CN109714169A - It is a kind of based on the credible distribution platform of data strictly authorized and its circulation method - Google Patents
It is a kind of based on the credible distribution platform of data strictly authorized and its circulation method Download PDFInfo
- Publication number
- CN109714169A CN109714169A CN201811563453.XA CN201811563453A CN109714169A CN 109714169 A CN109714169 A CN 109714169A CN 201811563453 A CN201811563453 A CN 201811563453A CN 109714169 A CN109714169 A CN 109714169A
- Authority
- CN
- China
- Prior art keywords
- data
- platform
- main body
- interface
- authorized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention discloses a kind of based on the credible distribution platform of data strictly authorized and its circulation method.Platform is made of operating side management system, client management system, mobile terminal SDK, data routing system, data storage layer, Third Party Authentication with card six parts of platform are deposited.The participant of data circulation model includes data requirements main body, data ownership main body, data provider, data are credible distribution platform, Third Party Authentication and deposits card platform.Data circulation is a kind of new things being born under internet economy background, new industry situation, belongs to emerging field and therefore forms a standardized circulation systems not yet, lacks common recognition in each link that circulates between the main body that circulates.The present invention can help enterprise or orderly data circulation stream journey is improved in personal implementation, and unified circulation rule eliminates data among enterprises imbalance between supply and demand.
Description
Technical field
The invention belongs to the data fields of circulation, are related to data circulation model, data grant technology technology, specifically a kind of base
In the credible distribution platform of data and its circulation method that strictly authorize.
Background technique
Data generate, data circulate and data application is the complete industrial chain in big data ecology, and data intermediate links
Even more get through the key node of this industrial chain.Even pointed out in policy " to guide and cultivate big data trade market, carry out towards
The data trade market pilot of application is explored and carries out the transaction of big data derived product, encourages the main market players of each link of industrial chain
Data exchange and transaction are carried out, data resource circulation is promoted, establishes and improve data resource mechanism of exchange and pricing mechanism, specification is handed over
It is easy for etc. a series of thinkings and behave for perfecting market development mechanism ", this, which is undoubtedly, from policy level has affirmed data flow
Lead to the important value in society and market economy.
But undeniably the current data field of circulation is there is " shared " area of grey, does not focus on secret protection, no
The problems such as respect attribution data power, the data flowthrough mechanism not standardized, all causes threat to data safety, or even touches
Legal deadline.Therefore a set of perfect data circulation model is needed, realizes that data grant, data add in multistage circulation scene
Close, data traceability is so that the entire data flow passage of specification is.To solve the above-mentioned problems, a solution is now provided.
Summary of the invention
The purpose of the present invention is to provide a kind of based on the credible distribution platform of data strictly authorized.
The purpose of the present invention can be achieved through the following technical solutions:
It is a kind of sub based on the credible distribution platform of data strictly authorized, including operating side management subsystem, client-side management
System, mobile terminal SDK, data routing subsystem, data storage layer, third party service layer;
Wherein, the operation management subsystem is for assert the qualification for moving in data requirements main body, it is ensured that is selected for a post by audit
It is all regular legal for choosing the data requirements main body that platform is moved in, and creates a client-side management system for data requirements main body
The login account of system;
The operation management subsystem is also used to audit the application that data requirements main body is linked into platform, specifies enterprise's needs
The content of the data of circulation closes rule detection for data;It is signed with data requirements main body and applies access protocol, using access protocol
It is signed using digital signature technology, and carries out trustship preservation in third party Cun Zheng service organization;For answering for each access
With a unique APP_ID is generated, the unique identification in platform is applied as this;
Wherein, the data requirements main body that logs in of the client-side management subsystem must be by qualification certification, demand
Main body creates the data application information of oneself on platform and is submitted to the audit of operation management subsystem;
Wherein, the data application information must include data flow incoming interface, and the data flow incoming interface is for receiving number
It, after the approval can be for using binding data provider according to the data that provider sends;To audit the application choosing passed through
Affiliate is selected as data provider, client management system is that each data provider generation one is unique secret
Key S_KEY makees the voucher that data provider participates in data circulation;Data requirements main body needs to provide APP_ID and S_KEY
Data provider is given, to be embedded in mobile terminal SDK in the application system of oneself;
The mobile terminal SDK includes the SDK of android operating system and the SDK of IOS operating system, provide the testimony of a witness veritify,
EID is veritified, authorized agreement is signed and authorization historical query function.
All data for being related to unique individual's equity must be authorized from attribution data people and could be provided to data requirements main body,
Steps are as follows in SDK completion Authorized operation by attribution data people:
Step 1: ownership person part is veritified;Two kinds of veritification modes are provided;
S1: the first is that the testimony of a witness veritifies mode, mainly extracts human face photo using face living body technology and uploads identity card
Photo confirms ownership person part by OCR and face alignment technology;
S2: second is eID carrier patch mode card, uses the NFC technique of mobile device, dedicated EID chip reader
The eID coding in carrier is read, the eID network identity operating agency IDSO for uploading the Third Research Institute of Ministry of Public Security's certification carries out identity
Confirmation;
Step 2: authorized agreement signature;Authorized agreement is first presented to ownership people in mobile terminal for PDF format and checks, if
Agree to authorization, is signed electronically using the digital certificate that the CA mechanism with national authentication qualification issues, it will be by signature
Certificate is uploaded to the third party Cun Zheng mechanism with related qualification and carries out trustship;
Step 3: data signature and data encryption;The data to be circulated are digitally signed using S_KEY, using dynamic
Data after state secret key pair signature carry out symmetric cryptography, data signature in order to prevent data in transmission process by usurping
Change, make with non repudiation, data encryption be in order to prevent data in transmission process by stealing, guarantee data security
Safety;
Wherein, the data routing subsystem is for being connected to mobile terminal SDK, operating side management subsystem, client-side management
Subsystem, data storage layer, third party service layer and data flow into interface;
The data that SDK is uploaded are decrypted using dynamic code key to be formed in plain text for the data routing subsystem, then make
S_KEY is used to be digitally signed sign test in plain text as secret key pair, it is ensured that data are not distorted;
The data routing subsystem is checked engine using data conjunction rule to conjunction rule detection is carried out in plain text, and the data route
Subsystem be used to check sensitive content situation in data and with consistent situation, sensitive content is containing harmful national security and society
Content that can be stable, consistent situation are that data and the statement of party in request's data requirements are consistent;When in data exist comprising sensitive content,
When middle any case inconsistent with demand, then the data flow incoming interface of data requirements side is not pushed to;
Wherein, the log recording engine of the data routing subsystem all records each sub-authorization and transmission, protects
It deposits to data storage layer, accomplishes to have good grounds, dates back;
The data storage layer includes relevant database and non-relational database;The relevant database is supported
For ACID db transaction to guarantee the data correctness in circulation services, the non-relational database does not need predefined number
According to mode, predefined table structure is stored on each local server after being divided data using no share framework, has elasticity
Expansible characteristic is very suitable to the demand of magnanimity and the storage of random daily record data;
The third party service layer is Third Party Authentication and deposits card platform, and the third party service layer has state for docking
The CA mechanism of family's certification qualification, the eID network identity operating agency of the Third Research Institute of Ministry of Public Security's certification, the with related qualification
Tripartite Cun Zheng mechanism;The identity veritification and electronic signature supporting of authority are provided for platform.
Further, the operating side management subsystem is that the operating side of the trust data system for the distribution of commodities manages platform;
The operating side management subsystem include Basic Information Management, enterprise qualification audit, enterprise information management, using note
Volume audit, application message inquiry, charging regulation management, disbursement and sattlement management, au-thorization log analysis, transmission log analysis and enterprise
State of affairs analysis.
Further, the client-side management subsystem is trust data system for the distribution of commodities client-side management platform, the visitor
Family end management subsystem include Basic Information Management, Enterprise Application Management, partner management, expenses management, using grant date
Log query is transmitted in will inquiry, data, and affiliate authorizes number statistics, affiliate to transmit log statistic.
Further, the data routing subsystem includes that data pull interface, data-pushing interface, data query connect
Mouth, authorized agreement query interface, authorized agreement signature interface, data close rule detecting and alarm and log recording engine.
Further, the third party service layer include the testimony of a witness veritify interface, identity card OCR interface, eID generate interface,
EID veritifies interface, PDF digital signature interface, deposits card interface, recognition of face interface, face alignment interface and face retrieval interface.
It is a kind of based on the credible circulation method of data strictly authorized, this method includes the following steps:
Step 1: identity validation is carried out to data ownership main body, the mode of identity validation is using testimony of a witness matching confirmation and EID
It is any in confirmation;
Step 2: identity veritification is carried out to data ownership main body using data distribution platform, identity, which is veritified, uses the testimony of a witness
With any in verifying and eID verifying;
Step 3: data ownership main body signs authorized agreement, and data distribution platform carries out authorization association using authoritative CA certificate
View is digitally signed, and the authorized agreement deposit third party after signature is deposited card platform and deposits card;
Step 4: mobile terminal SDK is encrypted and is signed to data, by data-pushing to data distribution platform;
Step 5: data are decrypted data distribution platform and sign test, using data close rule check engine to plaintext into
Row closes rule detection, and conjunction rule detect the data flow incoming interface by the way that ciphertext to be pushed to data requirements main body.
Beneficial effects of the present invention:
1, the present invention can help enterprise or orderly data circulation stream journey is improved in personal implementation, and unified circulation rule disappears
Except data among enterprises imbalance between supply and demand.Data circulation is a kind of new things being born under internet economy background, new industry situation, is belonged to new
Therefore emerging field forms a standardized circulation systems not yet, lack common recognition in each link that circulates between the main body that circulates,
The present invention closes rule by data requirements statement, data-interface specification, data grant system, data signature and encryption system, data
The standard process and technological means of some column such as detection architecture ensure data safety, legal, conjunction rule circulation.Enterprise passes through client
Management system facilitates the data provider of management oneself, real-time monitors data current intelligence, to eliminate imbalance between supply and demand.It is logical
It crosses data routing system and mobile terminal SDK easily gets through the data channel of both sides of supply and demand, eliminate data silo.
2, it realizes that data circulation safety closes rule, protects individual privacy.There are two the data fields of circulation, and problem is more concerned,
First is that attribution data weighs problem, second is that Privacy Protection.It is all can Direct Recognition to the identity data of unique individual, such as citizen
Identification number, social security number, driver's license, telephone number etc., can Direct Recognition to unique individual sensitive data, as marital status,
Date of birth, health status etc. belong to and are related to the private data of unique individual's equity, and the right of attribution of this kind of data is individual,
Belong to unlawful practice if enterprise circulates privately, it is necessary to could circulate and use via data ownership people authorization.This hair
Bright to be veritified by the testimony of a witness, eID identity veritify to determine ownership person part, by authorized agreement digital signature, the third-party institution is deposited
Card guarantees the legitimacy of Data Data authorization.Ensure data not using data signature, the encryption of dynamic code key in the data transmission
It is leaked, steals, distorts, replicates, protect individual privacy.
Detailed description of the invention
In order to facilitate the understanding of those skilled in the art, the present invention will be further described below with reference to the drawings.
Fig. 1 is plateform system architecture diagram of the present invention;
Fig. 2 is platform network topological diagram of the present invention;
Fig. 3 is that requirement of main body of the present invention moves in auditing flow figure;
Fig. 4 is that flow chart is issued in present invention application;
Fig. 5 is the flow chart of data circulation method of the present invention.
Specific embodiment
As shown in Figs 1-4, a kind of based on the credible distribution platform of data strictly authorized, including operating side management subsystem,
Client-side management subsystem, mobile terminal SDK, data routing subsystem, data storage layer, third party service layer;
Wherein, the operation management subsystem is for assert the qualification for moving in data requirements main body, it is ensured that is selected for a post by audit
It is all regular legal for choosing the data requirements main body that platform is moved in, and creates a client-side management system for data requirements main body
The login account of system;
The operation management subsystem is also used to audit the application that data requirements main body is linked into platform, specifies enterprise's needs
The content of the data of circulation closes rule detection for data;It is signed with data requirements main body and applies access protocol, using access protocol
It is signed using digital signature technology, and carries out trustship preservation in third party Cun Zheng service organization;For answering for each access
With a unique APP_ID is generated, the unique identification in platform is applied as this;
Wherein, the data requirements main body that logs in of the client-side management subsystem must be by qualification certification, demand
Main body creates the data application information of oneself on platform and is submitted to the audit of operation management subsystem;
Wherein, the data application information must include data flow incoming interface, and the data flow incoming interface is for receiving number
It, after the approval can be for using binding data provider according to the data that provider sends;To audit the application choosing passed through
Affiliate is selected as data provider, client management system is that each data provider generation one is unique secret
Key S_KEY makees the voucher that data provider participates in data circulation;Data requirements main body needs to provide APP_ID and S_KEY
Data provider is given, to be embedded in mobile terminal SDK in the application system of oneself;
The mobile terminal SDK includes the SDK of android operating system and the SDK of IOS operating system, provide the testimony of a witness veritify,
EID is veritified, authorized agreement is signed and authorization historical query function.
All data for being related to unique individual's equity must be authorized from attribution data people and could be provided to data requirements main body,
Steps are as follows in SDK completion Authorized operation by attribution data people:
Step 1: ownership person part is veritified;Two kinds of veritification modes are provided;
S1: the first is that the testimony of a witness veritifies mode, mainly extracts human face photo using face living body technology and uploads identity card
Photo confirms ownership person part by OCR and face alignment technology;
S2: second is eID carrier patch mode card, uses the NFC technique of mobile device, dedicated eID chip reader
The eID coding in carrier is read, the eID network identity operating agency IDSO for uploading the Third Research Institute of Ministry of Public Security's certification carries out identity
Confirmation;
Step 2: authorized agreement signature;Authorized agreement is first presented to ownership people in mobile terminal for PDF format and checks, if
Agree to authorization, is signed electronically using the digital certificate that the CA mechanism with national authentication qualification issues, it will be by signature
Certificate is uploaded to the third party Cun Zheng mechanism with related qualification and carries out trustship;
Step 3: data signature and data encryption;The data to be circulated are digitally signed using S_KEY, using dynamic
Data after state secret key pair signature carry out symmetric cryptography, data signature in order to prevent data in transmission process by usurping
Change, make with non repudiation, data encryption be in order to prevent data in transmission process by stealing, guarantee data security
Safety;
Wherein, the data routing subsystem is for being connected to mobile terminal SDK, operating side management subsystem, client-side management
Subsystem, data storage layer, third party service layer and data flow into interface;
The data that SDK is uploaded are decrypted using dynamic code key to be formed in plain text for the data routing subsystem, then make
S_KEY is used to be digitally signed sign test in plain text as secret key pair, it is ensured that data are not distorted;
The data routing subsystem is checked engine using data conjunction rule to conjunction rule detection is carried out in plain text, and the data route
Subsystem be used to check sensitive content situation in data and with consistent situation, sensitive content is containing harmful national security and society
Content that can be stable, consistent situation are that data and the statement of party in request's data requirements are consistent;When in data exist comprising sensitive content,
When middle any case inconsistent with demand, then the data flow incoming interface of data requirements side is not pushed to;
Wherein, the log recording engine of the data routing subsystem all records each sub-authorization and transmission, protects
It deposits to data storage layer, accomplishes to have good grounds, dates back;
The data storage layer includes relevant database and non-relational database;The relevant database is supported
For ACID db transaction to guarantee the data correctness in circulation services, the non-relational database does not need predefined number
According to mode, predefined table structure is stored on each local server after being divided data using no share framework, has elasticity
Expansible characteristic is very suitable to the demand of magnanimity and the storage of random daily record data;
The third party service layer is Third Party Authentication and deposits card platform, and the third party service layer has state for docking
The CA mechanism of family's certification qualification, the eID network identity operating agency of the Third Research Institute of Ministry of Public Security's certification, the with related qualification
Tripartite Cun Zheng mechanism;The identity veritification and electronic signature supporting of authority are provided for platform.
Further, the operating side management subsystem is that the operating side of the trust data system for the distribution of commodities manages platform;
The operating side management subsystem include Basic Information Management, enterprise qualification audit, enterprise information management, using note
Volume audit, application message inquiry, charging regulation management, disbursement and sattlement management, au-thorization log analysis, transmission log analysis and enterprise
State of affairs analysis.
Further, the client-side management subsystem is trust data system for the distribution of commodities client-side management platform, the visitor
Family end management subsystem include Basic Information Management, Enterprise Application Management, partner management, expenses management, using grant date
Log query is transmitted in will inquiry, data, and affiliate authorizes number statistics, affiliate to transmit log statistic.
Further, the data routing subsystem includes that data pull interface, data-pushing interface, data query connect
Mouth, authorized agreement query interface, authorized agreement signature interface, data close rule detecting and alarm and log recording engine.
Further, the third party service layer include the testimony of a witness veritify interface, identity card OCR interface, eID coding generate connect
Mouth, eID veritify interface, PDF digital signature interface, deposit card interface, and recognition of face interface, face alignment interface and face retrieval connect
Mouthful.
As shown in figure 5, a kind of based on the credible circulation method of data strictly authorized, this method includes the following steps:
Step 1: identity validation is carried out to data ownership main body, the mode of identity validation is using testimony of a witness matching confirmation and eID
It is any in confirmation;
Step 2: identity veritification is carried out to data ownership main body using data distribution platform, identity, which is veritified, uses the testimony of a witness
With any in verifying and eID verifying;
Step 3: data ownership main body signs authorized agreement, and data distribution platform carries out authorization association using authoritative CA certificate
View is digitally signed, and the authorized agreement deposit third party after signature is deposited card platform and deposits card;
Step 4: mobile terminal SDK is encrypted and is signed to data, by data-pushing to data distribution platform;
Step 5: data are decrypted data distribution platform and sign test, using data close rule check engine to plaintext into
Row closes rule detection, and conjunction rule detect the data flow incoming interface by the way that ciphertext to be pushed to data requirements main body.
The present invention can help enterprise or orderly data circulation stream journey is improved in personal implementation, and unified circulation rule is eliminated
Data among enterprises imbalance between supply and demand.Data circulation is a kind of new things being born under internet economy background, new industry situation, is belonged to emerging
Field therefore form a standardized circulation systems not yet, lack common recognition in each link of circulating between the main body that circulates, this
Invention closes rule inspection by data requirements statement, data-interface specification, data grant system, data signature and encryption system, data
The standard process and technological means of some column such as survey system ensure data safety, legal, conjunction rule circulation.Enterprise passes through client's end pipe
Reason system facilitates the data provider of management oneself, real-time monitors data current intelligence, to eliminate imbalance between supply and demand.Pass through
Data routing system and mobile terminal SDK easily get through the data channel of both sides of supply and demand, eliminate data silo.
It realizes that data circulation safety closes rule, protects individual privacy.There are two the data fields of circulation, and problem is more concerned, and one
It is the full problem of attribution data, second is that Privacy Protection.It is all can Direct Recognition to unique individual identity data, such as citizen's body
Part number, social security number, driver's license, telephone number etc., can Direct Recognition arrive the sensitive data of unique individual, such as marital status, out
Phase birthday, health status etc. belong to and are related to the private data of unique individual's equity, and the right of attribution of this kind of data is individual, such as
Fruit enterprise circulates privately, belongs to unlawful practice, it is necessary to could circulate and use via data ownership people authorization.The present invention
It veritified by the testimony of a witness, EID identity veritify to determine ownership person part, by authorized agreement digital signature, the third-party institution deposits card
Guarantee the legitimacy of Data Data authorization.In the data transmission using data signature, dynamic code key encryption come ensure data not by
It reveals, steal, distort, replicate, protect individual privacy.
Above content is only to structure of the invention example and explanation, affiliated those skilled in the art couple
Described specific embodiment does various modifications or additions or is substituted in a similar manner, without departing from invention
Structure or beyond the scope defined by this claim, is within the scope of protection of the invention.
Claims (6)
1. a kind of based on the credible distribution platform of data strictly authorized, which is characterized in that including operating side management subsystem, client
Hold management subsystem, mobile terminal SDK, data routing subsystem, data storage layer, third party service layer;
Wherein, the operation management subsystem is for assert the qualification for moving in data requirements main body, it is ensured that is selected by audit
The data requirements main body that platform is moved in all is regular legal, and creates a client management system for data requirements main body
Login account;
The operation management subsystem is also used to audit the application that data requirements main body is linked into platform, specifies enterprise and needs to circulate
Data content, for data close rule detection;It is signed with data requirements main body and applies access protocol, used using access protocol
Digital signature technology is signed, and carries out trustship preservation in third party Cun Zheng service organization;It is produced for the application of each access
A raw unique APP_ID, the unique identification in platform is applied as this;
Wherein, the data requirements main body that logs in of the client-side management subsystem must be by qualification certification, requirement of main body
The data application information of oneself is created on platform and is submitted to the audit of operation management subsystem;
Wherein, the data application information must include data flow incoming interface, and the data flow incoming interface mentions for receiving data
It, after the approval can be for using binding data provider for the data that main body is sent;It is closed to audit the application selection passed through
Make partner as data provider, client management system is that each data provider generates a unique code key S_
KEY makees the voucher that data provider participates in data circulation;Data requirements main body needs APP_ID and S_KEY being supplied to number
According to provider, to be embedded in mobile terminal SDK in the application system of oneself;
The mobile terminal SDK includes the SDK of android operating system and the SDK of IOS operating system, provides testimony of a witness veritification, eID
It veritifies, authorized agreement is signed and authorization historical query function;
All data for being related to unique individual's equity must be authorized from attribution data people and could be provided to data requirements main body, data
Belonging to people, steps are as follows in SDK completion Authorized operation:
Step 1: ownership person part is veritified;Two kinds of veritification modes are provided;
S1: the first is that the testimony of a witness veritifies mode, mainly extracts human face photo using face living body technology and uploads identity card picture,
Ownership person part is confirmed by OCR and face alignment technology;
S2: second is eID carrier patch mode card, is read using the NFC technique of mobile device, dedicated eID chip reader
EID coding in carrier, the eID network identity operating agency IDSO progress identity for uploading the Third Research Institute of Ministry of Public Security's certification are true
Recognize;
Step 2: authorized agreement signature;Authorized agreement is first presented to ownership people in mobile terminal for PDF format and checks, if agreed to
Authorization, is signed electronically using the digital certificate that the CA mechanism with national authentication qualification issues, will be by the certificate of signature
It is uploaded to the third party Cun Zheng mechanism with related qualification and carries out trustship;
Step 3: data signature and data encryption;The data to be circulated are digitally signed using S_KEY, it is secret using dynamic
Key to after signature data carry out symmetric cryptography, data signature in order to prevent data in transmission process by distorting, make
With non repudiation, data encryption be in order to prevent data in transmission process by stealing, the peace that guarantees data security
Quan Xing;
Wherein, the data routing subsystem is for being connected to mobile terminal SDK, operating side management subsystem, client-side management subsystem
System, data storage layer, third party service layer and data flow into interface;
The data that SDK is uploaded are decrypted using dynamic code key to be formed in plain text for the data routing subsystem, then use S_
KEY is digitally signed sign test as secret key pair in plain text, it is ensured that data are not distorted;
The data routing subsystem closes rule using data and checks engine to conjunction rule detection is carried out in plain text, and the data route subsystem
Unite for check sensitive content situation in data and with consistent situation, sensitive content is steady containing harmful national security and society
Fixed content, consistent situation are that data and the statement of party in request's data requirements are consistent;When in data exist include sensitive content, with need
When seeking inconsistent middle any case, then the data flow incoming interface of data requirements side is not pushed to;
Wherein, the log recording engine of the data routing subsystem all records each sub-authorization and transmission, saves extremely
Data storage layer is accomplished to have good grounds, dates back;
The data storage layer includes relevant database and non-relational database;The relevant database supports ACID number
According to library affairs to guarantee the data correctness in circulation services, the non-relational database does not need predefined data mould
Formula, predefined table structure are stored on each local server after being divided data using no share framework, and there is elasticity can expand
The characteristic of exhibition is very suitable to the demand of magnanimity and the storage of random daily record data;
The third party service layer is Third Party Authentication and deposits card platform, and the third party service layer is recognized for docking with country
Demonstrate,prove the CA mechanism of qualification, the eID network identity operating agency of the Third Research Institute of Ministry of Public Security's certification, the third party with related qualification
Cun Zheng mechanism;The identity veritification and electronic signature supporting of authority are provided for platform.
2. according to claim 1 a kind of based on the credible distribution platform of data strictly authorized, which is characterized in that the fortune
It seeks the operating side that end management subsystem is the trust data system for the distribution of commodities and manages platform;
The operating side management subsystem include Basic Information Management, enterprise qualification audit, enterprise information management, using registration examine
Core, application message inquiry, charging regulation management, disbursement and sattlement management, au-thorization log analysis, transmission log analysis and business event
Status analysis.
3. according to claim 1 a kind of based on the credible distribution platform of data strictly authorized, which is characterized in that the visitor
Family end management subsystem is trust data system for the distribution of commodities client-side management platform, and the client-side management subsystem includes basis letter
Cease management, Enterprise Application Management, partner management, expenses management, using au-thorization log inquiry, data transmission log query,
Affiliate authorizes number statistics, affiliate to transmit log statistic.
4. according to claim 1 a kind of based on the credible distribution platform of data strictly authorized, which is characterized in that the number
It include data pull interface, data-pushing interface, data-query interfaces, authorized agreement query interface, authorization according to routing subsystem
Agreement signature interface, data close rule detecting and alarm and log recording engine.
5. according to claim 1 a kind of based on the credible distribution platform of data strictly authorized, which is characterized in that described
Tripartite service layer includes that the testimony of a witness veritifies interface, identity card OCR interface, eID generation interface, eID veritification interface, PDF digital signature
Interface deposits card interface, recognition of face interface, face alignment interface and face retrieval interface.
6. a kind of based on the credible circulation method of data strictly authorized, which is characterized in that this method includes the following steps:
Step 1: identity validation is carried out to data ownership main body, the mode of identity validation is using testimony of a witness matching confirmation and eID confirmation
In it is any;
Step 2: identity veritification is carried out to data ownership main body using data distribution platform, identity is veritified to be tested using testimony of a witness matching
It is any in card and eID verifying;
Step 3: data ownership main body signs authorized agreement, data distribution platform using authoritative CA certificate carry out authorized agreement into
Row digital signature, and the authorized agreement deposit third party after signature is deposited into card platform and deposits card;
Step 4: mobile terminal SDK is encrypted and is signed to data, by data-pushing to data distribution platform;
Step 5: data are decrypted data distribution platform and sign test, closes rule using data and checks engine to closing in plain text
Rule detection, closes the data flow incoming interface advised and detected by the way that ciphertext to be pushed to data requirements main body.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811563453.XA CN109714169B (en) | 2018-12-20 | 2018-12-20 | Data credible circulation platform based on strict authorization and circulation method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811563453.XA CN109714169B (en) | 2018-12-20 | 2018-12-20 | Data credible circulation platform based on strict authorization and circulation method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109714169A true CN109714169A (en) | 2019-05-03 |
CN109714169B CN109714169B (en) | 2021-08-03 |
Family
ID=66256907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811563453.XA Active CN109714169B (en) | 2018-12-20 | 2018-12-20 | Data credible circulation platform based on strict authorization and circulation method thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109714169B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111754234A (en) * | 2020-07-07 | 2020-10-09 | 中国银行股份有限公司 | Air banking business processing method and device |
CN113609528A (en) * | 2021-07-14 | 2021-11-05 | 洛阳小行家科技有限公司 | Data authorization circulation method and system based on digital pass |
CN116720160A (en) * | 2023-08-02 | 2023-09-08 | 北京国际大数据交易有限公司 | Data authorization method, device and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030076959A1 (en) * | 2001-10-22 | 2003-04-24 | Chui Charles K. | Method and system for secure key exchange |
CN101388764A (en) * | 2007-09-12 | 2009-03-18 | 杨谊 | Data information protecting method, system and ciphering apparatus |
US20150046992A1 (en) * | 2013-03-15 | 2015-02-12 | Rex Hakimian | Independent administering of verified user-controlled electronic identifications utilizing specifically programmed computer-implemented methods and computer systems |
CN107196762A (en) * | 2017-06-13 | 2017-09-22 | 贵州大学 | One kind weighs method really towards big data |
-
2018
- 2018-12-20 CN CN201811563453.XA patent/CN109714169B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030076959A1 (en) * | 2001-10-22 | 2003-04-24 | Chui Charles K. | Method and system for secure key exchange |
CN101388764A (en) * | 2007-09-12 | 2009-03-18 | 杨谊 | Data information protecting method, system and ciphering apparatus |
US20150046992A1 (en) * | 2013-03-15 | 2015-02-12 | Rex Hakimian | Independent administering of verified user-controlled electronic identifications utilizing specifically programmed computer-implemented methods and computer systems |
CN107196762A (en) * | 2017-06-13 | 2017-09-22 | 贵州大学 | One kind weighs method really towards big data |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111754234A (en) * | 2020-07-07 | 2020-10-09 | 中国银行股份有限公司 | Air banking business processing method and device |
CN113609528A (en) * | 2021-07-14 | 2021-11-05 | 洛阳小行家科技有限公司 | Data authorization circulation method and system based on digital pass |
CN116720160A (en) * | 2023-08-02 | 2023-09-08 | 北京国际大数据交易有限公司 | Data authorization method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN109714169B (en) | 2021-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210344662A1 (en) | System and Method for Identity Management | |
US10887098B2 (en) | System for digital identity authentication and methods of use | |
US11044087B2 (en) | System for digital identity authentication and methods of use | |
US20230362166A1 (en) | System and method for storing and distributing consumer information | |
US11481768B2 (en) | System and method of generating and validating encapsulated cryptographic tokens based on multiple digital signatures | |
US20190163889A1 (en) | System and Method for Identity Management | |
US20180336554A1 (en) | Secure electronic transaction authentication | |
US9876803B2 (en) | System and method for identity management | |
CN111861425B (en) | Individual resume sharing system based on block chain | |
CN109417549A (en) | The method and apparatus of information proof is provided using centralization or distributed ledger | |
US20090132813A1 (en) | Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones | |
US20130318619A1 (en) | Encapsulated security tokens for electronic transactions | |
CN112231284A (en) | Block chain-based big data sharing system, method, device and storage medium | |
CN109409893A (en) | A kind of belief system and its construction method, equipment and storage medium | |
CN109714169A (en) | It is a kind of based on the credible distribution platform of data strictly authorized and its circulation method | |
CN109741800A (en) | The method for security protection of medical data intranet and extranet interaction based on block chain technology | |
US11250423B2 (en) | Encapsulated security tokens for electronic transactions | |
CN109034987A (en) | A kind of tax administration method and system based on block chain | |
Fumy et al. | Handbook of EID Security: Concepts, Practical Experiences, Technologies | |
Zou et al. | Application of blockchain digital identity technology in healthcare consumer finance system | |
CN109600338B (en) | Trusted identity management service method and system | |
Ishaya et al. | Trust development and management in virtual communities | |
CN112560057B (en) | Business social system based on block chain and IPFS technology | |
Klimkó et al. | The effect of the EIDAS Regulation on the model of Hungarian public administration | |
Sumithra et al. | Decentralized accreditation of educational attainments using blockchain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |