CN107026819A - The authorization method and information verification mandate platform of a kind of users personal data - Google Patents
The authorization method and information verification mandate platform of a kind of users personal data Download PDFInfo
- Publication number
- CN107026819A CN107026819A CN201610067525.6A CN201610067525A CN107026819A CN 107026819 A CN107026819 A CN 107026819A CN 201610067525 A CN201610067525 A CN 201610067525A CN 107026819 A CN107026819 A CN 107026819A
- Authority
- CN
- China
- Prior art keywords
- authorization
- data
- user
- platform
- mandate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of authorization method of users personal data, methods described includes:Obtain user and handle the mandate contract information and ID authorized during target service;Wherein, it is described to authorize contract information to include the license confirmation of authorization message and user for the authorization message;The authorization message includes authorization data scope and authorization object ID;According to the authorization object ID and ID generation key, the key and the corresponding relation of the authorization message are stored;Receive service platform transmission carries query key user profile inquiry request;The corresponding relation of query key and authorization message, obtains the authorization data scope in the corresponding authorization message of the query key;The users personal data in the range of authorization data in the corresponding authorization message is obtained, the users personal data in the corresponding authorization message in the range of authorization data is sent to the service platform.The embodiment of the invention also discloses a kind of information verification mandate platform.
Description
Technical field
The present invention relates to the authorization method and information of data security arts, more particularly to a kind of users personal data
Verification mandate platform.
Background technology
In the environment of current mobile Internet, it is frequent all the more to be related to the situation that users personal data uses, but
It is in use, there are a large amount of phenomenons for not conforming to regulation, one kind is authorized arbitrarily using use without user
Family personal data, although another is that user authorizes, the scope of authority is not consistent with Shi Jishiyong scope,
Used in the presence of going beyond one's commission.Existing solution can be by authorizing, such as directly displaying out on line on line
Whether terms of service illustrate, allow user to directly select and receive;It can also be by papery protocol mode under line,
For example going to bank to handle loan needs to sign the power of attorney.These existing technical schemes can be to a certain extent
Problem is licensed in solution.
But, papery protocol requirement signing place for user, need to arrive the site scene of enterprise, extremely
Inconvenience, and subsequent protocol takes care of and retrieval also has higher requirements, cost is high.And electronics is assisted on common line
View is typically the electronic protocol that user is showed when various application programs are installed, and user must click on Agreement Protocol
Clause could continue, and agreement is all changeless, it is impossible to flexible personalized customization, and the scope of authority is often
, there is despot in one maximum scope, it is impossible to use principle of minimum authorizing to protect user benefit from user perspective
King's clause problem.
The content of the invention
In view of this, the embodiment of the present invention expects that the authorization method and information that provide a kind of users personal data are tested
It is true to authorize platform, it is convenient and swift and authorization data scope is flexibly controllable.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of authorization method of users personal data, methods described includes:
Obtain user and handle the mandate contract information and ID authorized during target service;Wherein, it is described to authorize
Contract information includes authorization message and user is directed to the license confirmation of the authorization message;The authorization message
Including authorization data scope and authorization object ID;
According to the authorization object ID and ID generation key, the key and the authorization message are stored
Corresponding relation;
Receive service platform transmission carries query key user profile inquiry request;
The corresponding relation of query key and authorization message, is obtained in the corresponding authorization message of the query key
Authorization data scope;
The users personal data in the range of authorization data in the corresponding authorization message is obtained, by the correspondence
Authorization message in users personal data in the range of authorization data be sent to the service platform.
In such scheme, the acquisition user handles the mandate contract letter authorized during the target service of service platform
Breath and ID, including:
The user for receiving user terminal transmission by wap page or public number mode handles the target of service platform
The authorization message and ID authorized during business;License confirmation is sent to the user terminal by Short Message Service Gateway
Request, receives the license confirmation that the user terminal is returned, and obtains and authorizes contract information;The license confirmation
The authorization message is carried in request;
Or, the user for receiving Short Message Service Gateway transmission handles the mandate conjunction authorized during the target service of service platform
With information and ID.
In such scheme, also include in the authorization message:Licensing term;It is described to obtain described corresponding award
The users personal data in the range of authorization data in information is weighed, including:
In licensing term in the corresponding authorization message of the query key, described corresponding award is obtained
Weigh the users personal data in the range of authorization data in information.
In such scheme, the user in the range of the authorization data obtained in the corresponding authorization message
Personal data, including:
The cache request of the authorization data scope carried in the corresponding authorization message is sent into data to put down
Platform, receives the user in the range of authorization data in the corresponding authorization message that the data platform is returned
Personal data.
In such scheme, obtain when user handles target service the mandate contract information that authorizes and ID it
Afterwards, methods described also includes:
Sent to user terminal and authorize success notification information.
A kind of information verification mandate platform, described information verification mandate platform includes:
Acquiring unit, the mandate contract information and ID authorized for obtaining when user handles target service;
Wherein, it is described to authorize contract information to include the license confirmation of authorization message and user for the authorization message;
The authorization message includes authorization data scope and authorization object ID;
Generation unit, authorization object ID and ID for being obtained according to the acquiring unit generate key;
Memory cell, the key for storing the Key generating unit generation is corresponding with the authorization message
Relation;
Receiving unit, for receive service platform transmission carry query key user profile inquiry request;
Query unit, the corresponding relation for inquiring about the key stored in the memory cell and authorization message,
Obtain the authorization data scope in the corresponding authorization message of query key that the receiving unit is received;
Data acquiring unit, for obtaining the use in the range of the authorization data that the query unit is inquired
Family personal data;
Transmitting element, for the user in the range of the authorization data that obtains the data acquiring unit
Personal data is sent to the service platform.
In such scheme, the acquiring unit, specifically for receiving use by wap page or public number mode
The user that family terminal is sent handles the authorization message authorized during the target service of service platform and ID;Pass through
Short Message Service Gateway sends license confirmation request to the user terminal, and the mandate for receiving the user terminal return is true
Recognize, obtain and authorize contract information;The authorization message is carried in the license confirmation request;Or, connect
Harvest the user that sends of Short Message Service Gateway handle the mandate contract information that is authorized during the target service of service platform and
ID.
In such scheme, also include in the authorization message:Licensing term;Then,
The data acquiring unit, specifically for what is inquired in the query unit, the query key pair
In licensing term in the authorization message answered, authorization data scope in the corresponding authorization message is obtained
Interior users personal data.
In such scheme, the transmitting element is additionally operable to carry described in the query unit inquires
The cache request of authorization data scope in corresponding authorization message is sent to data platform,
The data acquiring unit, corresponding authorize returned specifically for receiving the data platform is believed
Users personal data in breath in the range of authorization data.
In such scheme, the transmitting element is additionally operable to handle target industry in acquiring unit acquisition user
After the mandate contract information and ID that are authorized during business, sent to user terminal and authorize success notification information.
The embodiments of the invention provide a kind of authorization method of users personal data and information verification mandate platform,
This method flow is to carry out authentication mode under user's authorization identifying, the line compared to before based on channel on line to improve
Business handling efficiency and feasibility, more conform to current internet overall situation.Due to authorization message be by with
What family was independently selected, by user according to target service it needs to be determined that going out authorization data scope and authorization object, in fact
Show flexible personalized customization, principle of minimum authorizing can be used from user perspective to protect user benefit, and
Ensure that users personal data information is minimized to use, reduce the disclosure risk of individual privacy information.And it is raw
Into key, there is key querying flow, only authorization object could generate correct key, and then inquire about acquisition
User gives the users personal data in the range of authorization data, and the corresponding users personal data of key only has mandate
Object can be used, and solve the problem of using of going beyond one's commission;And key is to correspond with authorization data scope
, authorization object can only also obtain the data in the range of the corresponding authorization data of key, and key is corresponding to be authorized
Data outside data area can not be queried acquisition.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the authorization method for users personal data that the embodiment of the present invention 1 is provided;
Fig. 2 is that a kind of various scenes of the authorization method for users personal data that the embodiment of the present invention 2 is provided are shown
It is intended to;
Fig. 3 is a kind of system tray for authorization method for realizing users personal data that the embodiment of the present invention 2 is provided
Structure;
Fig. 4 is that a kind of wap flows of the authorization method for users personal data that the embodiment of the present invention 2 is provided are shown
It is intended to;
Fig. 5 is a kind of public number flow of the authorization method for users personal data that the embodiment of the present invention 2 is provided
Schematic diagram;
Fig. 6 is that a kind of short message flow of the authorization method for users personal data that the embodiment of the present invention 2 is provided is shown
It is intended to;
Fig. 7 is a kind of structured flowchart of information verification platform provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear
Chu, it is fully described by.
Embodiment 1
The embodiments of the invention provide a kind of authorization method of users personal data, as shown in figure 1, this implementation
The handling process of example method comprises the following steps:
Step 101, acquisition user handle the mandate contract information and ID authorized during target service.
In the present embodiment method, authority checking flow when user handles target service is all based on channel on line
Carry out, information verification mandate platform can provide user to the user terminal of user and handle respective objects business
When the link of corresponding wap (Wireless Application Protocol, WAP) or wechat it is public
Many numbers etc., user can pass through the wap page or wechat when handling the target service of the service platform
Public number etc. fills in the authorization message needed when handling target service i.e. authorization data scope and authorization object ID
These authorization messages are carried by the mode such as wap page or wechat public number Deng, user operation user terminal
When being sent to described information verification mandate platform, ID is carried in the information of submission, the ID is used
The user of the target service is handled in mark, so, described information verification mandate platform is obtained with user
Handle the authorization message authorized during the target service and ID.
Certainly, described information verification mandate platform also need to obtain user for the authorization message mandate it is true
Recognize, and license confirmation is achieved to the legal basis authorized as user together with authorization message, it is ensured that the mandate
Information is legally authorized by user.
Above-mentioned authorization message is all independently filled in by user, and flexibly controllable, user can be according to target service
The need for determine authorization data scope, it can be ensured that the minimum of users personal data is used, and is reduced
The disclosure risk of people's privacy information.
Step 102, key generated according to the authorization object ID and ID, store the key and institute
State the corresponding relation of authorization message.
Described information verification mandate platform obtains user and handles the mandate conjunction authorized during the target service of service platform
After information and ID, it is possible to which the default algorithmic rule of application is according to authorization object ID and ID
Key is generated, and stores the corresponding relation of the key and the authorization message.
What step 103, reception service platform were sent carries query key user profile inquiry request.
The target of the service platform is all pre-set in the service platform and described information verification mandate platform
The corresponding same algorithmic rule of business, so, the service platform for providing the user target service is done to user
, it is necessary to first using default same algorithmic rule is according to service object ID and handles this when managing the target service
The ID of the user of target service generates a query key, and will carry query key user profile and look into
Ask request and be sent to information verification mandate platform, to inquire about the individual subscriber needed for the target service is handled in acquisition
Data.
If herein it should be noted that the authorization object ID used in information verification mandate platform is service
Platform ID, then default service object ID is also service platform ID during service platform generation query key, if
The authorization object ID used in information verification mandate platform is service platform ID and target service ID, then services
Default service object ID is also service platform ID+ target services ID when platform generates query key;Believe
All pre-set in breath verification mandate platform and service platform and same algorithmic rule is applied when handling target service
Key is generated with identical ID types.
Step 104, the inquiry key and the corresponding relation of the authorization message, obtain the query key
Authorization data scope in corresponding authorization message.
Described information verification mandate platform possesses data buffer storage function, can cache the key and authorization message
Corresponding relation, so when receive service platform transmission query key after, the mandate of described information verification put down
Platform just can directly inquire about the various keys of its caching and the corresponding relation of authorization message, obtain the inquiry close
The corresponding authorization message of key, and then obtain the authorization data scope in the corresponding authorization message of the query key.
Users personal data in step 105, the acquisition corresponding authorization message in the range of authorization data,
Users personal data in the corresponding authorization message in the range of authorization data is sent to the service platform.
Optionally, described information verification mandate platform possesses data buffer storage function, can cache certain customers'
A small amount of users personal data, if being cached with the corresponding authorization message in described information verification mandate platform
Users personal data in the range of middle authorization data, then described information verification mandate platform, which can be inquired about directly, obtains
Users personal data in the corresponding authorization message in the range of authorization data, and by the query key
The users personal data in the range of authorization data in corresponding authorization message is sent to the service platform.Institute
State service platform to obtain after corresponding users personal data, be considered as user's Authorization Service Platform using the user
Personal data handle this target service to user.Service platform just can handle the target industry for user accordingly
Business.
Because the key that information verification mandate platform is generated is generated according to authorization object ID, key and mandate
Information is one-to-one, therefore the query key that only authorization object is generated according to authorization object ID could be inquired about
The corresponding authorization message of the key is obtained, this ensures that the user in the range of the authorization data in the authorization message
Personal data can only be exported to specific authorization object, and unauthorized object can not obtain these users personal datas,
Prevent users personal data is gone beyond one's commission from using;And the authorization data scope in authorization message is independently selected by user
Select or fill in, user can need to be estimated according to target service, and decision-making goes out to handle awarding for the target service
Which users personal data is power data area need when being and determining and handle the target service, it can be ensured that authorize
Users personal data minimum, reduce the disclosure risk of individual subscriber privacy information.Key and mandate
Information is one-to-one, and authorization object can only also obtain the authorization data in the corresponding authorization message of the key
In the range of users personal data, anyone can not obtain any user inside and outside the authorization data scope
Personal data.
Embodiment 2
Authority checking flow during user's transacting business is all to be carried out using user terminal based on channel on line,
Authentication mode improves business handling efficiency and feasibility under line compared to before, more conforms to current internet
Overall situation;Its specific usage scenario is as shown in Fig. 2 by taking bank as an example, the way of contact of user and bank
To remove bank counter and not removing bank counter, when user actively removes bank counter application user terminal transacting business,
For the user terminal that can not be surfed the Net, short message-authorized flow is directly entered, for the user terminal that can be surfed the Net,
Quick Response Code can be swept into wap pages of contract authorization flow or public number authorization flow;User does not remove bank counter
When, bank actively can issue the short message whether inquiry user handles target service to the user terminal of user,
There are wap links and the reply of pure short message mode to illustrate in short message, for the user terminal that can not be surfed the Net, directly
Answer short message enters short message-authorized flow, for the user terminal that can be surfed the Net, can click on wap and be linked into
Wap pages of contract authorization flow.
As shown in figure 3, the system architecture to realize the present embodiment method, the system includes:Service platform 31
Information verification mandate platform 32, user terminal 33, Short Message Service Gateway 34 and data platform 35;Wherein, it is described
Information verification mandate platform 32 includes information verification mandate gateway 321 and KV (Key Value, key assignments) numbers
According to interactive gateway 322.
Present embodiments provide a kind of authorization method of users personal data, the application scenarios of the present embodiment method
Need to enter wap authorization flows, as shown in figure 4, the handling process of the present embodiment method comprises the following steps:
Step 401, user terminal obtain wap links, show that the wap links corresponding wap contracts page
Face, obtains the authorization message that user authorizes, and the authorization message is submitted into information verification mandate platform.
System architecture with reference to shown in Fig. 3, user terminal 33 obtains wap chains and is connected to two kinds of situations, a kind of
When situation is that user handles target service using the initiative of user terminal 33, user terminal 33 can pass through
Sweep the modes such as Quick Response Code or internet searching and obtain wap links.
Another situation is whether bank active inquiry user needs to handle target service, such as handle loan,
The business such as credit card, now bank can to user user terminal 33 send short message be inquired;Service platform
31 i.e. bank's platform can give the transmission business handling of Short Message Service Gateway 34 with bank's target service official short message number
Short message request is inquired, it is described herein it should be noted that official's short message number is provided by Short Message Service Gateway 34
Business handling inquiry short message asks to be used to ask Short Message Service Gateway 34 to handle inquiry to the issuing service of user terminal 33
Ask short message.Short Message Service Gateway 34 be connected to official's short message number business handling inquiry short message request after, will to
Family terminal 33 issues business handling inquiry short message corresponding with bank's target service, the business handling inquiry
Linked in short message comprising wap, can also be included in certainly described business handling inquiry short message and authorize reason such as to do
The brief informations such as title, the authorization object of the target service of reason.Example, short message content can be XX silver
Row credit card business is handled, wap links.
User terminal 33 is obtained after wap links, if to handle corresponding target service, user can point
The wap links hit on user terminal 33, user terminal 33 shows that the wap links corresponding wap contracts
Electronic contract is presented to user, the wap contracts page by page, wap contracts page by the form of wap webpages
Authorization data scope option, the authorization object for requiring to authorize when the bank handles the target service are shown on face
Option, or also licensing term option etc., can be according to mesh when user needs to handle this target service
Mark business needs to assess and decision-making goes out authorization data scope, it is ensured that the minimum of users personal data is used, together
When, user also needs to determine authorization object, or can also set licensing term, is then filled out signature,
Signature typically all fills in name and cell-phone number, after the completion of user fills in, and the user terminal 33 can just be obtained
The authorization message that user authorizes is obtained, authorization message described here includes authorization data scope, authorization object ID
And licensing term;Then, the user terminal 33 can just be put forward the authorization message by wap webpages
Give the information verification mandate gateway 321 in information verification mandate platform 32.
Step 402, information verification mandate platform obtain the target that user handles service platform by wap page
The authorization message and ID authorized during business.
It is by the information verification in information verification mandate platform 32 that the wap, which links the corresponding wap contracts page,
Authorize what gateway 321 was provided, user has filled in authorization data scope, authorization object, licensing term and confirmed
Afterwards, these authorization messages that user terminal 33 will fill in user, and ID are sent to information and tested
In the true information verification mandate gateway 321 authorized in platform 32, such described information verification mandate platform 32
Information verification mandate gateway 321 just obtain user handle the authorization message needed during target service and ID.
Step 403, information verification mandate platform send license confirmation to user terminal by Short Message Service Gateway and asked.
Information verification mandate gateway 321 in information verification mandate platform 32 obtains user and handles service platform
After the authorization message and ID that are authorized during target service, first license confirmation will be sent to Short Message Service Gateway 34
Short message is asked, and carries the authorization message in the license confirmation short message request, Short Message Service Gateway 34 is received
After license confirmation short message request, license confirmation request will be sent to the user terminal 33, it is described to authorize
The authorization message, i.e. authorization data scope, licensing term, authorization object etc. is carried in confirmation request to believe
Breath.
Example, the form that Short Message Service Gateway 34 is sent to the license confirmation request of user terminal 33 is short message,
Content can be:If user confirms in the licensing term data grant in the range of by some to described
Authorization object, then return to identifying code 445896.
Step 404, information verification mandate platform receive the license confirmation that the user terminal is returned, and acquisition is awarded
Weigh contract information.
User terminal 33 is received after said short message, if user agrees to carry out the mandate described in said short message,
Then user inputs the identifying code 445896 on wap contracts page and clicks on confirmation, the user terminal
33 will submit to the identifying code information verification mandate gateway 321 in information verification mandate platform 32,
Information verification mandate gateway 321 in described information verification mandate platform 32 receives the user terminal 33 and returned
After the identifying code returned is license confirmation, the authorization message and license confirmation that user is authorized achieve to authorize together
Contract information, the legal basis authorized as user, it is ensured that the authorization message is legally authorized by user.
Step 405, information verification mandate platform send to user terminal and authorize success notification information.
Information verification mandate gateway 321 in described information verification mandate platform 32, which is obtained, to be authorized after contract information,
It can be sent to user terminal 33 and authorize success notification information, optionally, in information verification mandate platform 32
Information verification mandate gateway 321 can ask Short Message Service Gateway 34 to issue mandate success notification to user terminal 33
Information, Short Message Service Gateway 34, which is received, issues mandate success notification information to user terminal 33 after the request, with
Achieved for user terminal 33.Short Message Service Gateway 34 believes the mandate success notification for being handed down to user terminal 33 simultaneously
Breath is synchronized to the information verification mandate gateway 321 in information verification mandate platform 32, informs that the mandate is successfully led to
Know that information has been notified to user terminal 33, the information verification mandate gateway 321 in information verification mandate platform 32
Achieved, be used as legal basis.
Said process is user's authorization flow, in above-mentioned flow, and user is in core leading position all the time,
Key node, which is had to pass through after user knows and authorized, could perform subsequent operation, and correlated process has and possesses method
The file record of effect is restrained, users personal data belongs to legal and is supplied to authorization object to use.
Step 406, information verification mandate platform generate key according to the authorization object ID and ID,
Store the corresponding relation of the key and the authorization message.
In the present embodiment method, in described information verification mandate platform 32 and service platform 31 i.e. bank's platform
The ID types of the default authorization object and service object are service platform ID and traffic ID, same algorithm
Rule can be blending algorithm.
Therefore the information verification mandate gateway 321 in information verification mandate platform 32 is after step 403, information
Information verification mandate gateway 321 in verification mandate platform 32 can be by the mandate contract information of acquisition and user
ID is sent to the KV data interactions gateway 322 in information verification mandate platform 32, such information verification mandate
KV data interactions gateway 322 in platform 32 just can be using blending algorithm according to bank's platform ID+
Target service ID+ IDs generation key (Key), stores key pass corresponding with the authorization message
System.The authorization message includes licensing term, and described information verification mandate platform can be only in the mandate phase
Limit key described in memory storage and the corresponding relation of the authorization message.
What step 407, reception service platform were sent carries query key user profile inquiry request.
User when for example bank handles target service to financial industry, service platform 31 be bank platform need to
Acquisition ID is identified in the identity at family, and then the authorization message that user authorizes is inquired about, to confirm
Whether target service is carried out to user to handle.At this time, it may be necessary to which first the default blending algorithm of application is flat according to service
Platform ID+ target service ID+ IDs generate a query key, and will carry query key user profile
Inquiry request is sent to the KV data interactions gateway 322 in information verification mandate platform 32, if inquiry is obtained
The users personal data needed for the target service must be handled, then shows the user authorized bank using the user
Personal data handles target service data, confirms that carrying out target service to user is handled, and this is handled if not inquiring
Users personal data needed for target service, then show user's unauthorized Bank application users personal data
Target service data are handled, bank can not go beyond one's commission handles target service using the users personal data.
The corresponding relation of step 408, information verification mandate platform query key and authorization message, obtains described
Authorization data scope in the corresponding authorization message of query key.
KV data interactions gateway 322 in described information verification mandate platform 32, which receives to carry, inquires about close
After key user profile inquiry request, the corresponding relation of meeting query key and authorization message, if the user is in institute
State the KV data interactions gateway 322 in information verification mandate platform 32 and authorize the service platform 31 and handle
Required authorization data scope during target service, then the KV data friendship in described information verification mandate platform 32
Mutual gateway 322 can just find the corresponding authorization message of the query key, and then it is close to obtain the inquiry
Authorization data scope in the corresponding authorization message of key.
Step 409, information verification mandate platform are obtained in the corresponding authorization message in the range of authorization data
Users personal data, users personal data in the range of authorization data in the corresponding authorization message is sent out
Give the service platform.
Herein it should be noted that also including in the authorization message:Licensing term;Therefore described information is tested
The true KV data interactions gateway 322 authorized in platform 32 is only in the corresponding mandate of the query key
In licensing term in information, it could inquire about in the acquisition corresponding authorization message in the range of authorization data
Users personal data.
Because number of users is a lot, user data magnanimity, therefore can be user data in the present embodiment method
It is stored in data platform, the KV data interactions gateway 322 in described information verification mandate platform 32
Obtain after the authorization data scope in the corresponding authorization message of the query key, in query key correspondence
The authorization message in licensing term in, the KV data interactions in described information verification mandate platform 32
The cache request of the authorization data scope carried in the corresponding authorization message is sent to number by gateway 322
According to platform 35, data platform 35, will be by the corresponding authorization message after the cache request is received
The KV data that users personal data in the range of middle authorization data is returned in information verification mandate platform 32 are handed over
KV data interactions gateway 322 in mutual gateway 322, described information verification mandate platform 32 receives described right
Users personal data in the authorization message answered in the range of authorization data, and by the corresponding authorization message
Users personal data in the range of authorization data is sent to the service platform 31.
The embodiment of the present invention additionally provides a kind of authorization method of users personal data, the present embodiment method should
Needed to enter public number authorization flow with scene, as shown in figure 5, the handling process of the present embodiment method includes
Following steps:
Step 501, user terminal concern public number, awarding for authorization message is completed into public number according to prompting
Power, and the authorization message is submitted into information verification mandate platform.
User terminal 33 can pay close attention to information in information verification mandate platform 32 by sweeping the modes such as Quick Response Code
The public number that verification mandate gateway 321 is provided, user's manipulation user terminal 33 enters public number, according to user
The prompt message shown in terminal 33, completes the mandate of authorization message, and user terminal 33 believes described authorize
Breath submits to the information verification mandate gateway 321 in information verification mandate platform 32.
Described authorization message includes authorization data scope, authorization object ID and licensing term.
Step 502, information verification mandate platform obtain the mesh that user handles service platform by public number mode
The authorization message and ID authorized during mark business.
The public number is provided by the information verification mandate gateway 321 in information verification mandate platform 32, is used
Family is completed after authorization data scope, authorization object, the mandate of licensing term and confirmation according to prompting, and user is whole
These authorization messages, and ID will be sent to the information in information verification mandate platform 32 by end 33
Information verification mandate gateway 321 in verification mandate gateway 321, such described information verification mandate platform 32
Just obtain user and handle the authorization message needed during target service and ID.
Subsequent step may be referred to step 403-409, no longer be described in detail again.
The embodiment of the present invention additionally provides a kind of authorization method of users personal data, the present embodiment method should
With scene need enter short message-authorized flow, as shown in fig. 6, the handling process of the present embodiment method include with
Lower step:
Step 601, user terminal receive the Information Authentication authorization requests that service platform is sent.
User handle target service such as provide a loan, credit card business when, service platform 31 be bank's platform will
Ask user to enter row information verification mandate, Information Authentication authorization requests are sent to the user terminal 33 of user, it is described
The various authorization data scopes and authorization object for handling the target service are carried in Information Authentication authorization requests
ID。
Step 602, user terminal send to Short Message Service Gateway and carry awarding of being authorized when user handles target service
Weigh information and the mandate short message of ID.
User terminal 33 is received after the Information Authentication authorization requests that the service platform 31 is sent, can basis
The various authorization data scopes and authorization object ID that service platform 31 is provided determine that user handles the target industry
Necessary authorization data scope of being engaged in and authorization object ID determine authorization message, then will carry determination and authorize
Authorization message and the mandate short message sending of ID edit XX to Short Message Service Gateway 34, that is, and be sent to bank
Official's short message number.
Step 603, Short Message Service Gateway are received after the mandate short message of user terminal transmission;To the user terminal
Send license confirmation request.
Carried in the license confirmation request authorization message, i.e. authorization data scope, licensing term,
The information such as authorization object.Example, the form that Short Message Service Gateway 34 is sent to the license confirmation request of user is short
Believe, content can be:If user confirm in the licensing term by some in the range of data grant give
The authorization object, then return to identifying code 445896.
Step 604, Short Message Service Gateway receive the license confirmation that the user terminal is returned, and obtain mandate contract letter
Breath.
User terminal 33 is received after the short message of above-mentioned example, if user agrees to carry out described in said short message
Mandate, then user input the identifying code 445896 and return to Short Message Service Gateway 34, Short Message Service Gateway 34 receives institute
After the identifying code i.e. license confirmation for stating the return of user terminal 33, the authorization message and license confirmation that user is authorized
Achieve to authorize contract information together.
Step 605, Short Message Service Gateway send the target industry that user handles service platform to information verification mandate platform
The mandate contract information and ID authorized during business.
Short Message Service Gateway 34, which is obtained, to be authorized after contract information, is awarded during the target service that user can be handled to service platform
The mandate contract information and ID of power are sent to the information verification mandate net in information verification mandate platform 32
The information verification mandate gateway 321 closed in 321, described information verification mandate platform 32 receives and stores short message
The user that gateway 34 is sent handles the mandate contract information and ID authorized during the target service of service platform.
Subsequent step may be referred to step 405-409, no longer be described in detail again.
In the present embodiment method, whole flows are based on channel on line and carry out user's authorization identifying, compared to before
Authentication mode improves business handling efficiency and feasibility under line, more conforms to current internet overall situation.By
Independently selected by user in authorization message, by user according to target service it needs to be determined that going out authorization data model
Enclose and authorization object, principle of minimum authorizing can be used from user perspective to protect user benefit, and ensure to use
Family personal data information is minimized and used, and reduces the disclosure risk of individual privacy information.And key is generated,
There is key querying flow, only authorization object could generate correct key, and then inquire about acquisition user and give
Users personal data in the range of authorization data, the corresponding users personal data of key only has authorization object ability
Enough use, solve the problem of using of going beyond one's commission;And key is one-to-one with authorization data scope, is authorized
Object can only also obtain the data in the range of the corresponding authorization data of key, the corresponding authorization data scope of key
Outer data can not be queried acquisition.
Embodiment 3
The embodiments of the invention provide a kind of information verification mandate platform, as shown in fig. 7, described information verification
Platform is authorized to include:Acquiring unit 701, generation unit 702, memory cell 703, receiving unit 704,
Query unit 705, data acquiring unit 706, transmitting element 707, wherein,
Acquiring unit 701, for obtaining the mandate contract information authorized when user handles target service and user
ID;Wherein, it is described to authorize contract information to include the mandate of authorization message and user for the authorization message
Confirm;The authorization message includes authorization data scope and authorization object ID;
Generation unit 702, for the authorization object ID and ID obtained according to the acquiring unit 701
Generate key;
Memory cell 703, for storing key and the authorization message that the generation unit 702 is generated
Corresponding relation;
Receiving unit 704, the query key user profile inquiry that carries for receiving service platform transmission is asked
Ask;
Query unit 705, pair for inquiring about the key stored in the memory cell 703 and authorization message
It should be related to, obtain the authorization data in the corresponding authorization message of query key that the receiving unit 704 is received
Scope;
Data acquiring unit 706, for obtaining the authorization data model that the query unit 705 is inquired
Enclose interior users personal data;
Transmitting element 707, in the range of the authorization data that obtains the data acquiring unit 706
Users personal data be sent to the service platform.
Optionally, the acquiring unit 701, specifically for receiving use by wap page or public number mode
The user that family terminal is sent handles the authorization message authorized during the target service of service platform and ID;Pass through
Short Message Service Gateway sends license confirmation request to the user terminal, and the mandate for receiving the user terminal return is true
Recognize, obtain and authorize contract information;The authorization message is carried in the license confirmation request;Or, connect
Harvest the user that sends of Short Message Service Gateway handle the mandate contract information that is authorized during the target service of service platform and
ID.
Optionally, also include in the authorization message:Licensing term;Then, the data acquiring unit 706,
Specifically for what is inquired in the query unit 705, in the corresponding authorization message of the query key
Licensing term in, obtain the users personal data in the range of authorization data in the corresponding authorization message.
Optionally, the transmitting element 707, is additionally operable to carry what the query unit 705 was inquired
The cache request of authorization data scope in the corresponding authorization message is sent to data platform,
The data acquiring unit 706, described corresponding is awarded specifically for receive that the data platform returns
Weigh the users personal data in the range of authorization data in information.
Optionally, the transmitting element 707, is additionally operable to handle mesh in the acquiring unit 701 acquisition user
After the mandate contract information and ID that are authorized during mark business, sent to user terminal and authorize success notification letter
Breath.
In actual applications, the acquiring unit 701 described in the present embodiment can be by Information Authentication mandate platform
In information verification mandate gateway realize;Described generation unit 702, memory cell 703, receiving unit
704, query unit 705, data acquiring unit 706, transmitting element 707 can be put down by Information Authentication mandate
KV data gateways in platform are realized.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can using hardware embodiment, software implementation or combine software and
The form of the embodiment of hardware aspect.Moreover, the present invention can be used wherein includes calculating one or more
The computer-usable storage medium of machine usable program code (includes but is not limited to magnetic disk storage and optical storage
Device etc.) on the form of computer program product implemented.
The present invention is with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Flow chart and/or block diagram describe.It should be understood that can be by computer program instructions implementation process figure and/or side
Each flow and/or square frame in block diagram and flow and/or the knot of square frame in flow chart and/or block diagram
Close.Can provide these computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor or
The processor of other programmable data processing devices is to produce a machine so that by computer or other can
The instruction of the computing device of programming data processing equipment is produced for realizing in one flow or multiple of flow chart
The device for the function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices
In the computer-readable memory worked in a specific way so that be stored in the computer-readable memory
Instruction, which is produced, includes the manufacture of command device, and the command device is realized in one flow of flow chart or multiple streams
The function of being specified in one square frame of journey and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made
Obtain and series of operation steps performed on computer or other programmable devices to produce computer implemented processing,
So as to which the instruction performed on computer or other programmable devices is provided for realizing in one flow of flow chart
Or specified in one square frame of multiple flows and/or block diagram or multiple square frames function the step of.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the protection model of the present invention
Enclose.
Claims (10)
1. a kind of authorization method of users personal data, it is characterised in that methods described includes:
Obtain user and handle the mandate contract information and ID authorized during target service;Wherein, it is described to authorize
Contract information includes authorization message and user is directed to the license confirmation of the authorization message;The authorization message
Including authorization data scope and authorization object ID;
According to the authorization object ID and ID generation key, the key and the authorization message are stored
Corresponding relation;
Receive service platform transmission carries query key user profile inquiry request;
The corresponding relation of query key and authorization message, is obtained in the corresponding authorization message of the query key
Authorization data scope;
The users personal data in the range of authorization data in the corresponding authorization message is obtained, by the correspondence
Authorization message in users personal data in the range of authorization data be sent to the service platform.
2. according to the method described in claim 1, it is characterised in that the acquisition user handles service platform
Target service when the mandate contract information and ID that authorize, including:
The user for receiving user terminal transmission by WAP wap page or public number mode handles clothes
The authorization message and ID authorized during the target service of business platform;By Short Message Service Gateway to the user terminal
License confirmation request is sent, the license confirmation that the user terminal is returned is received, obtains and authorizes contract information;
The authorization message is carried in the license confirmation request;
Or, the user for receiving Short Message Service Gateway transmission handles the mandate conjunction authorized during the target service of service platform
With information and ID.
3. according to the method described in claim 1, it is characterised in that also include in the authorization message:Award
Weigh the time limit;The users personal data obtained in the corresponding authorization message in the range of authorization data, bag
Include:
In licensing term in the corresponding authorization message of the query key, described corresponding award is obtained
Weigh the users personal data in the range of authorization data in information.
4. according to the method described in claim 1, it is characterised in that described to obtain the corresponding mandate letter
The users personal data in the range of authorization data in breath, including:
The cache request of the authorization data scope carried in the corresponding authorization message is sent into data to put down
Platform, receives the user in the range of authorization data in the corresponding authorization message that the data platform is returned
Personal data.
5. according to the method described in claim 1, it is characterised in that when acquisition user handles target service
After the mandate contract information and ID of mandate, methods described also includes:
Sent to user terminal and authorize success notification information.
6. a kind of information verification mandate platform, it is characterised in that described information verification mandate platform includes:
Acquiring unit, the mandate contract information and ID authorized for obtaining when user handles target service;
Wherein, it is described to authorize contract information to include the license confirmation of authorization message and user for the authorization message;
The authorization message includes authorization data scope and authorization object ID;
Generation unit, authorization object ID and ID for being obtained according to the acquiring unit generate key;
Memory cell, the key for storing the Key generating unit generation is corresponding with the authorization message
Relation;
Receiving unit, for receive service platform transmission carry query key user profile inquiry request;
Query unit, the corresponding relation for inquiring about the key stored in the memory cell and authorization message,
Obtain the authorization data scope in the corresponding authorization message of query key that the receiving unit is received;
Data acquiring unit, for obtaining the use in the range of the authorization data that the query unit is inquired
Family personal data;
Transmitting element, for the user in the range of the authorization data that obtains the data acquiring unit
Personal data is sent to the service platform.
7. information verification mandate platform according to claim 6, it is characterised in that
The acquiring unit, specifically for receiving use by WAP wap page or public number mode
The user that family terminal is sent handles the authorization message authorized during the target service of service platform and ID;Pass through
Short Message Service Gateway sends license confirmation request to the user terminal, and the mandate for receiving the user terminal return is true
Recognize, obtain and authorize contract information;The authorization message is carried in the license confirmation request;Or, connect
Harvest the user that sends of Short Message Service Gateway handle the mandate contract information that is authorized during the target service of service platform and
ID.
8. information verification mandate platform according to claim 6, it is characterised in that the authorization message
In also include:Licensing term;Then,
The data acquiring unit, specifically for what is inquired in the query unit, the query key pair
In licensing term in the authorization message answered, authorization data scope in the corresponding authorization message is obtained
Interior users personal data.
9. information verification mandate platform according to claim 6, it is characterised in that
The transmitting element, is additionally operable to that the corresponding mandate letter that the query unit is inquired will be carried
The cache request of authorization data scope in breath is sent to data platform,
The data acquiring unit, corresponding authorize returned specifically for receiving the data platform is believed
Users personal data in breath in the range of authorization data.
10. information verification mandate platform according to claim 6, it is characterised in that
The transmitting element, be additionally operable to the acquiring unit obtain user handle target service when authorize award
Weigh after contract information and ID, sent to user terminal and authorize success notification information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610067525.6A CN107026819A (en) | 2016-01-29 | 2016-01-29 | The authorization method and information verification mandate platform of a kind of users personal data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610067525.6A CN107026819A (en) | 2016-01-29 | 2016-01-29 | The authorization method and information verification mandate platform of a kind of users personal data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107026819A true CN107026819A (en) | 2017-08-08 |
Family
ID=59524692
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610067525.6A Pending CN107026819A (en) | 2016-01-29 | 2016-01-29 | The authorization method and information verification mandate platform of a kind of users personal data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107026819A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650238A (en) * | 2018-04-17 | 2018-10-12 | 新大陆(福建)公共服务有限公司 | A kind of method and system accepting business based on interconnection network personal identification authorization |
CN110956470A (en) * | 2018-09-26 | 2020-04-03 | 百度在线网络技术(北京)有限公司 | Block chain-based personal experience information processing method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
CN102821104A (en) * | 2012-08-09 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Authorization method, authorization device and authorization system |
CN104253784A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Logging and authorization method and system |
-
2016
- 2016-01-29 CN CN201610067525.6A patent/CN107026819A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
CN102821104A (en) * | 2012-08-09 | 2012-12-12 | 腾讯科技(深圳)有限公司 | Authorization method, authorization device and authorization system |
CN104253784A (en) * | 2013-06-25 | 2014-12-31 | 腾讯科技(深圳)有限公司 | Logging and authorization method and system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108650238A (en) * | 2018-04-17 | 2018-10-12 | 新大陆(福建)公共服务有限公司 | A kind of method and system accepting business based on interconnection network personal identification authorization |
CN110956470A (en) * | 2018-09-26 | 2020-04-03 | 百度在线网络技术(北京)有限公司 | Block chain-based personal experience information processing method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11363015B2 (en) | Provisioning transferable access tokens | |
US20220020001A1 (en) | Decisional Architectures in Blockchain Environments | |
CN109447811B (en) | Method, accounting node and medium for inquiring transaction information in blockchain network | |
CN110471951B (en) | Method, accounting node and medium for determining order of transaction information in data block | |
CN109034437A (en) | A kind of library system based on cloud terminal | |
JP2023065536A (en) | Block chain-implemented method and system | |
CN100566248C (en) | Digital signature guarantees system, method and apparatus | |
CN109844783A (en) | The database that the ledger of immutable cryptoguard is supported | |
CN1829227B (en) | Integrating multiple identities, identity mechanisms and identity providers in a single user paradigm | |
CN108369700A (en) | Mobile-payment system | |
US20110270751A1 (en) | Electronic commerce system and system and method for establishing a trusted session | |
US10043165B2 (en) | Cloud service integration pay trading system | |
US20140372315A1 (en) | Method and system for managing data and enabling payment transactions between multiple entities | |
US20110055547A1 (en) | Personal information management and delivery mechanism | |
CN105099673A (en) | Authorization method, authorization requesting method and devices | |
CN104361490B (en) | A kind of method of payment and system of sensitive information markization | |
CN108712488A (en) | A kind of data processing method based on block chain, device, block catenary system | |
CN101977184B (en) | Multi-identity selection landing device and service system | |
CN110210207A (en) | Authorization method and equipment | |
CN107256484A (en) | Mobile payment sublicense method and the payment system realized using this method | |
US20150058202A1 (en) | System and method for tracking and controlling ownership of digital works and rewarding authors, artists and/or their representatives over time | |
CN110599342A (en) | Block chain-based identity information authorization method and device | |
KR100733475B1 (en) | Electorn tax bill issue system used a mobile and the processing method thereof | |
CN104301293A (en) | Data processing method, device and system | |
KR101204703B1 (en) | Method for trading medical information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170808 |
|
RJ01 | Rejection of invention patent application after publication |