CN109547404B - Data acquisition method and server - Google Patents
Data acquisition method and server Download PDFInfo
- Publication number
- CN109547404B CN109547404B CN201811182204.6A CN201811182204A CN109547404B CN 109547404 B CN109547404 B CN 109547404B CN 201811182204 A CN201811182204 A CN 201811182204A CN 109547404 B CN109547404 B CN 109547404B
- Authority
- CN
- China
- Prior art keywords
- application
- information
- authorization information
- authorization
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention is suitable for the technical field of block chains, and provides a data acquisition method and a server, wherein the data acquisition method comprises the following steps: after monitoring that a user logs in the first application, acquiring login information of the user, and acquiring an account of a first block chain corresponding to the login information; searching a number of first authorization information corresponding to an account number of the first block chain in a second block chain, and sending the number of the first authorization information to a second application; and after receiving the encrypted information returned by the second application, decrypting the encrypted information to obtain target data, and displaying the target data to the user, wherein the target data is the data corresponding to the first authorization information in the second application. By the method, the problem of low efficiency in acquiring data in a plurality of application programs is effectively solved.
Description
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a data acquisition method and a server.
Background
With the explosion of the internet, the fragmentation of personal data becomes more and more serious, and the personal data cannot be efficiently aggregated due to the inconsistency of standards of various service providers. For example, a user wants to check a mail, and see whether a friend concerned by a microblog has a new dynamic state, and then also wants to see whether the microblog has a new message, and then see the trend of two stocks bought by the user, and finally, whether a game played by the user has friends online or not. At present, to realize the above operations, i.e. to view personal data in multiple application programs, it is a common practice to open different software for login and viewing one by using different account passwords. The existing mode is more complicated, and the efficiency of acquiring application data is lower.
Disclosure of Invention
In view of this, embodiments of the present invention provide a data obtaining method and a server, so as to solve the problem in the prior art that efficiency is low when obtaining data in multiple application programs.
In a first aspect of the embodiments of the present invention, a method for acquiring data is provided, where the method is applied to a server of a first application, and the method may include:
after monitoring that a user logs in the first application, acquiring login information of the user, and acquiring an account of a first block chain corresponding to the login information;
searching a number of first authorization information corresponding to an account number of the first block chain in a second block chain, and sending the number of the first authorization information to a second application;
and after receiving the encrypted information returned by the second application, decrypting the encrypted information to obtain target data, and displaying the target data to the user, wherein the target data is the data corresponding to the first authorization information in the second application.
In a second aspect of the embodiments of the present invention, a method for acquiring data is provided, where the method is applied to a server of a second application, and the method may include:
receiving a number of first authorization information sent by a first application, wherein the number of the first authorization information is a number of first authorization information corresponding to an account of a first block chain in a second block chain, and the account of the first block chain is an account corresponding to login information of a user logging in the first application;
acquiring first authorization information corresponding to the number of the first authorization information from a second block chain, and authenticating the first authorization information;
if the first authorization information passes the authentication, acquiring target data corresponding to the first authorization information in the second application, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application;
the first authorization information is obtained by signing second authorization information by using a user private key, and the user private key is a private key corresponding to an account of the first block chain;
the first authorization information includes:
an account number, an authorization time limit and an authorization object of the first block chain;
the authorization object includes the first application and the second application.
In a third aspect of embodiments of the present invention, a computer-readable storage medium is provided, in which a computer program is stored, which, when executed by a processor, implements the steps of the method as provided in the first or second aspect of embodiments of the present invention.
In a fourth aspect of the embodiments of the present invention, there is provided a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the following steps when executing the computer program:
after monitoring that a user logs in the first application, acquiring login information of the user, and acquiring an account of a first block chain corresponding to the login information;
searching a number of first authorization information corresponding to an account number of the first block chain in a second block chain, and sending the number of the first authorization information to a second application;
and after receiving the encrypted information returned by the second application, decrypting the encrypted information to obtain target data, and displaying the target data to the user, wherein the target data is data corresponding to the first authorization information in the second application.
In a fifth aspect of the embodiments of the present invention, there is provided a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the following steps when executing the computer program:
receiving a number of first authorization information sent by a first application, wherein the number of the first authorization information is a number of first authorization information corresponding to an account of a first block chain in a second block chain, and the account of the first block chain is an account corresponding to login information of a user logging in the first application;
acquiring first authorization information corresponding to the number of the first authorization information from a second block chain, and authenticating the first authorization information;
and if the first authorization information passes the authentication, acquiring target data corresponding to the first authorization information in the second application, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
when a first application needs to acquire data in a second application, an account number of a first block chain corresponding to login information of a user is acquired, a number of first authorization information corresponding to a second block chain is acquired according to the account number of the first block chain, and the number of the first authorization information is sent to the second application; the second application firstly obtains corresponding first authorization information according to the received serial number of the first authorization information, then authenticates the first authorization information, and returns data corresponding to the first authorization information in the second application to the first application after the authentication is passed. By the method, the user can check the data in the second application through the first application, so that the complicated steps of logging in the applications one by one are avoided, and the efficiency of acquiring the data of the multiple applications is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required to be used in the embodiments or the prior art description will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings may be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic implementation flow diagram of a data acquisition method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating an implementation of a data obtaining method according to another embodiment of the present invention;
FIG. 3 is a schematic diagram of a server provided by an embodiment of the invention;
fig. 4 is a schematic diagram of a server according to another embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items and includes such combinations.
Before describing the embodiment of the present invention, an application scenario of the embodiment of the present invention is described. When a user wants to acquire personal data in a plurality of applications, the user may first log in one of the applications (the application is used as a first application) and use an application other than the first application as a second application. The server of the first application acquires the corresponding account number of the first block chain according to the login information of the user, searches the number of first authorization information corresponding to the account number of the first block chain in the second block chain, and sends the number of the first authorization information to the second application; and the server of the second application acquires the corresponding first authorization information in the second block chain according to the received serial number of the first authorization information, authenticates the first authorization information, and returns the data corresponding to the first authorization information in the second application to the first application after the authentication is passed. Therefore, the user can acquire the personal data in the second application through the first application only by logging in the first application.
The embodiment of the invention is implemented on the premise that a user needs to register in a first block chain in advance to obtain an account number of the first block chain; writing second authorization information in the second block chain according to the account number of the first block chain, and signing the second authorization information by using a user private key of the user private key to obtain first authorization information (the first authorization information comprises the account number of the first block chain, authorization time limit and authorization objects, and the authorization objects refer to all applications); after the first authorization information is successfully written, the second block chain returns the serial number of the first authorization information to the user; the user can bind the account of the first block chain with the number of the first authorization information, and bind the account of the first block chain with the login information of each authorization object in the first authorization information respectively.
The account number and the first authorization information of the first block chain are respectively stored in different block chains, namely the account number and the information are stored separately, so that the privacy of the user information is effectively improved. And the block chain has the characteristic of being not falsifiable, so that the safety of information in the process of acquiring data by a user is further improved. Moreover, the user only needs to write the second authorization information once, and each application can acquire the personal data of the user in other applications according to the first authorization information, so that the efficiency of acquiring the multi-application data is greatly improved.
In order to illustrate the technical means of the present invention, the following description is given by way of specific examples.
Fig. 1 is a schematic implementation flow diagram of a data obtaining method provided in an embodiment of the present invention, where the embodiment of the present invention is applied to a server of a first application, and as shown in the figure, the method may include the following steps:
step S101, after monitoring that a user logs in the first application, acquiring login information of the user, and acquiring an account of a first block chain corresponding to the login information.
The login information refers to information required by the user to log in the first application. Because the user binds the login information of the first application with the account number of the first block chain in advance, the corresponding account number of the first block chain can be directly obtained according to the login information.
Step S102, a number of first authorization information corresponding to an account of the first block chain in a second block chain is searched, and the number of the first authorization information is sent to a second application.
Because the user binds the number of the first authorization information with the account number of the first block chain in advance, the number of the corresponding first authorization information in the second block chain can be directly searched according to the account number of the first block chain.
The first authorization information is obtained by signing second authorization information by using a user private key, and the user private key is a private key corresponding to an account of the first block chain;
the first authorization information includes:
an account number, an authorization time limit and an authorization object of the first block chain;
the authorization object includes the first application and the second application.
Illustratively, the first authorization information AUTH-0x000001 is: pre-authorization to 0x83745a (the account number the user registered in the first blockchain) gives access to GMAIL, WeChat and Facebook at 20: 30-21: 00. AUTH-0x000001 is a number of the first authorization information, 0x83745a is an account number of the first block chain, 20: 30-21: 00 is an authorization time limit, and GMAIL, WeChat and Facebook are authorization objects. Furthermore, account number 0x83745a of the first block chain has been bound to each authorization object, i.e., GMAIL, WeChat and Facebook. It should be noted that the foregoing is only an example of the first authorization information, and the form and content of the first authorization information are not specifically limited.
Exemplary authorization objects are GMAIL, WeChat and Facebook, and when a user wants to acquire personal data in GMAIL and WeChat after logging in Facebook, the Facebook is used as a first application, and GMAIL and WeChat are used as second applications. In other words, the first application may be used to represent an application as a requestor and the second application may be used to represent an application as a requestor. Where "first" and "second" are not used for counting or sorting.
And after the first application sends the serial number of the first authorization information to the second application, waiting for the second application to return corresponding encryption information. The implementation steps of the second application can be seen in the description of the embodiment in fig. 2.
Fig. 2 is a schematic implementation flow diagram of a data obtaining method according to another embodiment of the present invention, where the embodiment of the present invention is applied to a server of a second application, and as shown in the drawing, the method may include the following steps:
step S201, receiving a number of first authorization information sent by a first application, where the number of the first authorization information is a number of first authorization information corresponding to an account of a first block chain in a second block chain, and the account of the first block chain is an account corresponding to login information of a user logging in the first application.
The first authorization information is obtained by signing second authorization information by using a user private key, and the user private key is a private key corresponding to an account of the first block chain;
the first authorization information includes:
an account number, an authorization time limit and an authorization object of the first block chain;
the authorization object includes the first application and the second application.
Step S202, acquiring first authorization information corresponding to the number of the first authorization information from a second block chain, and authenticating the first authorization information.
Because the user writes the first authorization information in the second block chain, when the writing is successful, the second block chain generates a corresponding number and returns the number to the user. The corresponding first authorization information can be obtained according to the number of the first authorization information.
In one embodiment, the authenticating the first authorization information includes:
and searching an account number of the first block chain corresponding to the number of the first authorization information in the first block chain, acquiring a user public key corresponding to the account number of the first block chain, and verifying the first authorization information by using the user public key.
The user signs the first authorization information by using the own user private key, and correspondingly, the first authorization information also needs to be verified by using the own user public key of the user. For example, the first authorization information of the user a can be acquired by using the public key of the user a, the first authorization information of the user B can be acquired by using the public key of the user B, and the first authorization information of the user B cannot be acquired by using the public key of the user a. The second application "verifies the first authorization information by using the user public key" is the first re-verification in the data obtaining method of the present invention, that is, the first authorization information of the user can be obtained only by using the user public key of the user. The re-authentication can prevent other users from acquiring the personal information of the user, namely prevent the personal data of the user from being divulged, and improve the privacy of the personal data of the user.
And if the first authorization information is verified by using the user public key, judging whether the first application belongs to an authorization object in the first authorization information.
Here, the second authentication is performed, and the authentication process is to ensure a valid range of data acquisition. I.e. only data in applications belonging to authorized objects can be acquired.
And if the first application belongs to the authorized object in the first authorization information, judging whether the current time is within the authorization time limit in the first authorization information.
Here, the authentication process is a third authentication process, and the authentication process is to ensure the timeliness of data acquisition, that is, data belonging to an application corresponding to authorization can be acquired only in a valid time.
And if the current time is within the authorization time limit in the first authorization information, the first authorization information is authenticated.
Illustratively, the first application sends the number of the first authorization information I to the second application a and the second application B at the same time, where the second application a belongs to the authorization object of the first authorization information I, and the second application B does not belong to the authorization object of the first authorization information I. Then, the second re-authentication of the second application B is not passed, and the data in the second application B cannot be acquired. And the second re-authentication of the second application A passes, and then whether the current time is within the authorization time limit in the first authorization information is judged. And if the current time is 20:00 and the authorization time limit is 10: 00-22: 00, judging that the current time is within the authorization time limit, namely the third authentication is passed. And then the authentication of the first authorization information is judged to pass.
Step S203, if the first authorization information is authenticated, obtaining target data corresponding to the first authorization information in the second application, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application.
In one embodiment, the obtaining target data corresponding to the first authorization information in the second application, and encrypting the target data to obtain encrypted information includes:
and acquiring data corresponding to the account of the first block chain in the first authorization information in the second application, and taking the data as target data.
Here also to ensure privacy of the user's personal information. And the data corresponding to the account of the first block chain is the personal data of the current user in the second application. In other words, the second application will only return the personal data of user a to user a, and not the personal data of user B to user a, and the method for distinguishing the data of different users is to distinguish according to the account number of the first blockchain of the user.
And encrypting the target data to obtain encrypted data and a second key.
The encryption processing may adopt an Advanced Encryption Standard (AES) encryption method.
And acquiring the public key of the first application, and signing the second key by using the public key of the first application to obtain a first key.
And packaging the encrypted data and the first key into encrypted information.
The second application obtains corresponding encrypted information according to the number of the first authorization information sent by the first application, and returns the encrypted information to the first application. The implementation steps of the first application are then as follows:
step S103, after receiving the encrypted information returned by the second application, decrypting the encrypted information to obtain target data, and displaying the target data to the user, wherein the target data is data corresponding to the first authorization information in the second application.
Wherein the encryption information includes:
a first key and encrypted data.
In one embodiment, the decrypting the encrypted information to obtain the target data includes:
and verifying the first key in the encrypted information by using the private key of the first application to obtain a second key.
And decrypting the encrypted data in the encrypted information by using the second key to obtain the target data.
Since the second application is signed with the public key of the first application, the second key can only be verified with the private key of the first application, whereas only the first application has the private key of the first application. Therefore, it can be regarded as the fourth authentication of the data acquisition method of the present invention here. This re-authentication may ensure the security of the data transmission. That is, when a failure occurs or the second application mistakenly sends the encrypted information to other applications, the other applications cannot decrypt the encrypted information because the other applications do not have the private key of the first application. The privacy and the safety of the personal data of the user are better protected.
The process of "performing decryption processing on the encrypted data by using the second key" in the first application is reciprocal to the process of "performing encryption processing on the target data to obtain the encrypted data and the second key" in the second application, that is, what method is used in the second application to perform encryption processing on the target data, and the same method is used in the first application to perform decryption on the encrypted data. Assuming that the target data is encrypted by the AES encryption method in the second application, the first application decrypts the encrypted data by the AES decryption method.
In the embodiment of the invention, the authentication process is performed for four times in total, and the first application can acquire the personal data of the user in the second application.
In addition, in the prior art, if the application a needs to acquire data of the application B, the application a needs to acquire authorization of the application B, and if the application a needs to acquire data of a plurality of other applications, the user needs to perform multiple authorization operations, that is, a one-to-one authorization manner; the application A can acquire the authorization of another application after acquiring the authorization of one application, and belongs to a serial authorization mode. In the invention, if the application A needs to obtain the data of a plurality of other applications, the number of the first authorization information can be simultaneously sent to the plurality of applications, and the applications can simultaneously obtain the corresponding first authorization information from the second block chain according to the number of the first authorization information, authenticate the applications respectively, and after the authentication is passed, the applications respectively return the respective data to the application A. In such a way, the user only needs to authorize once, and the application A only needs to initiate a request once, so that the data in a plurality of other applications can be obtained simultaneously, namely, the one-to-many authorization mode belongs to a parallel authorization mode. The method greatly improves the efficiency of acquiring data by multiple applications, simplifies the operation steps of the user and improves the user experience.
When a first application needs to acquire data in a second application, an account number of a first block chain corresponding to login information of a user is acquired, a number of first authorization information corresponding to a second block chain is acquired according to the account number of the first block chain, and the number of the first authorization information is sent to the second application; the second application firstly obtains corresponding first authorization information according to the received serial number of the first authorization information, then authenticates the first authorization information, and returns data corresponding to the first authorization information in the second application to the first application after the authentication is passed. By the method, the user can check the data in the second application through the first application, so that the complicated step of logging in the applications one by one is avoided, and the efficiency of acquiring the data of the multiple applications is effectively improved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 is a schematic diagram of a server provided in an embodiment of the present invention. As shown in fig. 3, the server 3 of this embodiment includes: a processor 30, a memory 31 and a computer program 32 stored in said memory 31 and executable on said processor 30. The processor 30 executes the computer program 32 to implement the steps in the above-mentioned embodiments of the data acquisition method, such as the steps S101 to S103 shown in fig. 1.
Illustratively, the computer program 32 may be partitioned into one or more modules/units that are stored in the memory 31 and executed by the processor 30 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 32 in the server 3. For example, the computer program 32 may be divided into an acquisition unit, a search unit, and a decryption unit, and each unit specifically functions as follows:
the obtaining unit is used for obtaining login information of the user and obtaining an account of the first block chain corresponding to the login information after the user is monitored to log in the first application.
And the searching unit is used for searching the serial number of the first authorization information corresponding to the account number of the first block chain in the second block chain and sending the serial number of the first authorization information to the second application.
And the decryption unit is used for decrypting the encrypted information to obtain target data after receiving the encrypted information returned by the second application, and displaying the target data to the user, wherein the target data is data corresponding to the first authorization information in the second application.
Optionally, the first authorization information is obtained by signing second authorization information with a user private key, and the user private key is a private key corresponding to an account of the first block chain.
Optionally, the first authorization information includes:
account number, authorization time limit and authorization object of the first block chain.
Optionally, the authorization object includes the first application and the second application.
Optionally, the encryption information includes:
a first key and encrypted data.
Optionally, the decryption unit includes:
and the verification module is used for verifying the first key in the encrypted information by using the private key of the first application to obtain a second key.
And the decryption module is used for decrypting the encrypted data in the encrypted information by using the second key to obtain the target data.
Fig. 4 is a schematic diagram of a server according to another embodiment of the present invention. As shown in fig. 4, the server 4 of this embodiment includes: a processor 40, a memory 41 and a computer program 42 stored in said memory 41 and executable on said processor 40. The processor 40 implements the steps in the above-mentioned embodiment of the method for acquiring various data, such as steps S201 to S203 shown in fig. 2, when executing the computer program 42.
Illustratively, the computer program 42 may be partitioned into one or more modules/units, which are stored in the memory 41 and executed by the processor 40 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 42 in the server 4. For example, the computer program 62 may be divided into a receiving unit, an authentication unit, and a return unit, and the specific functions of each unit are as follows:
the receiving unit is used for receiving a number of first authorization information sent by a first application, the number of the first authorization information is a number of first authorization information corresponding to an account of a first block chain in a second block chain, and the account of the first area chain is an account corresponding to login information of a user logging in the first application.
And the authentication unit is used for acquiring first authorization information corresponding to the number of the first authorization information from a second block chain and authenticating the first authorization information.
And the returning unit is used for acquiring target data corresponding to the first authorization information in the second application if the first authorization information is authenticated, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application.
Optionally, the first authorization information is obtained by signing second authorization information with a user private key, and the user private key is a private key corresponding to an account of the first block chain.
Optionally, the first authorization information includes:
the account number, the authorization time limit and the authorization object of the first block chain.
Optionally, the authorization object includes the first application and the second application.
Optionally, the authentication unit includes:
the searching module is used for searching an account number of the first block chain corresponding to the serial number of the first authorization information in the first block chain, acquiring a user public key corresponding to the account number of the first block chain, and verifying the first authorization information by using the user public key.
And the verification module is used for judging whether the first application belongs to an authorized object in the first authorization information if the first authorization information is verified by using the user public key.
And the judging module is used for judging whether the current time is within the authorization time limit in the first authorization information if the first application belongs to the authorization object in the first authorization information.
And the passing module is used for passing the authentication of the first authorization information if the current time is within the authorization time limit in the first authorization information.
Optionally, the returning unit includes:
and the acquisition module is used for acquiring data corresponding to the account of the first block chain in the first authorization information in the second application and taking the data as target data.
And the encryption module is used for encrypting the target data to obtain encrypted data and a second key.
And the signature module is used for acquiring the public key of the first application and signing the second secret key by using the public key of the first application to obtain a first secret key.
And the packaging module is used for packaging the encrypted data and the first key into encrypted information.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The server can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The server may include, but is not limited to, a processor, a memory. Those skilled in the art will appreciate that the diagram 3/4 is merely an example of a server and is not intended to be limiting, and may include more or fewer components than those shown, or some components may be combined, or different components, e.g., the terminal device may also include input output devices, network access devices, buses, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage may be an internal storage unit of the server, such as a hard disk or a memory of the server. The memory may also be an external storage device of the server, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like provided on the server. Further, the memory may also include both an internal storage unit of the terminal device 6 and an external storage device. The memory is used for storing the computer program and other programs and data required by the terminal device. The memory may also be used to temporarily store data that has been output or is to be output.
In the above embodiments, the description of each embodiment has its own emphasis, and reference may be made to the related description of other embodiments for parts that are not described or recited in any embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U.S. disk, removable hard disk, magnetic diskette, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signal, telecommunications signal, and software distribution medium, etc. It should be noted that the computer readable medium may contain suitable additions or subtractions depending on the requirements of legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media may not include electrical carrier signals or telecommunication signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A method for acquiring data, applied to a server of a first application, the method comprising:
after monitoring that a user logs in the first application, acquiring login information of the user, and acquiring an account of a first block chain corresponding to the login information;
searching a number of first authorization information corresponding to an account number of the first block chain in a second block chain, and sending the number of the first authorization information to a second application; acquiring first authorization information corresponding to the number of the first authorization information from a second block chain, and authenticating the first authorization information; if the first authorization information passes the authentication, acquiring target data corresponding to the first authorization information in the second application, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application;
and after receiving the encrypted information returned by the second application, decrypting the encrypted information to obtain target data, and displaying the target data to the user, wherein the target data is data corresponding to the first authorization information in the second application.
2. The method for acquiring data according to claim 1, wherein the first authorization information is information obtained by signing second authorization information using a user private key, and the user private key is a private key corresponding to an account of the first blockchain;
the first authorization information includes:
an account number, an authorization time limit and an authorization object of the first block chain;
the authorization object includes the first application and the second application.
3. The method for acquiring data according to claim 1, wherein the encryption information includes:
a first key and encrypted data;
the decrypting the encrypted information to obtain the target data includes:
verifying a first key in the encrypted information by using a private key of the first application to obtain a second key;
and decrypting the encrypted data in the encrypted information by using the second key to obtain the target data.
4. A method for acquiring data, wherein the method is applied to a server of a second application, and the method comprises:
receiving a number of first authorization information sent by a first application, wherein the number of the first authorization information is a number of first authorization information corresponding to an account of a first block chain in a second block chain, and the account of the first block chain is an account corresponding to login information of a user logging in the first application;
acquiring first authorization information corresponding to the number of the first authorization information from a second block chain, and authenticating the first authorization information;
if the first authorization information passes the authentication, acquiring target data corresponding to the first authorization information in the second application, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application;
the first authorization information is obtained by signing second authorization information by using a user private key, and the user private key is a private key corresponding to an account of the first block chain;
the first authorization information includes:
an account number, an authorization time limit and an authorization object of the first block chain;
the authorization object includes the first application and the second application.
5. The method for acquiring data according to claim 4, wherein the authenticating the authorization information includes:
searching an account number of the first block chain corresponding to the serial number of the authorization information in the first block chain, acquiring a user public key corresponding to the account number of the first block chain, and verifying the authorization information by using the user public key;
if the authorization information is verified by using the user public key, judging whether the first application belongs to an authorization object in the authorization information;
if the first application belongs to an authorized object in the authorization information, judging whether the current time is within the authorization time limit in the authorization information;
and if the current time is within the authorization time limit in the authorization information, the authorization information is authenticated.
6. The method for acquiring data according to claim 5, wherein the acquiring target data corresponding to the authorization information in the second application, and encrypting the target data to obtain encrypted information, includes:
acquiring data corresponding to the account of the first block chain in the authorization information in the second application, and taking the data as target data;
encrypting the target data to obtain encrypted data and a second secret key;
acquiring a public key of the first application, and signing the second key by using the public key of the first application to obtain a first key;
and packaging the encrypted data and the first key into encrypted information.
7. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 3 or the steps of the method according to any one of claims 4 to 6.
8. A server comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of:
after monitoring that a user logs in a first application, acquiring login information of the user and acquiring an account of a first block chain corresponding to the login information;
searching a serial number of first authorization information corresponding to an account number of the first block chain in a second block chain, and sending the serial number of the first authorization information to a second application; acquiring first authorization information corresponding to the number of the first authorization information from a second block chain, and authenticating the first authorization information; if the first authorization information passes the authentication, acquiring target data corresponding to the first authorization information in the second application, encrypting the target data to obtain encrypted information, and returning the encrypted information to the first application;
and after receiving the encrypted information returned by the second application, decrypting the encrypted information to obtain target data, and displaying the target data to the user, wherein the target data is the data corresponding to the first authorization information in the second application.
9. The server according to claim 8, wherein the first authorization information is information obtained by signing second authorization information with a user private key, and the user private key is a private key corresponding to an account of the first block chain;
the first authorization information includes:
an account number, an authorization time limit and an authorization object of the first block chain;
the authorization object includes the first application and the second application.
10. A server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor realizes the steps of the method according to any one of claims 4 to 6 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811182204.6A CN109547404B (en) | 2018-10-11 | 2018-10-11 | Data acquisition method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811182204.6A CN109547404B (en) | 2018-10-11 | 2018-10-11 | Data acquisition method and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109547404A CN109547404A (en) | 2019-03-29 |
| CN109547404B true CN109547404B (en) | 2022-08-19 |
Family
ID=65843771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811182204.6A Active CN109547404B (en) | 2018-10-11 | 2018-10-11 | Data acquisition method and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109547404B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111193736B (en) * | 2019-12-30 | 2020-12-29 | 江苏恒宝智能系统技术有限公司 | Information authentication method, device, system and storage medium |
| CN113011960A (en) * | 2020-11-30 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Block chain-based data access method, device, medium and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018119892A1 (en) * | 2016-12-29 | 2018-07-05 | 深圳前海达闼云端智能科技有限公司 | Method and device for publishing and validating software application program |
| CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10361853B2 (en) * | 2016-10-12 | 2019-07-23 | Bank Of America Corporation | Automated data authentication and service authorization via cryptographic keys in a private blockchain |
| US11115418B2 (en) * | 2016-12-23 | 2021-09-07 | Cloudminds (Shanghai) Robotics Co., Ltd. | Registration and authorization method device and system |
| KR101816650B1 (en) * | 2017-02-21 | 2018-01-09 | 주식회사 코인플러그 | Method for providing simplified account registration service and authentication service, and authentication server using the same |
-
2018
- 2018-10-11 CN CN201811182204.6A patent/CN109547404B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018119892A1 (en) * | 2016-12-29 | 2018-07-05 | 深圳前海达闼云端智能科技有限公司 | Method and device for publishing and validating software application program |
| CN108632284A (en) * | 2018-05-10 | 2018-10-09 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing device based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109547404A (en) | 2019-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12093419B2 (en) | Methods and devices for managing user identity authentication data | |
| AU2017204853B2 (en) | Data security service | |
| CN110036613B (en) | System and method for providing identity authentication for decentralized applications | |
| CN102546171B (en) | Secure element authentication method | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN108234115B (en) | Information security verification method, device and system | |
| CN117579281A (en) | Method and system for ownership verification using blockchain | |
| CA2899027C (en) | Data security service | |
| CN109905360B (en) | Data verification method and terminal equipment | |
| CN106452775A (en) | Method and apparatus for accomplishing electronic signing and signing server | |
| CN101588245A (en) | A kind of method of authentication, system and memory device | |
| CN111161056A (en) | Method, system and equipment for improving transaction security of digital assets | |
| CN109547404B (en) | Data acquisition method and server | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN107395350B (en) | Method and system for generating key and key handle and intelligent key safety equipment | |
| US20180218363A1 (en) | Payment instrument management with key tokenization | |
| CN116204903A (en) | Financial data security management method and device, electronic equipment and storage medium | |
| CN105072136A (en) | Method and system for security authentication between devices based on virtual drive | |
| US20180218357A1 (en) | Export high value material based on ring 1 evidence of ownership | |
| CN114238915A (en) | Digital certificate adding method and device, computer equipment and storage medium | |
| KR101936941B1 (en) | Electronic approval system, method, and program using biometric authentication | |
| CN110098915B (en) | Authentication method and system, and terminal | |
| CN110619236A (en) | File authorization access method, device and system based on file credential information | |
| CN109474624B (en) | Application program authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |