CN112632493A - Authorization verification management method and system based on client privacy protection - Google Patents

Authorization verification management method and system based on client privacy protection Download PDF

Info

Publication number
CN112632493A
CN112632493A CN202011510319.0A CN202011510319A CN112632493A CN 112632493 A CN112632493 A CN 112632493A CN 202011510319 A CN202011510319 A CN 202011510319A CN 112632493 A CN112632493 A CN 112632493A
Authority
CN
China
Prior art keywords
data query
client
query request
authorization
current data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011510319.0A
Other languages
Chinese (zh)
Inventor
李钊
许长山
高宏华
李聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202011510319.0A priority Critical patent/CN112632493A/en
Publication of CN112632493A publication Critical patent/CN112632493A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an authorization verification management method and system based on client privacy protection, and the method comprises the following steps: a data query end acquires a service authorization code corresponding to a current data query request; the data query end sends a client number, a data query transaction code and a service authorization code corresponding to the current data query request to the data management end; the data management terminal determines whether the current data query request meets a preset query condition based on the client number, the data query transaction code and the service authorization code; when the current data query request meets the preset query condition, the data management terminal queries the transaction code based on the data to obtain a query result, and the query result is returned to the data query terminal. The method only provides data query service for the data query request meeting the query condition, thereby effectively controlling the data access behavior, reducing the abuse risk of external data and effectively protecting the privacy of customers.

Description

Authorization verification management method and system based on client privacy protection
Technical Field
The present application relates to the technical field of data security, and in particular, to an authorization verification management method and system based on client privacy protection.
Background
With the increasing protection consciousness of citizens, the relevant national regulations are gradually perfected, the supervision requirements are increasingly strict, and the data abuse risk prevention requirement is gradually urgent. Data is used as an important strategic asset, online business is rapidly developed, however, along with high centralization and wide use of data, data risks are increasingly aggravated, and it is urgently needed to standardize data use through construction of a related information system, protect client privacy and guarantee legal acquisition and authorization of client privacy data.
Disclosure of Invention
Aiming at the defects of the existing mode, the application provides an authorization verification management method and system based on client privacy protection, and aims to solve at least one technical problem.
In a first aspect, an embodiment of the present application provides an authorization verification management method based on client privacy protection, including: a data query end acquires a service authorization code corresponding to a current data query request; the data query end sends a client number, a data query transaction code and a service authorization code corresponding to the current data query request to the data management end; the data management terminal determines whether the current data query request meets a preset query condition based on the client number, the data query transaction code and the service authorization code; when the current data query request meets the preset query condition, the data management terminal queries the transaction code based on the data to obtain a query result, and the query result is returned to the data query terminal.
In an embodiment of the present application, the obtaining, by the data query end, a service authorization code corresponding to the current data query request includes: the data query terminal determines whether the current data query request is a new data query request; when the current data query request is not a new data query request, the data query terminal queries a pre-stored historical data query request which is the same as the current data query request, and takes a service authorization code corresponding to the historical data query request as a service authorization code corresponding to the current data query request;
when the current data query request is a new data query request, the data query end sends the personal privacy use scene number, the number of the data query end and the data query transaction code corresponding to the current data query request to the data management end; the data management terminal determines a service authorization code according to the personal privacy use scene number, the number of the data inquiry terminal and the data inquiry transaction code; and the data management terminal returns the determined service authorization code to the data query terminal.
In an embodiment of the present application, the determining, by the data query terminal, whether the current data query request is a new data query request includes: the data inquiry end inquires whether a service authorization code matched with the personal privacy use scene number and the data inquiry transaction code corresponding to the current data inquiry request exists locally; if the query result is yes, determining that the current data query request is a new data query request; and when the query result is negative, determining that the current data query request is not a new data query request.
In an embodiment of the present application, the determining, by the data management terminal, whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code, and the service authorization code includes: and when the current data query request has a service authorization code and the transaction related to the current data query request is determined to be non-customer private transaction according to the data query transaction code, determining that the current data query request meets the preset query condition.
In an embodiment of the present application, the authorization verification management method based on client privacy protection further includes: and when the current data query request does not have the service authorization code, rejecting the current data query request.
In an embodiment of the present application, the determining, by the data management terminal, whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code, and the service authorization code includes: the method comprises the steps that a current data query request has a service authorization code, the transaction related to the current data query request is determined to be a client privacy transaction according to the data query transaction code, and when the current data query request has the client authorization, the current data query request is determined to meet a preset query condition.
In one embodiment of the present application, determining that the current data query request is authorized by the client comprises: the data management end sends a client authorization verification request to an authorization system server end; the authorization system server associates a first service scene number corresponding to the current data query request according to the service authorization code; the authorization system server side inquires a client signing record according to the client number; the authorization system server associates a scene number authorized by the client, a data query transaction code, a data query terminal number and an authorization validity period according to a protocol number in the association of the client subscription record; the authorization system server determines that a first service scene number, a data query transaction code and a data query terminal number corresponding to a current data query request are respectively matched with a scene number authorized by a client, the data query transaction code and the data query terminal number, and determines that the client authorization verification is successful when the time of the current data query request does not exceed the authorization validity period, and sends a notification of the successful client authorization verification to the data management terminal; and the data management determines that the current data query request has the client authorization according to the notification of the successful client authorization verification.
In one embodiment of the present application, determining that a transaction to which a current data query request relates is a non-customer-private transaction according to a data query transaction code includes: and the data management terminal matches the data inquiry transaction code with a built-in client inquiry privacy transaction code list, and when the client inquiry privacy transaction code list does not have the data inquiry transaction code, the transaction related to the current data inquiry request is determined to be non-client privacy transaction.
In an embodiment of the present application, the authorization verification management method based on client privacy protection further includes: the current data query request does not have the service authorization code, and the current data query request is rejected; and when the transaction related to the current data query request is a client privacy transaction and the current data query request does not have client authorization, rejecting the current data query request.
In a second aspect, an embodiment of the present application provides an authorization verification management system based on client privacy protection, including: the data query end and the data management end;
the data query end is used for: acquiring a service authorization code corresponding to the current data query request;
the data query end is used for: sending a client number, a data query transaction code and a service authorization code corresponding to the current data query request to a data management end; determining whether the current data query request meets a preset query condition based on the client number, the data query transaction code and the service authorization code; and when the current data query request meets the preset query condition, the transaction code is queried through the data to obtain a query result, and the query result is returned to the data query end.
In a third aspect, an embodiment of the present application provides a data query end, where the data query end includes a memory and a processor, and the processor is in communication connection with the memory;
the storage stores a computer program, and when the computer program is executed by the processor, the steps executed by the data query end in the authorization verification management method based on client privacy protection are realized.
In a fourth aspect, an embodiment of the present application provides a data management terminal, where the data management terminal includes a memory and a processor, and the processor is in communication connection with the memory;
the storage stores a computer program, and when the computer program is executed by the processor, the steps executed by the data management terminal in the authorization verification management method based on client privacy protection are realized.
In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps performed by a data query side in the authorization verification management method based on client privacy protection are implemented.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps performed by a data management side in the authorization verification management method based on client privacy protection are implemented.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
according to the authorization verification management method and system based on client privacy protection, the data query request meeting the query condition can be judged in advance according to the client number, the data query transaction code and the service authorization code, and data query service is provided only for the data query request meeting the query condition, so that data access behaviors are effectively controlled, abuse risk of external data is reduced, and privacy of clients is effectively protected.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is an architecture diagram of an authorization verification management system based on client privacy protection according to an embodiment of the present application;
fig. 2 is a schematic flowchart of an authorization verification management method based on client privacy protection according to an embodiment of the present application;
fig. 3 is a schematic block diagram of a data query end according to an embodiment of the present application;
fig. 4 is a schematic block diagram of a data management end according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar parts or parts having the same or similar functions throughout. In addition, if a detailed description of the known art is not necessary for illustrating the features of the present application, it is omitted. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
The terms referred to in this application are first defined and explained.
Client privacy information: before using the private data of the client in various industries, the client must sign a relevant contract document authorized by a private agreement, so as to clearly use the use purpose, the service scene, the use content, how to collect and store the relevant content of the private data of the client.
And (3) client authorization: a customer when signing a privacy agreement authorizes whether a certain product can use its personal privacy data in a certain scenario.
Service authorization: approval by the data management department of whether a system can use a data item.
Fig. 1 is an architecture diagram of an authorization verification management system based on client privacy protection according to an embodiment of the present application, where the system includes the following devices:
and the product signing client is used for acquiring basic information of the client.
And the product signing server is used for examining and approving the client signing qualification and transmitting the client signing record to the authorization management server.
And the data query end is used for querying different personal privacy transactions of different clients according to different usage scenes.
And the data management terminal is used for issuing data query transactions, providing data query services for the privacy query terminal, and addressing and querying data according to the API (application programming interface) of the data supplier corresponding to the transaction background. And according to the supervision requirement, extracting personal privacy data keywords, traversing data to inquire a transaction data dictionary, and generating a personal privacy transaction code list.
And the authorization management client is used for acquiring the client privacy protocol information, the product and system information corresponding to the protocol, the client information, the client privacy data item information and the service authorization information.
And the authorization management server is used for managing the client privacy protocol information, the product and system information corresponding to the protocol, the client information, the client privacy data item information, the service authorization information and the client authorization record. The authorization management server side can also provide client authorization verification service for the data management side and provide new signing record service for the product signing server side.
The following describes the relevant process of implementing the authorization management basic information maintenance by the authorization verification management system based on the client privacy protection:
product and system information maintenance: the authorization management client collects system information (information such as a system number, a system name, a system maintenance department and the like) and product information (a product number, a product name and business department information corresponding to a product) and transmits the system information and the product information to the authorization management server. And the authorization management server maintains the product and system information according to the content acquired by the client, and associates the product number and the lower-layer system number according to the dependency relationship between the product application and the system environment.
Personal privacy data item information maintenance: the authorization management client collects the private data number, the data item name (such as the public deposit, social security and personal tax data) and the online transaction identifier. If the online mark is 'yes', the data item is judged to be online inquiry transaction, and online transaction codes (such as A0123BM01), online service names (such as transaction acquisition before accumulation fund credit and data push transaction after accumulation fund credit) and external data marks (if the external data marks are 'yes', the data are used for online inquiry transaction in real time, and if the external data marks are 'no', the data are used for online inquiry transaction in real time); and when the online mark is 'no', judging that the data item is a batch inquiry transaction, and continuously acquiring the number of the intranet supply source, the Chinese name of the data resource and the English name of the data resource. And the authorization management server maintains data item information according to the content acquired by the client and the association relation between the data item information and the online inquiry transaction and the batch transaction.
Personal privacy data usage scenario maintenance: the authorization management client collects personal privacy data use scene names (such as new card transaction, periodic payment and card upgrading) and sends the personal privacy data use scene names to the authorization management server. And the authorization management server maintains the personal privacy data use scene information and generates a scene number.
The product authorization protocol is newly added: new protocols or registration protocols.
The following introduces a new agreement implementation related process of an authorization verification management system based on client privacy protection, and the process generates authorization terms and uniform agreement numbers for a scene without an agreement, and includes:
selecting an agreement template and generating product terms: the authorization management client acquires a preset template number and a product number; and the authorization management server adds corresponding product terms in a protocol frame prestored in the protocol template according to a preset rule.
Generating authorization terms: the method comprises the steps that an authorization management client collects personal privacy data item numbers, product numbers and usage scene numbers; and the authorization management server converts the structured authorization information into authorization terms according to the preset corpus and supplements the authorization terms in the agreement generated in the step one. A new product authorization protocol is assembled.
The following introduces a relevant process for realizing protocol registration of an authorization verification management system based on client privacy protection, wherein the process is to split authorization terms and generate uniform protocol numbers for existing protocol scenes, and the process specifically comprises the following steps:
and the authorization management client uploads the unstructured/semi-structured attachment of the protocol text, the product number, the legal document number and the structured information of the protocol effective time to the authorization management server.
And the server analyzes the unstructured/semi-structured text information by using an OCR (optical character recognition)/text recognition algorithm according to the uploaded protocol text, extracts an authorization clause, recognizes the personal privacy data item number, the product number and the scene number, and generates structured authorization information (the number is seen in the information maintenance unit).
The following describes a process for implementing protocol approval by an authorization verification management system based on client privacy protection, including: and after a new protocol is added/registered, the authorization management server side carries out protocol approval according to the expert rules, generates a uniform protocol number and transmits the uniform protocol number back to the authorization management client side.
The following describes a relevant process for implementing protocol maintenance by an authorization verification management system based on client privacy protection, including: the authorization management server side carries out regular maintenance on the protocol number, the protocol version information, the structured authorization clause related to the protocol, the product related to the protocol and the component information related to the product;
the following describes a related process for implementing subscription record addition/cancellation by an authorization verification management system based on client privacy protection, and the process includes:
uploading and signing by a signing client: the signing client sends the basic information of the client (client number, client name, client certificate type, client certificate number and client mobile phone number) transacting the product, the product protocol number signed by the client, the signing time and the protocol deadline to the signing server, and the operation type (signing/canceling).
The signing server side examines and approves and signs: the signing service end system scores the client qualification information according to the preset approval conditions (such as client credit, client portrait and the like), and sends the signing information to the authorization verification management system service end if the client qualification information meets the product handling conditions; and the authorization server inquires the associated product number according to the protocol number. And inquiring the related system number according to the product number. And comparing the system number related to the product with the signing server side number to be consistent, judging and reading the signing record to be credible, and warehousing the signing information.
The authorization verification management system based on the client privacy protection can be used for centrally managing the privacy protocol signed by the client and the corresponding information such as the privacy data item, the product, the service scene and the like. And providing a signing uploading interface, a signing canceling interface and a signing verification online interface, coordinating with supervision to issue relevant risk examination information, assisting a service to discover and correct a client authorization gap, and ensuring the compliance validity of the use of client privacy data.
Fig. 2 is a flowchart of an authorization verification management method based on client privacy protection according to an embodiment of the present application, where the method includes the following steps:
s110: and the data query end acquires a service authorization code corresponding to the current data query request.
In an embodiment of the present application, the obtaining, by the data query end, a service authorization code corresponding to the current data query request includes: the data query terminal determines whether the current data query request is a new data query request; when the current data query request is not a new data query request, the data query terminal queries a pre-stored historical data query request which is the same as the current data query request, and takes a service authorization code corresponding to the historical data query request as a service authorization code corresponding to the current data query request.
When the current data query request is a new data query request, the data query end sends the personal privacy use scene number, the number of the data query end and the data query transaction code corresponding to the current data query request to the data management end; the data management terminal determines a service authorization code according to the personal privacy use scene number, the number of the data inquiry terminal and the data inquiry transaction code; and the data management terminal returns the determined service authorization code to the data query terminal.
In an embodiment of the present application, the determining, by the data query terminal, whether the current data query request is a new data query request includes: the data inquiry end inquires whether a service authorization code matched with the personal privacy use scene number and the data inquiry transaction code corresponding to the current data inquiry request exists locally; if the query result is yes, determining that the current data query request is a new data query request; and when the query result is negative, determining that the current data query request is not a new data query request.
S120: and the data query end sends the client number, the data query transaction code and the service authorization code corresponding to the current data query request to the data management end.
S130: the data management terminal determines whether the current data query request meets a preset query condition based on the client number, the data query transaction code and the service authorization code.
In an embodiment of the present application, the determining, by the data management terminal, whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code, and the service authorization code includes: and when the current data query request has a service authorization code and the transaction related to the current data query request is determined to be non-customer private transaction according to the data query transaction code, determining that the current data query request meets the preset query condition.
In an embodiment of the present application, the authorization verification management method based on client privacy protection further includes: and when the current data query request does not have the service authorization code, rejecting the current data query request.
In an embodiment of the present application, the determining, by the data management terminal, whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code, and the service authorization code includes: the method comprises the steps that a current data query request has a service authorization code, the transaction related to the current data query request is determined to be a client privacy transaction according to the data query transaction code, and when the current data query request has the client authorization, the current data query request is determined to meet a preset query condition.
In an embodiment of the present application, the authorization verification management method based on client privacy protection further includes: the current data query request does not have the service authorization code, and the current data query request is rejected; and when the transaction related to the current data query request is a client privacy transaction and the current data query request does not have client authorization, rejecting the current data query request.
S140: when the current data query request meets the preset query condition, the data management terminal queries the transaction code based on the data to obtain a query result, and the query result is returned to the data query terminal.
In an embodiment of the application, when the data management end determines that the current data query request meets the preset query condition, the data management end may call the third-party data query interface and send the data query transaction code, perform data query based on the data query transaction code, and then obtain the data query result. For example, the data management side may call a digital API interface to address and query the data.
According to the authorization verification management method based on client privacy protection, the data query request meeting the query condition can be judged in advance according to the client number, the data query transaction code and the service authorization code, and data query service is provided only for the data query request meeting the query condition, so that data access behaviors are effectively controlled, abuse risk of external data is reduced, and privacy of a client is effectively protected.
The following describes specific steps of the data management side determining whether the current data query request satisfies the preset query condition in step S130.
Step a: and the data management terminal judges that the current data query request has the service authorization code. When the service authorization code is available, continuing to execute the step b; and when the service authorization code is not available, rejecting the current data query request.
Step b: and the data management terminal judges and determines the type of the transaction related to the current data query request according to the data query transaction code. When the transaction related to the current data query request is a non-customer private transaction, determining that the current data query request meets a preset query condition; and c, when the transaction related to the current data query request is the client privacy transaction, continuing to execute the step c.
Step c: the data management terminal judges whether the current data query request has client authorization or not, and when the current data query request has the client authorization, the current data query request is determined to meet preset query conditions; and when the current data query request does not have the client authorization, rejecting the current data query request.
In one embodiment of the present application, determining that the current data query request is authorized by the client comprises: the data management end sends a client authorization verification request to an authorization system server end; the authorization system server associates a first service scene number corresponding to the current data query request according to the service authorization code; the authorization system server side inquires a client signing record according to the client number; the authorization system server associates a scene number authorized by the client, a data query transaction code, a data query terminal number and an authorization validity period according to a protocol number in the association of the client subscription record; the authorization system server determines that a first service scene number, a data query transaction code and a data query terminal number corresponding to a current data query request are respectively matched with a scene number authorized by a client, the data query transaction code and the data query terminal number, and determines that the client authorization verification is successful when the time of the current data query request does not exceed the authorization validity period, and sends a notification of the successful client authorization verification to the data management terminal; and the data management determines that the current data query request has the client authorization according to the notification of the successful client authorization verification.
It can be understood that when the authorization system server determines that the first service scene number, the data query transaction code and the data query terminal number corresponding to the current data query request are not matched with the scene number authorized by the client, the data query transaction code and the data query terminal number, or the time of the current data query request exceeds the authorization validity period, it determines that the client authorization verification fails, and sends a notification of the client authorization verification failure to the data management terminal. The data management determines that the current data query request does not have the client authorization based on the notification of the failure of the client authorization verification.
In one embodiment of the present application, determining that a transaction to which a current data query request relates is a non-customer-private transaction according to a data query transaction code includes: and the data management terminal matches the data inquiry transaction code with a built-in client inquiry privacy transaction code list, and when the client inquiry privacy transaction code list does not have the data inquiry transaction code, the transaction related to the current data inquiry request is determined to be non-client privacy transaction.
It can be understood that the data management terminal may match the data inquiry transaction code with a built-in customer inquiry privacy transaction code list, and when the data inquiry transaction code exists in the customer inquiry privacy transaction code list, determine the transaction related to the current data inquiry request as the customer privacy transaction.
Based on the same inventive concept, the embodiment of the application provides an authorization verification management system based on client privacy protection, and the management system comprises a data inquiry end and a data management end.
The data query end is used for: and acquiring a service authorization code corresponding to the current data query request.
The data query end is used for: sending a client number, a data query transaction code and a service authorization code corresponding to the current data query request to a data management end; determining whether the current data query request meets a preset query condition based on the client number, the data query transaction code and the service authorization code; and when the current data query request meets the preset query condition, the transaction code is queried through the data to obtain a query result, and the query result is returned to the data query end.
In one embodiment of the application, the data query terminal determines whether the current data query request is a new data query request; when the current data query request is not a new data query request, the data query terminal queries a pre-stored historical data query request which is the same as the current data query request, and takes a service authorization code corresponding to the historical data query request as a service authorization code corresponding to the current data query request;
when the current data query request is a new data query request, the data query end sends the personal privacy use scene number, the number of the data query end and the data query transaction code corresponding to the current data query request to the data management end; the data management terminal determines a service authorization code according to the personal privacy use scene number, the number of the data inquiry terminal and the data inquiry transaction code; and the data management terminal returns the determined service authorization code to the data query terminal.
In one embodiment of the application, a data query end locally queries whether a service authorization code matched with a personal privacy use scene number and a data query transaction code corresponding to a current data query request exists; if the query result is yes, determining that the current data query request is a new data query request; and when the query result is negative, determining that the current data query request is not a new data query request.
In an embodiment of the application, when the current data query request has the service authorization code and the transaction related to the current data query request is determined to be a non-customer private transaction according to the data query transaction code, the data management terminal determines that the current data query request meets a preset query condition.
In an embodiment of the present application, when the current data query request does not have the service authorization code, the data management terminal rejects the current data query request.
In an embodiment of the present application, the determining, by the data management terminal, whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code, and the service authorization code includes: the method comprises the steps that a current data query request has a service authorization code, the transaction related to the current data query request is determined to be a client privacy transaction according to the data query transaction code, and when the current data query request has the client authorization, the current data query request is determined to meet a preset query condition.
In one embodiment of the application, a data management end sends a client authorization verification request to an authorization system server end; the authorization system server associates a first service scene number corresponding to the current data query request according to the service authorization code; the authorization system server side inquires a client signing record according to the client number; the authorization system server associates a scene number authorized by the client, a data query transaction code, a data query terminal number and an authorization validity period according to a protocol number in the association of the client subscription record; the authorization system server determines that a first service scene number, a data query transaction code and a data query terminal number corresponding to a current data query request are respectively matched with a scene number authorized by a client, the data query transaction code and the data query terminal number, and determines that the client authorization verification is successful when the time of the current data query request does not exceed the authorization validity period, and sends a notification of the successful client authorization verification to the data management terminal; and the data management determines that the current data query request has the client authorization according to the notification of the successful client authorization verification.
In an embodiment of the application, the data management terminal matches the data inquiry transaction code with a built-in customer inquiry privacy transaction code list, and when no data inquiry transaction code exists in the customer inquiry privacy transaction code list, the transaction related to the current data inquiry request is determined to be non-customer privacy transaction.
In an embodiment of the application, the current data query request does not have a service authorization code, and the data management terminal rejects the current data query request; and when the transaction related to the current data query request is a client privacy transaction and the current data query request does not have client authorization, rejecting the current data query request.
Compared with the prior art, the authorization verification management system based on the client privacy protection can judge the data query request meeting the query condition in advance according to the client number, the data query transaction code and the service authorization code, and only provide data query service for the data query request meeting the query condition, so that the data access behavior is effectively controlled, the abuse risk of external data is reduced, and the privacy of the client is effectively protected.
The authorization verification management system based on the client privacy protection provided by the embodiment of the application has the same inventive concept as the embodiments described above, and the content not shown in detail in the authorization verification management system based on the client privacy protection may refer to the embodiments described above, and is not described again here.
Based on the same inventive concept, the embodiment of the present application further provides a data query end, as shown in fig. 3, the data query end includes a memory 103 and a processor 101, and the processor 101 is in communication connection with the memory 103.
The memory 103 stores a computer program, and when the computer program is executed by the processor 101, the authorization verification management method based on the client privacy protection provided by the above embodiments of the present application is implemented.
Alternatively, the processor 101 and the memory 103 may be connected by a bus 102. Optionally, the speech synthesis server 100 may also include a transceiver 104. It should be noted that the transceiver 104 is not limited to one in practical applications, and the structure of the speech synthesis server 100 is not limited to the embodiment of the present application.
The processor 101 is applied to the embodiment of the present application, and is configured to implement the method shown in the above method embodiment. The transceiver 104 may include a receiver and a transmitter, and the transceiver 104 is applied in the embodiment of the present application and is used for implementing the function of the speech synthesis server 100 of the embodiment of the present application to communicate with other devices when executed.
The Processor 101 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 101 may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs, and microprocessors.
Bus 102 may include a path that conveys information between the aforementioned components. The bus 102 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 102 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.
The Memory 103 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage device, or any other medium that can be used to carry or store a desired computer program in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The data query end provided in the embodiment of the present application has the same inventive concept as that of the foregoing embodiments, and the content not shown in detail in the data query end may refer to the foregoing embodiments, and is not described herein again.
Based on the same inventive concept, the embodiment of the present application further provides a data management end, as shown in fig. 4, the data management end includes a memory 203 and a processor 201, and the processor 201 is communicatively connected to the memory 203.
The memory 203 stores a computer program, and when the computer program is executed by the processor 201, the authorization verification management method based on the client privacy protection provided by the above embodiments of the present application is implemented.
Alternatively, the processor 201 and the memory 203 may be connected by a bus 202. Optionally, the speech synthesis server 200 may further include a transceiver 204. It should be noted that the transceiver 204 is not limited to one in practical applications, and the structure of the speech synthesis server 200 is not limited to the embodiment of the present application.
The processor 201 is applied to the embodiment of the present application, and is configured to implement the method shown in the above method embodiment. The transceiver 204 may include a receiver and a transmitter, and the transceiver 204 is applied in the embodiment of the present application to implement the function of the speech synthesis server 200 of the embodiment of the present application to communicate with other devices when executed.
The Processor 201 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 201 may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs and microprocessors, and the like.
Bus 202 may include a path that transfers information between the aforementioned components. The bus 202 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 202 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
The Memory 203 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage device, or any other medium that can be used to carry or store a desired computer program in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The data management terminal provided in the embodiment of the present application has the same inventive concept as that of the foregoing embodiments, and the content not shown in detail in the data management terminal may refer to the foregoing embodiments, and is not described herein again.
Based on the same inventive concept, embodiments of the present application provide a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps executed by a data query end in the authorization verification management method based on client privacy protection are implemented.
Based on the same inventive concept, another computer-readable storage medium is provided, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the steps performed by a data management end in the authorization verification management method based on client privacy protection are implemented.
The computer-readable storage media provided herein include, but are not limited to, any type of disk including floppy disks, hard disks, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs (Erasable Programmable Read-Only memories), EEPROMs, flash Memory, magnetic cards, or optical cards. That is, a readable medium includes any medium that stores or transmits information in a form readable by a device (e.g., a computer).
The computer-readable storage medium provided in the embodiments of the present application has the same inventive concept as the embodiments described above, and contents not shown in detail in the computer-readable storage medium may refer to the embodiments described above, and are not described herein again.
Those of skill in the art will appreciate that the various operations, methods, steps in the processes, acts, or solutions discussed in this application can be interchanged, modified, combined, or eliminated. Further, other steps, measures, or schemes in various operations, methods, or flows that have been discussed in this application can be alternated, altered, rearranged, broken down, combined, or deleted. Further, steps, measures, schemes in the prior art having various operations, methods, procedures disclosed in the present application may also be alternated, modified, rearranged, decomposed, combined, or deleted.
In the description of the present application, it is to be understood that the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless otherwise specified.
It should be understood that, although the respective steps in the flowcharts of the drawings are sequentially shown based on the indication of the arrow, the steps are not necessarily sequentially performed based on the order indicated by the arrow. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, several modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims (15)

1. An authorization verification management method based on client privacy protection is characterized by comprising the following steps:
a data query end acquires a service authorization code corresponding to a current data query request;
the data query end sends the client number, the data query transaction code and the service authorization code corresponding to the current data query request to a data management end;
the data management end determines whether the current data query request meets a preset query condition based on the customer number, the data query transaction code and the service authorization code;
and when the current data query request meets a preset query condition, the data management terminal acquires a query result based on the data query transaction code and returns the query result to the data query terminal.
2. The authorization verification management method based on client privacy protection according to claim 1, wherein the step of acquiring, by the data query end, the service authorization code corresponding to the current data query request includes:
the data query terminal determines whether the current data query request is a new data query request;
when the current data query request is not a new data query request, the data query terminal queries a pre-stored historical data query request which is the same as the current data query request, and takes a service authorization code corresponding to the historical data query request as a service authorization code corresponding to the current data query request;
when the current data query request is a new data query request, the data query end sends the personal privacy use scene number corresponding to the current data query request, the number of the data query end and the data query transaction code to the data management end; the data management terminal determines a service authorization code according to the personal privacy use scene number, the number of the data query terminal and the data query transaction code; and the data management terminal returns the determined service authorization code to the data query terminal.
3. The authorization verification management method based on client privacy protection as claimed in claim 2, wherein the data query terminal determines whether the current data query request is a new data query request, comprising:
the data query end locally queries whether a service authorization code matched with the personal privacy use scene number corresponding to the current data query request and the data query transaction code exists;
if the query result is yes, determining that the current data query request is a new data query request;
and if the query result is negative, determining that the current data query request is not a new data query request.
4. The authorization verification management method based on client privacy protection as claimed in claim 1, wherein the data management end determines whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code and the service authorization code, and includes:
and when the current data query request has the service authorization code and the transaction related to the current data query request is determined to be non-customer private transaction according to the data query transaction code, determining that the current data query request meets a preset query condition.
5. The method for managing authorization verification based on client privacy protection as claimed in claim 4, wherein determining the transaction related to the current data query request as a non-client privacy transaction according to the data query transaction code comprises:
and the data management terminal matches the data inquiry transaction code with a built-in customer inquiry privacy transaction code list, and when the data inquiry transaction code does not exist in the customer inquiry privacy transaction code list, the transaction related to the current data inquiry request is determined to be non-customer privacy transaction.
6. The method for managing authorization verification based on client privacy protection as claimed in claim 4, further comprising: and when the current data query request does not have the service authorization code, rejecting the current data query request.
7. The authorization verification management method based on client privacy protection as claimed in claim 1, wherein the data management end determines whether the current data query request satisfies a preset query condition based on the client number, the data query transaction code and the service authorization code, and includes:
and when the current data query request has the service authorization code, the transaction related to the current data query request is determined to be a client privacy transaction according to the data query transaction code, and the current data query request has client authorization, determining that the current data query request meets a preset query condition.
8. The method for managing authorization verification based on client privacy protection as claimed in claim 7, wherein the determining that the current data query request has client authorization comprises:
the data management terminal sends a client authorization verification request to an authorization system server terminal;
the authorization system server associates a first service scene number corresponding to the current data query request according to the service authorization code;
the authorization system server side inquires a client signing record according to the client number;
the authorization system server associates a scene number authorized by the client, a data query transaction code, a data query terminal number and an authorization validity period according to a protocol number in the association of the client signing record;
the authorization system server determines that the first service scene number, the data query transaction code and the data query terminal number corresponding to the current data query request are respectively matched with a scene number authorized by a client, a data query transaction code and a data query terminal number, and determines that the client authorization verification is successful when the time of the current data query request does not exceed the authorization validity period, and sends a notification of the successful client authorization verification to the data management terminal;
and the data management determines that the current data query request has client authorization according to the notification of successful client authorization verification.
9. The method for managing authorization verification based on client privacy protection as claimed in claim, wherein determining the transaction related to the current data query request as the client privacy transaction according to the data query transaction code comprises:
and the data management terminal matches the data inquiry transaction code with a built-in customer inquiry privacy transaction code list, and when the data inquiry transaction code exists in the customer inquiry privacy transaction code list, the transaction related to the current data inquiry request is determined to be customer privacy transaction.
10. The method for managing authorization verification based on client privacy protection as claimed in claim 7, further comprising:
when the current data query request does not have the service authorization code, rejecting the current data query request; and
and in the case that the transaction related to the current data query request is a client privacy transaction, rejecting the current data query request when the current data query request does not have client authorization.
11. An authorization verification management system based on client privacy protection, comprising: data query end and data management end
The data query end is used for: acquiring a service authorization code corresponding to the current data query request;
the data query end is used for: sending the client number, the data query transaction code and the service authorization code corresponding to the current data query request to a data management terminal; determining whether the current data query request meets a preset query condition based on the client number, the data query transaction code and the service authorization code; and when the current data query request meets a preset query condition, the transaction code is queried by the data to obtain a query result, and the query result is returned to the data query end.
12. The data query terminal is characterized by comprising a memory and a processor, wherein the processor is connected with the memory in a communication way;
the memory stores a computer program which, when executed by the processor, implements the steps performed by the data querying terminal in the authorization verification management method based on client privacy protection according to any one of claims 1 to 10.
13. The data management terminal is characterized by comprising a memory and a processor, wherein the processor is connected with the memory in a communication way;
the memory stores a computer program which, when executed by the processor, implements the steps performed by the data management terminal in the authorization verification management method based on client privacy protection according to any one of claims 1 to 10.
14. A computer-readable storage medium, wherein the storage medium stores thereon a computer program, and when being executed by a processor, the computer program implements the steps executed by the data query side in the authorization verification management method based on client privacy protection according to any one of claims 1 to 10.
15. A computer-readable storage medium, wherein the storage medium has stored thereon a computer program, which when executed by a processor, implements the steps performed by a data management side in the authorization verification management method based on client privacy protection according to any one of claims 1 to 10.
CN202011510319.0A 2020-12-18 2020-12-18 Authorization verification management method and system based on client privacy protection Pending CN112632493A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011510319.0A CN112632493A (en) 2020-12-18 2020-12-18 Authorization verification management method and system based on client privacy protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011510319.0A CN112632493A (en) 2020-12-18 2020-12-18 Authorization verification management method and system based on client privacy protection

Publications (1)

Publication Number Publication Date
CN112632493A true CN112632493A (en) 2021-04-09

Family

ID=75317988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011510319.0A Pending CN112632493A (en) 2020-12-18 2020-12-18 Authorization verification management method and system based on client privacy protection

Country Status (1)

Country Link
CN (1) CN112632493A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051332A (en) * 2021-04-20 2021-06-29 东莞市盟大塑化科技有限公司 Multi-source data integration method and system based on big data technology

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113051332A (en) * 2021-04-20 2021-06-29 东莞市盟大塑化科技有限公司 Multi-source data integration method and system based on big data technology

Similar Documents

Publication Publication Date Title
US8296232B2 (en) Systems and methods for screening payment transactions
US10430875B2 (en) Integration and enhancement of business systems with external services
US8170953B1 (en) Systems and method for screening payment transactions
US20200050599A1 (en) Self-cleaning token vault
US9552578B2 (en) Method and system for authentication of payment card transactions
CN113469670B (en) System and method for ensuring data transfer risk using tokens
US20070174164A1 (en) Network/Processor Fraud Scoring for Card Not Present Transactions
US20090254476A1 (en) Method and system for managing personal and financial information
WO2020182005A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
CN105264487A (en) System and method of identity verification
US11122049B2 (en) Attribute database system and method
US11868979B2 (en) System and process for electronic payments
US9785949B2 (en) Customer communication analysis tool
US11068898B2 (en) Virtual payment card fraud detection
CN112632493A (en) Authorization verification management method and system based on client privacy protection
US20220012727A1 (en) Personal information management system, personal information management apparatus, personal information management method
US20220129586A1 (en) Methods and systems for processing agency-initiated privacy requests
KR20200075406A (en) System for corporate card cost processing and method thereof
CN108573004B (en) Insurance-based service information processing method and device
US11763299B2 (en) Advanced methods, systems and devices for registering information in a database
KR100517441B1 (en) Method for portrait mutual certification and computer readable record medium on which program therefor is recorded
US20230013949A1 (en) Interactive user interface systems and methods for analyzing transaction attributes and dispute information using blockchain
US20190087824A1 (en) System and method for mitigating effects of identity theft
US20150347518A1 (en) Associate communication analysis tool
US20230125814A1 (en) Credit score management apparatus, credit score management method, and computer readable recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination