CN112000960A - Personal data management and control method based on block chain - Google Patents

Personal data management and control method based on block chain Download PDF

Info

Publication number
CN112000960A
CN112000960A CN202010652653.3A CN202010652653A CN112000960A CN 112000960 A CN112000960 A CN 112000960A CN 202010652653 A CN202010652653 A CN 202010652653A CN 112000960 A CN112000960 A CN 112000960A
Authority
CN
China
Prior art keywords
user
service program
authority
personal data
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010652653.3A
Other languages
Chinese (zh)
Inventor
闫现明
张帆
钱洪国
王伟兵
李照川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong ICity Information Technology Co., Ltd.
Original Assignee
Shandong ICity Information Technology Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong ICity Information Technology Co., Ltd. filed Critical Shandong ICity Information Technology Co., Ltd.
Priority to CN202010652653.3A priority Critical patent/CN112000960A/en
Publication of CN112000960A publication Critical patent/CN112000960A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a block chain-based personal data management and control method, which is used for solving the problem that various service programs always acquire the personal data permission of an access user in the prior art. The method comprises the following steps: acquiring authority information set for a service program by a user, and storing the authority information on a block chain system; acquiring change information of the authority information provided by the user, and performing change operation on the authority information on the block chain system according to the change information; and when the service program requests to acquire the personal data of the user, determining whether the service program has the authority to acquire the personal data according to the authority information after the change operation.

Description

Personal data management and control method based on block chain
Technical Field
The application relates to the technical field of communication, in particular to a personal data management and control method based on a block chain.
Background
The globalization of internet and digital technology has led to a dramatic increase in information stored in digital form by humans, however, when the information is digitized off paper media, the personal information is permanently marked on the network and once the right to access the personal information is obtained, it can be retrieved by a search engine at any time.
In the prior art, some service programs such as application programs used often obtain a large number of rights to acquire user personal data, but for a user, the service programs acquire which rights may not be known, and once the rights owned by some service programs are acquired, the rights cannot be cancelled, and the user can only terminate the access to the user personal data by uninstalling the service program.
Although the access to the personal data is terminated in an uninstalling mode, the information security of the user is ensured, the service software cannot be used any more, and great trouble is brought to the user.
Disclosure of Invention
The invention provides a block chain-based personal data management and control method, which solves the problem that a service program always acquires the personal data authority of an access user.
A personal data management and control method based on a block chain is characterized by comprising the following steps:
acquiring authority information set for a service program by a user, and storing the authority information on a block chain system;
acquiring change information of the authority information provided by the user, and performing change operation on the authority information on the block chain system according to the change information;
and when the service program requests to acquire the personal data of the user, determining whether the service program has the authority to acquire the personal data according to the authority information after the change operation.
Optionally, before acquiring the authority information set by the user for the service program, the method further includes:
determining that the user has previously registered an account with the service;
acquiring authority information set for a service program by a user, specifically comprising:
and acquiring the authority information set for the service program by the user according to the account.
Optionally, the storing the authority information on the blockchain system specifically includes:
and storing the authority information on a blockchain system through the service program.
Optionally, the personal data is encrypted to form private data, and the private data is stored in a third party database.
Optionally, performing a hash operation on the private data, and storing a hash value of the private data on the blockchain system;
and judging whether the private data of the third-party database is modified or not according to the hash value on the block chain system, and if so, refusing the service program to acquire the private data from the third-party database.
Optionally, when the acquisition request of the personal data is detected, verifying whether the requester is a user or a service program through a digital signature technology;
and if the requesting party is detected to be the user, not checking whether the user has the authority of acquiring the personal data.
Optionally, receiving authorization condition information set by the user for the service program;
according to the authorization condition information, if the service program is determined to meet the corresponding conditions at present, the service program is granted the authority for obtaining the personal data, and after the authority is granted, if the service program is determined not to meet the conditions any more, the authority granted to the service program is recovered.
Optionally, the service program is installed on the mobile terminal of the user, and the method further includes:
and after the service program is uninstalled and reinstalled from the mobile terminal, acquiring the authority information corresponding to the service program before and reapplying the authority information.
Optionally, receiving a service program white list set by the user for a single authority;
determining all service programs which have the single authority but are not in the service program white list according to the service program white list;
reclaiming the single right that the entire service has.
Optionally, receiving a permission recovery request of a user for all permissions authorized by the user;
and according to the permission recovery request, recovering all the permissions authorized by the user from all the service programs.
The invention provides a block chain-based personal data management and control method, which can set the authority of a service program to acquire personal data of a user according to the intention of the user, effectively ensure the information safety and privacy safety of the user and bring convenience to the life of people.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic process diagram of a method for managing and controlling personal data based on a block chain according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described in detail and completely with reference to the following specific embodiments. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the prior art, service programs greatly facilitate the life of people, such as map navigation software service programs, and the service programs are used for guiding roads by acquiring the position information of users, so that people cannot get lost; the conversation software service program acquires the user recording and the camera authority, so that people can communicate more conveniently. These service programs facilitate people's lives on the one hand and also increase the risk of privacy disclosure on the other hand. It is understood that the software has to acquire some corresponding rights for better service, but we can also find that some qualified software acquires rights which are not matched with the functions of the qualified software, for example, a certain tourism website acquires a camera right when being opened, and some electronic book software and image processing software acquire a positioning right, and although there are various reasons for them, the user can obtain the rights without consent at any time, so that we have no privacy.
The method of the present application can solve the above problems, and is specifically described below.
Fig. 1 is a schematic process diagram of a method for managing and controlling personal data based on a block chain according to an embodiment of the present application, and the method may include the following steps:
a personal data management and control method based on a block chain is characterized by comprising the following steps:
s101: acquiring authority information set for a service program by a user, and storing the authority information on a block chain system;
s102: acquiring change information of the authority information provided by the user, and performing change operation on the authority information on the block chain system according to the change information;
s103: and when the service program requests to acquire the personal data of the user, determining whether the service program has the authority to acquire the personal data according to the authority information after the change operation.
The method mainly relates to a user, a service program and a block chain system. The service programs comprise application programs, company systems, hospital systems and the like which are used by people in daily life.
In an embodiment of the application, a user sets rights information for some application programs and stores the rights information in a blockchain system, so that the rights information cannot be tampered at will, and some rogue applications which maliciously acquire rights cannot freely obtain rights for reading personal data of the user without the consent of the user.
In an embodiment of the present application, a user may change the authority of a service program that has acquired the authority, change the acquired authority of the corresponding service program to disable the authority of the service program, and re-uplink the changed authority information. It should be noted that, since the permission information before being changed is stored in the blockchain system and cannot be modified, the permission change in this application refers to that the preset permission information is stored in the blockchain system again, so that the previous permission information is invalidated to achieve the purpose of modification, rather than being modified on the originally stored permission information.
In one embodiment of the application, when the service program requests to acquire personal data of a user, whether the service program has the authority to acquire the personal data is determined by checking the changed authority information stored on the blockchain system. If the service program is determined to have the corresponding authority, the service program is allowed to read the corresponding personal data of the user, if the service program is checked not to have the corresponding authority, the service program is refused to read the personal data, the refused service program can issue an authority application to the user again, and if the user agrees to grant the authority of the service program, the service program is allowed to access the personal data of the user.
In one embodiment of the present application, if the user agrees to the service program permission application, the service program has only one chance to use the permission, and the service program can always have the permission only if the user stores the information granted to the corresponding permission of the service program on the blockchain system.
In an embodiment of the present application, due to the work requirement, the company system may access the personal data of the user, for example, in the company production department, each part produced may be labeled with a maker, which is convenient for the problem to follow up, at this time, the company system may access the user identity information, such as name, phone, age, sex, job number, etc., but when the user is up-to-date, the user does not need to reproduce the part, so that the user does not need to obtain the information. In the method, the user can modify the authority of the company system for accessing the personal data by changing the set authority information, thereby ensuring the safety of the user data and avoiding unnecessary troubles.
In an embodiment of the application, when a patient sees a doctor, information such as name, age, physical condition and the like needs to be input, when a doctor diagnoses the state of an illness, the patient information can be called, when the patient is discharged from a hospital well, in order to prevent personal state of an illness from being leaked, the hospital system can be prohibited from accessing personal data by setting authority information, when the patient needs to see the doctor again, the authority information can be changed through a block chain system, and the personal data such as medical records and the like are disclosed to the hospital system again.
Optionally, before acquiring the authority information set by the user for the service program, the method further includes: determining that the user has previously registered an account with the service; acquiring authority information set for a service program by a user, specifically comprising: and acquiring the authority information set for the service program by the user according to the account.
Optionally, the storing the authority information on the blockchain system specifically includes: and storing the authority information on a blockchain system through the service program.
In an embodiment of the present application, before a user sets a permission of an application, an account needs to be registered in the application, after the registration is completed, permission information about the application is set, and then the set permission information is stored in the uplink through the application. The permission information corresponding to each service program can be accurately inquired through the mode that the application program stores the permission information corresponding to the application program in the uplink.
Optionally, the personal data is encrypted to form private data, and the private data is stored in a third party database.
In an embodiment of the application, in order to reduce the storage pressure of a blockchain system, personal data of a user is encrypted through a data encryption technology to form private data, the private data can be checked only by having a permission, and the private data is stored in a third-party database, so that the storage is facilitated, and the security of the personal data is also ensured.
Optionally, performing a hash operation on the private data, and storing a hash value of the private data on the blockchain system; and judging whether the private data of the third-party database is modified or not according to the hash value on the block chain system, and if so, refusing the service program to acquire the private data from the third-party database.
In one embodiment of the application, for college students, the most important is the personal data of the examinee, and once being impersonated or replaced, the changed person will be the whole person's life. The information of the students is generally stored in a system of a school, the students can encrypt and store the personal data information after determining the personal data of the students, and after the private data is formed, the students can perform uplink storage of hash values on the private data through hash encryption of the private data in time. When the corresponding system program is needed to inquire the personal data of the examinee, the hash value of the private data stored by the examinee in the third party is matched with the hash value stored in the block chain system, if the matching is unsuccessful, the personal data of the examinee stored in the third party database is wrong or maliciously tampered, the corresponding system program is forbidden to access the personal data of the examinee, the loss of the examinee is prevented, and the maliciousness application of other people is also prevented.
Optionally, when the acquisition request of the personal data is detected, verifying whether the requester is a user or a service program through a digital signature technology; and if the requesting party is detected to be the user, not checking whether the user has the authority of acquiring the personal data.
In one embodiment of the application, in order to prevent the loss of the item data that a company employee has done, the encrypted item data is stored in a third-party database, the corresponding private data hash value is stored in a blockchain, and when the company needs to query the item data, the company can query personal data only by verifying the identity of the company as a user through a digital signature technology.
Optionally, receiving authorization condition information set by the user for the service program; according to the authorization condition information, if the service program is determined to meet the corresponding conditions at present, the service program is granted the authority for obtaining the personal data, and after the authority is granted, if the service program is determined not to meet the conditions any more, the authority granted to the service program is recovered.
It should be noted that the authorization condition information in this embodiment is added with a condition on the basis of the authority information in the foregoing embodiment, and plays a role in limiting the authority. For example, the authority information is only authorization allowed or not authorization allowed, and the authorization condition information may be authorization allowed within a specified time period, and once the specified time period is exceeded, the granted authority is withdrawn; or allow authorization within a designated area, and withdraw granted rights once leaving the designated area;
in an embodiment of the application, a long-distance driver frequently pulls clients everywhere, in order to timely send passengers to a destination, a map application program is not required to obtain a positioning service, the map application program is not required to be authorized to have a position authority, and the user is often forgotten to turn off the positioning service after work is finished, so that personal privacy information is revealed. By the method, a user can set the time for the application program to acquire the authority, for example, the authority information can be set as 'authorizing a certain application program' position authority 'from 6 am to 18 pm' or 'authorizing a certain application program' position authority 'from 6 am to 12 am and 14 pm to 19 pm'.
In one embodiment of the present application, many young people have to use the house-finding application for the reason of working outside, some house-finding software has to call the house-finding agent once registered, and for convenience of service, the phone reading authority and location authority of such software have to be granted, for example, when a next user works in the sea, needs to find a house in the sea, and uses a house-finding application in the sea, the house-finding application will contact the house-finding agent in the sea, but when returning to Yunnan of the old home, the house-finding application will be located to Yunnan, if the user opens the application in Yunnan, the house-finding agent in Yunnan will call the house-finding application, which is not needed by the user. In this case, the condition for granting permission to the room-finding application can be set to "only grant 'certain room-finding software' position permission and phone permission in the Shanghai" by setting permission information.
Optionally, the service program is installed on the mobile terminal of the user, and the method further includes: and after the service program is uninstalled and reinstalled from the mobile terminal, acquiring the authority information corresponding to the service program before and reapplying the authority information.
In an embodiment of the application, a user downloads a plurality of electronic book applications because of watching an electronic book, the authority information set by the user for the electronic book applications is not allowed to acquire position authority and camera authority, the authority information is stored in a block chain system, after a period of time, the user unloads one of the applications, and after a period of time, the user downloads the application back, and because the authority information applied to the application is stored in the block chain, the previous authority information of not allowed to acquire position authority and camera authority can be extracted and continuously applied to the application.
Optionally, receiving a service program white list set by the user for a single authority; determining all service programs which have the single authority but are not in the service program white list according to the service program white list;
reclaiming the single right that the entire service has.
In an embodiment of the present application, in most cases, a user applies for permission to a user every time the user registers an account of an application program, in which case, most users pass authorization and do not want to cancel the authorization, and as the number of downloaded applications increases, the user does not know which permissions are granted to which applications at all, and feels that the permissions are checked one by one. In the method, for example, if a user wants to clear a certain authority granted to other applications except a certain application, a white list can be set, the white list comprises application programs authorized to the authority, and then the white list is submitted to the block chain system.
Optionally, receiving a permission recovery request of a user for all permissions authorized by the user; and according to the permission recovery request, recovering all the permissions authorized by the user from all the service programs.
In an embodiment of the application, in an information era of internet big data, all registered application program accounts are bound with mobile phone numbers, if a user changes numbers suddenly one day, the application programs bound before unbinding are troublesome, and if the mobile phone numbers are not unbound, personal data can be leaked thoroughly to seriously threaten data safety of the user in case that the mobile phone numbers are recovered to operators and sold to other users. In the method, the user can send the permission recovery request to the blockchain system through all the permissions authorized by the user on the mobile phone number, and the system can recover all the permissions granted by the user on all the application programs by the user on the mobile phone number after receiving the user request, thereby providing great convenience for the user and protecting the personal privacy of the user.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (10)

1. A personal data management and control method based on a block chain is characterized by comprising the following steps:
acquiring authority information set for a service program by a user, and storing the authority information on a block chain system;
acquiring change information of the authority information provided by the user, and performing change operation on the authority information on the block chain system according to the change information;
and when the service program requests to acquire the personal data of the user, determining whether the service program has the authority to acquire the personal data according to the authority information after the change operation.
2. The method of claim 1, wherein before obtaining the authority information set by the user for the service program, the method further comprises:
determining that the user has previously registered an account with the service;
acquiring authority information set for a service program by a user, specifically comprising:
and acquiring the authority information set for the service program by the user according to the account.
3. The method of claim 1, wherein storing the rights information on a blockchain system comprises:
and storing the authority information on a blockchain system through the service program.
4. The method of claim 1, further comprising:
and encrypting the personal data to form private data, and storing the private data in a third-party database.
5. The method of claim 4, further comprising:
performing hash operation on the private data, and storing the hash value of the private data on the block chain system;
and judging whether the private data of the third-party database is modified or not according to the hash value on the block chain system, and if so, refusing the service program to acquire the private data from the third-party database.
6. The method of claim 1, further comprising:
when the acquisition request of the personal data is detected, verifying whether a requester is a user or a service program through a digital signature technology;
and if the requesting party is detected to be the user, not checking whether the user has the authority of acquiring the personal data.
7. The method of claim 1, further comprising:
receiving authorization condition information set by the user for the service program;
according to the authorization condition information, if the service program is determined to meet the corresponding conditions at present, the service program is granted the authority for obtaining the personal data, and after the authority is granted, if the service program is determined not to meet the conditions any more, the authority granted to the service program is recovered.
8. The method of claim 1, wherein the service is installed on a mobile terminal of the user, the method further comprising:
and after the service program is uninstalled and reinstalled from the mobile terminal, acquiring the authority information corresponding to the service program before and reapplying the authority information.
9. The method of claim 1, further comprising:
receiving a service program white list set by the user aiming at a single authority;
determining all service programs which have the single authority but are not in the service program white list according to the service program white list;
reclaiming the single right that the entire service has.
10. The method of claim 1, further comprising:
receiving a permission recovery request of a user for all permissions authorized by the user;
and according to the permission recovery request, recovering all the permissions authorized by the user from all the service programs.
CN202010652653.3A 2020-07-08 2020-07-08 Personal data management and control method based on block chain Withdrawn CN112000960A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010652653.3A CN112000960A (en) 2020-07-08 2020-07-08 Personal data management and control method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010652653.3A CN112000960A (en) 2020-07-08 2020-07-08 Personal data management and control method based on block chain

Publications (1)

Publication Number Publication Date
CN112000960A true CN112000960A (en) 2020-11-27

Family

ID=73466856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010652653.3A Withdrawn CN112000960A (en) 2020-07-08 2020-07-08 Personal data management and control method based on block chain

Country Status (1)

Country Link
CN (1) CN112000960A (en)

Similar Documents

Publication Publication Date Title
US11805131B2 (en) Methods and systems for virtual file storage and encryption
US8918901B2 (en) System and method for restricting access to requested data based on user location
EP3938941B1 (en) User choice in data location and policy adherence
US10666647B2 (en) Access to data stored in a cloud
CN107103245B (en) File authority management method and device
US11411959B2 (en) Execution of application in a container within a scope of user-granted permission
US10409965B2 (en) Hybrid digital rights management system and related document access authorization method
US10204237B2 (en) Sensitive data service access
US11412002B2 (en) Provision of policy compliant storage for DID data
US11321489B2 (en) System for improving data security when storing data
US11611587B2 (en) Systems and methods for data privacy and security
US11201741B2 (en) System for improving data security
KR100604715B1 (en) Method and apparatus for tracking status of resource in a system for managing use of the resources
US20220207123A1 (en) System for improving data security when redeeming data
US20220156405A1 (en) System for improving data security through key management
EP3479274A1 (en) Sensitive date service storage
CN112000960A (en) Personal data management and control method based on block chain
US20180204017A1 (en) Systems and methods to convert a data source into a secure container with dynamic rights based on data location
EP4123994A1 (en) Method and system for sovereign data storage
CN113987577A (en) Authorization method, device and storage medium based on local database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201127