CN109547404A - The acquisition methods and server of data - Google Patents
The acquisition methods and server of data Download PDFInfo
- Publication number
- CN109547404A CN109547404A CN201811182204.6A CN201811182204A CN109547404A CN 109547404 A CN109547404 A CN 109547404A CN 201811182204 A CN201811182204 A CN 201811182204A CN 109547404 A CN109547404 A CN 109547404A
- Authority
- CN
- China
- Prior art keywords
- application
- authorization message
- authorization
- block chain
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Abstract
The present invention is suitable for block chain technical field, provide the acquisition methods and server of a kind of data, it include: to obtain the log-on message of the user, and obtain the account of the first block chain corresponding with the log-on message after monitoring that user logs in first application;The number of the first authorization message corresponding with the account of the first block chain in the second block chain is searched, and the number of first authorization message is sent to the second application;After receiving the encryption information that second application returns, the encryption information is decrypted to obtain target data, and the target data is shown to the user, the target data is data corresponding with first authorization message in second application.By the above method, efficiently solve the problems, such as that the data age rate obtained in multiple application programs is lower.
Description
Technical field
The present invention relates to the acquisition methods and server of block chain technical field more particularly to a kind of data.
Background technique
With flourishing for internet, the fragmentation of personal data is increasingly severe, due to each service provider mark
The inconsistent of standard leads to not efficiently polymerize personal data.For example, user wants to check mail, look at the good of microblogging concern in passing
Whether friend has new dynamic, then also wants to look at that wechat has not new message, then looks at oneself buy in two shares changing tendencies,
Whether the last a game for taking off object for appreciation has good friend online.Currently, user checks multiple applications to realize aforesaid operations
Personal data in program, it is common practice to, using different account number ciphers, opens different software and log in turn, in turn
It checks.Existing mode is cumbersome, obtains lower using the efficiency of data.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of acquisition methods of data and server, to solve the prior art
The lower problem of the middle data age rate obtained in multiple application programs.
The service in a first aspect, provide a kind of acquisition methods of data, applied to the first application of the embodiment of the present invention
Device, the method may include:
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the login
The account of the corresponding first block chain of information;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by institute
The number for stating the first authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain target
Data, and the target data is shown to the user, the target data is to award in second application with described first
Weigh the corresponding data of information.
The second aspect of the embodiment of the present invention provides a kind of acquisition methods of data, the service applied to the second application
Device, the method may include:
The number for the first authorization message that the first application is sent is received, the number of first authorization message is the second block
The number of the first authorization message corresponding with the account of the first block chain in chain, the account of the first area chain are described in login
The corresponding account of log-on message of the user of first application;
The first authorization message corresponding with the number of first authorization message is obtained from the second block chain, and to described
First authorization message is authenticated;
If passing through to the certification of first authorization message, obtain it is described second application in first authorization message
Corresponding target data is encrypted to obtain encryption information to the target data, and the encryption information is returned to described
First application;
First authorization message is the information signed using private key for user to the second authorization message, the use
Family private key is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
The third aspect of the embodiment of the present invention, provides a kind of computer readable storage medium, described computer-readable to deposit
Storage media is stored with computer program, and such as first aspect of the embodiment of the present invention is realized when the computer program is executed by processor
Or second aspect provide the method the step of.
The fourth aspect of the embodiment of the present invention, provides a kind of server, including memory, processor and is stored in institute
The computer program that can be run in memory and on the processor is stated, the processor executes real when the computer program
Existing following steps:
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the login
The account of the corresponding first block chain of information;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by institute
The number for stating the first authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain target
Data, and the target data is shown to the user, the target data is to award in second application with described first
Weigh the corresponding data of information.
5th aspect of the embodiment of the present invention, provides a kind of server, including memory, processor and is stored in institute
The computer program that can be run in memory and on the processor is stated, the processor executes real when the computer program
Existing following steps:
The number for the first authorization message that the first application is sent is received, the number of first authorization message is the second block
The number of the first authorization message corresponding with the account of the first block chain in chain, the account of the first area chain are described in login
The corresponding account of log-on message of the user of first application;
The first authorization message corresponding with the number of first authorization message is obtained from the second block chain, and to described
First authorization message is authenticated;
If passing through to the certification of first authorization message, obtain it is described second application in first authorization message
Corresponding target data is encrypted to obtain encryption information to the target data, and the encryption information is returned to described
First application.
Existing beneficial effect is the embodiment of the present invention compared with prior art:
When the first application needs to obtain the data in the second application in the embodiment of the present invention, the login of acquisition user first is believed
The account for ceasing corresponding first block chain obtains corresponding first authorization in the second block chain according to the account of the first block chain and believes
The number of breath, then the number of the first authorization message is sent to the second application;Second application is awarded according to receive first first
The number for weighing information obtains corresponding first authorization message, then authenticates to the first authorization message, authenticates second after passing through
Data corresponding with the first authorization message return to the first application in.By the above method, user can answer by first
With the data checked in the second application, the tedious steps for logging in application in turn are avoided, effectively increase acquisition multiple utility program
The efficiency of data.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the implementation process schematic diagram of the acquisition methods of data provided in an embodiment of the present invention;
Fig. 2 is the implementation process schematic diagram of the acquisition methods for the data that further embodiment of this invention provides;
Fig. 3 is the schematic diagram of server provided in an embodiment of the present invention;
Fig. 4 is the schematic diagram for the server that further embodiment of this invention provides.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " instruction is described special
Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step,
Operation, the presence or addition of element, component and/or its set.
It will be further appreciated that the term "and/or" used in description of the invention and the appended claims is
Refer to any combination and all possible combinations of one or more of associated item listed, and including these combinations.
Before introducing the embodiment of the present invention, an application scenarios of the embodiment of the present invention are first introduced.When user wants to obtain
When taking the personal data in multiple applications, one of application (applying the application as first) can be first logged in, it will be in addition to
Application outside first application is as the second application.The server of first application obtains corresponding the according to the log-on message of the user
The account of one block chain searches the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and
The number of first authorization message is sent to the second application;The server of second application is according to the first authorization message received
Number obtains corresponding first authorization message in the second block chain, then authenticates to the first authorization message, and certification will after passing through
Data corresponding with the first authorization message return to the first application in second application.In this way, user need to only log in the first application, just
The personal data in the second application can be obtained by the first application.
The implementation of the embodiment of the present invention on condition that, user needs to register in the first block chain in advance, obtains first
The account of block chain;The second authorization message is written in the second block chain further according to the account of the first block chain, and utilizes oneself
Private key for user signed to obtain the first authorization message that (the first authorization message includes the first block chain to the second authorization message
Account, authorization time limit and authorization object, authorization object refer to each application);After the first authorization message is written successfully, the second block
The number of first authorization message can be returned to user by chain;User can be by the account of the first block chain and the first authorization message
Number bound, and by the account of the first block chain respectively with the log-on message of each authorization object in the first authorization message into
Row binding.
The account of first block chain is respectively stored in different block chains from the first authorization message, i.e. account and information point
Storage is opened, the privacy of user information is effectively increased.Along with the characteristic that can not be distorted that block chain itself has, further
Increase the safety for the information that user obtains in data procedures.Moreover, second authorization message need to be only written in user, respectively answer
With the personal data that can obtain user in other application according to first authorization message, substantially increases and mostly obtained using data
The efficiency taken.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
Fig. 1 is the implementation process schematic diagram of the acquisition methods of data provided in an embodiment of the present invention, and the embodiment of the present invention is answered
For the server of the first application, as shown, the method may include following steps:
Step S101 obtains the log-on message of the user after monitoring that user logs in first application, and obtain with
The account of the corresponding first block chain of the log-on message.
Wherein, log-on message refers to information required when user logs in the first application.Because user is in advance by the first application
Log-on message and the account of the first block chain bound, it is possible to directly obtain corresponding first according to log-on message
The account of block chain.
Step S102 searches the volume of the first authorization message corresponding with the account of the first block chain in the second block chain
Number, and the number of first authorization message is sent to the second application.
Because user is in advance bound the account of the number of the first authorization message and the first block chain, it is possible to
The number of corresponding first authorization message in the second block chain is directly searched according to the account of the first block chain.
Wherein, first authorization message is the information signed using private key for user to the second authorization message,
The private key for user is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
Illustratively, the first authorization message AUTH-0x000001 are as follows: (user is in the first block to 0x83745a for pre-authorization
The account registered in chain) in 20:30~21:00 accessible GMAIL, WeChat and Facebook.Wherein, AUTH-
0x000001 is the number of the first authorization message, and 0x83745a is the account of the first block chain, when 20:30~21:00 is authorization
Limit, GMAIL, WeChat and Facebook are authorization object.Moreover, each authorization object, i.e. GMAIL, WeChat and Facebook
On be bundled with the account 0x83745a of the first block chain.It should be noted that one of above-mentioned only the first authorization message
Example is not specifically limited the form and content of the first authorization message.
Illustratively, authorization object GMAIL, WeChat and Facebook wants to obtain after user logs in Facebook
When personal data in GMAIL and Wechat, then using Facebook as the first application, using GMAIL and Wechat as second
Using.In other words, the first application can be used to indicate that the application as requesting party, the second application can be used to indicate as quilt
The application of requesting party." first " therein, " second " are not used to count or sort.
First using after being sent to the second application for the number of the first authorization message, and the second application of waiting returns to corresponding add
Confidential information.The implementation steps of second application can be found in the description of embodiment in Fig. 2.
Fig. 2 is the implementation process schematic diagram of the acquisition methods for the data that further embodiment of this invention provides, and the present invention is implemented
Example is applied to the server of the second application, as shown, the method may include following steps:
Step S201 receives the number for the first authorization message that the first application is sent, the number of first authorization message
For the number of the first authorization message corresponding with the account of the first block chain in the second block chain, the account of the first area chain
For the corresponding account of log-on message for logging in the user that described first applies.
Wherein, first authorization message is the information signed using private key for user to the second authorization message,
The private key for user is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
Step S202 obtains the first authorization letter corresponding with the number of first authorization message from the second block chain
Breath, and first authorization message is authenticated.
Because the first authorization message is written in the second block chain in user, after being written successfully, the second block chain can be generated
One corresponding number, and the number is returned into user.So the number according to the first authorization message is available corresponding
First authorization message.
It is in one embodiment, described that first authorization message is authenticated, comprising:
The account of the first block chain corresponding with the number of first authorization message in the first block chain is searched, and is obtained
Client public key corresponding with the account of the first block chain tests first authorization message using the client public key
Card.
User signs to the first authorization message with the private key for user of oneself, correspondingly, being also required to utilize user oneself
Client public key the first authorization message is verified.For example, the first authorization of user A can be obtained using the public key of user A
Information can obtain the first authorization message of user B using the public key of user B, and the public key of user A can not obtain user B
The first authorization message.Here second is this using " being verified using the client public key to first authorization message "
The first re-examination card in the acquisition methods of the data of invention, i.e., only could obtain the of the user using the client public key of user
One authorization message.This re-examination card, can prevent other users from obtaining the personal information of the user, that is, prevent a number of user
According to divulging a secret, the privacy of users personal data is improved.
If being verified using the client public key to first authorization message, whether first application is judged
Belong to the authorization object in first authorization message.
It here is the second re-authentication, which is the effective range in order to guarantee data acquisition.Category can only be obtained
Data in the application of authorization object.
If first application belongs to the authorization object in first authorization message, judge current time whether in institute
It states in the authorization time limit in the first authorization message.
It here is third re-authentication, which is the timeliness in order to guarantee data acquisition, i.e., can only be in effective time
Interior acquisition belongs to the data authorized in corresponding application.
If certification of the current time within the authorization time limit in first authorization message, to first authorization message
Pass through.
Illustratively, the first application sends the number of the first authorization message I to the second application A and the second application B simultaneously,
In, the second application A belongs to the authorization object of the first authorization message I, and the second application B is not belonging to the authorization of the first authorization message I
Object.So, the second re-authentication of the second application B does not pass through, then can not obtain the data in the second application B.Second applies A
The second re-authentication pass through, judge current time whether within the authorization time limit in the first authorization message later.Assuming that when current
Between be 20:00, when authorization, is limited to 10:00~22:00, then judges current time within the authorization time limit, i.e. third re-authentication passes through.
And then judge that the certification of the first authorization message passes through.
Step S203 is obtained in second application if passing through to the certification of first authorization message with described the
The corresponding target data of one authorization message is encrypted to obtain encryption information to the target data, and by the encryption information
Return to first application.
In one embodiment, described to obtain number of targets corresponding with first authorization message in second application
According to being encrypted to obtain encryption information to the target data, comprising:
Data corresponding with the account of the first block chain in first authorization message in second application are obtained, and
Using the data as target data.
Here also for the privacy for guaranteeing userspersonal information.The corresponding data of account of first block chain are to work as
Personal data of the preceding user in the second application.In other words, the personal data of user A can only be returned to user by the second application
A, without the personal data of user B are returned to user A, and the method for being used to distinguish the data of different user, it is exactly basis
The account of the first block chain of user is distinguished.
The target data is encrypted to obtain encryption data and the second key.
Encryption therein can use Advanced Encryption Standard (advanced encryption standard, AES)
Encryption method.
The public key of first application is obtained, and second key signature is obtained using the public key of first application
To first key.
The encryption data and the first key are packaged into encryption information.
The number for the first authorization message that second application is sent according to the first application obtains corresponding encryption information, and will add
Confidential information returns to the first application.Later, the implementation steps of the first application are as follows:
Step S103 solves the encryption information after receiving the encryption information that second application returns
It is close to obtain target data, and the target data is shown to the user, the target data be in second application with
The corresponding data of first authorization message.
Wherein, the encryption information includes:
First key and encryption data.
It is in one embodiment, described that the encryption information is decrypted to obtain target data, comprising:
The first key in the encryption information is verified using the private key of first application, it is close to obtain second
Key.
It is decrypted using the encryption data in encryption information described in second key pair, obtains the number of targets
According to.
Because the second application is the public key using the first application to the second key signature, the first application can only be utilized
Private key could verify the second key, and the only first application just has the private key of the first application.So being considered as here
It is the 4th re-authentication of data capture method of the invention.This re-authentication can guarantee the safety of data transmission.Work as hair
Encryption information is when being sent to other application using mistake by raw failure or second, the private key that other application is applied due to no first and
Encryption information can not be decrypted.The privacy for the users personal data preferably protected and safety.
It is " right in the process " being decrypted using the second key pair encryption data " in first application, with the second application
The target data is encrypted to obtain encryption data and the second key " it is reciprocal, i.e., it is how right in the second application
Target data is encrypted, and just encryption data is decrypted using same method in the first application.Assuming that second answers
Target data is encrypted using AES encryption method with middle, then the first application is then using AES decryption method to encryption
Data are decrypted.
In embodiments of the present invention, need to carry out four verification process altogether, the first application can get second and answer
The personal data of user in considerably increase privacy and the safety of the personal data of user by the above method.
In addition, in the prior art, the data of B application being obtained by A application, then A application is needed to obtain awarding for B application
Power needs user to carry out multiple Authorized operation if A application will obtain the data of multiple other applications, i.e., one-to-one to award
Power mode;After A application obtains the authorization of an application, the authorization of another application could be obtained again, belongs to serial authorized party
Formula.And in the present invention, it, can be simultaneously by the number of the first authorization message if A application will obtain the data of multiple other applications
Multiple applications are sent to, and these applications can obtain accordingly from the second block chain according to the number of the first authorization message simultaneously
The first authorization message, each Self-certified, after certification passes through, respective data are returned to A application by each application respectively.With such
Mode, user only need a sub-authorization, and A application only need to be initiated once to request, so that it may while obtaining the number in multiple other applications
According to that is, one-to-many authorization belongs to parallel authorization.Method in the present invention substantially increases mostly application and obtains number
According to efficiency, simplify the operating procedure of user, the user experience is improved.
When the first application needs to obtain the data in the second application in the embodiment of the present invention, the login of acquisition user first is believed
The account for ceasing corresponding first block chain obtains corresponding first authorization in the second block chain according to the account of the first block chain and believes
The number of breath, then the number of the first authorization message is sent to the second application;Second application is awarded according to receive first first
The number for weighing information obtains corresponding first authorization message, then authenticates to the first authorization message, authenticates second after passing through
Data corresponding with the first authorization message return to the first application in.By the above method, user can answer by first
With the data checked in the second application, the tedious steps for logging in application in turn are avoided, effectively increase acquisition multiple utility program
The efficiency of data.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Fig. 3 is the schematic diagram of server provided in an embodiment of the present invention.As shown in figure 3, the server 3 of the embodiment wraps
It includes: processor 30, memory 31 and being stored in the computer that can be run in the memory 31 and on the processor 30
Program 32.The processor 30 is realized when executing the computer program 32 in the acquisition methods embodiment of above-mentioned each data
Step, such as step S101 to S103 shown in FIG. 1.
Illustratively, the computer program 32 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 31, and are executed by the processor 30, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 32 in the server 3 is described.For example, the computer program 32 can be divided
At acquiring unit, searching unit, decryption unit, each unit concrete function is as follows:
Acquiring unit, for obtaining the log-on message of the user, and obtain after monitoring that user logs in first application
Take the account of the first block chain corresponding with the log-on message.
Searching unit, for searching the first authorization message corresponding with the account of the first block chain in the second block chain
Number, and the number of first authorization message is sent to the second application.
Decryption unit, for receive it is described second application return encryption information after, to the encryption information into
Row decryption obtains target data, and the target data is shown to the user, and the target data is second application
In data corresponding with first authorization message.
Optionally, first authorization message is the letter signed using private key for user to the second authorization message
Breath, the private key for user are private key corresponding with the account of the first block chain.
Optionally, first authorization message includes:
Account, authorization time limit and the authorization object of first block chain.
Optionally, the authorization object includes first application and second application.
Optionally, the encryption information includes:
First key and encryption data.
Optionally, the decryption unit includes:
Authentication module, for being tested using the private key of first application the first key in the encryption information
Card, obtains the second key.
Deciphering module, for being decrypted using the encryption data in encryption information described in second key pair,
Obtain the target data.
Fig. 4 is the schematic diagram for the server that further embodiment of this invention provides.As shown in figure 4, the server 4 of the embodiment
Include: processor 40, memory 41 and is stored in the calculating that can be run in the memory 41 and on the processor 40
Machine program 42.The processor 40 is realized when executing the computer program 42 in the acquisition methods embodiment of above-mentioned each data
The step of, such as step S201 to S203 shown in Fig. 2.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 42 in the server 4 is described.For example, the computer program 62 can be divided
At receiving unit, authentication unit, return unit, each unit concrete function is as follows:
Receiving unit, for receiving the number for the first authorization message that the first application is sent, first authorization message
Number is the number of the first authorization message corresponding with the account of the first block chain in the second block chain, the first area chain
Account is to log in the corresponding account of log-on message of the user of first application.
Authentication unit, for obtaining the first authorization corresponding with the number of first authorization message from the second block chain
Information, and first authorization message is authenticated.
Return unit, if the certification for first authorization message passes through, obtain it is described second application in institute
The corresponding target data of the first authorization message is stated, is encrypted to obtain encryption information to the target data, and by the encryption
Information returns to first application.
Optionally, first authorization message is the letter signed using private key for user to the second authorization message
Breath, the private key for user are private key corresponding with the account of the first block chain.
Optionally, first authorization message includes:
Account, authorization time limit and the authorization object of first block chain.
Optionally, the authorization object includes first application and second application.
Optionally, the authentication unit includes:
Searching module, for searching the first block chain corresponding with the number of first authorization message in the first block chain
Account, and corresponding with the account of the first block chain client public key is obtained, using the client public key to described first
Authorization message is verified.
Authentication module, if judging institute for being verified using the client public key to first authorization message
State the authorization object whether the first application belongs in first authorization message.
Judgment module, if belonging to the authorization object in first authorization message for first application, judgement is worked as
Whether the preceding time is within the authorization time limit in first authorization message.
By module, if for current time within the authorization time limit in first authorization message, to described first
The certification of authorization message passes through.
Optionally, the return unit includes:
Module is obtained, for obtaining the account in second application with the first block chain in first authorization message
Corresponding data, and using the data as target data.
Encrypting module obtains encryption data and the second key for the target data to be encrypted.
Signature blocks, for obtaining the public key of first application, and using the public key of first application to described the
Two key signatures, obtain first key.
Packetization module, for the encryption data and the first key to be packaged into encryption information.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list
Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
The server can be desktop PC, notebook, palm PC and cloud server etc. and calculate equipment.Institute
Stating server may include, but be not limited only to, processor, memory.It will be understood by those skilled in the art that Fig. 3/4 are only to take
The example of business device, does not constitute the restriction to server, may include components more more or fewer than diagram, or combine certain
Component or different components, such as the terminal device can also include input-output equipment, network access equipment, bus
Deng.
Alleged processor can be central processing unit (Central Processing Unit, CPU), can also be it
His general processor, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory can be the internal storage unit of the server, such as the hard disk or memory of server.It is described
Memory is also possible to the plug-in type hard disk being equipped on the External memory equipment of the server, such as the server, intelligence
Storage card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card)
Deng.Further, the memory can also both include the internal storage unit of the terminal device 6 or set including external storage
It is standby.The memory is for other programs and data needed for storing the computer program and the terminal device.It is described
Memory can be also used for temporarily storing the data that has exported or will export.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
It may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program code
Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to the requirement made laws in jurisdiction with patent practice
Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium do not include be electric carrier signal and
Telecommunication signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of acquisition methods of data, which is characterized in that the server applied to the first application, which comprises
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the log-on message
The account of corresponding first block chain;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by described
The number of one authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain number of targets
According to, and the target data is shown to the user, the target data is to authorize in second application with described first
The corresponding data of information.
2. the acquisition methods of data as described in claim 1, which is characterized in that first authorization message is to utilize user's private
The information that key signs to the second authorization message, the private key for user are corresponding with the account of the first block chain
Private key;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
3. the acquisition methods of data as described in claim 1, which is characterized in that the encryption information includes:
First key and encryption data;
It is described that the encryption information is decrypted to obtain target data, comprising:
The first key in the encryption information is verified using the private key of first application, obtains the second key;
It is decrypted using the encryption data in encryption information described in second key pair, obtains the target data.
4. a kind of acquisition methods of data, which is characterized in that the server applied to the second application, which comprises
The number for the first authorization message that the first application is sent is received, the number of first authorization message is in the second block chain
The number of the first authorization message corresponding with the account of the first block chain, the account of the first area chain are to log in described first
The corresponding account of the log-on message of the user of application;
The first authorization message corresponding with the number of first authorization message is obtained from the second block chain, and to described first
Authorization message is authenticated;
If passing through to the certification of first authorization message, obtain corresponding with first authorization message in second application
Target data, the target data is encrypted to obtain encryption information, and the encryption information is returned to described first
Using;
First authorization message is the information signed using private key for user to the second authorization message, and the user is private
Key is private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
5. the acquisition methods of data as claimed in claim 4, which is characterized in that it is described that the authorization message is authenticated,
Include:
It searches the account of the first block chain corresponding with the number of the authorization message in the first block chain, and obtains and described the
The corresponding client public key of account of one block chain verifies the authorization message using the client public key;
If being verified using the client public key to the authorization message, it is described to judge whether first application belongs to
Authorization object in authorization message;
If first application belongs to the authorization object in the authorization message, judge whether current time is believed in the authorization
In the authorization time limit in breath;
If current time passes through the certification of the authorization message within the authorization time limit in the authorization message.
6. the acquisition methods of data as claimed in claim 5, which is characterized in that it is described obtain it is described second application in it is described
The corresponding target data of authorization message, is encrypted to obtain encryption information to the target data, comprising:
Data corresponding with the account of the first block chain in the authorization message in second application are obtained, and by the data
As target data;
The target data is encrypted to obtain encryption data and the second key;
The public key of first application is obtained, and using the public key of first application to second key signature, obtains the
One key;
The encryption data and the first key are packaged into encryption information.
7. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In realization such as any one of claims 1 to 3 the method or such as claim when the computer program is executed by processor
The step of any one of 4 to 6 the method.
8. a kind of server, including memory, processor and storage can transport in the memory and on the processor
Capable computer program, which is characterized in that the processor realizes following steps when executing the computer program:
After monitoring that user logs in first application, the log-on message of the user is obtained, and obtain and the log-on message
The account of corresponding first block chain;
Search the number of the first authorization message corresponding with the account of the first block chain in the second block chain, and by described
The number of one authorization message is sent to the second application;
After receiving the encryption information that second application returns, the encryption information is decrypted to obtain number of targets
According to, and the target data is shown to the user, the target data is to authorize in second application with described first
The corresponding data of information.
9. server as claimed in claim 8, which is characterized in that first authorization message is using private key for user to second
The information that authorization message is signed, the private key for user are private key corresponding with the account of the first block chain;
First authorization message includes:
Account, authorization time limit and the authorization object of first block chain;
The authorization object includes first application and second application.
10. a kind of server, including memory, processor and storage can transport in the memory and on the processor
Capable computer program, which is characterized in that the processor is realized when executing the computer program as in claim 4 to 6
The step of any one the method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811182204.6A CN109547404B (en) | 2018-10-11 | 2018-10-11 | Data acquisition method and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811182204.6A CN109547404B (en) | 2018-10-11 | 2018-10-11 | Data acquisition method and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109547404A true CN109547404A (en) | 2019-03-29 |
CN109547404B CN109547404B (en) | 2022-08-19 |
Family
ID=65843771
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811182204.6A Active CN109547404B (en) | 2018-10-11 | 2018-10-11 | Data acquisition method and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109547404B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111193736A (en) * | 2019-12-30 | 2020-05-22 | 江苏恒宝智能系统技术有限公司 | Information authentication method, device, system and storage medium |
CN113011960A (en) * | 2020-11-30 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Block chain-based data access method, device, medium and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180103042A1 (en) * | 2016-10-12 | 2018-04-12 | Bank Of America Corporation | Automated data authentication and service authorization via cryptographic keys in a private blockchain |
WO2018119892A1 (en) * | 2016-12-29 | 2018-07-05 | 深圳前海达闼云端智能科技有限公司 | Method and device for publishing and validating software application program |
CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
US20190312877A1 (en) * | 2016-12-23 | 2019-10-10 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Block chain mining method, device, and node apparatus |
US20190370479A1 (en) * | 2017-02-21 | 2019-12-05 | Coinplug, Inc. | Method for providing simplified account registration service and user authentication service, and authentication server using same |
-
2018
- 2018-10-11 CN CN201811182204.6A patent/CN109547404B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180103042A1 (en) * | 2016-10-12 | 2018-04-12 | Bank Of America Corporation | Automated data authentication and service authorization via cryptographic keys in a private blockchain |
US20190312877A1 (en) * | 2016-12-23 | 2019-10-10 | Cloudminds (Shenzhen) Robotics Systems Co., Ltd. | Block chain mining method, device, and node apparatus |
WO2018119892A1 (en) * | 2016-12-29 | 2018-07-05 | 深圳前海达闼云端智能科技有限公司 | Method and device for publishing and validating software application program |
US20190370479A1 (en) * | 2017-02-21 | 2019-12-05 | Coinplug, Inc. | Method for providing simplified account registration service and user authentication service, and authentication server using same |
CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111193736A (en) * | 2019-12-30 | 2020-05-22 | 江苏恒宝智能系统技术有限公司 | Information authentication method, device, system and storage medium |
CN113011960A (en) * | 2020-11-30 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Block chain-based data access method, device, medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109547404B (en) | 2022-08-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gao et al. | Privacy-preserving auction for big data trading using homomorphic encryption | |
CN109478279A (en) | Method and system for realizing block chain | |
CN109460966A (en) | Contract signing method, apparatus and terminal device based on requesting party's classification | |
CN101221641B (en) | On-line trading method and its safety affirmation equipment | |
CN113014539B (en) | Internet of things equipment safety protection system and method | |
CN108234115A (en) | The verification method of information security, device and system | |
CN104715187A (en) | Method and apparatus used for authenticating nodes of electronic communication system | |
CN108989346A (en) | The effective identity trustship agility of third party based on account concealment authenticates access module | |
CN1921395B (en) | Method for improving security of network software | |
CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
Chen et al. | An IoT-based traceable drug anti-counterfeiting management system | |
CN102238193A (en) | Data authentication method and system using same | |
CN106576047B (en) | Make Password Operations from the method and apparatus of malicious modification | |
CN109361697A (en) | The method for realizing trusted identity certification based on SIM card load PKI | |
CN109815659A (en) | Safety certifying method, device, electronic equipment and storage medium based on WEB project | |
CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
CN115147224A (en) | Transaction data sharing method and device based on alliance chain | |
CN110035076A (en) | Trusted access method, trusted client and server towards energy internet | |
CN103281180B (en) | User is protected to access the bill generation method of privacy in a kind of network service | |
CN109547404A (en) | The acquisition methods and server of data | |
CN108965315A (en) | A kind of authentic authentication method of terminal device, device and terminal device | |
CN104753879B (en) | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider | |
CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
CN105072136B (en) | A kind of equipment room safety certifying method and system based on virtual drive | |
CN109768969A (en) | Authority control method and internet-of-things terminal, electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |