CN112084515A - Method for on-line reacquiring authorization of lost user and safely acquiring information - Google Patents

Method for on-line reacquiring authorization of lost user and safely acquiring information Download PDF

Info

Publication number
CN112084515A
CN112084515A CN202010938357.XA CN202010938357A CN112084515A CN 112084515 A CN112084515 A CN 112084515A CN 202010938357 A CN202010938357 A CN 202010938357A CN 112084515 A CN112084515 A CN 112084515A
Authority
CN
China
Prior art keywords
user
information
organization
authorization
reacquiring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010938357.XA
Other languages
Chinese (zh)
Inventor
韩秉尧
林小涵
林琳
韩洪慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010938357.XA priority Critical patent/CN112084515A/en
Publication of CN112084515A publication Critical patent/CN112084515A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method for on-line reacquiring the authorization of a lost user and safely acquiring information, which comprises the following steps: s1: the mechanism B and the mechanism A are both connected to the Internet; s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B; s3: exchanging information between the user C and the organization A; s4: and the organization A receives the key and decrypts the data. In the method, a mechanism A guides a user C to contact a mechanism B again, so that the information authorization is carried out on the loss user C of the mechanism B, the mechanism A and the mechanism B can be completed only by the participation of the user C in the whole process from the information initiation application to the information acquisition, the mechanism B even does not need to know the identity of the mechanism A, the user C participates in the whole process on line, and the information circulation and viewing are controlled by the user C, so that the authorization will of the user C can be fully embodied without an independent authorization file.

Description

Method for on-line reacquiring authorization of lost user and safely acquiring information
Technical Field
The invention relates to the technical field of user authorization, in particular to a method for re-acquiring the authorization of an offline user and safely acquiring information on line.
Background
The user C is a user of the organization B before, the user C and the organization B do not sign an information authorization book, namely the organization B does not take the authorization which can provide the related service information of the user C at the organization B for a third party, the user C has changed the contact way, and the organization B cannot get in contact with the user C.
The user C applies for service to the mechanism A at present, the mechanism A wants to know the service information of the user C in other mechanisms, at the moment, the mechanism A requests the mechanism B for the information of the user C, the mechanism B cannot provide related information to the mechanism A because the user C cannot provide authorization for the information, and meanwhile, the mechanism B cannot contact the user C and cannot enable the user C to carry out new authorization, so that a safe and reliable method for re-authorizing the user for losing is needed, and the problem that the conventional unauthorized information is reused and reused is solved safely, quickly and efficiently.
Disclosure of Invention
The invention aims to provide a method for on-line reacquiring authorization of an offline user and safely acquiring information, so as to solve the problems that the user C currently applies for service to the mechanism A, the mechanism A wants to know service information of the user C in other mechanisms, the mechanism A requests the mechanism B for the information of the user C, the mechanism B can not provide the authorization of the information because the user C does not exist, and the mechanism B can not contact the user C and can not enable the user C to carry out new authorization, so that the mechanism A can not be provided with related information, and therefore a safe and reliable method for reauthorizing the offline user is needed, and the problem of reuse and reutilization of the conventional unauthorized information is safely, quickly and efficiently solved.
A method for on-line reacquiring the authorization of a lost user and securely acquiring information comprises the following steps:
s1: the existing three mechanisms are assumed to be respectively a mechanism A, a mechanism B, a user C, a mechanism B and a mechanism A which are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: the mechanism A receives the secret key and decrypts the data;
preferably, the step of S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
Preferably, the step of S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
Preferably, the step of S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(2) signature of agency a.
Preferably, after receiving the information, the authority B verifies the signature of the authority a, and queries according to the unique identifier IDc of the user C, and if it is found that the user C has not provided unauthorized information to the third party before, and the user C has lost contact and cannot obtain authorization again, returns information to the authority a, including:
a request sequence number;
information state: (ii) unauthorized;
user state: and (4) losing the link.
Special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
Preferably, the step of S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
Preferably, the organization B sends the confidential information to the organization a, while sending the secret key to the user C.
Preferably, the mechanism a receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and requests the key from the user C.
Preferably, if the user C agrees to send the information to the organization a, the user C signs all or part of the key and sends the signed key to the organization a, and the organization a receives the key, synthesizes the key, decrypts the data, obtains plaintext information, and completes information acquisition.
Compared with the prior art, the invention has the following beneficial effects: in the method, a mechanism A lets a user C contact a mechanism B again, so that the information authorization is carried out on the loss user C of the mechanism B, the mechanism A and the mechanism B can be completed only by the participation of the user C in the whole process from the information initiation application to the acquisition, the mechanism B even can be completed without knowing the identity of the mechanism A, the user C participates in the whole process on line, and the information circulation and the information check are controlled by the user C, so that the authorization will can be fully reflected without an independent authorization file.
Drawings
Fig. 1 is a schematic block diagram of a mechanism a, a mechanism B and a user C of a method for on-line reacquiring the authorization of an unlink user and securely acquiring information according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Referring to fig. 1, the present invention provides a technical solution: a method for on-line reacquiring the authorization of a lost user and securely acquiring information comprises the following steps:
s1: the existing three mechanisms are assumed to be respectively a mechanism A, a mechanism B, a user C, a mechanism B and a mechanism A which are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: the mechanism A receives the secret key and decrypts the data;
preferably, the step of S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
Preferably, the step of S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
Preferably, the step of S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(2) signature of agency a.
Preferably, after receiving the information, the authority B verifies the signature of the authority a, and queries according to the unique identifier IDc of the user C, and if it is found that the user C has not provided unauthorized information to the third party before, and the user C has lost contact and cannot obtain authorization again, returns information to the authority a, including:
a request sequence number;
information state: (ii) unauthorized;
user state: and (4) losing the link.
Special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
Preferably, the step of S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
Preferably, the organization B sends the confidential information to the organization a, while sending the secret key to the user C.
Preferably, the mechanism a receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and requests the key from the user C.
Preferably, if the user C agrees to send the information to the organization A, all or part of the key is signed and then sent to the organization A, the organization A receives the key, synthesizes the key, decrypts the data, obtains the plaintext information, and finishes information acquisition
The first embodiment is as follows:
s1: the existing three mechanisms are assumed to be respectively a mechanism A, a mechanism B, a user C, a mechanism B and a mechanism A which are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: the mechanism A receives the secret key and decrypts the data;
preferably, the step of S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
Preferably, the step of S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
Preferably, the step of S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(2) signature of agency a.
Preferably, after receiving the information, the authority B verifies the signature of the authority a, and queries according to the unique identifier IDc of the user C, and if it is found that the user C has not provided unauthorized information to the third party before, and the user C has lost contact and cannot obtain authorization again, returns information to the authority a, including:
a request sequence number;
information state: (ii) unauthorized;
user state: and (4) losing the link.
Special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
Preferably, the step of S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
Preferably, the organization B sends the secret information to the organization a, and at the same time splits the key into two shares, and sends one of the shares to the user C, while sending the remaining keys to the organization a.
Preferably, the mechanism a receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and requests the key from the user C.
Preferably, if the user C agrees to send the information to the organization a, the user C signs the remaining key and sends the signed remaining key to the organization a, and the organization a receives the remaining key, synthesizes the key, decrypts the data, obtains plaintext information, and completes information acquisition.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (9)

1. A method for on-line reacquiring the authorization of a lost user and securely acquiring information comprises the following steps:
s1: the existing mechanisms are respectively that a mechanism A, a mechanism B, a user C, the mechanism B and the mechanism A are all accessed to the Internet;
s2: the organization B deploys a self information service system and externally issues a service interface and a digital certificate (including a public key) of the organization B;
s3: exchanging information between the user C and the organization A;
s4: and the organization A receives the key and decrypts the data.
2. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S1: the mechanism B and the mechanism A are both accessed to the Internet, after the mechanism A receives the information, the signature of the mechanism B is verified, the special authentication link is sent to the user C, and the user C is required to go to the mechanism B for re-authentication and authorization is carried out for the information application.
3. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S2: the organization B deploys the self information service system and externally issues a service interface and a digital certificate (containing a public key) of the organization B: and the user C clicks the link to enter a user re-authentication interface of the mechanism B to perform identity re-authentication, and the authorization mechanism B can send information to the mechanism A when the authentication is passed.
4. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S3: user C exchanges information with organization A, user C applies for service to organization A through the network, organization A lets user C sign the authorization book, authorization organization A goes other organizations to obtain user C's relevant information, organization A connects the information service of organization B, and sends the request of obtaining user C's information, the request information includes:
(1) a request sequence number;
(2) a unique identification of the user;
(3) signature of agency a.
5. The method for on-line reacquiring the authorization and secure information of an unlink user according to claim 4, wherein: after receiving the information, the organization B verifies the signature of the organization A, inquires according to the unique identifier IDc of the user C, finds that the user C has not provided unauthorized information for a third party before, and the user C loses contact and cannot obtain authorization again, and returns the information to the organization A, wherein the information comprises the following information:
a request sequence number;
information state: (ii) unauthorized;
user state: loss of contact;
special authentication linking: returning a user re-authentication entry address specially generated for the application;
and signing by the organization B.
6. The method for on-line reacquiring the authorization and secure information of an unlink user as claimed in claim 1, wherein: the S4: and the mechanism A receives the secret key, decrypts the data, the mechanism B authenticates the user C and obtains the authorization, then a high-strength random secret key is generated, and the secret key is used for encrypting the information of the user C in the mechanism B to obtain a ciphertext.
7. The method for on-line reacquiring the authorization and secure acquisition of information from an unlink user as recited in claim 6, wherein: the organization B sends the confidential information to the organization a, while sending the secret key to the user C.
8. The method for on-line reacquiring the authorization and secure acquisition of information from an unlink user as recited in claim 6, wherein: and the mechanism A receives the information, verifies the signature of the mechanism B, decrypts the obtained encrypted information, and asks for a secret key from the user C.
9. The method for on-line reacquiring the authorization and secure acquisition of information from an unlink user as recited in claim 6, wherein: and if the user C agrees to send the information to the organization A, the user C signs the key and sends the signed key to the organization A, and the organization A receives the key, synthesizes the key, decrypts the data, obtains plaintext information and finishes information acquisition.
CN202010938357.XA 2020-09-09 2020-09-09 Method for on-line reacquiring authorization of lost user and safely acquiring information Withdrawn CN112084515A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010938357.XA CN112084515A (en) 2020-09-09 2020-09-09 Method for on-line reacquiring authorization of lost user and safely acquiring information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010938357.XA CN112084515A (en) 2020-09-09 2020-09-09 Method for on-line reacquiring authorization of lost user and safely acquiring information

Publications (1)

Publication Number Publication Date
CN112084515A true CN112084515A (en) 2020-12-15

Family

ID=73732723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010938357.XA Withdrawn CN112084515A (en) 2020-09-09 2020-09-09 Method for on-line reacquiring authorization of lost user and safely acquiring information

Country Status (1)

Country Link
CN (1) CN112084515A (en)

Similar Documents

Publication Publication Date Title
EP3661120B1 (en) Method and apparatus for security authentication
US5737419A (en) Computer system for securing communications using split private key asymmetric cryptography
US5535276A (en) Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography
CN101090316B (en) Identify authorization method between storage card and terminal equipment at off-line state
US20040103325A1 (en) Authenticated remote PIN unblock
CN113472793B (en) Personal data protection system based on hardware password equipment
CN102098317A (en) Data transmitting method and system applied to cloud system
KR100656355B1 (en) Method for user authentication and service authentication using splitted user authentication key and apparatus thereof
JPH07325785A (en) Network user identifying method, ciphering communication method, application client and server
CN113382002B (en) Data request method, request response method, data communication system, and storage medium
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
CN113507372A (en) Bidirectional authentication method for interface request
CN110610418B (en) Transaction state query method, system, device and storage medium based on block chain
CN104901967A (en) Registration method for trusted device
JPH0969831A (en) Cipher communication system
CN116208324A (en) Cross-platform collaborative key synchronization method and system
CN111368271A (en) Method and system for realizing password management based on multiple encryption
CN110912857B (en) Method and storage medium for sharing login between mobile applications
CN113727059B (en) Network access authentication method, device and equipment for multimedia conference terminal and storage medium
JP2001069138A (en) User verifying system on internet for shared key enciphered ic card
TW200803392A (en) Method, device, server arrangement, system and computer program products for securely storing data in a portable device
CN116132986A (en) Data transmission method, electronic equipment and storage medium
CN112084515A (en) Method for on-line reacquiring authorization of lost user and safely acquiring information
CN112787821A (en) Asymmetric encryption Token verification method, server, client and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201215