CN109547404A - The acquisition methods and server of data - Google Patents

The acquisition methods and server of data Download PDF

Info

Publication number
CN109547404A
CN109547404A CN201811182204.6A CN201811182204A CN109547404A CN 109547404 A CN109547404 A CN 109547404A CN 201811182204 A CN201811182204 A CN 201811182204A CN 109547404 A CN109547404 A CN 109547404A
Authority
CN
China
Prior art keywords
application
authorization message
authorization
block chain
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811182204.6A
Other languages
Chinese (zh)
Other versions
CN109547404B (en
Inventor
雷琼
邹陈波
梁劲峰
彭碧波
董星云
郑映锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811182204.6A priority Critical patent/CN109547404B/en
Publication of CN109547404A publication Critical patent/CN109547404A/en
Application granted granted Critical
Publication of CN109547404B publication Critical patent/CN109547404B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The present invention is suitable for block chain technical field, provide the acquisition methods and server of a kind of data, it include: to obtain the log-on message of the user, and obtain the account of the first block chain corresponding with the log-on message after monitoring that user logs in first application;The number of the first authorization message corresponding with the account of the first block chain in the second block chain is searched, and the number of first authorization message is sent to the second application;After receiving the encryption information that second application returns, the encryption information is decrypted to obtain target data, and the target data is shown to the user, the target data is data corresponding with first authorization message in second application.By the above method, efficiently solve the problems, such as that the data age rate obtained in multiple application programs is lower.

Description

The acquisition methods and server of data
Technical field
The present invention relates to the acquisition methods and server of block chain technical field more particularly to a kind of data.
Background technique
With flourishing for internet, the fragmentation of personal data is increasingly severe, due to each service provider mark The inconsistent of standard leads to not efficiently polymerize personal data.For example, user wants to check mail, look at the good of microblogging concern in passing Whether friend has new dynamic, then also wants to look at that wechat has not new message, then looks at oneself buy in two shares changing tendencies, Whether the last a game for taking off object for appreciation has good friend online.Currently, user checks multiple applications to realize aforesaid operations Personal data in program, it is common practice to, using different account number ciphers, opens different software and log in turn, in turn It checks.Existing mode is cumbersome, obtains lower using the efficiency of data.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of acquisition methods of data and server, to solve the prior art The lower problem of the middle data age rate obtained in multiple application programs.
The service in a first aspect, provide a kind of acquisition methods of data, applied to the first application of the embodiment of the present invention Device, the method may include:
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the login The account of the corresponding first block chain of information;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by institute The number for stating the first authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain target Data, and the target data is shown to the user, the target data is to award in second application with described first Weigh the corresponding data of information.
The second aspect of the embodiment of the present invention provides a kind of acquisition methods of data, the service applied to the second application Device, the method may include:
The number for the first authorization message that the first application is sent is received, the number of first authorization message is the second block The number of the first authorization message corresponding with the account of the first block chain in chain, the account of the first area chain are described in login The corresponding account of log-on message of the user of first application;
The first authorization message corresponding with the number of first authorization message is obtained from the second block chain, and to described First authorization message is authenticated;
If passing through to the certification of first authorization message, obtain it is described second application in first authorization message Corresponding target data is encrypted to obtain encryption information to the target data, and the encryption information is returned to described First application;
First authorization message is the information signed using private key for user to the second authorization message, the use Family private key is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
The third aspect of the embodiment of the present invention, provides a kind of computer readable storage medium, described computer-readable to deposit Storage media is stored with computer program, and such as first aspect of the embodiment of the present invention is realized when the computer program is executed by processor Or second aspect provide the method the step of.
The fourth aspect of the embodiment of the present invention, provides a kind of server, including memory, processor and is stored in institute The computer program that can be run in memory and on the processor is stated, the processor executes real when the computer program Existing following steps:
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the login The account of the corresponding first block chain of information;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by institute The number for stating the first authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain target Data, and the target data is shown to the user, the target data is to award in second application with described first Weigh the corresponding data of information.
5th aspect of the embodiment of the present invention, provides a kind of server, including memory, processor and is stored in institute The computer program that can be run in memory and on the processor is stated, the processor executes real when the computer program Existing following steps:
The number for the first authorization message that the first application is sent is received, the number of first authorization message is the second block The number of the first authorization message corresponding with the account of the first block chain in chain, the account of the first area chain are described in login The corresponding account of log-on message of the user of first application;
The first authorization message corresponding with the number of first authorization message is obtained from the second block chain, and to described First authorization message is authenticated;
If passing through to the certification of first authorization message, obtain it is described second application in first authorization message Corresponding target data is encrypted to obtain encryption information to the target data, and the encryption information is returned to described First application.
Existing beneficial effect is the embodiment of the present invention compared with prior art:
When the first application needs to obtain the data in the second application in the embodiment of the present invention, the login of acquisition user first is believed The account for ceasing corresponding first block chain obtains corresponding first authorization in the second block chain according to the account of the first block chain and believes The number of breath, then the number of the first authorization message is sent to the second application;Second application is awarded according to receive first first The number for weighing information obtains corresponding first authorization message, then authenticates to the first authorization message, authenticates second after passing through Data corresponding with the first authorization message return to the first application in.By the above method, user can answer by first With the data checked in the second application, the tedious steps for logging in application in turn are avoided, effectively increase acquisition multiple utility program The efficiency of data.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of the acquisition methods of data provided in an embodiment of the present invention;
Fig. 2 is the implementation process schematic diagram of the acquisition methods for the data that further embodiment of this invention provides;
Fig. 3 is the schematic diagram of server provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram for the server that further embodiment of this invention provides.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity The detailed description of road and method, in case unnecessary details interferes description of the invention.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " instruction is described special Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step, Operation, the presence or addition of element, component and/or its set.
It will be further appreciated that the term "and/or" used in description of the invention and the appended claims is Refer to any combination and all possible combinations of one or more of associated item listed, and including these combinations.
Before introducing the embodiment of the present invention, an application scenarios of the embodiment of the present invention are first introduced.When user wants to obtain When taking the personal data in multiple applications, one of application (applying the application as first) can be first logged in, it will be in addition to Application outside first application is as the second application.The server of first application obtains corresponding the according to the log-on message of the user The account of one block chain searches the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and The number of first authorization message is sent to the second application;The server of second application is according to the first authorization message received Number obtains corresponding first authorization message in the second block chain, then authenticates to the first authorization message, and certification will after passing through Data corresponding with the first authorization message return to the first application in second application.In this way, user need to only log in the first application, just The personal data in the second application can be obtained by the first application.
The implementation of the embodiment of the present invention on condition that, user needs to register in the first block chain in advance, obtains first The account of block chain;The second authorization message is written in the second block chain further according to the account of the first block chain, and utilizes oneself Private key for user signed to obtain the first authorization message that (the first authorization message includes the first block chain to the second authorization message Account, authorization time limit and authorization object, authorization object refer to each application);After the first authorization message is written successfully, the second block The number of first authorization message can be returned to user by chain;User can be by the account of the first block chain and the first authorization message Number bound, and by the account of the first block chain respectively with the log-on message of each authorization object in the first authorization message into Row binding.
The account of first block chain is respectively stored in different block chains from the first authorization message, i.e. account and information point Storage is opened, the privacy of user information is effectively increased.Along with the characteristic that can not be distorted that block chain itself has, further Increase the safety for the information that user obtains in data procedures.Moreover, second authorization message need to be only written in user, respectively answer With the personal data that can obtain user in other application according to first authorization message, substantially increases and mostly obtained using data The efficiency taken.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 is the implementation process schematic diagram of the acquisition methods of data provided in an embodiment of the present invention, and the embodiment of the present invention is answered For the server of the first application, as shown, the method may include following steps:
Step S101 obtains the log-on message of the user after monitoring that user logs in first application, and obtain with The account of the corresponding first block chain of the log-on message.
Wherein, log-on message refers to information required when user logs in the first application.Because user is in advance by the first application Log-on message and the account of the first block chain bound, it is possible to directly obtain corresponding first according to log-on message The account of block chain.
Step S102 searches the volume of the first authorization message corresponding with the account of the first block chain in the second block chain Number, and the number of first authorization message is sent to the second application.
Because user is in advance bound the account of the number of the first authorization message and the first block chain, it is possible to The number of corresponding first authorization message in the second block chain is directly searched according to the account of the first block chain.
Wherein, first authorization message is the information signed using private key for user to the second authorization message, The private key for user is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
Illustratively, the first authorization message AUTH-0x000001 are as follows: (user is in the first block to 0x83745a for pre-authorization The account registered in chain) in 20:30~21:00 accessible GMAIL, WeChat and Facebook.Wherein, AUTH- 0x000001 is the number of the first authorization message, and 0x83745a is the account of the first block chain, when 20:30~21:00 is authorization Limit, GMAIL, WeChat and Facebook are authorization object.Moreover, each authorization object, i.e. GMAIL, WeChat and Facebook On be bundled with the account 0x83745a of the first block chain.It should be noted that one of above-mentioned only the first authorization message Example is not specifically limited the form and content of the first authorization message.
Illustratively, authorization object GMAIL, WeChat and Facebook wants to obtain after user logs in Facebook When personal data in GMAIL and Wechat, then using Facebook as the first application, using GMAIL and Wechat as second Using.In other words, the first application can be used to indicate that the application as requesting party, the second application can be used to indicate as quilt The application of requesting party." first " therein, " second " are not used to count or sort.
First using after being sent to the second application for the number of the first authorization message, and the second application of waiting returns to corresponding add Confidential information.The implementation steps of second application can be found in the description of embodiment in Fig. 2.
Fig. 2 is the implementation process schematic diagram of the acquisition methods for the data that further embodiment of this invention provides, and the present invention is implemented Example is applied to the server of the second application, as shown, the method may include following steps:
Step S201 receives the number for the first authorization message that the first application is sent, the number of first authorization message For the number of the first authorization message corresponding with the account of the first block chain in the second block chain, the account of the first area chain For the corresponding account of log-on message for logging in the user that described first applies.
Wherein, first authorization message is the information signed using private key for user to the second authorization message, The private key for user is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
Step S202 obtains the first authorization letter corresponding with the number of first authorization message from the second block chain Breath, and first authorization message is authenticated.
Because the first authorization message is written in the second block chain in user, after being written successfully, the second block chain can be generated One corresponding number, and the number is returned into user.So the number according to the first authorization message is available corresponding First authorization message.
It is in one embodiment, described that first authorization message is authenticated, comprising:
The account of the first block chain corresponding with the number of first authorization message in the first block chain is searched, and is obtained Client public key corresponding with the account of the first block chain tests first authorization message using the client public key Card.
User signs to the first authorization message with the private key for user of oneself, correspondingly, being also required to utilize user oneself Client public key the first authorization message is verified.For example, the first authorization of user A can be obtained using the public key of user A Information can obtain the first authorization message of user B using the public key of user B, and the public key of user A can not obtain user B The first authorization message.Here second is this using " being verified using the client public key to first authorization message " The first re-examination card in the acquisition methods of the data of invention, i.e., only could obtain the of the user using the client public key of user One authorization message.This re-examination card, can prevent other users from obtaining the personal information of the user, that is, prevent a number of user According to divulging a secret, the privacy of users personal data is improved.
If being verified using the client public key to first authorization message, whether first application is judged Belong to the authorization object in first authorization message.
It here is the second re-authentication, which is the effective range in order to guarantee data acquisition.Category can only be obtained Data in the application of authorization object.
If first application belongs to the authorization object in first authorization message, judge current time whether in institute It states in the authorization time limit in the first authorization message.
It here is third re-authentication, which is the timeliness in order to guarantee data acquisition, i.e., can only be in effective time Interior acquisition belongs to the data authorized in corresponding application.
If certification of the current time within the authorization time limit in first authorization message, to first authorization message Pass through.
Illustratively, the first application sends the number of the first authorization message I to the second application A and the second application B simultaneously, In, the second application A belongs to the authorization object of the first authorization message I, and the second application B is not belonging to the authorization of the first authorization message I Object.So, the second re-authentication of the second application B does not pass through, then can not obtain the data in the second application B.Second applies A The second re-authentication pass through, judge current time whether within the authorization time limit in the first authorization message later.Assuming that when current Between be 20:00, when authorization, is limited to 10:00~22:00, then judges current time within the authorization time limit, i.e. third re-authentication passes through. And then judge that the certification of the first authorization message passes through.
Step S203 is obtained in second application if passing through to the certification of first authorization message with described the The corresponding target data of one authorization message is encrypted to obtain encryption information to the target data, and by the encryption information Return to first application.
In one embodiment, described to obtain number of targets corresponding with first authorization message in second application According to being encrypted to obtain encryption information to the target data, comprising:
Data corresponding with the account of the first block chain in first authorization message in second application are obtained, and Using the data as target data.
Here also for the privacy for guaranteeing userspersonal information.The corresponding data of account of first block chain are to work as Personal data of the preceding user in the second application.In other words, the personal data of user A can only be returned to user by the second application A, without the personal data of user B are returned to user A, and the method for being used to distinguish the data of different user, it is exactly basis The account of the first block chain of user is distinguished.
The target data is encrypted to obtain encryption data and the second key.
Encryption therein can use Advanced Encryption Standard (advanced encryption standard, AES) Encryption method.
The public key of first application is obtained, and second key signature is obtained using the public key of first application To first key.
The encryption data and the first key are packaged into encryption information.
The number for the first authorization message that second application is sent according to the first application obtains corresponding encryption information, and will add Confidential information returns to the first application.Later, the implementation steps of the first application are as follows:
Step S103 solves the encryption information after receiving the encryption information that second application returns It is close to obtain target data, and the target data is shown to the user, the target data be in second application with The corresponding data of first authorization message.
Wherein, the encryption information includes:
First key and encryption data.
It is in one embodiment, described that the encryption information is decrypted to obtain target data, comprising:
The first key in the encryption information is verified using the private key of first application, it is close to obtain second Key.
It is decrypted using the encryption data in encryption information described in second key pair, obtains the number of targets According to.
Because the second application is the public key using the first application to the second key signature, the first application can only be utilized Private key could verify the second key, and the only first application just has the private key of the first application.So being considered as here It is the 4th re-authentication of data capture method of the invention.This re-authentication can guarantee the safety of data transmission.Work as hair Encryption information is when being sent to other application using mistake by raw failure or second, the private key that other application is applied due to no first and Encryption information can not be decrypted.The privacy for the users personal data preferably protected and safety.
It is " right in the process " being decrypted using the second key pair encryption data " in first application, with the second application The target data is encrypted to obtain encryption data and the second key " it is reciprocal, i.e., it is how right in the second application Target data is encrypted, and just encryption data is decrypted using same method in the first application.Assuming that second answers Target data is encrypted using AES encryption method with middle, then the first application is then using AES decryption method to encryption Data are decrypted.
In embodiments of the present invention, need to carry out four verification process altogether, the first application can get second and answer The personal data of user in considerably increase privacy and the safety of the personal data of user by the above method.
In addition, in the prior art, the data of B application being obtained by A application, then A application is needed to obtain awarding for B application Power needs user to carry out multiple Authorized operation if A application will obtain the data of multiple other applications, i.e., one-to-one to award Power mode;After A application obtains the authorization of an application, the authorization of another application could be obtained again, belongs to serial authorized party Formula.And in the present invention, it, can be simultaneously by the number of the first authorization message if A application will obtain the data of multiple other applications Multiple applications are sent to, and these applications can obtain accordingly from the second block chain according to the number of the first authorization message simultaneously The first authorization message, each Self-certified, after certification passes through, respective data are returned to A application by each application respectively.With such Mode, user only need a sub-authorization, and A application only need to be initiated once to request, so that it may while obtaining the number in multiple other applications According to that is, one-to-many authorization belongs to parallel authorization.Method in the present invention substantially increases mostly application and obtains number According to efficiency, simplify the operating procedure of user, the user experience is improved.
When the first application needs to obtain the data in the second application in the embodiment of the present invention, the login of acquisition user first is believed The account for ceasing corresponding first block chain obtains corresponding first authorization in the second block chain according to the account of the first block chain and believes The number of breath, then the number of the first authorization message is sent to the second application;Second application is awarded according to receive first first The number for weighing information obtains corresponding first authorization message, then authenticates to the first authorization message, authenticates second after passing through Data corresponding with the first authorization message return to the first application in.By the above method, user can answer by first With the data checked in the second application, the tedious steps for logging in application in turn are avoided, effectively increase acquisition multiple utility program The efficiency of data.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.
Fig. 3 is the schematic diagram of server provided in an embodiment of the present invention.As shown in figure 3, the server 3 of the embodiment wraps It includes: processor 30, memory 31 and being stored in the computer that can be run in the memory 31 and on the processor 30 Program 32.The processor 30 is realized when executing the computer program 32 in the acquisition methods embodiment of above-mentioned each data Step, such as step S101 to S103 shown in FIG. 1.
Illustratively, the computer program 32 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 31, and are executed by the processor 30, to complete the present invention.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 32 in the server 3 is described.For example, the computer program 32 can be divided At acquiring unit, searching unit, decryption unit, each unit concrete function is as follows:
Acquiring unit, for obtaining the log-on message of the user, and obtain after monitoring that user logs in first application Take the account of the first block chain corresponding with the log-on message.
Searching unit, for searching the first authorization message corresponding with the account of the first block chain in the second block chain Number, and the number of first authorization message is sent to the second application.
Decryption unit, for receive it is described second application return encryption information after, to the encryption information into Row decryption obtains target data, and the target data is shown to the user, and the target data is second application In data corresponding with first authorization message.
Optionally, first authorization message is the letter signed using private key for user to the second authorization message Breath, the private key for user are private key corresponding with the account of the first block chain.
Optionally, first authorization message includes:
Account, authorization time limit and the authorization object of first block chain.
Optionally, the authorization object includes first application and second application.
Optionally, the encryption information includes:
First key and encryption data.
Optionally, the decryption unit includes:
Authentication module, for being tested using the private key of first application the first key in the encryption information Card, obtains the second key.
Deciphering module, for being decrypted using the encryption data in encryption information described in second key pair, Obtain the target data.
Fig. 4 is the schematic diagram for the server that further embodiment of this invention provides.As shown in figure 4, the server 4 of the embodiment Include: processor 40, memory 41 and is stored in the calculating that can be run in the memory 41 and on the processor 40 Machine program 42.The processor 40 is realized when executing the computer program 42 in the acquisition methods embodiment of above-mentioned each data The step of, such as step S201 to S203 shown in Fig. 2.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the present invention.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 42 in the server 4 is described.For example, the computer program 62 can be divided At receiving unit, authentication unit, return unit, each unit concrete function is as follows:
Receiving unit, for receiving the number for the first authorization message that the first application is sent, first authorization message Number is the number of the first authorization message corresponding with the account of the first block chain in the second block chain, the first area chain Account is to log in the corresponding account of log-on message of the user of first application.
Authentication unit, for obtaining the first authorization corresponding with the number of first authorization message from the second block chain Information, and first authorization message is authenticated.
Return unit, if the certification for first authorization message passes through, obtain it is described second application in institute The corresponding target data of the first authorization message is stated, is encrypted to obtain encryption information to the target data, and by the encryption Information returns to first application.
Optionally, first authorization message is the letter signed using private key for user to the second authorization message Breath, the private key for user are private key corresponding with the account of the first block chain.
Optionally, first authorization message includes:
Account, authorization time limit and the authorization object of first block chain.
Optionally, the authorization object includes first application and second application.
Optionally, the authentication unit includes:
Searching module, for searching the first block chain corresponding with the number of first authorization message in the first block chain Account, and corresponding with the account of the first block chain client public key is obtained, using the client public key to described first Authorization message is verified.
Authentication module, if judging institute for being verified using the client public key to first authorization message State the authorization object whether the first application belongs in first authorization message.
Judgment module, if belonging to the authorization object in first authorization message for first application, judgement is worked as Whether the preceding time is within the authorization time limit in first authorization message.
By module, if for current time within the authorization time limit in first authorization message, to described first The certification of authorization message passes through.
Optionally, the return unit includes:
Module is obtained, for obtaining the account in second application with the first block chain in first authorization message Corresponding data, and using the data as target data.
Encrypting module obtains encryption data and the second key for the target data to be encrypted.
Signature blocks, for obtaining the public key of first application, and using the public key of first application to described the Two key signatures, obtain first key.
Packetization module, for the encryption data and the first key to be packaged into encryption information.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
The server can be desktop PC, notebook, palm PC and cloud server etc. and calculate equipment.Institute Stating server may include, but be not limited only to, processor, memory.It will be understood by those skilled in the art that Fig. 3/4 are only to take The example of business device, does not constitute the restriction to server, may include components more more or fewer than diagram, or combine certain Component or different components, such as the terminal device can also include input-output equipment, network access equipment, bus Deng.
Alleged processor can be central processing unit (Central Processing Unit, CPU), can also be it His general processor, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor Deng.
The memory can be the internal storage unit of the server, such as the hard disk or memory of server.It is described Memory is also possible to the plug-in type hard disk being equipped on the External memory equipment of the server, such as the server, intelligence Storage card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) Deng.Further, the memory can also both include the internal storage unit of the terminal device 6 or set including external storage It is standby.The memory is for other programs and data needed for storing the computer program and the terminal device.It is described Memory can be also used for temporarily storing the data that has exported or will export.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium It may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program code Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and Telecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all It is included within protection scope of the present invention.

Claims (10)

1. a kind of acquisition methods of data, which is characterized in that the server applied to the first application, which comprises
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the log-on message The account of corresponding first block chain;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by described The number of one authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain number of targets According to, and the target data is shown to the user, the target data is to authorize in second application with described first The corresponding data of information.
2. the acquisition methods of data as described in claim 1, which is characterized in that first authorization message is to utilize user's private The information that key signs to the second authorization message, the private key for user are corresponding with the account of the first block chain Private key;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
3. the acquisition methods of data as described in claim 1, which is characterized in that the encryption information includes:
First key and encryption data;
It is described that the encryption information is decrypted to obtain target data, comprising:
The first key in the encryption information is verified using the private key of first application, obtains the second key;
It is decrypted using the encryption data in encryption information described in second key pair, obtains the target data.
4. a kind of acquisition methods of data, which is characterized in that the server applied to the second application, which comprises
The number for the first authorization message that the first application is sent is received, the number of first authorization message is in the second block chain The number of the first authorization message corresponding with the account of the first block chain, the account of the first area chain are to log in described first The corresponding account of the log-on message of the user of application;
The first authorization message corresponding with the number of first authorization message is obtained from the second block chain, and to described first Authorization message is authenticated;
If passing through to the certification of first authorization message, obtain corresponding with first authorization message in second application Target data, the target data is encrypted to obtain encryption information, and the encryption information is returned to described first Using;
First authorization message is the information signed using private key for user to the second authorization message, and the user is private Key is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
5. the acquisition methods of data as claimed in claim 4, which is characterized in that it is described that the authorization message is authenticated, Include:
It searches the account of the first block chain corresponding with the number of the authorization message in the first block chain, and obtains and described the The corresponding client public key of account of one block chain verifies the authorization message using the client public key;
If being verified using the client public key to the authorization message, it is described to judge whether first application belongs to Authorization object in authorization message;
If first application belongs to the authorization object in the authorization message, judge whether current time is believed in the authorization In the authorization time limit in breath;
If current time passes through the certification of the authorization message within the authorization time limit in the authorization message.
6. the acquisition methods of data as claimed in claim 5, which is characterized in that it is described obtain it is described second application in it is described The corresponding target data of authorization message, is encrypted to obtain encryption information to the target data, comprising:
Data corresponding with the account of the first block chain in the authorization message in second application are obtained, and by the data As target data;
The target data is encrypted to obtain encryption data and the second key;
The public key of first application is obtained, and using the public key of first application to second key signature, obtains the One key;
The encryption data and the first key are packaged into encryption information.
7. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists In realization such as any one of claims 1 to 3 the method or such as claim when the computer program is executed by processor The step of any one of 4 to 6 the method.
8. a kind of server, including memory, processor and storage can transport in the memory and on the processor Capable computer program, which is characterized in that the processor realizes following steps when executing the computer program:
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the log-on message The account of corresponding first block chain;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by described The number of one authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain number of targets According to, and the target data is shown to the user, the target data is to authorize in second application with described first The corresponding data of information.
9. server as claimed in claim 8, which is characterized in that first authorization message is using private key for user to second The information that authorization message is signed, the private key for user are private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
10. a kind of server, including memory, processor and storage can transport in the memory and on the processor Capable computer program, which is characterized in that the processor is realized when executing the computer program as in claim 4 to 6 The step of any one the method.
CN201811182204.6A 2018-10-11 2018-10-11 Data acquisition method and server Active CN109547404B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811182204.6A CN109547404B (en) 2018-10-11 2018-10-11 Data acquisition method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811182204.6A CN109547404B (en) 2018-10-11 2018-10-11 Data acquisition method and server

Publications (2)

Publication Number Publication Date
CN109547404A true CN109547404A (en) 2019-03-29
CN109547404B CN109547404B (en) 2022-08-19

Family

ID=65843771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811182204.6A Active CN109547404B (en) 2018-10-11 2018-10-11 Data acquisition method and server

Country Status (1)

Country Link
CN (1) CN109547404B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111193736A (en) * 2019-12-30 2020-05-22 江苏恒宝智能系统技术有限公司 Information authentication method, device, system and storage medium
CN113011960A (en) * 2020-11-30 2021-06-22 腾讯科技(深圳)有限公司 Block chain-based data access method, device, medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180103042A1 (en) * 2016-10-12 2018-04-12 Bank Of America Corporation Automated data authentication and service authorization via cryptographic keys in a private blockchain
WO2018119892A1 (en) * 2016-12-29 2018-07-05 深圳前海达闼云端智能科技有限公司 Method and device for publishing and validating software application program
CN108632284A (en) * 2018-05-10 2018-10-09 网易(杭州)网络有限公司 User data authorization method, medium, device and computing device based on block chain
US20190312877A1 (en) * 2016-12-23 2019-10-10 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Block chain mining method, device, and node apparatus
US20190370479A1 (en) * 2017-02-21 2019-12-05 Coinplug, Inc. Method for providing simplified account registration service and user authentication service, and authentication server using same

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180103042A1 (en) * 2016-10-12 2018-04-12 Bank Of America Corporation Automated data authentication and service authorization via cryptographic keys in a private blockchain
US20190312877A1 (en) * 2016-12-23 2019-10-10 Cloudminds (Shenzhen) Robotics Systems Co., Ltd. Block chain mining method, device, and node apparatus
WO2018119892A1 (en) * 2016-12-29 2018-07-05 深圳前海达闼云端智能科技有限公司 Method and device for publishing and validating software application program
US20190370479A1 (en) * 2017-02-21 2019-12-05 Coinplug, Inc. Method for providing simplified account registration service and user authentication service, and authentication server using same
CN108632284A (en) * 2018-05-10 2018-10-09 网易(杭州)网络有限公司 User data authorization method, medium, device and computing device based on block chain

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111193736A (en) * 2019-12-30 2020-05-22 江苏恒宝智能系统技术有限公司 Information authentication method, device, system and storage medium
CN113011960A (en) * 2020-11-30 2021-06-22 腾讯科技(深圳)有限公司 Block chain-based data access method, device, medium and electronic equipment

Also Published As

Publication number Publication date
CN109547404B (en) 2022-08-19

Similar Documents

Publication Publication Date Title
Gao et al. Privacy-preserving auction for big data trading using homomorphic encryption
CN109478279A (en) Method and system for realizing block chain
CN109460966A (en) Contract signing method, apparatus and terminal device based on requesting party's classification
CN101221641B (en) On-line trading method and its safety affirmation equipment
CN113014539B (en) Internet of things equipment safety protection system and method
CN108234115A (en) The verification method of information security, device and system
CN104715187A (en) Method and apparatus used for authenticating nodes of electronic communication system
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
CN1921395B (en) Method for improving security of network software
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
Chen et al. An IoT-based traceable drug anti-counterfeiting management system
CN102238193A (en) Data authentication method and system using same
CN106576047B (en) Make Password Operations from the method and apparatus of malicious modification
CN109361697A (en) The method for realizing trusted identity certification based on SIM card load PKI
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN115147224A (en) Transaction data sharing method and device based on alliance chain
CN110035076A (en) Trusted access method, trusted client and server towards energy internet
CN103281180B (en) User is protected to access the bill generation method of privacy in a kind of network service
CN109547404A (en) The acquisition methods and server of data
CN108965315A (en) A kind of authentic authentication method of terminal device, device and terminal device
CN104753879B (en) Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider
CN112862484A (en) Secure payment method and device based on multi-terminal interaction
CN105072136B (en) A kind of equipment room safety certifying method and system based on virtual drive
CN109768969A (en) Authority control method and internet-of-things terminal, electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant