platform 32 can be by the mandate contract information of acquisition and user ID is sent to the KV data interactions gateway 322 in information verification mandate platform 32, such information verification mandate KV data interactions gateway 322 in platform 32 just can be using blending algorithm according to bank's platform ID+ Target service ID+ IDs generation key (Key), stores key pass corresponding with the authorization message System.The authorization message includes licensing term, and described information verification mandate platform can be only in the mandate phase Limit key described in memory storage and the corresponding relation of the authorization message.
What step 407, reception service platform were sent carries query key user profile inquiry request.
User when for example bank handles target service to financial industry, service platform 31 be bank platform need to Acquisition ID is identified in the identity at family, and then the authorization message that user authorizes is inquired about, to confirm Whether target service is carried out to user to handle.At this time, it may be necessary to which first the default blending algorithm of application is flat according to service Platform ID+ target service ID+ IDs generate a query key, and will carry query key user profile Inquiry request is sent to the KV data interactions gateway 322 in information verification mandate platform 32, if inquiry is obtained The users personal data needed for the target service must be handled, then shows the user authorized bank using the user Personal data handles target service data, confirms that carrying out target service to user is handled, and this is handled if not inquiring Users personal data needed for target service, then show user's unauthorized Bank application users personal data Target service data are handled, bank can not go beyond one's commission handles target service using the users personal data.
The corresponding relation of step 408, information verification mandate platform query key and authorization message, obtains described Authorization data scope in the corresponding authorization message of query key.
KV data interactions gateway 322 in described information verification mandate platform 32, which receives to carry, inquires about close After key user profile inquiry request, the corresponding relation of meeting query key and authorization message, if the user is in institute State the KV data interactions gateway 322 in information verification mandate platform 32 and authorize the service platform 31 and handle Required authorization data scope during target service, then the KV data friendship in described information verification mandate platform 32 Mutual gateway 322 can just find the corresponding authorization message of the query key, and then it is close to obtain the inquiry Authorization data scope in the corresponding authorization message of key.
Step 409, information verification mandate platform are obtained in the corresponding authorization message in the range of authorization data Users personal data, users personal data in the range of authorization data in the corresponding authorization message is sent out Give the service platform.
Herein it should be noted that also including in the authorization message:Licensing term;Therefore described information is tested The true KV data interactions gateway 322 authorized in platform 32 is only in the corresponding mandate of the query key In licensing term in information, it could inquire about in the acquisition corresponding authorization message in the range of authorization data Users personal data.
Because number of users is a lot, user data magnanimity, therefore can be user data in the present embodiment method It is stored in data platform, the KV data interactions gateway 322 in described information verification mandate platform 32 Obtain after the authorization data scope in the corresponding authorization message of the query key, in query key correspondence The authorization message in licensing term in, the KV data interactions in described information verification mandate platform 32 The cache request of the authorization data scope carried in the corresponding authorization message is sent to number by gateway 322 According to platform 35, data platform 35, will be by the corresponding authorization message after the cache request is received The KV data that users personal data in the range of middle authorization data is returned in information verification mandate platform 32 are handed over KV data interactions gateway 322 in mutual gateway 322, described information verification mandate platform 32 receives described right Users personal data in the authorization message answered in the range of authorization data, and by the corresponding authorization message Users personal data in the range of authorization data is sent to the service platform 31.
The embodiment of the present invention additionally provides a kind of authorization method of users personal data, the present embodiment method should Needed to enter public number authorization flow with scene, as shown in figure 5, the handling process of the present embodiment method includes Following steps:
Step 501, user terminal concern public number, awarding for authorization message is completed into public number according to prompting Power, and the authorization message is submitted into information verification mandate platform.
User terminal 33 can pay close attention to information in information verification mandate platform 32 by sweeping the modes such as Quick Response Code The public number that verification mandate gateway 321 is provided, user's manipulation user terminal 33 enters public number, according to user The prompt message shown in terminal 33, completes the mandate of authorization message, and user terminal 33 believes described authorize Breath submits to the information verification mandate gateway 321 in information verification mandate platform 32.
Described authorization message includes authorization data scope, authorization object ID and licensing term.
Step 502, information verification mandate platform obtain the mesh that user handles service platform by public number mode The authorization message and ID authorized during mark business.
The public number is provided by the information verification mandate gateway 321 in information verification mandate platform 32, is used Family is completed after authorization data scope, authorization object, the mandate of licensing term and confirmation according to prompting, and user is whole These authorization messages, and ID will be sent to the information in information verification mandate platform 32 by end 33 Information verification mandate gateway 321 in verification mandate gateway 321, such described information verification mandate platform 32 Just obtain user and handle the authorization message needed during target service and ID.
Subsequent step may be referred to step 403-409, no longer be described in detail again.
The embodiment of the present invention additionally provides a kind of authorization method of users personal data, the present embodiment method should With scene need enter short message-authorized flow, as shown in fig. 6, the handling process of the present embodiment method include with Lower step:
Step 601, user terminal receive the Information Authentication authorization requests that service platform is sent.
User handle target service such as provide a loan, credit card business when, service platform 31 be bank's platform will Ask user to enter row information verification mandate, Information Authentication authorization requests are sent to the user terminal 33 of user, it is described The various authorization data scopes and authorization object for handling the target service are carried in Information Authentication authorization requests ID。
Step 602, user terminal send to Short Message Service Gateway and carry awarding of being authorized when user handles target service Weigh information and the mandate short message of ID.
User terminal 33 is received after the Information Authentication authorization requests that the service platform 31 is sent, can basis The various authorization data scopes and authorization object ID that service platform 31 is provided determine that user handles the target industry Necessary authorization data scope of being engaged in and authorization object ID determine authorization message, then will carry determination and authorize Authorization message and the mandate short message sending of ID edit XX to Short Message Service Gateway 34, that is, and be sent to bank Official's short message number.
Step 603, Short Message Service Gateway are received after the mandate short message of user terminal transmission;To the user terminal Send license confirmation request.
Carried in the license confirmation request authorization message, i.e. authorization data scope, licensing term, The information such as authorization object.Example, the form that Short Message Service Gateway 34 is sent to the license confirmation request of user is short Believe, content can be:If user confirm in the licensing term by some in the range of data grant give The authorization object, then return to identifying code 445896.
Step 604, Short Message Service Gateway receive the license confirmation that the user terminal is returned, and obtain mandate contract letter Breath.
User terminal 33 is received after the short message of above-mentioned example, if user agrees to carry out described in said short message Mandate, then user input the identifying code 445896 and return to Short Message Service Gateway 34, Short Message Service Gateway 34 receives institute After the identifying code i.e. license confirmation for stating the return of user terminal 33, the authorization message and license confirmation that user is authorized Achieve to authorize contract information together.
Step 605, Short Message Service Gateway send the target industry that user handles service platform to information verification mandate platform The mandate contract information and ID authorized during business.
Short Message Service Gateway 34, which is obtained, to be authorized after contract information, is awarded during the target service that user can be handled to service platform The mandate contract information and ID of power are sent to the information verification mandate net in information verification mandate platform 32 The information verification mandate gateway 321 closed in 321, described information verification mandate platform 32 receives and stores short message The user that gateway 34 is sent handles the mandate contract information and ID authorized during the target service of service platform.
Subsequent step may be referred to step 405-409, no longer be described in detail again.
In the present embodiment method, whole flows are based on channel on line and carry out user's authorization identifying, compared to before Authentication mode improves business handling efficiency and feasibility under line, more conforms to current internet overall situation.By Independently selected by user in authorization message, by user according to target service it needs to be determined that going out authorization data model Enclose and authorization object, principle of minimum authorizing can be used from user perspective to protect user benefit, and ensure to use Family personal data information is minimized and used, and reduces the disclosure risk of individual privacy information.And key is generated, There is key querying flow, only authorization object could generate correct key, and then inquire about acquisition user and give Users personal data in the range of authorization data, the corresponding users personal data of key only has authorization object ability Enough use, solve the problem of using of going beyond one's commission;And key is one-to-one with authorization data scope, is authorized Object can only also obtain the data in the range of the corresponding authorization data of key, the corresponding authorization data scope of key Outer data can not be queried acquisition.
Embodiment 3
The embodiments of the invention provide a kind of information verification mandate platform, as shown in fig. 7, described information verification Platform is authorized to include:Acquiring unit 701, generation unit 702, memory cell 703, receiving unit 704, Query unit 705, data acquiring unit 706, transmitting element 707, wherein,
Acquiring unit 701, for obtaining the mandate contract information authorized when user handles target service and user ID;Wherein, it is described to authorize contract information to include the mandate of authorization message and user for the authorization message Confirm;The authorization message includes authorization data scope and authorization object ID;
Generation unit 702, for the authorization object ID and ID obtained according to the acquiring unit 701 Generate key;
Memory cell 703, for storing key and the authorization message that the generation unit 702 is generated Corresponding relation;
Receiving unit 704, the query key user profile inquiry that carries for receiving service platform transmission is asked Ask;
Query unit 705, pair for inquiring about the key stored in the memory cell 703 and authorization message It should be related to, obtain the authorization data in the corresponding authorization message of query key that the receiving unit 704 is received Scope;
Data acquiring unit 706, for obtaining the authorization data model that the query unit 705 is inquired Enclose interior users personal data;
Transmitting element 707, in the range of the authorization data that obtains the data acquiring unit 706 Users personal data be sent to the service platform.
Optionally, the acquiring unit 701, specifically for receiving use by wap page or public number mode The user that family terminal is sent handles the authorization message authorized during the target service of service platform and ID;Pass through Short Message Service Gateway sends license confirmation request to the user terminal, and the mandate for receiving the user terminal return is true Recognize, obtain and authorize contract information;The authorization message is carried in the license confirmation request;Or, connect Harvest the user that sends of Short Message Service Gateway handle the mandate contract information that is authorized during the target service of service platform and ID.
Optionally, also include in the authorization message:Licensing term;Then, the data acquiring unit 706, Specifically for what is inquired in the query unit 705, in the corresponding authorization message of the query key Licensing term in, obtain the users personal data in the range of authorization data in the corresponding authorization message.
Optionally, the transmitting element 707, is additionally operable to carry what the query unit 705 was inquired The cache request of authorization data scope in the corresponding authorization message is sent to data platform,
The data acquiring unit 706, described corresponding is awarded specifically for receive that the data platform returns Weigh the users personal data in the range of authorization data in information.
Optionally, the transmitting element 707, is additionally operable to handle mesh in the acquiring unit 701 acquisition user After the mandate contract information and ID that are authorized during mark business, sent to user terminal and authorize success notification letter Breath.
In actual applications, the acquiring unit 701 described in the present embodiment can be by Information Authentication mandate platform In information verification mandate gateway realize;Described generation unit 702, memory cell 703, receiving unit 704, query unit 705, data acquiring unit 706, transmitting element 707 can be put down by Information Authentication mandate KV data gateways in platform are realized.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter Calculation machine program product.Therefore, the present invention can using hardware embodiment, software implementation or combine software and The form of the embodiment of hardware aspect.Moreover, the present invention can be used wherein includes calculating one or more The computer-usable storage medium of machine usable program code (includes but is not limited to magnetic disk storage and optical storage Device etc.) on the form of computer program product implemented.
The present invention is with reference to method according to embodiments of the present invention, equipment (system) and computer program product Flow chart and/or block diagram describe.It should be understood that can be by computer program instructions implementation process figure and/or side Each flow and/or square frame in block diagram and flow and/or the knot of square frame in flow chart and/or block diagram Close.Can provide these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or The processor of other programmable data processing devices is to produce a machine so that by computer or other can The instruction of the computing device of programming data processing equipment is produced for realizing in one flow or multiple of flow chart The device for the function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices In the computer-readable memory worked in a specific way so that be stored in the computer-readable memory Instruction, which is produced, includes the manufacture of command device, and the command device is realized in one flow of flow chart or multiple streams The function of being specified in one square frame of journey and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made Obtain and series of operation steps performed on computer or other programmable devices to produce computer implemented processing, So as to which the instruction performed on computer or other programmable devices is provided for realizing in one flow of flow chart Or specified in one square frame of multiple flows and/or block diagram or multiple square frames function the step of.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the protection model of the present invention Enclose.

Claims (10)

1. a kind of authorization method of users personal data, it is characterised in that methods described includes:
Obtain user and handle the mandate contract information and ID authorized during target service;Wherein, it is described to authorize Contract information includes authorization message and user is directed to the license confirmation of the authorization message;The authorization message Including authorization data scope and authorization object ID;
According to the authorization object ID and ID generation key, the key and the authorization message are stored Corresponding relation;
Receive service platform transmission carries query key user profile inquiry request;
The corresponding relation of query key and authorization message, is obtained in the corresponding authorization message of the query key Authorization data scope;
The users personal data in the range of authorization data in the corresponding authorization message is obtained, by the correspondence Authorization message in users personal data in the range of authorization data be sent to the service platform.
2. according to the method described in claim 1, it is characterised in that the acquisition user handles service platform Target service when the mandate contract information and ID that authorize, including:
The user for receiving user terminal transmission by WAP wap page or public number mode handles clothes The authorization message and ID authorized during the target service of business platform;By Short Message Service Gateway to the user terminal License confirmation request is sent, the license confirmation that the user terminal is returned is received, obtains and authorizes contract information; The authorization message is carried in the license confirmation request;
Or, the user for receiving Short Message Service Gateway transmission handles the mandate conjunction authorized during the target service of service platform With information and ID.
3. according to the method described in claim 1, it is characterised in that also include in the authorization message:Award Weigh the time limit;The users personal data obtained in the corresponding authorization message in the range of authorization data, bag Include:
In licensing term in the corresponding authorization message of the query key, described corresponding award is obtained Weigh the users personal data in the range of authorization data in information.
4. according to the method described in claim 1, it is characterised in that described to obtain the corresponding mandate letter The users personal data in the range of authorization data in breath, including:
The cache request of the authorization data scope carried in the corresponding authorization message is sent into data to put down Platform, receives the user in the range of authorization data in the corresponding authorization message that the data platform is returned Personal data.
5. according to the method described in claim 1, it is characterised in that when acquisition user handles target service After the mandate contract information and ID of mandate, methods described also includes:
Sent to user terminal and authorize success notification information.
6. a kind of information verification mandate platform, it is characterised in that described information verification mandate platform includes:
Acquiring unit, the mandate contract information and ID authorized for obtaining when user handles target service; Wherein, it is described to authorize contract information to include the license confirmation of authorization message and user for the authorization message; The authorization message includes authorization data scope and authorization object ID;
Generation unit, authorization object ID and ID for being obtained according to the acquiring unit generate key;
Memory cell, the key for storing the Key generating unit generation is corresponding with the authorization message Relation;
Receiving unit, for receive service platform transmission carry query key user profile inquiry request;
Query unit, the corresponding relation for inquiring about the key stored in the memory cell and authorization message, Obtain the authorization data scope in the corresponding authorization message of query key that the receiving unit is received;
Data acquiring unit, for obtaining the use in the range of the authorization data that the query unit is inquired Family personal data;
Transmitting element, for the user in the range of the authorization data that obtains the data acquiring unit Personal data is sent to the service platform.
7. information verification mandate platform according to claim 6, it is characterised in that
The acquiring unit, specifically for receiving use by WAP wap page or public number mode The user that family terminal is sent handles the authorization message authorized during the target service of service platform and ID;Pass through Short Message Service Gateway sends license confirmation request to the user terminal, and the mandate for receiving the user terminal return is true Recognize, obtain and authorize contract information;The authorization message is carried in the license confirmation request;Or, connect Harvest the user that sends of Short Message Service Gateway handle the mandate contract information that is authorized during the target service of service platform and ID.
8. information verification mandate platform according to claim 6, it is characterised in that the authorization message In also include:Licensing term;Then,
The data acquiring unit, specifically for what is inquired in the query unit, the query key pair In licensing term in the authorization message answered, authorization data scope in the corresponding authorization message is obtained Interior users personal data.
9. information verification mandate platform according to claim 6, it is characterised in that
The transmitting element, is additionally operable to that the corresponding mandate letter that the query unit is inquired will be carried The cache request of authorization data scope in breath is sent to data platform,
The data acquiring unit, corresponding authorize returned specifically for receiving the data platform is believed Users personal data in breath in the range of authorization data.
10. information verification mandate platform according to claim 6, it is characterised in that
The transmitting element, be additionally operable to the acquiring unit obtain user handle target service when authorize award Weigh after contract information and ID, sent to user terminal and authorize success notification information.
CN201610067525.6A 2016-01-29 2016-01-29 The authorization method and information verification mandate platform of a kind of users personal data Pending CN107026819A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610067525.6A CN107026819A (en) 2016-01-29 2016-01-29 The authorization method and information verification mandate platform of a kind of users personal data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610067525.6A CN107026819A (en) 2016-01-29 2016-01-29 The authorization method and information verification mandate platform of a kind of users personal data

Publications (1)

Publication Number Publication Date
CN107026819A true CN107026819A (en) 2017-08-08

Family

ID=59524692

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610067525.6A Pending CN107026819A (en) 2016-01-29 2016-01-29 The authorization method and information verification mandate platform of a kind of users personal data

Country Status (1)

Country Link
CN (1) CN107026819A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650238A (en) * 2018-04-17 2018-10-12 新大陆(福建)公共服务有限公司 A kind of method and system accepting business based on interconnection network personal identification authorization
CN110956470A (en) * 2018-09-26 2020-04-03 百度在线网络技术(北京)有限公司 Block chain-based personal experience information processing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664933A (en) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 User authorization method, application terminal, open platform and system
CN102710640A (en) * 2012-05-31 2012-10-03 中国联合网络通信集团有限公司 Authorization requesting method, device and system
CN102821104A (en) * 2012-08-09 2012-12-12 腾讯科技(深圳)有限公司 Authorization method, authorization device and authorization system
CN104253784A (en) * 2013-06-25 2014-12-31 腾讯科技(深圳)有限公司 Logging and authorization method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102664933A (en) * 2012-04-06 2012-09-12 中国联合网络通信集团有限公司 User authorization method, application terminal, open platform and system
CN102710640A (en) * 2012-05-31 2012-10-03 中国联合网络通信集团有限公司 Authorization requesting method, device and system
CN102821104A (en) * 2012-08-09 2012-12-12 腾讯科技(深圳)有限公司 Authorization method, authorization device and authorization system
CN104253784A (en) * 2013-06-25 2014-12-31 腾讯科技(深圳)有限公司 Logging and authorization method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108650238A (en) * 2018-04-17 2018-10-12 新大陆(福建)公共服务有限公司 A kind of method and system accepting business based on interconnection network personal identification authorization
CN110956470A (en) * 2018-09-26 2020-04-03 百度在线网络技术(北京)有限公司 Block chain-based personal experience information processing method and device

Similar Documents

Publication Publication Date Title
US11363015B2 (en) Provisioning transferable access tokens
US20220020001A1 (en) Decisional Architectures in Blockchain Environments
CN109447811B (en) Method, accounting node and medium for inquiring transaction information in blockchain network
CN110471951B (en) Method, accounting node and medium for determining order of transaction information in data block
CN109034437A (en) A kind of library system based on cloud terminal
JP2023065536A (en) Block chain-implemented method and system
CN100566248C (en) Digital signature guarantees system, method and apparatus
CN109844783A (en) The database that the ledger of immutable cryptoguard is supported
CN1829227B (en) Integrating multiple identities, identity mechanisms and identity providers in a single user paradigm
CN108369700A (en) Mobile-payment system
US20110270751A1 (en) Electronic commerce system and system and method for establishing a trusted session
US10043165B2 (en) Cloud service integration pay trading system
US20140372315A1 (en) Method and system for managing data and enabling payment transactions between multiple entities
US20110055547A1 (en) Personal information management and delivery mechanism
CN105099673A (en) Authorization method, authorization requesting method and devices
CN104361490B (en) A kind of method of payment and system of sensitive information markization
CN108712488A (en) A kind of data processing method based on block chain, device, block catenary system
CN101977184B (en) Multi-identity selection landing device and service system
CN110210207A (en) Authorization method and equipment
CN107256484A (en) Mobile payment sublicense method and the payment system realized using this method
US20150058202A1 (en) System and method for tracking and controlling ownership of digital works and rewarding authors, artists and/or their representatives over time
CN110599342A (en) Block chain-based identity information authorization method and device
KR100733475B1 (en) Electorn tax bill issue system used a mobile and the processing method thereof
CN104301293A (en) Data processing method, device and system
KR101204703B1 (en) Method for trading medical information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170808

RJ01 Rejection of invention patent application after publication