CN112084515A - Method for on-line reacquiring authorization of lost user and safely acquiring information - Google Patents
Method for on-line reacquiring authorization of lost user and safely acquiring information Download PDFInfo
- Publication number
- CN112084515A CN112084515A CN202010938357.XA CN202010938357A CN112084515A CN 112084515 A CN112084515 A CN 112084515A CN 202010938357 A CN202010938357 A CN 202010938357A CN 112084515 A CN112084515 A CN 112084515A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- organization
- authorization
- reacquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for on-line reacquiring the authorization of a lost user and safely acquiring information, which comprises the following steps: s1: the mechanism B and the mechanism A are both connected to the Internet; s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B; s3: exchanging information between the user C and the organization A; s4: and the organization A receives the key and decrypts the data. In the method, a mechanism A guides a user C to contact a mechanism B again, so that the information authorization is carried out on the loss user C of the mechanism B, the mechanism A and the mechanism B can be completed only by the participation of the user C in the whole process from the information initiation application to the information acquisition, the mechanism B even does not need to know the identity of the mechanism A, the user C participates in the whole process on line, and the information circulation and viewing are controlled by the user C, so that the authorization will of the user C can be fully embodied without an independent authorization file.
Description
Technical Field
The invention relates to the technical field of user authorization, in particular to a method for re-acquiring the authorization of an offline user and safely acquiring information on line.
Background
The user C is a user of the organization B before, the user C and the organization B do not sign an information authorization book, namely the organization B does not take the authorization which can provide the related service information of the user C at the organization B for a third party, the user C has changed the contact way, and the organization B cannot get in contact with the user C.
The user C applies for service to the mechanism A at present, the mechanism A wants to know the service information of the user C in other mechanisms, at the moment, the mechanism A requests the mechanism B for the information of the user C, the mechanism B cannot provide related information to the mechanism A because the user C cannot provide authorization for the information, and meanwhile, the mechanism B cannot contact the user C and cannot enable the user C to carry out new authorization, so that a safe and reliable method for re-authorizing the user for losing is needed, and the problem that the conventional unauthorized information is reused and reused is solved safely, quickly and efficiently.
Disclosure of Invention
The invention aims to provide a method for on-line reacquiring authorization of an offline user and safely acquiring information, so as to solve the problems that the user C currently applies for service to the mechanism A, the mechanism A wants to know service information of the user C in other mechanisms, the mechanism A requests the mechanism B for the information of the user C, the mechanism B can not provide the authorization of the information because the user C does not exist, and the mechanism B can not contact the user C and can not enable the user C to carry out new authorization, so that the mechanism A can not be provided with related information, and therefore a safe and reliable method for reauthorizing the offline user is needed, and the problem of reuse and reutilization of the conventional unauthorized information is safely, quickly and efficiently solved.
A method for on-line reacquiring the authorization of a lost user and securely acquiring information comprises the following steps:
s1: the existing three mechanisms are assumed to be respectively a mechanism A, a mechanism B, a user C, a mechanism B and a mechanism A which are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: the mechanism A receives the secret key and decrypts the data;
preferably, the step of S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
Preferably, the step of S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
Preferably, the step of S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(2) signature of agency a.
Preferably, after receiving the information, the authority B verifies the signature of the authority a, and queries according to the unique identifier IDc of the user C, and if it is found that the user C has not provided unauthorized information to the third party before, and the user C has lost contact and cannot obtain authorization again, returns information to the authority a, including:
a request sequence number;
information state: (ii) unauthorized;
user state: and (4) losing the link.
Special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
Preferably, the step of S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
Preferably, the organization B sends the confidential information to the organization a, while sending the secret key to the user C.
Preferably, the mechanism a receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and requests the key from the user C.
Preferably, if the user C agrees to send the information to the organization a, the user C signs all or part of the key and sends the signed key to the organization a, and the organization a receives the key, synthesizes the key, decrypts the data, obtains plaintext information, and completes information acquisition.
Compared with the prior art, the invention has the following beneficial effects: in the method, a mechanism A lets a user C contact a mechanism B again, so that the information authorization is carried out on the loss user C of the mechanism B, the mechanism A and the mechanism B can be completed only by the participation of the user C in the whole process from the information initiation application to the acquisition, the mechanism B even can be completed without knowing the identity of the mechanism A, the user C participates in the whole process on line, and the information circulation and the information check are controlled by the user C, so that the authorization will can be fully reflected without an independent authorization file.
Drawings
Fig. 1 is a schematic block diagram of a mechanism a, a mechanism B and a user C of a method for on-line reacquiring the authorization of an unlink user and securely acquiring information according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1, the present invention provides a technical solution: a method for on-line reacquiring the authorization of a lost user and securely acquiring information comprises the following steps:
s1: the existing three mechanisms are assumed to be respectively a mechanism A, a mechanism B, a user C, a mechanism B and a mechanism A which are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: the mechanism A receives the secret key and decrypts the data;
preferably, the step of S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
Preferably, the step of S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
Preferably, the step of S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(2) signature of agency a.
Preferably, after receiving the information, the authority B verifies the signature of the authority a, and queries according to the unique identifier IDc of the user C, and if it is found that the user C has not provided unauthorized information to the third party before, and the user C has lost contact and cannot obtain authorization again, returns information to the authority a, including:
a request sequence number;
information state: (ii) unauthorized;
user state: and (4) losing the link.
Special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
Preferably, the step of S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
Preferably, the organization B sends the confidential information to the organization a, while sending the secret key to the user C.
Preferably, the mechanism a receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and requests the key from the user C.
Preferably, if the user C agrees to send the information to the organization A, all or part of the key is signed and then sent to the organization A, the organization A receives the key, synthesizes the key, decrypts the data, obtains the plaintext information, and finishes information acquisition
The first embodiment is as follows:
s1: the existing three mechanisms are assumed to be respectively a mechanism A, a mechanism B, a user C, a mechanism B and a mechanism A which are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: the mechanism A receives the secret key and decrypts the data;
preferably, the step of S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
Preferably, the step of S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
Preferably, the step of S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(2) signature of agency a.
Preferably, after receiving the information, the authority B verifies the signature of the authority a, and queries according to the unique identifier IDc of the user C, and if it is found that the user C has not provided unauthorized information to the third party before, and the user C has lost contact and cannot obtain authorization again, returns information to the authority a, including:
a request sequence number;
information state: (ii) unauthorized;
user state: and (4) losing the link.
Special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
Preferably, the step of S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
Preferably, the organization B sends the secret information to the organization a, and at the same time splits the key into two shares, and sends one of the shares to the user C, while sending the remaining keys to the organization a.
Preferably, the mechanism a receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and requests the key from the user C.
Preferably, if the user C agrees to send the information to the organization a, the user C signs the remaining key and sends the signed remaining key to the organization a, and the organization a receives the remaining key, synthesizes the key, decrypts the data, obtains plaintext information, and completes information acquisition.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (9)
1. A method for on-line reacquiring the authorization of a lost user and securely acquiring information comprises the following steps:
s1: the existing mechanisms are respectively that a mechanism A, a mechanism B, a user C, the mechanism B and the mechanism A are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: and the organization A receives the key and decrypts the data.
2. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
3. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
4. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(3) signature of agency a.
5. The method for on-line reacquiring the authorization and secure information of an unlink user according to claim 4, wherein: after receiving the information, the organization B verifies the signature of the organization A, inquires according to the unique identifier IDc of the user C, finds that the user C has not provided unauthorized information for a third party before, and the user C loses contact and cannot obtain authorization again, and returns the information to the organization A, wherein the information comprises the following information:
a request sequence number;
information state: (ii) unauthorized;
user state: loss of contact;
special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
6. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
7. The method for on-line reacquiring the authorization and secure acquisition of information from an unlink user as recited in claim 6, wherein: the organization B sends the confidential information to the organization a, while sending the secret key to the user C.
8. The method for on-line reacquiring the authorization and secure acquisition of information from an unlink user as recited in claim 6, wherein: and the mechanism A receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and asks for a secret key from the user C.
9. The method for on-line reacquiring the authorization and secure acquisition of information from an unlink user as recited in claim 6, wherein: and if the user C agrees to send the information to the organization A, the user C signs the key and sends the signed key to the organization A, and the organization A receives the key, synthesizes the key, decrypts the data, obtains plaintext information and finishes information acquisition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010938357.XA CN112084515A (en) | 2020-09-09 | 2020-09-09 | Method for on-line reacquiring authorization of lost user and safely acquiring information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010938357.XA CN112084515A (en) | 2020-09-09 | 2020-09-09 | Method for on-line reacquiring authorization of lost user and safely acquiring information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112084515A true CN112084515A (en) | 2020-12-15 |
Family
ID=73732723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010938357.XA Withdrawn CN112084515A (en) | 2020-09-09 | 2020-09-09 | Method for on-line reacquiring authorization of lost user and safely acquiring information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112084515A (en) |
-
2020
- 2020-09-09 CN CN202010938357.XA patent/CN112084515A/en not_active Withdrawn
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3661120B1 (en) | Method and apparatus for security authentication | |
US5737419A (en) | Computer system for securing communications using split private key asymmetric cryptography | |
US5535276A (en) | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography | |
CN101090316B (en) | Identify authorization method between storage card and terminal equipment at off-line state | |
US20040103325A1 (en) | Authenticated remote PIN unblock | |
CN113472793B (en) | Personal data protection system based on hardware password equipment | |
CN102098317A (en) | Data transmitting method and system applied to cloud system | |
KR100656355B1 (en) | Method for user authentication and service authentication using splitted user authentication key and apparatus thereof | |
JPH07325785A (en) | Network user identifying method, ciphering communication method, application client and server | |
CN113382002B (en) | Data request method, request response method, data communication system, and storage medium | |
CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
US20120124378A1 (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
CN113507372A (en) | Bidirectional authentication method for interface request | |
CN110610418B (en) | Transaction state query method, system, device and storage medium based on block chain | |
CN104901967A (en) | Registration method for trusted device | |
JPH0969831A (en) | Cipher communication system | |
CN116208324A (en) | Cross-platform collaborative key synchronization method and system | |
CN111368271A (en) | Method and system for realizing password management based on multiple encryption | |
CN110912857B (en) | Method and storage medium for sharing login between mobile applications | |
CN113727059B (en) | Network access authentication method, device and equipment for multimedia conference terminal and storage medium | |
JP2001069138A (en) | User verifying system on internet for shared key enciphered ic card | |
TW200803392A (en) | Method, device, server arrangement, system and computer program products for securely storing data in a portable device | |
CN116132986A (en) | Data transmission method, electronic equipment and storage medium | |
CN112084515A (en) | Method for on-line reacquiring authorization of lost user and safely acquiring information | |
CN112787821A (en) | Asymmetric encryption Token verification method, server, client and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201215 |