CN113342900B - Block chain-based personal information authorization method and system - Google Patents
Block chain-based personal information authorization method and system Download PDFInfo
- Publication number
- CN113342900B CN113342900B CN202110878542.9A CN202110878542A CN113342900B CN 113342900 B CN113342900 B CN 113342900B CN 202110878542 A CN202110878542 A CN 202110878542A CN 113342900 B CN113342900 B CN 113342900B
- Authority
- CN
- China
- Prior art keywords
- personal information
- user
- chain
- authorization
- alliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention discloses a block chain-based personal information authorization method, which comprises the following steps: uploading personal information to a first alliance chain by a first user; the first user uploads a personal information authorization protocol to a second alliance chain; the first user downloads the personal information authorization protocol through the second alliance chain, and verifies the request of the second user according to the personal information authorization protocol; the first user sends time-limited and/or time-limited first alliance link access authorization to the second user according to the verification result; and the second user accesses the first alliance chain and obtains the personal information of the first user. The invention also discloses a personal information authorization system based on the block chain. According to the block chain-based personal information authorization method and system, information interaction relations between two alliance chains and a public chain are configured, personal information storage and authorization uplink are achieved, personal information leakage risks are reduced, and balance between efficiency and safety in personal information authorization is sought.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a block chain-based personal information authorization method and system.
Background
In order to secure personal information data, the following regulations are made by relevant laws and regulations: the method is formulated in order to standardize data processing activities, guarantee data security, promote data development and utilization, protect legal rights and interests of individuals and organizations, and maintain the ownership, security and development interests of the country; the country protects the rights and interests of individuals and organizations related to data, encourages the reasonable and effective utilization of the data according to law, ensures the ordered and free flow of the data according to law, and promotes the digital economic development taking the data as a key element.
In the prior art, the current mode of the personal information authorization process is usually an offline process, a related protocol is signed, or an online process is provided for platform information by a person, and then the platform completes assistance to perform application-level authorization. In the whole process, the authorization protocol records the personal information and the authorization information through off-line paper documents or by using the traditional database technology. The main authorization method is as follows:
the method comprises the following steps: during the on-line operation process of individuals, the authorization protocol file is signed on site, and the scene is mainly in the processes of physical examination and the like;
the second method comprises the following steps: when a person uses the APP or the platform, authorization is carried out through a privacy protocol;
the third method comprises the following steps: when an individual uses the APP or the platform, when the platform needs to obtain specific information, the user is prompted to authorize the data. The platform then records the authorization and obtains the use through the initial authorization information when the third party uses it.
Regarding the storage of protocols and personal information preservation, the main methods are as follows:
the method comprises the following steps: storing and archiving the paper document of the authorization protocol, and inputting the paper document into an informatization system;
the second method comprises the following steps: the authorization protocol stores the personal authorization state of the user and the information of the authorized user in the above process, and the user uses the inquiry authorization protocol and records the inquiry authorization protocol through the traditional database. The personal information only needs to be stored through a traditional database, and the stored content may involve data desensitization or encryption and other technologies.
However, when the above-mentioned technology is used for public services such as smart communities, the number of the involved servers and operators is large, and the data security risk is large through the traditional personal information authorization method.
In the prior art, chinese patent application No. 202011136009.7 discloses a method, a system, and a storage medium for storing and monitoring personal information based on a block chain, wherein the method, the system, and the storage medium for storing and monitoring personal information based on a block chain comprise: creating a credit granting management server, taking the credit granting management server as a core node, and taking a plurality of storage servers with personal information as accounting nodes, wherein each accounting node is interacted with the core node, and all the accounting nodes are interacted with each other to form a personal information storage block chain; interacting with each accounting node and core node of the personal information storage area block chain through the personal information credit granting management terminal; and according to the request of the third-party application program, after the authorization authentication is carried out between the trust management server and the personal information authorization management terminal, the personal information data sequence is sent to the third-party application program.
It can be seen from the prior art that, although the blockchain technology is applied to the authorization of personal information in the prior art, a unified management server is adopted as a mode for accessing a blockchain to a node, so that on one hand, authorization information and personal information in the management server are concentrated, and if the node of the management server is broken, the authorization information and the personal information are completely leaked; on the other hand, the management server interacts directly with third-party applications, so that the management server itself is also at risk of being attacked. In summary, the prior art only provides an idea of using a block chain to store personal information, and a basic authorization principle of the prior art still adopts a central management mode, so that data security cannot be guaranteed.
Disclosure of Invention
The invention aims to solve the technical problem that the data security cannot be ensured by authorizing personal information or adopting a central management mode in the prior art, and aims to provide a block chain-based personal information authorization method and a block chain-based personal information authorization system to solve the problem.
The invention is realized by the following technical scheme:
in one aspect, the embodiment of the invention discloses a block chain-based personal information authorization method, which comprises the following steps:
uploading personal information to a first alliance chain by a first user;
when a second user and a first user reach a personal information authorization protocol in a public chain, the first user uploads the personal information authorization protocol to a second alliance chain;
when the second user requests personal information from the first user through a public chain, the first user downloads the personal information authorization protocol through a second alliance chain, and verifies the request of the second user according to the personal information authorization protocol;
the first user sends time-limited and/or time-limited first alliance link access authorization to the second user according to the verification result;
and the second user accesses the first alliance chain according to the first alliance chain access authorization, and acquires the first user personal information corresponding to the personal information authorization protocol and the request of the second user from the first alliance chain.
In the prior art, at present, how to guarantee personal rights and interests and guarantee data use compliance and use safety are highly required in the process that personal information flows inside and between platforms, and the conventional method has the following problems:
1. the informatization degree of the personal information data authorization flow is low:
at present, most personal information authorization still passes through a privacy agreement or a paper confirmation term, the process authorizes the personal information in an unclear or single style, and the process of authorizing the personal information by an individual is vague;
2. the personal information data is difficult to use and record after being authorized:
after the personal information data is authorized through the above-mentioned procedure, it is difficult to grasp the exact range of the use of the personal information data by the user, the time of use, and the related situation of the user. Especially point-to-point authorization is difficult. While the individual is not aware of authorized data usage during this process;
3. after the personal information data is authorized, the data content is difficult to be changed:
after the personal information data is authorized, the personal information data actually changes along with the advancing of time and the use process of scenes, such as medical health data, and the like, and how to adjust the authorized content after the authorized content is changed to ensure the accuracy of the personal information provides higher challenges for providing subsequent accurate services for data users;
4. personal information data deauthorization difficulty:
after the personal information data is authorized through the above-mentioned process, especially after the off-line authorization process, it is difficult to terminate the authorization in the process, maintain the security of the personal information, and so on.
Therefore, a series of technologies such as personal information storage authorization and the like by using a block chain technology appear in the prior art, a block chain is a related term of the information technology, is used for a database for recording and sharing accounts in a distributed manner, and has the characteristics of decentralization, no tampering, trace retention in the whole process, traceability, collective maintenance, openness and transparency and the like. The characteristics ensure the honesty and the transparency of the block chain and lay a foundation for creating trust for the block chain. Mainly solves the cooperative trust and consistent heartbeat among a plurality of subjects. However, when the personal information storage authorization is performed through the block chain technology in the prior art, since the mode that the management server directly transmits the authorization information and the personal information is still adopted, although the personal information transmission speed can be improved, the risk of information leakage is increased.
When the embodiment of the invention is implemented, a mode of combining the alliance chain and the public chain is adopted to store and authorize the personal information; wherein the first federation chain is configured to store personal information and the second federation chain is configured to store an authorization protocol; in the embodiment of the invention, the first user is a personal information provider generally, and the second data is a personal information demander generally; the completion of the personal information authorization protocol of the first user and the second user is completed in a public chain, an authorization server or a management server is not required to be configured in the public chain, the public chain only plays a role in information security interaction, for the public chain, the attack of one node cannot influence the personal information authorization protocol, and therefore the process of transmitting the personal information authorization protocol in the public chain is considered to be safe. However, the inventor finds in practice that the public link has a large amount of information, so that the overall operation speed is slow, and the data interaction speed is inevitably influenced when the inventor wants to carry out personal information transmission through the public link.
Therefore, in this embodiment, two federation chains are creatively introduced: a first federation chain and a second federation chain, it being understood that the first federation chain is configured to require authorization of a first user for access by a second user, and the second federation chain is configured to be inaccessible by the second user. When the second user needs the personal information of the first user, the second user needs to send a request through the public chain, and after the first user receives the request, the personal information authorization protocol is downloaded from the second federation chain, and the request is verified according to the authorization protocol. Obviously, the method has the advantages that the user terminal of the first user, such as a mobile phone, a tablet, a PC and the like, does not need to keep any personal information authorization protocol and personal information, and the stealing of data by partial bad APP is avoided from the user terminal. When the first user downloads the personal information authorization protocol from the second alliance chain, corresponding anti-theft measures can be started at the user terminal to ensure the information security in the verification process.
After the first user completes the verification, the personal information authorization protocol can be deleted from the terminal of the first user, and if the verification is passed, the first user can send the first alliance link access authorization with limited time and/or times to the second user. As a more specific implementation manner of this embodiment, the sending manner in this embodiment may adopt a public chain sending manner, may also adopt a common encryption communication manner, and may also adopt an offline verification manner such as a two-dimensional code, so that a disclosure of access authorization occurs in this stage in time, and leakage of personal information and a personal information authorization protocol is not caused; it should be understood that the manner of time-limiting and/or time-limiting in the present embodiment includes a single time-limiting operation, and an access authorization with both time-limiting and time-limiting operations. For example, a two-dimensional code that fails in five minutes and can only be used once may be used to send access authorization.
At this time, after the second user has taken the first alliance link to access the authorization, the second user may access the first alliance link to acquire the personal information of the first user, it should be understood that the acquisition process may employ direct acquisition of the node information, or may employ distribution of the monitoring node, although in this embodiment, deployment of the monitoring node on the personal information may also be used, since the first alliance link itself belongs to a block chain that needs authorization to access, the security is still higher than that in the prior art. Meanwhile, the second user wants to acquire the personal information of the first user, and three conditions need to be met: the request, the personal information authorization protocol and the access authorization of the first alliance chain, so when a third party wants to steal the personal information, the difficulty is increased greatly compared with the simple authorization protocol.
In this embodiment, the personal information of the first user corresponding to the personal information authorization protocol and the request of the second user may be implemented in a manner including, but not limited to: and solving intersection of the personal information authorization protocol and the personal information of the first user requested by the second user, performing hash check matching on the personal information authorization protocol and the personal information of the first user requested by the second user, and directly closing access authorization when the request exceeds the range of the personal information authorization protocol. When the embodiment of the invention is implemented, the information interaction relation between the two alliance chains and the public chain is configured, so that the personal information storage and the uplink of the authorization are realized, the personal information leakage risk is reduced, and the balance between the efficiency and the safety in the personal information authorization is sought.
Further, the first federation chain includes a plurality of sub-chains, each sub-chain corresponding to a type of personal information;
uploading the personal information to the first federation chain by the first user comprises:
the first user classifies the personal information and uploads various types of personal information into the first alliance chain;
and the supervision node of the first alliance chain uploads various types of personal information to the sub-chains corresponding to the personal information respectively.
Further, obtaining first user personal information corresponding to the personal information authorization protocol and a request of a second user from the first federation chain includes:
when the second user accesses a first alliance chain, uploading the personal information authorization protocol and a request of the second user to the first alliance chain;
the supervision node of the first alliance chain calculates an intersection between the authorization range of the first user personal information corresponding to the personal information authorization protocol and the personal information range requested by the second user, and searches a sub-chain corresponding to the intersection;
the supervision node of the first alliance chain extracts personal information of a first user from the found sub-chain to serve as first personal information, uploads the first personal information to the first alliance chain, and meanwhile grants the second user access right to the first personal information;
and the second user acquires the first personal information from the first alliance chain according to the access right of the first personal information.
Further, when the first user modifies, deletes or adds personal information;
the first user takes the modified, deleted or newly added personal information as second personal information and classifies the second personal information;
the first user uploads the multi-type second person information into the first alliance chain;
and the monitoring node of the first alliance chain respectively uploads a plurality of types of the second personal information to the sub-chains corresponding to the personal information and covers the personal information corresponding to the second personal information in the sub-chains.
Further, when a first user modifies a personal information authorization agreement, the modified personal information authorization agreement is reached in the public chain of the first user and the second user;
and the first user uploads the modified personal information authorization protocol to a second alliance chain and covers the personal information authorization protocol stored on the second alliance chain.
Further, when the first user uploads the personal information to the first alliance chain, the personal information in the user terminal of the first user is deleted;
and when the first user uploads the personal information authorization protocol to the second alliance chain, deleting the personal information authorization protocol in the user terminal of the first user.
In another aspect, an embodiment of the present invention discloses a system using any one of the above methods for block chain-based personal information authorization, including:
a first federation chain configured for receiving personal information uploaded by a first user;
a public chain configured for providing information interaction for a second user to enter into a personal information authorization agreement with a first user;
a second federation chain configured for receiving a personal information authorization protocol uploaded by a first user;
when the second user requests personal information from the first user through a public chain, the first user downloads the personal information authorization protocol through a second alliance chain, and verifies the request of the second user according to the personal information authorization protocol;
the first user sends time-limited and/or time-limited first alliance link access authorization to the second user according to the verification result;
and the second user accesses the first alliance chain according to the first alliance chain access authorization, and acquires the first user personal information corresponding to the personal information authorization protocol and the request of the second user from the first alliance chain.
Further, the first federation chain includes a plurality of sub-chains, each sub-chain corresponding to a type of personal information;
the first user classifies the personal information and uploads various types of personal information into the first alliance chain;
and the supervision node of the first alliance chain uploads various types of personal information to the sub-chains corresponding to the personal information respectively.
Further, when the second user accesses the first alliance chain, uploading the personal information authorization protocol and a request of the second user to the first alliance chain;
the supervision node of the first alliance chain calculates an intersection between the authorization range of the first user personal information corresponding to the personal information authorization protocol and the personal information range requested by the second user, and searches a sub-chain corresponding to the intersection;
the supervision node of the first alliance chain extracts personal information of a first user from the found sub-chain to serve as first personal information, uploads the first personal information to the first alliance chain, and meanwhile grants the second user access right to the first personal information;
and the second user acquires the first personal information from the first alliance chain according to the access right of the first personal information.
Further, when the first user modifies, deletes or adds personal information;
the first user takes the modified, deleted or newly added personal information as second personal information and classifies the second personal information;
the first user uploads the multi-type second person information into the first alliance chain;
and the monitoring node of the first alliance chain respectively uploads a plurality of types of the second personal information to the sub-chains corresponding to the personal information and covers the personal information corresponding to the second personal information in the sub-chains.
Compared with the prior art, the invention has the following advantages and beneficial effects:
according to the block chain-based personal information authorization method and system, information interaction relation between two alliance chains and a public chain is configured, personal information storage and authorization uplink are achieved, personal information leakage risk is reduced, and balance between efficiency and safety in personal information authorization is sought.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a flow chart of a block chain-based method for authorizing personal information according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a second method for acquiring personal information of a user according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a block chain-based personal information authorization system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.
Examples
Please refer to fig. 1, which is a flowchart illustrating a block chain-based personal information authorization method according to an embodiment of the present invention, where the block chain-based personal information authorization method may be applied to the block chain-based personal information authorization system in fig. 3, and further, the block chain-based personal information authorization method may specifically include the contents described in the following steps S1 to S5.
S1: uploading personal information to a first alliance chain by a first user;
s2: when a second user and a first user reach a personal information authorization protocol in a public chain, the first user uploads the personal information authorization protocol to a second alliance chain;
s3: when the second user requests personal information from the first user through a public chain, the first user downloads the personal information authorization protocol through a second alliance chain, and verifies the request of the second user according to the personal information authorization protocol;
s4: the first user sends time-limited and/or time-limited first alliance link access authorization to the second user according to the verification result;
s5: and the second user accesses the first alliance chain according to the first alliance chain access authorization, and acquires the first user personal information corresponding to the personal information authorization protocol and the request of the second user from the first alliance chain.
When the embodiment of the invention is implemented, a mode of combining the alliance chain and the public chain is adopted to store and authorize the personal information; wherein the first federation chain is configured to store personal information and the second federation chain is configured to store an authorization protocol; in the embodiment of the invention, the first user is a personal information provider generally, and the second data is a personal information demander generally; the completion of the personal information authorization protocol of the first user and the second user is completed in a public chain, an authorization server or a management server is not required to be configured in the public chain, the public chain only plays a role in information security interaction, for the public chain, the attack of one node cannot influence the personal information authorization protocol, and therefore the process of transmitting the personal information authorization protocol in the public chain is considered to be safe. However, the inventor finds in practice that the public link has a large amount of information, so that the overall operation speed is slow, and the data interaction speed is inevitably influenced when the inventor wants to carry out personal information transmission through the public link.
Therefore, in this embodiment, two federation chains are creatively introduced: a first federation chain and a second federation chain, it being understood that the first federation chain is configured to require authorization of a first user for access by a second user, and the second federation chain is configured to be inaccessible by the second user. When the second user needs the personal information of the first user, the second user needs to send a request through the public chain, and after the first user receives the request, the personal information authorization protocol is downloaded from the second federation chain, and the request is verified according to the authorization protocol. Obviously, the method has the advantages that the user terminal of the first user, such as a mobile phone, a tablet, a PC and the like, does not need to keep any personal information authorization protocol and personal information, and the stealing of data by partial bad APP is avoided from the user terminal. When the first user downloads the personal information authorization protocol from the second alliance chain, corresponding anti-theft measures can be started at the user terminal to ensure the information security in the verification process.
After the first user completes the verification, the personal information authorization protocol can be deleted from the terminal of the first user, and if the verification is passed, the first user can send the first alliance link access authorization with limited time and/or times to the second user. As a more specific implementation manner of this embodiment, the sending manner in this embodiment may adopt a public chain sending manner, may also adopt a common encryption communication manner, and may also adopt an offline verification manner such as a two-dimensional code, so that a disclosure of access authorization occurs in this stage in time, and leakage of personal information and a personal information authorization protocol is not caused; it should be understood that the manner of time-limiting and/or time-limiting in the present embodiment includes a single time-limiting operation, and an access authorization with both time-limiting and time-limiting operations. For example, a two-dimensional code that fails in five minutes and can only be used once may be used to send access authorization.
At this time, after the second user has taken the first alliance link to access the authorization, the second user may access the first alliance link to acquire the personal information of the first user, it should be understood that the acquisition process may employ direct acquisition of the node information, or may employ distribution of the monitoring node, although in this embodiment, deployment of the monitoring node on the personal information may also be used, since the first alliance link itself belongs to a block chain that needs authorization to access, the security is still higher than that in the prior art. Meanwhile, the second user wants to acquire the personal information of the first user, and three conditions need to be met: the request, the personal information authorization protocol and the access authorization of the first alliance chain, so when a third party wants to steal the personal information, the difficulty is increased greatly compared with the simple authorization protocol.
In this embodiment, the personal information of the first user corresponding to the personal information authorization protocol and the request of the second user may be implemented in a manner including, but not limited to: and solving intersection of the personal information authorization protocol and the personal information of the first user requested by the second user, performing hash check matching on the personal information authorization protocol and the personal information of the first user requested by the second user, and directly closing access authorization when the request exceeds the range of the personal information authorization protocol. When the embodiment of the invention is implemented, the information interaction relation between the two alliance chains and the public chain is configured, so that the personal information storage and the uplink of the authorization are realized, the personal information leakage risk is reduced, and the balance between the efficiency and the safety in the personal information authorization is sought.
In one embodiment, the first federation chain includes a plurality of sub-chains, each sub-chain corresponding to a type of personal information;
uploading the personal information to the first federation chain by the first user comprises:
the first user classifies the personal information and uploads various types of personal information into the first alliance chain;
and the supervision node of the first alliance chain uploads various types of personal information to the sub-chains corresponding to the personal information respectively.
In this embodiment, in order to further improve the efficiency of extracting personal information from the first federation chain, the first federation chain in this embodiment takes the form of a main chain and a sub-chain, and the supervision node in this embodiment may be arranged on the main chain, or may be arranged as a common node of the main chain and the sub-chain. In the present embodiment, the personal information classification is performed by the first user, and it should be understood that the personal information classification of the first user is a classification corresponding to the child chain.
For example, the first user may be classified into various data such as vehicle driving information, personal identification information, health data information, etc., and the first alliance chain may also include a sub-chain corresponding to various data such as vehicle driving information, personal identification information, health data information, etc. Also illustratively, the personal information authorization protocol includes a category of authorized personal information, and the request of the second user should also include the category of requested personal information.
Referring to fig. 2, in one embodiment, step S5 includes:
s51: when the second user accesses a first alliance chain, uploading the personal information authorization protocol and a request of the second user to the first alliance chain;
s52: the supervision node of the first alliance chain calculates an intersection between the authorization range of the first user personal information corresponding to the personal information authorization protocol and the personal information range requested by the second user, and searches a sub-chain corresponding to the intersection;
s53: the supervision node of the first alliance chain extracts personal information of a first user from the found sub-chain to serve as first personal information, uploads the first personal information to the first alliance chain, and meanwhile grants the second user access right to the first personal information;
s54: and the second user acquires the first personal information from the first alliance chain according to the access right of the first personal information.
In this embodiment, the second user accesses the first alliance chain after being authorized by the first user, and at this time, the second user uploads two sets of data to the first alliance chain through the node of the first alliance chain: a personal information authorization protocol and a request of a second user; it should be understood that, because the manner of interaction through the first federation chain is adopted, the second user cannot directly contact the supervision node, and cannot know which node is the supervision node of the first federation chain; meanwhile, in the embodiment, the second user can access the main chain of the first alliance chain, and the personal information is stored in the sub-chain of the first alliance chain in a classified manner, so that the second user cannot directly contact the personal information from the main chain, and the security of the personal information is further enhanced.
In this embodiment, in step S52, the supervising node obtains the personal information authorization protocol and the request of the second user from the main chain of the first federation chain, and finds the child chain corresponding to the intersection after calculating the intersection, so as to ensure that the non-requested or non-authorized personal information is not leaked.
Similarly, in step S53, all the tasks of the supervisory node are data processing and authorization tasks, so the supervisory node does not directly contact the second user, thereby avoiding the possibility of intrusion or influence on the supervisory node by the second user, and improving the security.
In one embodiment, when the first user modifies, deletes, or adds personal information;
the first user takes the modified, deleted or newly added personal information as second personal information and classifies the second personal information;
the first user uploads the multi-type second person information into the first alliance chain;
and the monitoring node of the first alliance chain respectively uploads a plurality of types of the second personal information to the sub-chains corresponding to the personal information and covers the personal information corresponding to the second personal information in the sub-chains.
In this embodiment, the first user may update his/her personal information, the update process is similar to the upload process, the first user uploads the updated personal information to the first federation chain by classifying the updated personal information as second personal information, and the supervising node of the first federation chain stores the second personal information in each sub-chain by reclassification.
In one embodiment, when a first user modifies a personal information authorization agreement, the first user and the second user agree in a public chain to the modified personal information authorization agreement;
and the first user uploads the modified personal information authorization protocol to a second alliance chain and covers the personal information authorization protocol stored on the second alliance chain.
In the implementation of the present embodiment, in principle, in order to protect the privacy right of the personal information, only the first user is allowed to modify the personal information authorization protocol in one way, and the second user is not allowed to modify the personal information authorization protocol in one way. The second user modifying the personal information protocol corresponds to re-signing the personal information protocol, and the process should be performed in reference to the manner of re-signing the personal information protocol in the above embodiment.
When the first user modifies the personal information authorization protocol in one way, the first user needs to complete the modified personal information authorization protocol with the second user in a public chain, the mode of completion may be a notification mode or a negotiation mode, and it should be understood that if the negotiation mode is used, the type of mode of modifying the personal information authorization protocol with the second user is used. The modified personal information authorization protocol is also uploaded by the first user into a second federation chain that does not establish information interaction with the second user.
In one embodiment, when a first user uploads the personal information to a first alliance chain, the personal information in the user terminal of the first user is deleted;
and when the first user uploads the personal information authorization protocol to the second alliance chain, deleting the personal information authorization protocol in the user terminal of the first user.
In the implementation of this embodiment, because the personal information and authorization protocol storage manner in the above embodiment is adopted, after the first user completes the corresponding upload, the corresponding data can be directly deleted from the user terminal, so that part of APP or software in the user terminal is prevented from stealing the personal information, and the security of the personal information data is ensured. And similarly, when the first user keeps the personal information and the personal information authorization protocol, a security environment is established in the user terminal of the first user, and the security environment can adopt security environment software developed by Cisco and the like, so that the data information is prevented from being stolen.
Referring to fig. 3, based on the same inventive concept, there is also provided a block chain-based personal information authorization system, which includes a first federation chain, a second federation chain, and a public chain, wherein:
a first federation chain configured for receiving personal information uploaded by a first user 101;
a public chain configured for providing information interaction for the second user 102 to enter into a personal information authorization agreement with the first user 101;
a second federation chain configured to receive a personal information authorization protocol uploaded by the first user 101;
when the second user 102 requests personal information from the first user 101 through the public link, the first user 101 downloads the personal information authorization protocol through a second alliance link, and verifies the request of the second user 102 according to the personal information authorization protocol;
the first user 101 sends a time-limited and/or time-limited first alliance link access authorization to the second user 102 according to a verification result;
and the second user 102 accesses the first alliance chain according to the first alliance chain access authorization, and acquires the personal information of the first user 101 corresponding to the personal information authorization protocol and the request of the second user 102 from the first alliance chain.
In one embodiment, the first federation chain includes a plurality of sub-chains, each sub-chain corresponding to a type of personal information;
the first user 101 classifies the personal information and uploads various types of personal information into the first alliance chain;
and the supervision node of the first alliance chain uploads various types of personal information to the sub-chains corresponding to the personal information respectively.
In one embodiment, when the second user 102 accesses the first federation chain, the request of the personal information authorization protocol and the second user 102 is uploaded to the first federation chain;
the supervision node of the first alliance chain calculates an intersection between the authorization range of the personal information of the first user 101 corresponding to the personal information authorization protocol and the personal information range requested by the second user 102, and searches a sub-chain corresponding to the intersection;
the supervising node of the first alliance chain extracts the personal information of the first user 101 from the found sub-chain as first personal information, uploads the first personal information to the first alliance chain and simultaneously grants the second user 102 access to the first personal information;
the second user 102 obtains the first personal information from the first alliance chain according to the access right of the first personal information.
In one embodiment, when the first user 101 modifies, deletes, or adds personal information;
the first user 101 takes the modified, deleted or newly added personal information as second personal information, and classifies the second personal information;
the first user 101 uploads the multiple types of second person information into the first alliance chain;
and the monitoring node of the first alliance chain respectively uploads a plurality of types of the second personal information to the sub-chains corresponding to the personal information and covers the personal information corresponding to the second personal information in the sub-chains.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The elements described as separate parts may or may not be physically separate, as one of ordinary skill in the art would appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general sense in the foregoing description for clarity of explanation of the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a grid device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (6)
1. A block chain-based personal information authorization method is characterized by comprising the following steps:
uploading personal information to a first alliance chain by a first user;
when a second user and a first user reach a personal information authorization protocol in a public chain, the first user uploads the personal information authorization protocol to a second alliance chain;
when the second user requests personal information from the first user through a public chain, the first user downloads the personal information authorization protocol through a second alliance chain, and verifies the request of the second user according to the personal information authorization protocol;
the first user sends time-limited and/or time-limited first alliance link access authorization to the second user according to the verification result;
the second user accesses the first alliance chain according to the first alliance chain access authorization, and acquires first user personal information corresponding to the personal information authorization protocol and a request of the second user from the first alliance chain;
the first federation chain includes a plurality of sub-chains, each sub-chain corresponding to a type of personal information;
uploading the personal information to the first federation chain by the first user comprises:
the first user classifies the personal information and uploads various types of personal information into the first alliance chain;
the supervising nodes of the first alliance chain respectively upload various types of personal information to the sub-chains corresponding to the personal information;
obtaining first user personal information corresponding to the personal information authorization protocol and a request of a second user from the first federation chain includes:
when the second user accesses a first alliance chain, uploading the personal information authorization protocol and a request of the second user to the first alliance chain;
the supervision node of the first alliance chain calculates an intersection between the authorization range of the first user personal information corresponding to the personal information authorization protocol and the personal information range requested by the second user, and searches a sub-chain corresponding to the intersection;
the supervision node of the first alliance chain extracts personal information of a first user from the found sub-chain to serve as first personal information, uploads the first personal information to the first alliance chain, and meanwhile grants the second user access right to the first personal information;
and the second user acquires the first personal information from the first alliance chain according to the access right of the first personal information.
2. The method for authorizing personal information based on block chain as claimed in claim 1, wherein when the first user modifies, deletes or adds personal information;
the first user takes the modified, deleted or newly added personal information as second personal information and classifies the second personal information;
the first user uploads the multi-type second person information into the first alliance chain;
and the monitoring node of the first alliance chain respectively uploads a plurality of types of the second personal information to the sub-chains corresponding to the personal information and covers the personal information corresponding to the second personal information in the sub-chains.
3. The block chain-based personal information authorization method according to claim 1, wherein when a first user modifies a personal information authorization agreement, the first user and the second user reach the modified personal information authorization agreement in a public chain;
and the first user uploads the modified personal information authorization protocol to a second alliance chain and covers the personal information authorization protocol stored on the second alliance chain.
4. The method for authorizing the personal information based on the block chain as claimed in any one of claims 1 to 3, characterized in that when a first user uploads the personal information to a first alliance chain, the personal information in the user terminal of the first user is deleted;
and when the first user uploads the personal information authorization protocol to the second alliance chain, deleting the personal information authorization protocol in the user terminal of the first user.
5. A block chain-based personal information authorization system, comprising:
a first federation chain configured for receiving personal information uploaded by a first user;
a public chain configured for providing information interaction for a second user to enter into a personal information authorization agreement with a first user;
a second federation chain configured for receiving a personal information authorization protocol uploaded by a first user;
when the second user requests personal information from the first user through a public chain, the first user downloads the personal information authorization protocol through a second alliance chain, and verifies the request of the second user according to the personal information authorization protocol;
the first user sends time-limited and/or time-limited first alliance link access authorization to the second user according to the verification result;
the second user accesses the first alliance chain according to the first alliance chain access authorization, and acquires first user personal information corresponding to the personal information authorization protocol and a request of the second user from the first alliance chain;
the first federation chain includes a plurality of sub-chains, each sub-chain corresponding to a type of personal information;
the first user classifies the personal information and uploads various types of personal information into the first alliance chain;
the supervising nodes of the first alliance chain respectively upload various types of personal information to the sub-chains corresponding to the personal information;
when the second user accesses a first alliance chain, uploading the personal information authorization protocol and a request of the second user to the first alliance chain;
the supervision node of the first alliance chain calculates an intersection between the authorization range of the first user personal information corresponding to the personal information authorization protocol and the personal information range requested by the second user, and searches a sub-chain corresponding to the intersection;
the supervision node of the first alliance chain extracts personal information of a first user from the found sub-chain to serve as first personal information, uploads the first personal information to the first alliance chain, and meanwhile grants the second user access right to the first personal information;
and the second user acquires the first personal information from the first alliance chain according to the access right of the first personal information.
6. The system of claim 5, wherein when the first user modifies, deletes or adds personal information;
the first user takes the modified, deleted or newly added personal information as second personal information and classifies the second personal information;
the first user uploads the multi-type second person information into the first alliance chain;
and the monitoring node of the first alliance chain respectively uploads a plurality of types of the second personal information to the sub-chains corresponding to the personal information and covers the personal information corresponding to the second personal information in the sub-chains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110878542.9A CN113342900B (en) | 2021-08-02 | 2021-08-02 | Block chain-based personal information authorization method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110878542.9A CN113342900B (en) | 2021-08-02 | 2021-08-02 | Block chain-based personal information authorization method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113342900A CN113342900A (en) | 2021-09-03 |
| CN113342900B true CN113342900B (en) | 2021-10-29 |
Family
ID=77480487
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110878542.9A Active CN113342900B (en) | 2021-08-02 | 2021-08-02 | Block chain-based personal information authorization method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113342900B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101680260B1 (en) * | 2015-12-14 | 2016-11-29 | 주식회사 코인플러그 | Certificate issuance system and method based on block chain |
| CN108898389A (en) * | 2018-06-26 | 2018-11-27 | 阿里巴巴集团控股有限公司 | Based on the content verification method and device of block chain, electronic equipment |
| CN112134879A (en) * | 2020-09-21 | 2020-12-25 | 国网安徽省电力有限公司池州供电公司 | Authorization method based on block chain intelligent contract |
| CN112187826A (en) * | 2020-10-14 | 2021-01-05 | 深圳壹账通智能科技有限公司 | Data authorization and data access method and system in block chain network |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107852333A (en) * | 2015-05-29 | 2018-03-27 | 数字Cc Ip有限责任公司 | System and method for the mandate of sharable content object |
| KR101723405B1 (en) * | 2016-07-04 | 2017-04-06 | 주식회사 코인플러그 | Certificate authentication system and method based on block chain |
| US20190044917A1 (en) * | 2017-08-04 | 2019-02-07 | Bank Of America Corporation | System for secure verification of identity data |
| CN108632284B (en) * | 2018-05-10 | 2021-02-23 | 网易(杭州)网络有限公司 | User data authorization method, medium, device and computing equipment based on block chain |
| CN109391611B (en) * | 2018-08-17 | 2021-03-02 | 深圳壹账通智能科技有限公司 | User personal information encryption authorization method, device, equipment and readable storage medium |
| CN110020956B (en) * | 2018-11-26 | 2022-11-22 | 创新先进技术有限公司 | Cross-block-chain interaction method and system, computer equipment and storage medium |
| CN109787771B (en) * | 2019-01-02 | 2021-09-03 | 浙江师范大学 | Identity authorization method and system based on block chain |
| CN111104689B (en) * | 2019-11-22 | 2023-02-10 | 陕西医链区块链集团有限公司 | Personal medical data authorization system and method based on block chain technology |
| CN111046352B (en) * | 2019-12-13 | 2021-05-18 | 浙江师范大学 | Identity information security authorization system and method based on block chain |
| CN111444273B (en) * | 2020-03-24 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Data authorization method and device based on block chain |
| CN112257084A (en) * | 2020-10-22 | 2021-01-22 | 张平 | Personal information storage and monitoring method, system and storage medium based on block chain |
-
2021
- 2021-08-02 CN CN202110878542.9A patent/CN113342900B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101680260B1 (en) * | 2015-12-14 | 2016-11-29 | 주식회사 코인플러그 | Certificate issuance system and method based on block chain |
| CN108898389A (en) * | 2018-06-26 | 2018-11-27 | 阿里巴巴集团控股有限公司 | Based on the content verification method and device of block chain, electronic equipment |
| CN112134879A (en) * | 2020-09-21 | 2020-12-25 | 国网安徽省电力有限公司池州供电公司 | Authorization method based on block chain intelligent contract |
| CN112187826A (en) * | 2020-10-14 | 2021-01-05 | 深圳壹账通智能科技有限公司 | Data authorization and data access method and system in block chain network |
Non-Patent Citations (2)
| Title |
|---|
| A Cloud Data Access Authorization Update Scheme Based on Blockchain;Yanfang Lei 等;《 2020 3rd International Conference on Smart BlockChain (SmartBlock)》;20210507;33-38 * |
| 基于区块链的链下个人数据保护方案;纪露生 等;《计算机工程》;20200312;第47卷(第2期);176-181 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113342900A (en) | 2021-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11468151B2 (en) | System and method for memetic authentication and identification | |
| EP3100171B1 (en) | Client authentication using social relationship data | |
| US20190342096A1 (en) | Online identity and credential verification systems and methods protecting user data | |
| US10348699B2 (en) | Identity binding systems and methods in a personal data store in an online trust system | |
| US10057269B1 (en) | Systems and methods for device verification and authentication | |
| US20170034183A1 (en) | Method and system for user authentication | |
| JP2019531567A (en) | Device authentication system and method | |
| CN104426659B (en) | Dynamic password formation method, authentication method and system, relevant device | |
| WO2021159052A1 (en) | Method and apparatus for managing encryption keys and encrypted electronic information on a network server | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| CN111460400A (en) | Data processing method and device and computer readable storage medium | |
| CN112235301B (en) | Access right verification method and device and electronic equipment | |
| CN110889120A (en) | System and method for big health data based on block chain technology | |
| CN112905965A (en) | Financial big data processing system based on block chain | |
| CN104469736A (en) | Data processing method, server and terminal | |
| CN108989331B (en) | Use authentication method of data storage device, device and storage medium thereof | |
| CN113315624A (en) | Data security management method and system based on multipoint cooperation mechanism | |
| WO2021137753A1 (en) | Electronic authentication system and process using the same | |
| CN113342900B (en) | Block chain-based personal information authorization method and system | |
| CN115547441B (en) | Safety acquisition method and system based on personal health medical data | |
| US20220353081A1 (en) | User authentication techniques across applications on a user device | |
| CN116846555A (en) | Data access method and device | |
| KR100930012B1 (en) | Method for Processing User's Certification | |
| CN115426182B (en) | Information retrieving method and device and electronic equipment | |
| AU2021105297A4 (en) | Electronic authentication system and process using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |