CN112818308A - Method, system, device and computer readable medium for data acquisition - Google Patents
Method, system, device and computer readable medium for data acquisition Download PDFInfo
- Publication number
- CN112818308A CN112818308A CN202110239126.4A CN202110239126A CN112818308A CN 112818308 A CN112818308 A CN 112818308A CN 202110239126 A CN202110239126 A CN 202110239126A CN 112818308 A CN112818308 A CN 112818308A
- Authority
- CN
- China
- Prior art keywords
- data
- data acquisition
- demander
- authorization
- acquired
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention discloses a method, a system, equipment and a computer readable medium for data acquisition, and relates to the technical field of computers. One embodiment of the method comprises: in response to a data request sent by a data demander, a data authorization system determines whether the data demander has permission to use data acquired by a data acquisition device; if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain; if so, the data is sent by the data acquisition device to the data demander. The implementation method can reduce the risk of data leakage, and then ensures data safety.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, a system, a device, and a computer-readable medium for data acquisition.
Background
With the development of society, the number of the elderly people in China is gradually increased, and the age of long life comes, so that the care of the elderly people becomes an important social demand.
To serve the elderly, it is essential to deploy a large number of sensors to capture the data. The data related to the elderly are various, cover multiple aspects such as medical treatment, health, environment and the like, and are closely related to personal privacy.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art: sensors capture a large amount of data, but the risk of data leakage is large.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, a system, a device, and a computer readable medium for data acquisition, which can reduce the risk of data leakage, thereby ensuring data security.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a data acquisition method, including:
in response to a data request sent by a data demander, a data authorization system determines whether the data demander has permission to use data acquired by a data acquisition device;
if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain;
if so, the data is sent by the data acquisition device to the data demander.
The data acquisition device determines whether the data demander has the authority to use the data acquired by the data acquisition device again according to the authority information and a user authorization protocol acquired from the block chain, and the method further comprises the following steps:
storing a user authorization protocol in the blockchain, wherein the user authorization protocol comprises one or more of the following parameters, authorization data type identification, authorization service type identification, access equipment IP, access equipment identification and authorization duration.
The data acquisition device determines whether the data demander has the authority to use the data acquired by the data acquisition device again according to the authority information and a user authorization protocol acquired from the block chain, and the method further comprises the following steps:
and the data acquisition equipment successfully verifies the authority information sent by the data authorization system.
The successful verification of the authority information sent by the data authorization system by the data acquisition equipment comprises the following steps:
the data acquisition equipment successfully verifies the authority information sent by the data authorization system through a private key, wherein the authority information is encrypted by the authorization system through a public key corresponding to the private key.
The data acquisition device determines again whether the data demander has the authority to use the data acquired by the data acquisition device according to the authority information and a user authorization protocol acquired from the blockchain, and the method comprises the following steps:
and determining whether the authority information is within the user authorization protocol range according to the authority information and the user authorization protocol acquired from the block chain.
Before the data acquisition device sends the data to the data demander, the method comprises the following steps:
and the data acquisition equipment is successfully connected with the data demand party and informs the data authorization system.
The method further comprises the following steps:
and acquiring the data acquired by the data acquisition equipment according to the data demander, and inquiring the data demander revealing the data.
According to a second aspect of the embodiments of the present invention, there is provided a data acquisition system including:
the data authorization system is used for responding to a data request sent by a data demander and determining whether the data demander has the authority of using the data acquired by the data acquisition equipment; if yes, sending authority information to the data acquisition equipment;
the data acquisition equipment is used for determining whether the data demander has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain; if so, the data is sent to the data demander.
According to a third aspect of the embodiments of the present invention, there is provided an electronic device for data acquisition, including:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method as described above.
According to a fourth aspect of embodiments of the present invention, there is provided a computer readable medium, on which a computer program is stored, which when executed by a processor, implements the method as described above.
One embodiment of the above invention has the following advantages or benefits: in response to a data request sent by a data demander, a data authorization system determines whether the data demander has permission to use data acquired by a data acquisition device; if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain; if so, the data is sent by the data acquisition device to the data demander. After the data authorization system and the data acquisition equipment are subjected to double verification, the data acquisition equipment can send acquired data, and then the risk of data leakage is reduced.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of a main flow of a method of data acquisition according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an application scenario of data acquisition according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a user authorization protocol structure according to an embodiment of the invention;
FIG. 4 is a flow chart illustrating a data collection device determining that a data consumer has permission to use data collected by the data collection device, in accordance with an embodiment of the present invention;
FIG. 5 is a schematic diagram of the main structure of a data acquisition system according to an embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 7 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The collection of a large amount of data can not be left for the intelligent endowment of the community, and through the collection of the data, the endowment service provider can provide the personalized endowment service for the old. However, these data are often related to personal privacy, and if the data are abused or leaked, great safety hazards and economic losses are caused.
The existing data security technology is mostly executed at a cloud end and a storage end, and comprises a plurality of security protocols, security environments, equipment admission mechanisms and the like, but intervention from a data generation stage is rarely performed, and the risk of data leakage is high. Meanwhile, the user cannot control the use range of the data of the user, and the data is easily abused.
In order to solve the risk of data leakage and the problem of data abuse, the following technical scheme in the embodiment of the invention can be adopted.
Referring to fig. 1, fig. 1 is a schematic diagram of a main flow of a data acquisition method according to an embodiment of the present invention, and the data acquisition device sends acquired data to a data demand party after the double verification of the data authorization system and the data acquisition device is successful. As shown in fig. 1, the method specifically comprises the following steps:
s101, responding to a data request sent by a data demand party, and determining whether the data demand party has the authority of using the data collected by the data collection equipment or not by the data authorization system.
Referring to fig. 2, fig. 2 is a schematic diagram of an application scenario of data acquisition according to an embodiment of the present invention, where the scenario includes a data demander, a data authorization system, and a data acquisition device.
The data demander is a terminal that requests data. As an example, the data demander is an Application (APP) in a mobile terminal. As another example, the data consumer is a hardware device. It is understood that the data consumers may be either software or hardware.
A data authorization system is a system that validates data requests. As one example, the data authorization system is located in the cloud. As another example, the data authorization system is located in the same device as the data acquisition device.
The data acquisition device is a device that detects user data and interacts with user data. As an example, the data acquisition device is a sensor, in particular a camera or a thermometer. As one example, the data acquisition device is a wearable device that is mounted to the body of the user. Such as: a smart watch or a heart rate belt. It should be noted that, in the embodiment of the present invention, the data acquisition device may interact with the data demander and the data authorization system, in addition to the function of detecting the user data of the existing data acquisition device.
In the embodiment of the present invention, in the process of verifying the data request, the verification is specifically implemented by using a user authorization protocol.
The user authorization protocol is briefly described below. A user authorization protocol is a protocol that a user subscribes to a data authorization system for using data. The range that the subscriber data can be used is agreed.
As one example, the user authorization protocol includes one or more of an authorization data type identifier, an authorization service type identifier, an access device IP, an access device identifier, and an authorization deadline. The range of use of the user data may be defined by the above parameters in the user authorisation protocol.
To ensure that the user authorization protocol is not tampered with, the user authorization protocol is stored in the blockchain.
Referring to fig. 3, fig. 3 is a schematic diagram of a structure of a user authorization protocol according to an embodiment of the present invention. In fig. 3, the user authorization protocol includes an authorization data type identifier, an authorization service type identifier, an access device IP, an access device identifier, and an authorization deadline.
The user carries out private key signature on the user authorization protocol through the embedded device or the mobile device, namely, the user digital signature. The data authorization system signs the private key, namely the signature of the data authorization system. And finally, storing the user authorization protocol signed by the user digital signature and the data authorization system into the block chain. As one example, a user authorization protocol signed by a user digital signature and a data authorization system may be stored in a private data private blockchain.
That is, a user authorization protocol is stored in the blockchain, and the user authorization protocol includes one or more of the following parameters, an authorization data type identifier, an authorization service type identifier, an access device IP, an access device identifier, an authorization deadline, and the like.
In one embodiment of the present invention, in order to determine that the data demanding party has the authority to use the data collecting device and the authority information, the authority can be determined by the parameters in the user authorization protocol and the data request.
Specifically, the data request sent by the data consumer includes parameters. As an example, the parameters in the data request include a user identification, a service type identification, and an access device identification.
The data authorization system determines whether the data consumer has permission to use the data collected by the data collection device. And the data authorization system determines whether the data demander has the authority to use the data acquired by the data acquisition equipment according to preset judgment logic.
As an example, the preset judgment logic includes whether the type to which the service type identifier belongs is consistent with the type to which the access device identifier belongs. The service type identifier of the service request is a device management service, and the access device identifier belongs to a health service. And determining that the data requiring party does not have the authority of using the data acquired by the data acquisition equipment because the type of the service type identifier is inconsistent with the type of the access equipment identifier.
As another example, the preset judgment logic includes whether the type to which the service type identifier belongs is consistent with the type to which the access device identifier belongs. And if the service type identifier of the service request is a blood sample data management application and the access equipment identifier belongs to a health service, determining that the data demand party has the authority to use the data acquired by the data acquisition equipment.
The authority information is limitation information of data acquired by the data acquisition device by the data demander. As one example, after the data authorization system determines that the data consumer has permission to use the data collected by the data collection device, permission information is established based on the data request. The authority information includes one or more of user identification, limited time, limited application, limited device, and the like.
In an embodiment of the present invention, after determining that the data demander has the right to use the data acquired by the data acquisition device, the data authorization system may further send the block number where the user data contract is located. A plurality of blocks are included in the block chain, each block being identified by a block number. In order to facilitate the data acquisition device to obtain the user authorization protocol from the blockchain in time to verify the data request, the block number where the user data contract is located may be sent to the data acquisition device.
And S102, if so, the data authorization system sends the authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and the user authorization protocol acquired from the block chain.
If so, namely after the data authorization system determines that the data demander has the authority to use the data acquired by the data acquisition device, the authority information can be sent to the data acquisition device and reviewed by the data acquisition device.
After the data authorization system determines that the data demander does not have the right to use the data collected by the data collection device, the data request of the data demander is refused.
First, the data acquisition device needs to authenticate the data authorization system. And under the condition that the data acquisition equipment successfully verifies the data authorization system, the data acquisition equipment rechecks the authority information.
In one embodiment of the invention, the data acquisition device needs to verify the authority information sent by the data authorization system. As an example, the successful verification of the authority information sent by the data authorization system by the data collection device includes: and the data acquisition equipment verifies the data authorization system through the authority information. In specific implementation, a private key is stored in the data acquisition device, the private key corresponds to a public key used for encrypting the authority information, and the public key is stored in the data authorization system. Further, the data acquisition equipment successfully decrypts the authority information sent by the authorization system through the private key of the data acquisition equipment, and then the verification is successful; otherwise, the data acquisition equipment fails to decrypt the authority information sent by the authorization system through the private key, and the verification fails. It will be appreciated that the rights information is encrypted by the authorization system using a public key corresponding to the private key of the data collection device.
In another embodiment of the invention, the data acquisition device verifies the data authorization system with the entitlement information. In a specific implementation, the data acquisition device obtains a public key of the data authorization system, the public key may be issued by the data authorization system or may be issued by a third-party trusted system, and the data acquisition device may store the public key for multiple verification and may apply for the public key when a verification process occurs. The public key corresponds to a private key for the data authorization system, which is stored in the data authorization system. Further, the data acquisition equipment verifies that the authority information of the private key signature sent by the authorization system is true through the obtained public key, and the verification is successful; otherwise, the data acquisition device finds that the authority information signature sent by the authorization system is false through the public key, and the verification fails. It is understood that the authorization system signs the authorization information with its own private key.
Then, the data acquisition device rechecks the authority information under the condition that the data acquisition device successfully verifies the data authorization system.
Referring to fig. 4, fig. 4 is a schematic flow chart of the data collecting device determining that a data demander has authority to use data collected by the data collecting device according to the embodiment of the present invention, which specifically includes the following steps:
s401, according to the authority information and the user authorization protocol acquired from the block chain, determining that the authority information is within the user authorization protocol range.
And the data acquisition equipment acquires the user authorization protocol from the block chain based on the user identification or the block number identification. And determining that the authority information belongs to the user authorization protocol according to the authority information and the user authorization protocol acquired from the block chain. Such as: the limited time belongs to an authorization deadline in a user authorization protocol, the limited application belongs to an authorization service type, and the limited device belongs to an access device. That is, it is determined that the rights information is within the user authorization protocol.
S402, the data acquisition equipment is successfully connected with the data demand side, and the data authorization system is informed to determine that the data demand side has the authority of using the data acquired by the data acquisition equipment again.
The data acquisition equipment determines that the authority information is within the range of the user authorization protocol, handshakes with the data demand party, is successfully connected with the data demand party, and informs the data authorization system. The notification data authorization is intended to inform that it is again determined that the data consumer has the right to use the data collected by the data collection device. The data demander then sends the data destination, such as an IP and a port, to the data collection device for the data collection device to send the collected data to the data demander.
Correspondingly, the data acquisition equipment determines that the authority information is not in the range of the user authorization protocol, and informs the data authorization system to determine that the data demand party does not have the authority to use the data acquired by the data acquisition equipment.
In the embodiment of fig. 4, the data collection device again determines that the data consumer has permission to use the data collected by the data collection device based on the user authorization protocol obtained from the blockchain. And then intervene from the data generation phase, thereby reducing the risk of data leakage.
And S103, if so, sending the data acquired by the data acquisition equipment to a data demand side by the data acquisition equipment.
After the data authorization system determines that the data demander has the authority to use the data acquired by the data acquisition equipment, the data acquisition equipment determines that the data demander has the authority to use the data acquired by the data acquisition equipment again, and the data acquisition equipment sends the data acquired by the data acquisition equipment to the data demander.
If so, the data collection device again determines that the data consumer has permission to use the data collected by the data collection device.
After the data authorization system determines that the data demander has the authority to use the data acquired by the data acquisition equipment, the data acquisition equipment determines that the data demander does not have the authority to use the data acquired by the data acquisition equipment, and then the data acquisition equipment does not send the data acquired by the data acquisition equipment to the data demander.
In one embodiment of the invention, the data collected by the data collection device is sent on demand, that is, the data collection device sends the collected data on a sending request only after receiving the sending request, so as to reduce the time of data exposure. That is, after receiving a sending request from a data demander, the data acquisition device sends data acquired by the data acquisition device.
In the application process in the embodiment of the present invention, the following two ways are available for stopping sending the data collected by the data collection device. The first method is as follows: the authorized time is reached. The second method comprises the following steps: the data demand direction sends an interrupt message to the data acquisition device. And after the data acquisition equipment receives the interrupt message, the data acquisition equipment stops sending the acquired data and then informs a data authorization system.
In one embodiment of the invention, the data authorization system not only judges whether the data demand side has the authority to use the data collected by the data collection device, but also records the use condition of the data collected by the data collection device. As one example, the record includes an access device identification, a traffic type identification, and a service time.
The purpose of the data authorization system to record the use condition of the data is as follows: and searching a data demander revealing the data. Namely, the data acquired by the data acquisition equipment is acquired according to the data demander, and the data demander which reveals the data is inquired.
The data authorization system follows the parameters recorded in the leaked data, such as: the access device identification and/or access time may be queried for the data consumer. The inquired data demander is a data demander which reveals data.
In the above embodiment, in response to a data request sent by a data demander, the data authorization system determines whether the data demander has the right to use data acquired by the data acquisition device; if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain; if so, the data is sent by the data acquisition device to the data demander. After the data authorization system and the data acquisition equipment are subjected to double verification, the data acquisition equipment can send acquired data, and then the risk of data leakage is reduced.
The following specifically describes an exemplary application of the technical solution in the embodiment of the present invention in an elderly community.
There are a large number of sensors in the endowment community, collect data about the user: physiological sign data such as blood pressure, heart rate, etc.; environmental parameters such as temperature, humidity, light, etc.; and audio and video data from cameras, microphones, etc. The data are closely related to key operation indexes of user privacy and aged-care communities, and once the data are disclosed, the consequences are unreasonable. Meanwhile, the aged-care community masters a large amount of user data, and the user right is guaranteed while better service is provided for the client by using the data on the premise of guaranteeing the user right.
By adopting the technical scheme in the embodiment of the invention, the data acquisition equipment is specifically a sensor. Firstly, the data collected by the sensor is used to be agreed by a user, and meanwhile, the use range and the use time of the data are limited, and the limited parameters can be embodied in a user authorization protocol.
Secondly, the data demand side needs to be verified by the data authorization system firstly and then verified by the sensor, and the data can be acquired from the sensor after the two verifications are successful. Otherwise, the sensor will reject the data request and manage the use of the data from the source.
As an example, the elderly community needs to detect the daily blood pressure of the elderly and analyze the health condition of the elderly, which belong to the private data of the elderly.
Firstly, the old people sign a user authorization protocol on a mobile phone or a special embedded device to appoint the range and the period of data use. The user authorization protocol is validated through a data authorization system of the endowment community and a user digital signature and is stored in the block chain.
When an application of the health management system, namely a data demander, is: the health management app of the old people applies for the use permission to the data authorization system when needing to use the blood pressure data of the old people. And after the data authorization system confirms that the data request has the authority of using the data collected by the intelligent blood pressure meter, informing the intelligent blood pressure meter of the authority information. And inquiring a user authorization protocol on the block chain by the intelligent blood pressure meter, confirming that the data request has the authority of using the data acquired by the intelligent blood pressure meter again, and then performing handshake communication between the intelligent blood pressure meter and the health management app to start transmitting the data acquired by the intelligent blood pressure meter. When the health management app receives enough data, the connection is disconnected. The intelligent blood pressure meter informs the data authorization system, and the data authorization system records the data use condition.
If illegal equipment wants to acquire data acquired by the sensor, the data is blocked on a data authorization system; if the data authorization system receives the attack, the sensor can also carry out secondary confirmation and refuse the illegal request. After the whole secondary verification process is completed, the data can enter the network, and the data exposure time is reduced.
When a data leakage accident occurs, a leakage clue can be searched for through the authorization record of the data authorization system.
Referring to fig. 5, fig. 5 is a schematic diagram of a main structure of a data acquisition system according to an embodiment of the present invention, where the data acquisition system may implement a data acquisition method, as shown in fig. 5, the data acquisition system specifically includes:
the data authorization system 501 is used for responding to a data request sent by a data demander and determining whether the data demander has the authority to use the data acquired by the data acquisition equipment; if yes, sending authority information to the data acquisition equipment;
the data acquisition equipment 502 is used for determining whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and the user authorization protocol acquired from the block chain; if so, the data is sent to the data demander.
In an embodiment of the present invention, the data authorization system 501 is further configured to store a user authorization protocol in the blockchain, where the user authorization protocol includes one or more of the following parameters, an authorization data type identifier, an authorization service type identifier, an access device IP, an access device identifier, and an authorization deadline.
In one embodiment of the present invention, the data collection device 502 successfully verifies the authorization information sent by the data authorization system.
In an embodiment of the present invention, the data acquisition device 502 successfully verifies, by using a private key, the authority information sent by the data authorization system, where the authority information is encrypted by using a public key corresponding to the private key by the authorization system.
In an embodiment of the present invention, the data collecting device 502 determines that the authority information is within the user authorization protocol range according to the authority information and the user authorization protocol obtained from the blockchain.
In one embodiment of the present invention, the data collection device 502 successfully connects with the data consumer and notifies the data authorization system.
In an embodiment of the present invention, the data authorization system 501 queries the data demander that leaks the data according to the data demander acquiring the data acquired by the data acquisition device.
Fig. 6 illustrates an exemplary system architecture 600 of a data acquisition system or method of data acquisition to which embodiments of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 serves to provide a medium for communication links between the terminal devices 601, 602, 603 and the server 605. Network 604 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 601, 602, 603 to interact with the server 605 via the network 604 to receive or send messages or the like. The terminal devices 601, 602, 603 may have installed thereon various communication client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (for example only) providing support for shopping websites browsed by users using the terminal devices 601, 602, 603. The backend management server may analyze and perform other processing on the received data such as the product information query request, and feed back a processing result (for example, target push information, product information — just an example) to the terminal device.
It should be noted that the method for data acquisition provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the data acquisition system is generally disposed in the server 605.
It should be understood that the number of terminal devices, networks, and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a data module, an acquisition module, and a control module. The names of these modules do not limit the modules themselves in some cases, for example, a data module may also be described as a "module that controls a data authorization system to determine that a data demander has authority and authority information to use data collected by a data collection device according to a user authorization protocol acquired from a blockchain in response to a data request sent by the data demander".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise:
in response to a data request sent by a data demander, a data authorization system determines whether the data demander has permission to use data acquired by a data acquisition device;
if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain;
if so, the data is sent by the data acquisition device to the data demander.
According to the technical scheme of the embodiment of the invention, in response to a data request sent by a data demander, a data authorization system determines whether the data demander has the authority to use data acquired by data acquisition equipment; if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain; if so, the data is sent by the data acquisition device to the data demander. After the data authorization system and the data acquisition equipment are subjected to double verification, the data acquisition equipment can send acquired data, and then the risk of data leakage is reduced.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method of data acquisition, comprising:
in response to a data request sent by a data demander, a data authorization system determines whether the data demander has permission to use data acquired by a data acquisition device;
if so, the data authorization system sends authority information to the data acquisition equipment, and the data acquisition equipment determines whether the data demand party has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain;
if so, the data is sent by the data acquisition device to the data demander.
2. The method of claim 1, wherein the data collection device determines again whether the data consumer has the right to use the data collected by the data collection device according to the right information and a user authorization protocol obtained from a blockchain, and further comprising:
storing a user authorization protocol in the blockchain, wherein the user authorization protocol comprises one or more of the following parameters, authorization data type identification, authorization service type identification, access equipment IP, access equipment identification and authorization duration.
3. The method of claim 1, wherein the data collection device determines again whether the data consumer has the right to use the data collected by the data collection device according to the right information and a user authorization protocol obtained from a blockchain, and further comprising:
and the data acquisition equipment successfully verifies the authority information sent by the data authorization system.
4. The method for data acquisition according to claim 3, wherein the successful verification of the authority information sent by the data authorization system by the data acquisition device comprises:
the data acquisition equipment successfully verifies the authority information sent by the data authorization system through a private key, wherein the authority information is encrypted by the authorization system through a public key corresponding to the private key.
5. The method of claim 1, wherein the data acquisition device determines again whether the data consumer has the right to use the data acquired by the data acquisition device according to the right information and a user authorization protocol obtained from a blockchain, and the determining comprises:
and determining whether the authority information is within the user authorization protocol range according to the authority information and the user authorization protocol acquired from the block chain.
6. The method of claim 1, wherein prior to sending the data to the data consumer by the data collection device, the method comprises:
and the data acquisition equipment is successfully connected with the data demand party and informs the data authorization system.
7. The method of data acquisition as claimed in claim 1, further comprising:
and acquiring the data acquired by the data acquisition equipment according to the data demander, and inquiring the data demander revealing the data.
8. A data acquisition system, comprising:
the data authorization system is used for responding to a data request sent by a data demander and determining whether the data demander has the authority of using the data acquired by the data acquisition equipment; if yes, sending authority information to the data acquisition equipment;
the data acquisition equipment is used for determining whether the data demander has the authority to use the data acquired by the data acquisition equipment again according to the authority information and a user authorization protocol acquired from the block chain; if so, the data is sent to the data demander.
9. An electronic device for data acquisition, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110239126.4A CN112818308A (en) | 2021-03-04 | 2021-03-04 | Method, system, device and computer readable medium for data acquisition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110239126.4A CN112818308A (en) | 2021-03-04 | 2021-03-04 | Method, system, device and computer readable medium for data acquisition |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112818308A true CN112818308A (en) | 2021-05-18 |
Family
ID=75862796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110239126.4A Pending CN112818308A (en) | 2021-03-04 | 2021-03-04 | Method, system, device and computer readable medium for data acquisition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112818308A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050091507A1 (en) * | 2003-10-22 | 2005-04-28 | Samsung Electronics Co., Ltd. | Method and apparatus for managing digital rights using portable storage device |
| CN106162520A (en) * | 2015-04-28 | 2016-11-23 | 中国移动通信集团公司 | Health and fitness information processing method, health and fitness information collecting device, terminal unit and system |
| KR20170093429A (en) * | 2016-02-05 | 2017-08-16 | 한전케이디엔주식회사 | Power Control System for Urgent Situation |
| US20180358113A1 (en) * | 2015-11-24 | 2018-12-13 | Koninklijke Philips N.V. | Two-factor authentication in a pulse oximetry system |
| CN111046427A (en) * | 2019-12-13 | 2020-04-21 | 北京启迪区块链科技发展有限公司 | Block chain-based data access control method, device, equipment and medium |
| CN111064718A (en) * | 2019-12-09 | 2020-04-24 | 国网河北省电力有限公司信息通信分公司 | Dynamic authorization method and system based on user context and policy |
| US20200169387A1 (en) * | 2019-07-31 | 2020-05-28 | Alibaba Group Holding Limited | Blockchain-based data authorization method and apparatus |
| CN111741036A (en) * | 2020-08-28 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Trusted data transmission method, device and equipment |
| CN111767527A (en) * | 2020-07-07 | 2020-10-13 | 杭州云链趣链数字科技有限公司 | Block chain-based data authority control method and device and computer equipment |
-
2021
- 2021-03-04 CN CN202110239126.4A patent/CN112818308A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050091507A1 (en) * | 2003-10-22 | 2005-04-28 | Samsung Electronics Co., Ltd. | Method and apparatus for managing digital rights using portable storage device |
| CN106162520A (en) * | 2015-04-28 | 2016-11-23 | 中国移动通信集团公司 | Health and fitness information processing method, health and fitness information collecting device, terminal unit and system |
| US20180358113A1 (en) * | 2015-11-24 | 2018-12-13 | Koninklijke Philips N.V. | Two-factor authentication in a pulse oximetry system |
| KR20170093429A (en) * | 2016-02-05 | 2017-08-16 | 한전케이디엔주식회사 | Power Control System for Urgent Situation |
| US20200169387A1 (en) * | 2019-07-31 | 2020-05-28 | Alibaba Group Holding Limited | Blockchain-based data authorization method and apparatus |
| CN111064718A (en) * | 2019-12-09 | 2020-04-24 | 国网河北省电力有限公司信息通信分公司 | Dynamic authorization method and system based on user context and policy |
| CN111046427A (en) * | 2019-12-13 | 2020-04-21 | 北京启迪区块链科技发展有限公司 | Block chain-based data access control method, device, equipment and medium |
| CN111767527A (en) * | 2020-07-07 | 2020-10-13 | 杭州云链趣链数字科技有限公司 | Block chain-based data authority control method and device and computer equipment |
| CN111741036A (en) * | 2020-08-28 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Trusted data transmission method, device and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110245144B (en) | Protocol data management method, device, storage medium and system | |
| US9736146B2 (en) | Embedded extrinsic source for digital certificate validation | |
| CN110636043A (en) | File authorization access method, device and system based on block chain | |
| CN110611657A (en) | File stream processing method, device and system based on block chain | |
| CN103795702A (en) | Transit control for data | |
| CN113271296B (en) | Login authority management method and device | |
| CN111914229A (en) | Identity authentication method and device, electronic equipment and storage medium | |
| CN110557255A (en) | certificate management method and device | |
| CN112073421A (en) | Communication processing method, communication processing device, terminal and storage medium | |
| CN112489760B (en) | Prescription processing method and system based on distributed identity authentication | |
| CN113434882A (en) | Communication protection method and device of application program, computer equipment and storage medium | |
| CN110825815A (en) | Cloud note system information processing method, equipment and medium based on block chain | |
| CN110851210A (en) | Interface program calling method, device, equipment and storage medium | |
| CN112818308A (en) | Method, system, device and computer readable medium for data acquisition | |
| CN116502189A (en) | Software authorization method, system, device and storage medium | |
| CN112966287B (en) | Method, system, device and computer readable medium for acquiring user data | |
| EP3975015A1 (en) | Applet package sending method and device, electronic apparatus, and computer readable medium | |
| CN114048498A (en) | Data sharing method, device, equipment and medium | |
| CN113761566A (en) | Data processing method and device | |
| CN110659476A (en) | Method and apparatus for resetting password | |
| CN113132115B (en) | Certificate switching method, device and system | |
| CN116095671B (en) | Resource sharing method based on meta universe and related equipment thereof | |
| CN113420331B (en) | Method and device for managing file downloading permission | |
| CN113676482B (en) | Data transmission system and method and data transmission system and method based on double-layer SSL | |
| CN112261659B (en) | Control method and device for terminal and server, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |