CN113569214A - Essential data authorization method and system - Google Patents

Essential data authorization method and system Download PDF

Info

Publication number
CN113569214A
CN113569214A CN202111117887.9A CN202111117887A CN113569214A CN 113569214 A CN113569214 A CN 113569214A CN 202111117887 A CN202111117887 A CN 202111117887A CN 113569214 A CN113569214 A CN 113569214A
Authority
CN
China
Prior art keywords
authorization
data
information
authorization request
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111117887.9A
Other languages
Chinese (zh)
Inventor
李浩浩
李慎国
贺亮
赵丽丽
王惠平
张滨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongguancun Smart City Co Ltd
Original Assignee
Zhongguancun Smart City Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongguancun Smart City Co Ltd filed Critical Zhongguancun Smart City Co Ltd
Priority to CN202111117887.9A priority Critical patent/CN113569214A/en
Publication of CN113569214A publication Critical patent/CN113569214A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Abstract

The present disclosure provides a method and a system for authorizing essential data, wherein the method for authorizing essential data is applied to a system for authorizing essential data, and comprises the following steps: a request terminal (110) for transmitting authorization request information of the requirement data; the authorization terminal (120) of the certification main body receives the authorization request information and sends the authorization request result of the essential data to the block terminal (130) according to the authorization request information; the block chain end (130) performs consensus and verification on the authorization request result of the essential element data according to the authorization request result of the received essential element data, and sends first instruction information to the authorization end (120) of the certificate holding main body; the authorization end (120) of the certificate authority body sends second instruction information to the request end (110) according to the received first instruction information. The method and the system intelligently complete the verification of the essential data certification main body and provide the verification result with the legal credible certificate, realize the quick and effective authorization of the essential verification and improve the efficiency of the essential data authorization request.

Description

Essential data authorization method and system
Technical Field
The present disclosure relates to the field of data security, and in particular, to a method and a system for authorizing essential data.
Background
At present, with the explosion of the internet information technology, the daily production and life are not separated from the digital information. Along with the amount of digital information which increases sharply, how to acquire accurate data information more conveniently and effectively while guaranteeing the information security is very important.
When a certain service is handled and specific types of material data such as electronic certificates and the like are needed, the technical scheme mainly adopted in the prior art is to establish an electronic certificate library and collect the information of the certificates for unified management. Data can be used as a requirement, but the prior art is limited in how to authorize the requirement data request. The only data that can be obtained is that the data cannot be used as a legally valid requirement. Partially available requirement data only applies to a small area and requires the responsible person to undertake legal risks. Most of the authorization methods of the essential data in the prior art are manual verification, which increases the cost and has low efficiency, and cannot provide legal evidence for the verification result. How to efficiently and accurately acquire the authorization of the essential data when handling business is a problem to be solved at present.
Disclosure of Invention
The invention discloses a method and a system for authorizing essential data, which realize the effect of efficiently and accurately obtaining the authorization of essential data.
The first aspect of the present disclosure provides a method for authorizing essential data, which is applied to an essential data authorization system, and includes: the request end sends authorization request information of the essential data; the authorization end of the certification main body receives the authorization request information and sends an authorization request result of the essential data to the block link end according to the authorization request information; the block chain end performs consensus and evidence storage on the authorization request result of the essential piece data according to the received authorization request result of the essential piece data, and sends first instruction information to the authorization end of the evidence holding main body; and the authorization end of the certificate authority body sends second instruction information to the request end according to the received first instruction information.
Wherein, the sending the first instruction information to the authorization end of the certificate authority body comprises: if the authorization request result of the essential data is authorization approval, the sending a first instruction to the authorization end of the certificate authority by the blockchain end comprises: the block chain end sends the successful result of the authorization request and the digital signature certificate to the authorization end of the certification main body; if the authorization request result of the essential data is not authorized, the sending a first instruction to the authorization end of the certification main body by the block link end comprises: and the block link end sends the result of the failure of the authorization request to the authorization end of the certificate authority main body.
Wherein after receiving the authorization request information, the method comprises: the authentication main body authorization end receives the first identity information and verifies whether the first identity information is matched with an authorization main body of the essential data; and the authorization end of the authentication main body sends the authentication result of the first identity information to the block link end.
Wherein the verifying whether the first identity information matches an authorized subject of the essential data comprises: if the verification result of the first identity information is that the verification is passed, the authorization end of the certificate authority body confirms whether to approve the second authorization request; and if the verification result of the first identity information is that the verification fails, the authorization end of the certificate holding body receives second identity information and verifies whether the second identity information is matched with the authorization body of the essential data.
Wherein the verifying whether the first identity information matches an authorized subject of the requirement data comprises: the authentication main body end sends an authentication result of the first identity information to the block link end; and the block link end performs consensus verification on the verification result of the first identity information according to the received verification result of the first identity information.
Wherein, the request end sends the authorization request information of the essential data, and the authorization request information comprises: the request end sends the essential data information of the authorization request; and the request end sends the use scene information of the requirement data authorization request.
Wherein, after the request end sends the usage scenario information of the requirement data authorization request, the method comprises the following steps: and the authorization end of the licensee receives the use scene information and is used for determining whether to approve the authorization request of the requirement data.
A second aspect of the present disclosure provides a requirement data authorization system, including: the request end is used for sending authorization request information of the essential data; the authorization end of the certification main body is used for receiving the authorization request information and sending an authorization request result of the essential data to the block link end according to the authorization request information; the block chain end is used for carrying out consensus verification on the authorization request result of the essential piece data according to the received authorization request result of the essential piece data and sending first instruction information to the authorization end of the certificate holding main body; and the authorization end of the certificate authority body is also used for sending second instruction information to the request end according to the received first instruction information.
A third aspect of the present disclosure provides an electronic device, comprising: a processor, a memory, and a program or instructions stored on the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the requirement data authorization method described above.
A fourth aspect of the present disclosure provides a readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the requirement data authorization method described above.
The technical scheme of the disclosure at least comprises the following beneficial technical effects: according to the key element data authorization method, the key element data authorization system, the electronic equipment and the readable storage medium, the authorization request of the key element data is audited and confirmed through the certification main body side based on the authorization side. The embodiment of the disclosure provides a mutual trust and safety authorization mode of essential data use application and authorization based on a block chain. The technical scheme disclosed by the invention can effectively avoid the complicated work flow of the relevant department or the authoritative department in the authorization process of the essential data, for example, the method for authorizing the essential data to use and apply through a paper mode improves the work handling efficiency of the relevant department and the authoritative department. The problem that legal and effective requirement data authorization cannot be efficiently and accurately acquired is solved. The verification of the main part of the essential data certification is intelligently completed, and the verification result is provided with a credible certificate of legal effectiveness, so that the intelligent authorization effect of the essential data certification is realized, and the efficiency of the requirement data authorization request is improved.
Drawings
FIG. 1 is a flow chart of a method of authorization of requirement data according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of identity verification at an authorization end of a principal in a method for authorizing essential data according to an embodiment of the present disclosure;
fig. 3 is a flowchart of verifying the usage scenario by the authorized end of the certified subject in the requirement data authorization method according to the embodiment of the present disclosure;
FIG. 4 is a flowchart of a method for granting critical data in which a first command message is sent by a blockchain end according to an embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the present disclosure more apparent, the present disclosure will be described in further detail below with reference to the accompanying drawings in conjunction with the detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present disclosure. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The described embodiments are only some, but not all embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, technical features involved in different embodiments of the present disclosure described below may be combined with each other as long as they do not conflict with each other.
Fig. 1 is a flow chart of a method for authorization of requirement data according to an embodiment of the present disclosure. As shown in fig. 1, an embodiment of the present disclosure provides a method for authorizing requirement data, which is applied to a requirement data authorization system, and includes: the request terminal 110, which sends the authorization request information of the essential data; the authorization end 120 of the certification main body receives the authorization request information and sends the authorization request result of the essential data to the block link end 130 according to the authorization request information; the block link end 130 performs consensus verification on the authorization request result of the essential element data according to the authorization request result of the received essential element data, and sends first instruction information to the license main body authorization end 120; the certificate authority 120 sends the second command information to the request end 110 according to the received first command information.
In one embodiment, the requesting end 110 is a requesting or using party for authorizing the essential data, the certification authority 120 can be computer software, mobile phone software, and software or system of other electronic devices, the certification authority 120 authorizes the request for authorizing the essential data, the certification authority 120 opens the authorization entity for the essential data, and the blockchain end 130 includes a blockchain. The requestor 110 may send authorization request information for the requirement data to the licensor authorizer 120 based on the usage requirements for the particular requirement data. After the authorization end 120 of the certificate authority body receives the authorization request information of the essential component data, the authorization body of the essential component data enters the authorization end 120 of the certificate authority body to perform authorization verification on the authorization request information of the essential component data. The principal authorizer 120 sends the authorization request result for the key data to the blockchain end 130. The tile link end 130 receives the authorization request result of the requirement data, and performs consensus verification on the authorization request result of the requirement data. The block link end 130 sends a first command message to the certifying body authority 120. The certificate authority 120 receives the first command information, and the certificate authority 120 sends a second command information to the request end 110. In one embodiment, the principal authority 120 exists independently of the blockchain. The principal authority 120 may be a public end whose function is not limited to only the function of the principal authority 120, but also includes more functions.
The authorization end 200 of the principal of certification in the embodiment of the present disclosure performs audit confirmation on the authorization request of the essential data. The embodiment of the disclosure provides a mutual trust and safety authorization mode of essential data use application and authorization based on a block chain. The technical scheme disclosed by the invention can effectively avoid the complicated work flow of relevant departments or authoritative departments in the authorization process of the essential data, solve the problem that effective essential data authorization cannot be efficiently and accurately obtained, intelligently complete the verification of the essential data certification main body and provide a credible certificate of legal effectiveness for the verification result, realize the intelligent authorization effect of essential verification and simultaneously improve the efficiency of the essential data authorization request.
Fig. 2 is a flowchart of authentication of an authorization end of a certificate authority in a key data authorization method according to an embodiment of the disclosure. As shown in fig. 2, in some embodiments, after receiving the authorization request message, the method includes: the authentication principal authority 120 receives the first identity information and verifies whether the first identity information matches an authorization principal of the essential data; the authentication subject authority 120 sends the authentication result of the first identity information to the blockchain end 130. In some embodiments, verifying that the first identity information matches an authorized principal of the requirements data comprises: if the verification result of the first identity information is that the verification is passed, the authentication subject authorization terminal 120 confirms whether to approve the authorization of the second authorization request; if the verification result of the first identity information is that the verification is not passed, the authentication subject authorization terminal 120 receives the second identity information and verifies whether the second identity information matches with the authorization subject of the essential data. In some embodiments, verifying whether the first identity information matches an authorized subject of the requirements data comprises: the certifying body end 120 sends the verification result of the first identity information to the blockchain end 130; the block link end 130 performs consensus verification on the verification result of the first identity information according to the received verification result of the first identity information.
In a specific embodiment, the certification authority 120 is configured to obtain the usage authorization of the requirement data by the certification authority before performing the data authentication pull operation, that is, before performing the data authentication pull operation, after the identity information of the certification authority 120 is verified, the certification authority performs the verification of the authorization request on the requirement data.
In one embodiment, the principal of the requirement data sends the identity information to the principal authority 120. The certification authority 120 may have an offline state, and the certification authority 120 may notify the certification authority 120 of authorization verification through phone call, short message, or mail. The identity information is submitted by the authentication main body authorization terminal 120 for verification and logging in the authentication main body authorization terminal 120, the validity of the corresponding identity information is verified by the authentication main body authorization terminal 120, and the authentication main body of the essential data after the verification is successful continues to perform the authorization operation. In one embodiment, authentication may fail for a variety of reasons, such as: the identity information input by the identity verifying party is wrong, the network signal is abnormal or the server is abnormal, and the like. The authorized end 120 of the principal of the requirement data can check the identity information again in a manner of receiving the second identity information again. The technical integrity of the present disclosure is further optimized by providing the technical feature of resending data authorization requests. Different times of disclosure can be set according to actual conditions by different requirement data. For the authentication condition of the authorization end 120 of the data bearer of different requirements, different authentication rules can be made according to the importance and actual condition of the data of the requirements. For example, if the identity information verified by the certificate authority 120 does not meet the condition, the certificate authority 120 will issue a result of failed authentication. In some embodiments, after the identity information is verified by the licensor and the authorization end 120 is satisfied, it is determined whether to approve the authorization requirement data authorization request. The certification authority 120 sends the verification result of the identity information to the blockchain end 130. In an embodiment, the principal of certification of the essential data has a decision right on whether the essential data authorization request passes or not, thereby further ensuring the security of the essential data authorization request of the present disclosure. The embodiment of the disclosure optimizes the completeness of the process of authorizing and disclosing the essential data.
Fig. 3 is a flowchart of verifying the usage scenario by the authorized end of the certified subject in the requirement data authorization method according to the embodiment of the present disclosure. As shown in fig. 3, in some embodiments, the requesting end 110, sending the authorization request information of the requirement data, includes: the request terminal 110 sends the essential data information of the authorization request; the request terminal 110 sends the usage scenario information of the requirement data authorization request. In some embodiments, after the request end 110 sends the usage scenario information of the requirement data authorization request, the method includes: the licensee authorization peer 120 receives the usage scenario information for determining whether to grant an authorization request for the requirement data.
In a specific embodiment, the security level of the requirement data authorization request is high, for example, the requirement data may be identity information or legal information. The method is particularly necessary for the safety guarantee of the essential data information, and the safety use of the essential data is guaranteed.
In one embodiment, the provider of the requirement data is an authoritative department, such as a public security department or a civil administration department. When the key data of a specific type such as an electronic certificate and the like are needed to be used for transacting a certain service, an authoritative department is needed to endorse the key data so as to ensure that the key data is accurate and legal. In a related embodiment, partially available requirements data only applies to a small area and requires the responsible person to assume legal risks. In the disclosed embodiment, the authority department can intelligently endorse the requirement data, for example, endorse the electronic data uniformly. The embodiment of the disclosure not only saves the efficiency of a request end, but also saves the efficiency of managing essential data by an authority department. The application range of legal effective essential data is intelligently and safely expanded.
Fig. 4 is a flowchart of a method for granting the key data according to the present disclosure, in which a first command message is sent by a blockchain end. As shown in fig. 4, in some embodiments, sending the first instruction message to the authorized end 120 of the certificate authority includes: if the authorization request result of the element data is authorization granted, the sending of the first command from the blockchain end 130 to the licence authority end 120 includes: the block link end 130 sends the successful result of the authorization request and the digitally signed credential to the certifying body authority end 120; if the authorization request result of the element data is not authorized, the sending of the first command from the blockchain end 130 to the certifying body authorization end 120 includes: the block link end 130 sends the result of the failed authorization request to the principal authorization end 120.
In one embodiment, the blockchain bottom chain 130 performs consensus verification on the authorization request result of the essential data, and sends the first instruction message to the certificate authority 120 according to the authorization request result of the essential data. When the authorization request result of the essential data is authorization approval, the block link end 130 sends the successful result of the authorization request and the digital signature certificate to the certificate authority end 120; when the authorization request result of the element data is not granted authorization, the block link end 130 sends the result of the failed authorization request to the main authentication authority 120. In some embodiments, the bottom chain of the blockchain ends 130 is a type of blockchain link point network upon which to rely for consensus management and execution of various blockchain transactions. In some embodiments, the bottom chain of block link ends 130 provides multi-end authorization intelligence contracts, regulatory intelligence contracts. In some embodiments, the blockchain end 130 sends the digitally signed valid credential to the certifying body authority 120, and the digitally signed valid credential processes the key data using a hash algorithm and sends the key data to the certifying body authority 120. Accordingly, the principal authority 120 sends the digital signature credential to the requestor 110. After receiving the digital signature certificate, the request terminal 110 performs signature verification to achieve the purpose of obtaining the essential data for use. The application terminal 110 efficiently and conveniently obtains valid and effective use permission to continue subsequent service processing. The embodiment of the disclosure effectively guarantees the safety of essential data and the integrity of the disclosure.
The essential data authorization method disclosed by the invention further authorizes the essential data authorization request by verifying the identity of the essential data certified main body, and solves the problem that legal and effective essential data authorization cannot be efficiently and accurately acquired by means of the common identification memory card of the block chain. The verification of the key element data certification main body is intelligently completed, and the verification result is provided with a credible certificate of legal effectiveness, so that the intelligent authorization effect of key element verification is realized, and the efficiency of data authorization request is improved.
In a related embodiment, the consensus deposit mainly comprises: the alliance node initiates a transaction in a block chain bottom chain; the union members collectively identify the transaction results, and when the transaction results of the member nodes in a certain range are consistent, the transaction results are considered to be valid; and accounting the transaction result into the account book.
In a related embodiment, the step of consensus and evidence saving is necessary, the step of consensus and evidence saving is a necessary step for realizing decentralization, the result of the consensus represents that the trading or the auditing is jointly made by the coalition members, all the coalition members are jointly responsible for and endorse the trading or the auditing result, the evidence saving is a technical means for recording the result of the consensus of the coalition members, the technical means needs to ensure that the sources of the trading and the consensus result are effective, the result cannot be tampered after being stored, and the consensus and evidence saving is a technical basis for ensuring that the auditing result is real and effective.
The data content is issued from an official or authoritative channel, and endorsed by an official or authoritative department, for example, the data is directly supplied and linked by a data provider, the data provider endorses the validity authority of the data content, and the authorization needs to be verified by the data holding subject. Thus, the data of the present disclosure can be used as a legally effective requirement, with valid sources, trusted content, and authoritative pathways. Meanwhile, the members of the blockchain alliance perform consensus and evidence-saving on the data supply behavior of the data provider, and the evidence-saving can prove that the data source is legal and effective. Furthermore, the data is encrypted and returned through the public key of the chaining certificate of the requester sending the request, so that the data can be only decrypted and used by the requester sending the request.
In a specific embodiment, the electronic license library provides corresponding business modules to complete management and maintenance of the use scenes, the calling authority and the like of the licenses in the electronic license library. The license data needs to be authorized by a licensee and the data use behavior is stored through a block chain technology, so that common data serve as effective legal evidence. The embodiment of the disclosure effectively solves the technical problem that in a centralized mode, a manager needs to bear larger data and network security responsibility risks.
The embodiment of the present disclosure further provides a key data authorization system, including: the request terminal 110 is configured to send authorization request information of the requirement data; a certification main body authorization terminal 120, configured to receive authorization request information and send an authorization request result of the essential data to the blockchain terminal 130 according to the authorization request information; the block chain end is used for performing consensus verification on the authorization request result of the essential piece data according to the authorization request result of the received essential piece data and sending first instruction information to the authorization end 120 of the certificate authority main body; the certificate authority 120 is further configured to send second instruction information to the request end 110 according to the received first instruction information.
An embodiment of the present disclosure further provides an electronic device, including: the processor, the memory and the program or the instructions stored on the memory and capable of running on the processor, wherein the program or the instructions realize the steps of the requirement data authorization method when being executed by the processor.
The embodiment of the disclosure also provides a readable storage medium, on which a program or an instruction is stored, and when the program or the instruction is executed by a processor, the steps of the requirement data authorization method are implemented.
It should be noted that, in the requirement data authorization method provided in the embodiment of the present disclosure, the execution subject may be a requirement data authorization system, or the requirement data authorization system may execute the control module of the requirement data authorization method through the requirement data authorization system. In the embodiment of the present disclosure, a method for performing requirement data authorization by a requirement data authorization system is taken as an example, and a system for performing requirement data authorization provided by the embodiment of the present disclosure is described.
The requirement data authorization system in the embodiment of the present disclosure may be a system, or may be a component, an integrated circuit, or a chip in a terminal. The system may be a mobile electronic device or a non-mobile electronic device. By way of example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm top computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and the non-mobile electronic device may be a server, a Network Attached Storage (NAS), a Personal Computer (PC), a Television (TV), a teller machine or a self-service machine, and the like, and the disclosed embodiments are not limited in particular.
The requirement data authorization system in the embodiment of the present disclosure may be a system having an operating system. The operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, and the embodiment of the present disclosure is not particularly limited.
The requirement data authorization system provided by the embodiment of the present disclosure can implement each process implemented by the method embodiments of fig. 1 to fig. 4, and is not described here again to avoid repetition.
Optionally, as shown in fig. 5, an electronic device 500 is further provided in the embodiment of the present disclosure, and includes a processor 501, a memory 502, and a program or an instruction stored in the memory 502 and capable of being executed on the processor 501, where the program or the instruction is executed by the processor 501 to implement each process of the requirement data authorization method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
It should be noted that the electronic device in the embodiment of the present disclosure includes the mobile electronic device and the non-mobile electronic device described above.
Fig. 6 is a schematic diagram of a hardware structure of an electronic device implementing an embodiment of the present disclosure.
The electronic device 600 includes, but is not limited to: a radio frequency unit 601, a network module 602, an audio output unit 603, an input unit 604, a sensor 605, a display unit 606, a user input unit 607, an interface unit 608, a memory 609, a processor 610, and the like.
Those skilled in the art will appreciate that the electronic device 600 may further comprise a power source (e.g., a battery) for supplying power to the various components, and the power source may be logically connected to the processor 610 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The electronic device structure shown in fig. 6 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown, or combine some components, or arrange different components, and thus, the description is omitted here.
The processor 610 is configured to perform the functions of the requester 110, the licence authority 120, and the blockchain end 130, such as sending an authorization request message of the essential data, receiving an authorization request message, sending an authorization request result of the essential data, receiving an authorization request result of the essential data, sending a first instruction message, receiving a first instruction message, and sending a second instruction message.
The processor 610 is also used for the following other functions of the requester 110, the licence authority 120 and the blockchain ends 130. For example: sending the first instruction message to the authorized end 120 of the certificate authority includes: if the authorization request result of the element data is authorization granted, the sending of the first command from the blockchain end 130 to the licence authority end 120 includes: the block link end 130 sends the successful result of the authorization request and the digitally signed certificate to the authorized end 120 of the certificate authority, and if the authorization request result of the element data is not authorized, the sending of the first instruction by the block link end 130 to the authorized end 120 of the certificate authority includes: the block link end 130 sends the result of the failed authorization request to the principal authorization end 120.
After receiving the authorization request information, the method comprises the following steps: the authentication subject authority 120 receives the first identity information and verifies whether the first identity information matches the authority subject of the key data, and the authentication subject authority 120 sends the verification result of the first identity information to the blockchain end 130.
Wherein verifying whether the first identity information matches an authorized subject of the key data comprises: if the verification result of the first identity information is that the verification is passed, the authentication subject authorization terminal 120 confirms whether to approve the authorization of the second authorization request; if the verification result of the first identity information is that the verification is not passed, the authentication subject authorization terminal 120 receives the second identity information and verifies whether the second identity information matches with the authorization subject of the essential data.
Wherein verifying whether the first identity information matches an authorized subject of the key data comprises: the authentication subject 120 sends the authentication result of the first identity information to the block link end 130, and the block link end 130 performs consensus check on the authentication result of the first identity information according to the received authentication result of the first identity information.
The request end 110, sending the authorization request information of the requirement data, includes: the request terminal 110 sends the essential data information of the authorization request; the request terminal 110 sends the usage scenario information of the requirement data authorization request.
After the request terminal 110 sends the usage scenario information of the requirement data authorization request, the following steps are included: the licensee authorization peer 120 receives the usage scenario information for determining whether to grant an authorization request for the requirement data.
It is to be understood that, in the embodiment of the present disclosure, the input Unit 604 may include a Graphics Processing Unit (GPU) 6041 and a microphone 6042, and the Graphics processor 6041 processes image data of a still picture or a video obtained by an image capturing system (such as a camera) in a video capturing mode or an image capturing mode. The display unit 606 may include a display panel 6061, and the display panel 6061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 607 includes a touch panel 6071 and other input devices 6072. A touch panel 6071, also referred to as a touch screen. The touch panel 6071 may include two parts of a touch detection system and a touch controller. Other input devices 6072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein. The memory 609 may be used to store software programs as well as various data including, but not limited to, application programs and an operating system. The processor 610 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 610.
The embodiment of the present disclosure further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements each process of the requirement data authorization method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and so on.
The embodiment of the present disclosure further provides a chip, where the chip includes a processor and a communication interface, the communication interface is coupled to the processor, and the processor is configured to execute a program or an instruction to implement each process of the requirement data authorization method embodiment, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
It should be understood that the chips mentioned in the embodiments of the present disclosure may also be referred to as system-on-chip, system-on-chip or system-on-chip, etc.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element. Further, it is noted that the scope of the methods and systems in the embodiments of the present disclosure is not limited to performing functions in the order shown or discussed, but may include performing functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the described methods may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present disclosure may be embodied in the form of a computer software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present disclosure.
It should be noted that, in the embodiments of the requirement data authorization method, system, electronic device and readable storage medium, the protection of the authorization method, system, electronic device and readable device for the general data is also applicable.
While the present disclosure has been described with reference to the embodiments illustrated in the drawings, which are intended to be illustrative rather than restrictive, it will be apparent to those of ordinary skill in the art in light of the present disclosure that many more modifications may be made without departing from the spirit of the disclosure and the scope of the appended claims.
It is to be understood that the above-described specific embodiments of the present disclosure are merely illustrative of or illustrative of the principles of the present disclosure and are not to be construed as limiting the present disclosure. Accordingly, any modification, equivalent replacement, improvement or the like made without departing from the spirit and scope of the present disclosure should be included in the protection scope of the present disclosure. Further, it is intended that the following claims cover all such variations and modifications that fall within the scope and bounds of the appended claims, or equivalents of such scope and bounds.

Claims (10)

1. A key data authorization method is applied to a key data authorization system and comprises the following steps:
a request terminal (110) for transmitting authorization request information of the requirement data;
the authorization end (120) of the certification main body receives the authorization request information and sends an authorization request result of the essential data to the block chain end (130) according to the authorization request information;
the block chain end (130) performs consensus and verification on the authorization request result of the essential element data according to the received authorization request result of the essential element data, and sends first instruction information to the authorization end (120) of the certificate authority body;
the authorization end (120) of the certificate authority body sends second instruction information to the request end (110) according to the received first instruction information.
2. The method of claim 1, wherein said sending a first instruction message to the certifying authority (120) comprises:
if the authorization request result of the essential data is authorization approval, the sending a first instruction from the block link end (130) to the authorization end (120) of the certificate authority comprises: the block chain end (130) sends the successful result of the authorization request and the digital signature certificate to the certification authority end (120);
if the authorization request result of the requirement data is not authorized, the sending a first command from the blockchain end (130) to the authorized end (120) of the certification main body comprises: the block link end (130) sends the result of the failed authorization request to the principal authorization end (120).
3. The method of claim 1, wherein after receiving the authorization request information comprises:
the authentication main body authorization terminal (120) receives the first identity information and verifies whether the first identity information is matched with an authorization main body of the key element data;
the authentication subject authority (120) sends the authentication result of the first identity information to the block link end (130).
4. The method of claim 3, wherein the verifying whether the first identity information matches an authorized subject of the requirement data comprises:
if the verification result of the first identity information is that the verification is passed, the authorization end (120) of the certificate authority body confirms whether to approve the authorization of the second authorization request;
and if the verification result of the first identity information is that the verification is not passed, the authorization terminal (120) of the certificate holding body receives second identity information and verifies whether the second identity information is matched with the authorization body of the essential data.
5. The method of claim 4, wherein said verifying whether the first identity information matches an authorized subject of the element data comprises:
the certifying body end (120) sending a verification result of the first identity information to the block link end (130);
and the block chain end (130) performs consensus according to the received verification result of the first identity information.
6. The method of claim 1, wherein the requesting end (110) transmits authorization request information of the requirement data, comprising:
the request terminal (110) sends the essential data information of the authorization request;
the request terminal (110) sends the use scene information of the requirement data authorization request.
7. The method of claim 6, wherein after the requesting end (110) sends the usage context information of the requirement data authorization request, comprising:
the licensee authorization peer (120) receives the usage scenario information for determining whether to grant an authorization request for requirement data.
8. A requirement data authorization system comprising:
the request terminal (110) is used for sending authorization request information of the requirement data;
the authorization terminal (120) of the certification main body is used for receiving the authorization request information and sending an authorization request result of the essential data to the block chain end (130) according to the authorization request information; the block chain end is used for carrying out consensus verification on the authorization request result of the essential piece data according to the received authorization request result of the essential piece data and sending first instruction information to the authorization end (120) of the certificate holding main body;
the authentication main body authorization terminal (120) is further configured to send second instruction information to the request terminal (110) according to the received first instruction information.
9. An electronic device, comprising: a processor, a memory and a program or instructions stored on the memory and executable on the processor, the program or instructions when executed by the processor implementing the steps of the requirement data authorization method according to any of claims 1-7.
10. A readable storage medium on which a program or instructions are stored, which program or instructions, when executed by a processor, carry out the steps of the requirement data authorization method according to any one of claims 1-7.
CN202111117887.9A 2021-09-24 2021-09-24 Essential data authorization method and system Pending CN113569214A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111117887.9A CN113569214A (en) 2021-09-24 2021-09-24 Essential data authorization method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111117887.9A CN113569214A (en) 2021-09-24 2021-09-24 Essential data authorization method and system

Publications (1)

Publication Number Publication Date
CN113569214A true CN113569214A (en) 2021-10-29

Family

ID=78174187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111117887.9A Pending CN113569214A (en) 2021-09-24 2021-09-24 Essential data authorization method and system

Country Status (1)

Country Link
CN (1) CN113569214A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111970129A (en) * 2020-10-21 2020-11-20 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and readable storage medium
CN112199448A (en) * 2020-12-04 2021-01-08 南京星链高科技发展有限公司 Industrial and commercial registration method and system based on block chain
CN112561763A (en) * 2020-12-23 2021-03-26 北京航空航天大学 System and method for handling electronic certificate government affairs based on block chain
CN112583887A (en) * 2020-10-23 2021-03-30 国网福建省电力有限公司 Data credible sharing method based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111970129A (en) * 2020-10-21 2020-11-20 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and readable storage medium
CN112583887A (en) * 2020-10-23 2021-03-30 国网福建省电力有限公司 Data credible sharing method based on block chain
CN112199448A (en) * 2020-12-04 2021-01-08 南京星链高科技发展有限公司 Industrial and commercial registration method and system based on block chain
CN112561763A (en) * 2020-12-23 2021-03-26 北京航空航天大学 System and method for handling electronic certificate government affairs based on block chain

Similar Documents

Publication Publication Date Title
US11963006B2 (en) Secure mobile initiated authentication
US10666441B2 (en) Controlling exposure of sensitive data and operation using process bound security tokens in cloud computing environment
EP3460693B1 (en) Methods and apparatus for implementing identity and asset sharing management
CN111046352B (en) Identity information security authorization system and method based on block chain
CN109074449A (en) Neatly supply proves key in Secure Enclave
WO2021169107A1 (en) Internet identity protection method and apparatus, electronic device, and storage medium
US10642664B2 (en) System and method for securing an inter-process communication via a named pipe
US8312262B2 (en) Management of signing privileges for a cryptographic signing service
US11849050B1 (en) Systems and methods of ring usage certificate extension
US11436597B1 (en) Biometrics-based e-signatures for pre-authorization and acceptance transfer
WO2021127575A1 (en) Secure mobile initiated authentication
WO2023005838A1 (en) Data sharing method and electronic device
WO2020173019A1 (en) Access certificate verification method and device, computer equipment and storage medium
JP7223067B2 (en) Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests
CN114444134A (en) Data use authorization method, system and device
Rashid et al. RC-AAM: blockchain-enabled decentralized role-centric authentication and access management for distributed organizations
CN101917432A (en) Business processing method, information processing platform equipment and business platform equipment
Kyriakidou et al. Decentralized Identity With Applications to Security and Privacy for the Internet of Things
CN107517256B (en) Information distribution method and device
CN113569214A (en) Essential data authorization method and system
CN105379176A (en) System and method for validating SCEP certificate enrollment requests
KR101936941B1 (en) Electronic approval system, method, and program using biometric authentication
KR102375616B1 (en) Method and system for managing key to authenticate end user
CN114143100B (en) Authorization control method, system, intelligent terminal and computer readable storage medium
KR102393537B1 (en) Method and system for managing software license based on trusted execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211029