CN114172663B - Business right determining method and device based on block chain, storage medium and electronic equipment - Google Patents

Business right determining method and device based on block chain, storage medium and electronic equipment Download PDF

Info

Publication number
CN114172663B
CN114172663B CN202111483137.3A CN202111483137A CN114172663B CN 114172663 B CN114172663 B CN 114172663B CN 202111483137 A CN202111483137 A CN 202111483137A CN 114172663 B CN114172663 B CN 114172663B
Authority
CN
China
Prior art keywords
service
service data
storage area
target
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111483137.3A
Other languages
Chinese (zh)
Other versions
CN114172663A (en
Inventor
陈慧楠
关春生
梁敬娟
彭鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taikang Insurance Group Co Ltd
Original Assignee
Taikang Insurance Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taikang Insurance Group Co Ltd filed Critical Taikang Insurance Group Co Ltd
Priority to CN202111483137.3A priority Critical patent/CN114172663B/en
Publication of CN114172663A publication Critical patent/CN114172663A/en
Application granted granted Critical
Publication of CN114172663B publication Critical patent/CN114172663B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The disclosure relates to the technical field of Internet, and relates to a block chain-based service right determining method and device, a storage medium and electronic equipment. The method comprises the following steps: receiving a service right confirmation request carrying a service object identifier, and acquiring credential information corresponding to the service object identifier from privacy information stored in a first storage area, wherein the credential information is used for identifying the association relationship between the privacy information stored in the first storage area and service data stored in a second storage area, and the service data is signed based on a private key of a corresponding sponsor; and acquiring target service data stored in the second storage area according to the credential information, and checking the signature of the target service data according to the public key of the request object so as to determine service attribution according to a checking result. The method and the device can ensure the safety of service data storage, improve the traceability of the service data and facilitate the service right management.

Description

Business right determining method and device based on block chain, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of internet technologies, and more particularly, to a blockchain-based service authorization method, a blockchain-based service authorization apparatus, a computer storage medium, and an electronic device.
Background
With the rapid development of the internet technology and the computer technology, the service channels are more and more extensive, which easily leads to that the same service possibly has a plurality of sponsors, thereby causing service attribution disputes.
In the related art, service data of a sponsor of a service may be distributed in different branches and subsystems, and once a dispute of service attribution occurs, related service data needs to be acquired from each branch or system respectively, so that it is difficult to accurately acquire key data related to the service, which clearly increases the workload of service confirmation. Meanwhile, in the related art, the service data is managed by introducing a centralized mechanism, however, there is a risk of being tampered with, and the security and usability of the service data are difficult to guarantee.
It should be noted that the information of the present invention in the above background section is only for enhancing understanding of the background of the present disclosure, and thus may include information that does not form the prior art that is already known to those of ordinary skill in the art.
Disclosure of Invention
The invention aims to provide a block chain-based business right determining method and device, a computer storage medium and electronic equipment, so that the data storage safety is improved at least to a certain extent, and the traceability of business data is ensured.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to one aspect of the present disclosure, there is provided a blockchain-based service authorization method, including: receiving a service right confirmation request carrying a service object identifier, and acquiring credential information corresponding to the service object identifier from privacy information stored in a first storage area, wherein the credential information is used for identifying the association relationship between the privacy information stored in the first storage area and service data stored in a second storage area, and the service data is signed based on a private key of a corresponding sponsor; and acquiring target service data stored in the second storage area according to the credential information, and checking the signature of the target service data according to the public key of the request object so as to determine service attribution according to a checking result.
In an exemplary embodiment of the present disclosure, the acquiring credential information corresponding to the service object identifier from the privacy information stored in the first storage area includes: acquiring target role information in the privacy information according to the service object identifier; verifying the real role of the service object by using the target role information; if the service object identification passes, acquiring credential information corresponding to the service object identification from the privacy information; wherein the private data in the private information in the first storage area is encrypted using the public key of the service object to prevent disclosure of the private data.
In an exemplary embodiment of the disclosure, the verifying the real role of the service object using the target role information includes: acquiring preset credential conditions corresponding to the real roles; and acquiring the corresponding number of the credential information according to the target role information, and checking the number of the credential information according to the preset credential condition.
In an exemplary embodiment of the present disclosure, before the receiving the service right request carrying the service object identifier, and acquiring credential information corresponding to the service object identifier from the privacy information stored in the first storage area, the method further includes: carrying out hash processing on service data to obtain a service data hash result, storing the service data hash result in a second storage area, and synchronizing the service data hash result into the first storage area based on the credential information; the obtaining the target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object, so as to determine service attribution according to the verification result, including: obtaining a target service data hash result in the target service data, and comparing the target service data hash result with the service data hash result in the first storage area; and if the signature is consistent with the signature, acquiring target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object so as to determine service attribution according to a verification result.
In an exemplary embodiment of the disclosure, the obtaining the number of credential information corresponding to the service object identifier from the privacy information stored in the first storage area is plural; the obtaining the target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object, so as to determine service attribution according to the verification result, including: acquiring a plurality of target service data according to the credential information, and verifying the signature of each target service data according to the public key of the request object; and determining the request object passing verification as a service attribution party.
In an exemplary embodiment of the disclosure, the obtaining a plurality of target service data according to each piece of credential information, and verifying the signature of each piece of target service data according to the public key of the request object includes: acquiring a target service data type corresponding to the type of the credential information according to the corresponding relation between the preset credential information type and the service data type; screening target business data corresponding to the type of the target business data from the plurality of target business data; and verifying the signature of the target service data corresponding to the target service data type according to the public key of the request object.
In an exemplary embodiment of the disclosure, the signature of the service data and the public key of the corresponding sponsor are correspondingly stored in the service data of the second storage area; the method further comprises the steps of: receiving a service inquiry request carrying the service object identifier, and acquiring the credential information from the privacy information in the first storage area; acquiring a signature and a target public key of target service data in the second storage area according to the credential information; and verifying the signature of the target service data by using the target public key, and feeding the target service data back to the requester after the verification is passed.
According to one aspect of the present disclosure, there is provided a blockchain-based service authorization apparatus, the apparatus including: the information acquisition module is used for receiving a business right confirmation request carrying a service object identifier, acquiring credential information corresponding to the service object identifier from privacy information stored in a first storage area, wherein the credential information is used for identifying the association relationship between the privacy information stored in the first storage area and business data stored in a second storage area, and the business data is signed based on a private key of a corresponding sponsor; and the information verification module is used for acquiring target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object so as to determine service attribution according to a verification result.
According to one aspect of the present disclosure, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the blockchain-based service validation method of any of the above.
According to one aspect of the present disclosure, there is provided an electronic device including: one or more processors; and storage means for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement a blockchain-based service validation method as in any of the above.
According to the blockchain-based business validation method in the exemplary embodiment of the disclosure, after a business validation request carrying a service object identifier is received, credential information corresponding to the service object identifier is obtained from privacy information stored in a first storage area, target business data stored in the first storage area is obtained according to the credential information, signature of the target business data is verified according to a public key of a request object, business attribution is determined according to a verification result, the credential information is used for identifying an association relation between the privacy information stored in the first storage area and the business data stored in a second storage area, and the business data is signed based on a private key of a manager. On the one hand, the privacy information and the service data are respectively stored in a first storage area and a second storage area of the blockchain, and the same credential information is written into the associated privacy data and the service data, so that the privacy information of the first storage area is associated with the service data of the second storage area through the same credential information, the safety of the data can be ensured, and a manager or a service object can conveniently inquire the service data, so that the traceability of the data is realized; on the other hand, the business data is signed based on the private key of the corresponding sponsor, and when business attribution disputes occur, the business data can be checked through the public key of the sponsor, so that the business attribution is determined, the public key and the private key of the sponsor can be used as a guarantee for ensuring the data safety, and the public key and the private key of the sponsor are also conveniently used for determining the business attribution, so that two purposes are achieved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings, in which:
FIG. 1 illustrates a flowchart of a blockchain-based business validation method in accordance with exemplary embodiments of the present disclosure;
FIG. 2 illustrates a flowchart for obtaining credential information corresponding to a service object identification from privacy information stored in a first storage area in accordance with an exemplary embodiment of the present disclosure;
FIG. 3 illustrates a flowchart for verifying a signature of each target business data according to a public key of a request object when acquired credential information is plural according to an exemplary embodiment of the present disclosure;
FIG. 4 illustrates a flow chart of a business data query according to an exemplary embodiment of the present disclosure;
FIG. 5 illustrates a schematic diagram of the association of privacy data with business data according to an exemplary embodiment of the present disclosure;
FIG. 6 illustrates a schematic diagram of a block chain based service validation apparatus according to an exemplary embodiment of the present disclosure;
FIG. 7 illustrates a schematic diagram of a storage medium according to an exemplary embodiment of the present disclosure; and
fig. 8 shows a block diagram of an electronic device according to an exemplary embodiment of the present disclosure.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
Exemplary embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the exemplary embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar structures, and thus detailed descriptions thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known structures, methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, these functional entities may be implemented in software, or in one or more software-hardened modules, or in different networks and/or processor devices and/or microcontroller devices.
Many industries, such as enterprises of banks, securities, insurance, trust investment, fund management, etc., often involve many business data in business processing work, and many enterprises have branches distributed in different areas, and development of internet and computer technology, enrichment of business channels, easily results in that the same business may have a plurality of sponsors, thereby causing business attribution disputes. Taking insurance as an example, an insurance agent can develop a service through web pages, terminal applications and other internet modes, so that the fact that the same service may have two or more insurance agents to develop the service easily occurs, and thus performance attribution disputes may exist in the service. The business data of different insurance agents are scattered in the systems of different branch institutions, so that the key data related to the business are difficult to obtain accurately, business right is influenced, a single point of failure exists in a mode of introducing a centralized mechanism, the data sharing is opaque, the risk of easy tampering exists, the safety and the usability of the data are difficult to guarantee, once the data are mined and utilized by malicious nodes or malicious users, the safety of the data is influenced, and even the threat is brought to the privacy of clients.
Based on this, in an exemplary embodiment of the present disclosure, a blockchain-based service right determining method is provided first, which is applied to a right determining management system. Referring to fig. 1, the blockchain-based service authorization method includes the steps of:
step S110: receiving a service right confirmation request carrying a service object identifier, and acquiring credential information corresponding to the service object identifier from privacy information stored in a first storage area;
step S120: and acquiring target service data stored in the second storage area according to the credential information, and checking the signature of the target service data according to the public key of the request object so as to determine service attribution according to the checking result.
According to the blockchain-based business authorization method in the present exemplary embodiment, the privacy information and the business data are respectively stored in the first storage area and the second storage area of the blockchain, and the same credential information is written into the associated privacy data and business data, so that the privacy information of the first storage area and the business data of the second storage area are associated through the same credential information, the security of the data can be ensured, and the inquiry of the business data by a manager or a service object is facilitated, so that the traceability of the data is realized; the business data is signed based on the private key of the corresponding sponsor, and when business attribution disputes occur, the business data can be checked and signed through the public key of the sponsor, so that the business attribution party is determined, the public key and the private key of the sponsor can be used as a guarantee for ensuring the data safety, the business attribution is conveniently determined, and two purposes are achieved.
The blockchain-based service authorization method in an exemplary embodiment of the present disclosure is described below with reference to fig. 1.
In step S110, a service authorization request carrying a service object identifier is received, and credential information corresponding to the service object identifier is obtained from the privacy information stored in the first storage area.
In an exemplary embodiment of the present disclosure, a service object is a user who needs to receive a service related service, a requester corresponding to a service authorization request is a user who provides the service related service, and a service object identifier is information that uniquely identifies the service object; the privacy information comprises a service object identifier of privacy data (such as a user identity card number, a name, a sex, a sponsor manual number, a contact mode and the like), a role information of the service object, a public key of the service object and the like, and the service data is service data generated when the sponsor processes a service corresponding to the service object, and can be derived from data generated when the sponsor processes the service in each service channel.
Before proceeding with the business, the service object completes registration and applies for a private key and a user certificate to the CA (Certification Authority, certificate authority) in the blockchain privacy data storage access system Hyper ledger Fabric, acquires a corresponding public key based on the user certificate, and saves the private key and the public key, for example, a local certificate management module may be stored.
It should be noted that, the rights management system of the present application is based on the blockchain network constructed by Hyper ledger Fabric, the participants belong to respective organizations, the organizations perform membership management through CA, after the service object completes registration, the system allocates the service object identifier for the service object, and stores the service object identifier in correspondence with the user name, alternatively, the user name may be the real name of the service object; alternatively, the user name may be a uniquely determined virtual name set for the service object, which is not particularly limited by the present disclosure. The credential information is used for identifying the association relation between the privacy information stored in the first storage area and the business data stored in the second storage area, wherein each piece of business data is provided with a corresponding credential information and is associated to the record of the privacy information corresponding to the first storage area. For example, if the service data 1 has the credential information a, the credential information a is also recorded in the privacy information 2 of the service object corresponding to the first storage area associated with the service data 1, so that the privacy information 2 stored in the first storage area can be associated with the service data 1 stored in the second storage area based on the credential information a.
In some possible implementations, the business data is signed based on the private key of the corresponding sponsor, resulting in a business data signature, and the business data, the business data signature, is stored in a second storage area in the blockchain. For example, the plaintext of the service data is signed with the private key of the sponsor who handles the service, based on which the attribution of the service data can be known clearly when the service is authorized. The service data may be stored in a key-value manner, where the service object identifier is used as a key stored in the blockchain, and other privacy information corresponding to the service object is used as a value stored in the blockchain.
In some possible embodiments, the private information is encrypted using the public key of the service object and stored in the first storage area in the blockchain, based on which, when the service object needs to read its private information, the private information is obtained by decrypting with the private key of the service object, so as to ensure the safe storage of the private information. The privacy information may also be stored in a key-value manner, the credential information is used as a key stored in the blockchain, and other information related to the service is used as a value stored in the blockchain.
In an exemplary embodiment of the present disclosure, fig. 2 shows a flowchart of acquiring credential information corresponding to a service object identifier from privacy information stored in a first storage area according to an exemplary embodiment of the present disclosure, as shown in fig. 2, the process includes the steps of:
In step S210, target character information in the privacy information is acquired from the service object identification.
In an exemplary embodiment of the present disclosure, before acquiring the target role information in the privacy information according to the service object identifier, the service object identifier corresponding to the user name of the service object may be acquired according to the correspondence between the locally stored user name and the service object identifier. Then, target role information corresponding to the service object identification is acquired from the privacy information in the first storage area. The role information comprises a role type, a role level, a role occupation level and the like. For example, the role type of the service object, such as a client and a business manager, can be obtained according to the service object identification; the role level of the service object, such as the client level, etc., may also be obtained from the service object identification.
In step S220, the real character of the service object is verified using the target character information.
In an exemplary embodiment of the present disclosure, the obtained target role information may be used to verify the real role of the service object, and if the target role information passes, credential information corresponding to the service object is obtained from the privacy information. The private data in the private information in the first storage area is encrypted by using the public key of the service object, so that the private data can be prevented from being directly read only through the service object identification, and the private data disclosure is avoided.
In some possible embodiments, preset credential conditions corresponding to the real roles may be obtained, and the corresponding credential information amount may be obtained according to the target role information, so as to verify the credential information amount according to the preset credential conditions. Optionally, the preset credential condition may be a correspondence between different role types and a credential information number interval, for example [20,100] for a role type being a business sponsor, and [1,10] for a role type being a service object. Optionally, the preset credential condition may also be a correspondence between different role levels and a credential information number interval, for example, for a role level of sponsor 2, the corresponding credential information number interval is [50,100], and accordingly, as each piece of service data has one credential information, as the role level increases, the more services it may process, the higher the role level, and the more the corresponding credential information number.
Based on the information, the number of the credential information corresponding to the target role information can be obtained from the privacy information in the first storage area based on the target role information, whether the number of the credential information accords with the preset credential condition corresponding to the real role or not is judged, if so, the requester indicating the service right knows the real role of the service object, and therefore verification is passed; if not, it indicates that the service right requester may not know the real role of the service object of the requested data, then there may be suspicion of being illegally requested by others, and the verification cannot be passed.
According to the exemplary embodiment of the disclosure, before the credential information corresponding to the service object identification is acquired, whether the data requester has the authority to acquire the data can be further ensured through role verification, so that the security of data storage is improved.
In step S120, the target service data stored in the second storage area is obtained according to the credential information, and the signature of the target service data is verified according to the public key of the request object, so as to determine the service attribution according to the verification result.
In an exemplary embodiment of the present disclosure, the service data stored in the second storage area is signed based on the private key of the corresponding sponsor, and then after the target service data in the second storage area is obtained, the signature of the target service data may be verified according to the public key of the request object, so as to determine that the service belongs according to the verification result.
In some possible embodiments, before receiving a service authorization request carrying a service object identifier, and acquiring credential information corresponding to the service object identifier from privacy information stored in the first storage area, the service data may be hashed to obtain a service data hash result, and the service data hash result is stored in the second storage area, and is synchronized to the first storage area based on the credential information, that is, the service data hash result is stored in both the first storage area and the second storage area.
By recording the service data hash result in the second storage area, if the service data is tampered maliciously, the service data hash result is changed, based on the fact that the corresponding service data hash result in the second storage area is also stored in the first storage area, the service data hash result stored in the first storage area cannot be changed along with illegal change of the service data, and whether the service data hash result in the second storage area is changed or not can be checked through the service data hash result stored in the first storage area.
Based on this, the process of acquiring the target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object, so as to determine the service attribution according to the verification result includes: firstly, obtaining a target service data hash result in target service data, then comparing the target service data hash result with the service data hash result in the first storage area, if the target service data hash result is consistent with the service data hash result in the first storage area, obtaining the target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object so as to determine service attribution according to the verification result.
By the present exemplary embodiment, by comparing the hash result of the service data stored in the first storage area with the hash result of the corresponding target service data in the second storage area, it is ensured that the target service data is not tampered before the target service data stored in the second storage area is acquired according to the credential information.
In some possible embodiments, since the same service object may have multiple pieces of service data, and accordingly, the number of credential information corresponding to the service object identifier acquired from the privacy information stored in the first storage area may be multiple, then multiple target service data may be acquired according to each credential information, and the signature of each target service data is verified according to the public key of the request object, and if the public key of the target request object exists to correctly verify the signature of the target service data, the service corresponding to the target service data belongs to the target request object. For example, if a plurality of request objects generate performance attribution disputes for the business of the service object M and the credential information obtained according to the service identification information of the service object M includes a, b, c and d, the public keys of the plurality of request objects are used to verify the signatures of the target business data corresponding to the credential information a, b, c and d, respectively.
With the present exemplary embodiment, since service objects generally have limited service data and a small number of service data, a service attribution can be determined by sequentially verifying a signature of each service data. And if the service data corresponding to the service object is relatively more, the obtained plurality of credential information can be further narrowed.
Fig. 3 illustrates a flowchart for verifying a signature of each target service data according to a public key of a request object when acquired credential information is plural according to an exemplary embodiment of the present disclosure, as illustrated in fig. 3, the process includes the steps of:
in step S310, a target service data type corresponding to the type of the credential information is obtained according to the preset correspondence between the type of the credential information and the service data type.
In an exemplary embodiment of the present disclosure, a target service data type corresponding to a type of credential information may be obtained according to a preset correspondence between the type of credential information and the service data type.
Optionally, the preset credential information types may be set according to actual service requirements, taking the insurance industry as an example, the preset credential information types may include health risks, car risks, life risks, and the like, taking the retail industry as an example, the preset credential information types may include things, foods, travel types, and the like, which is not particularly limited in the disclosure. Correspondingly, the service data stored in the second storage area is correspondingly divided according to the type of the corresponding preset credential information, such as health risk service data, vehicle risk service data and life risk service data.
Optionally, a corresponding type tag can be added to the credential information or service data belonging to the same type, such as the credential information or service data belonging to the article and the WP, and the credential information or service data belonging to the vehicle insurance class and CX are added, so that the credential information or service data belonging to the same type can be conveniently and rapidly positioned, and the processing efficiency is improved.
In step S320, target service data corresponding to the target service data type is selected from the plurality of target service data.
In the exemplary embodiment of the disclosure, the target service data corresponding to the target service data type can be screened out from a plurality of target service data, the range of the target service data to be verified can be reduced, the workload of subsequent verification signature on the target service data is reduced, and the right confirmation efficiency is improved.
In step S330, the signature of the target service data corresponding to the target service data type is verified according to the public key of the request object.
In the exemplary embodiment of the present disclosure, only the signature of the target service data corresponding to the target service data type needs to be verified, so that the validation efficiency is high.
In an exemplary embodiment of the present disclosure, if the signature of the service data and the public key of the corresponding sponsor are correspondingly stored in the service data of the second storage area, as shown in fig. 4, according to the flowchart of service data query in the exemplary embodiment of the present disclosure, the query may further be performed on the service data stored in the second storage area by:
In step S410, a service query request carrying a service object identifier is received, and credential information is obtained from the privacy information in the first storage area; in step S420, the signature and the target public key of the target service data in the second storage area are obtained according to the credential information; in step S430, the signature of the target service data is verified by using the target public key, and the service data is fed back to the requester after the verification is passed.
With the present exemplary embodiment, only the service object can query the private data according to the service object identification, and other people cannot query, so that disclosure of the private data is avoided.
It should be noted that, the service object has a unique service object identifier, and correspondingly, the service manager is also allocated with its unique user identifier when registering, and the service manager can query its related privacy data and service data according to the user identifier, which is not described in detail in this disclosure.
Fig. 5 shows a schematic diagram of association of privacy data and business data according to an exemplary embodiment of the present disclosure, and a method of blockchain-based business validation of the present disclosure will be described below with reference to fig. 5, taking business validation of the insurance industry as an example.
As shown in fig. 5, the privacy information in the first storage area stores an insurance client identifier (service object identifier), role information, a private data ciphertext encrypted by the public key of the insurance client K, and public key and credential information of the insurance client, wherein the information data is stored in the first storage area in a key-value manner by using the insurance client identifier as a key, the role information, the private data ciphertext encrypted by the public key of the insurance client, and the public key and credential information of the insurance client K as a value; the service number in the second storage area stores credential information corresponding to the private data in the first storage area, a service data hash result obtained by carrying out hash processing on the service number, a public key of an insurance agent, a time stamp and a service data plaintext signed by using the private key of the managed insurance agent, wherein the credential information can be used as a key, other information can be used as a value, and the data can be stored in the first storage area.
When the insurance agent a, the insurance agent B and the insurance agent C generate performance attribution disputes for a certain service of the insurance client K, firstly, after receiving a service right confirmation request carrying an insurance client identifier of the insurance client K, acquiring credential information corresponding to the insurance client identifier from the privacy information stored in the first storage area includes: credential information 1, credential information 2, and credential information 3; then, the target service data 1, the target service data 2 and the target service data 3 stored in the second storage area are acquired according to the credential information 1, the credential information 2 and the credential information 3 respectively, signatures of the target service data 1, the target service data 2 and the target service data 3 are verified by public keys of the insurance agent A, the insurance agent B and the insurance agent C respectively, and if only the insurance agent A passes the verification, the service is determined to belong to the insurance agent A.
In this case, there may be a case where the insurance agent a verifies that the signature of the target service data 1 is passed, and the insurance agent B verifies that the signature of the target service data 2 is passed, and the insurance agent C does not verify that the signature of any target service data is passed, it is possible to further judge which corresponds to the service to which the current insurance agent a, insurance agent B, and C produce performance attribution by reading the data of the target service data 1 and the target service data 2, respectively.
It should be noted that, in the above-mentioned process of confirming the right, the target role information may be obtained according to the insurance client identifier to verify the real role of the insurance client K, and the security of the data in the process of confirming the right is ensured according to the processes of comparing the hash result of the service data stored in the first storage area with the hash result of the target service data stored in the second storage area, etc., so as to avoid illegal disclosure of the data, which is not described in detail in this disclosure.
According to the blockchain-based business authorization method in the present exemplary embodiment, the privacy information and the business data are respectively stored in the first storage area and the second storage area of the blockchain, and the same credential information is written into the associated privacy data and business data, so that the privacy information of the first storage area and the business data of the second storage area are associated through the same credential information, the security of the data can be ensured, and the inquiry of the business data by a manager or a service object is facilitated, so that the traceability of the data is realized; the business data is signed based on the private key of the corresponding sponsor, and when business attribution disputes occur, the business data can be checked and signed through the public key of the sponsor, so that the business attribution party is determined, the public key and the private key of the sponsor can be used as a guarantee for ensuring the data safety, the business attribution is conveniently determined, and two purposes are achieved. In addition, the distributed account book is maintained by multiple parties by utilizing the blockchain technology, so that the problem of single-point faults can be effectively avoided, and the data sharing efficiency is improved.
In addition, in an exemplary embodiment of the present disclosure, a block chain-based service authorization apparatus is also provided. Referring to fig. 6, the blockchain-based service validation device 600 may include an information acquisition module 610 and an information verification module 620. Specifically:
the information obtaining module 610 is configured to receive a service right request carrying a service object identifier, obtain credential information corresponding to the service object identifier from privacy information stored in the first storage area, where the credential information is used to identify an association relationship between the privacy information stored in the first storage area and service data stored in the second storage area, where the service data is signed based on a private key of a corresponding sponsor;
the information verification module 620 is configured to obtain the target service data stored in the second storage area according to the credential information, and verify the signature of the target service data according to the public key of the request object, so as to determine the service attribution according to the verification result.
In an exemplary embodiment of the present disclosure, the information acquisition module 610 may include: the role information acquisition unit is used for acquiring target role information in the privacy information according to the service object identification; the role verification unit is used for verifying the real roles of the service objects by using the target role information; if the service object identification passes, acquiring credential information corresponding to the service object identification from the privacy information; wherein the private data in the private information in the first storage area is encrypted using the public key of the service object to prevent disclosure of the private data.
In an exemplary embodiment of the present disclosure, the information acquisition module 610 may include: the credential condition acquisition unit is used for acquiring preset credential conditions corresponding to the real roles; the quantity verification unit is used for acquiring the corresponding quantity of the credential information according to the target role information and verifying the quantity of the credential information according to the preset credential condition.
In an exemplary embodiment of the present disclosure, the blockchain-based service validation device 600 further includes: the block chain management module is used for carrying out hash processing on the service data, obtaining a service data hash result, storing the service data hash result in the second storage area, and synchronizing the service data hash result into the first storage area based on the credential information; the information verification module 620 may include: ha Xibi pair unit, configured to obtain a target service data hash result in the target service data, and compare the target service data hash result with the service data hash result in the first storage area; and if the signature is consistent with the signature, acquiring target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object so as to determine the service attribution according to the verification result.
In an exemplary embodiment of the present disclosure, the number of credential information corresponding to the service object identifier is acquired from the privacy information stored in the first storage area is a plurality of; the information verification module 620 may further include: the signature verification unit is used for acquiring a plurality of target service data according to the credential information and verifying the signature of each target service data according to the public key of the request object; and the information feedback unit is used for determining the verified request object as a service attribution party.
In an exemplary embodiment of the present disclosure, the information verification module 620 may further include: the type data acquisition unit is used for acquiring a target service data type corresponding to the type of the credential information according to the corresponding relation between the preset credential information type and the service data type; a target data acquisition unit, configured to screen target service data corresponding to a target service data type from multiple target service data; and the right confirming unit is used for verifying the signature of the target service data corresponding to the target service data type according to the public key of the request object.
In an exemplary embodiment of the present disclosure, the signature of the service data and the public key of the corresponding sponsor are correspondingly stored in the service data of the second storage area; the blockchain-based service authorization device 600 further includes: the first information inquiry unit is used for receiving a service inquiry request carrying a service object identifier and acquiring credential information from the privacy information in the first storage area; the second information inquiry unit is used for acquiring the signature and the target public key of the target service data in the second storage area according to the credential information; and the information feedback unit is used for checking the signature of the target service data by using the target public key and feeding the target service data back to the requester after the verification is passed.
Since each functional module of the blockchain-based service right determining apparatus of the exemplary embodiment of the present disclosure is the same as that in the above-described embodiment of the blockchain-based service right determining method, a detailed description thereof will be omitted herein.
It should be noted that although several modules or units of a blockchain-based service authorization device are mentioned in the detailed description above, this partitioning is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, in exemplary embodiments of the present disclosure, a computer storage medium capable of implementing the above-described method is also provided. On which a program product is stored which enables the implementation of the method described above in the present specification. In some possible embodiments, the various aspects of the present disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.
Referring to fig. 7, a program product 700 for implementing the above-described method according to an exemplary embodiment of the present disclosure is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
In addition, in an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided. Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 800 according to such an embodiment of the present disclosure is described below with reference to fig. 8. The electronic device 800 shown in fig. 8 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 8, the electronic device 800 is embodied in the form of a general purpose computing device. Components of electronic device 800 may include, but are not limited to: the at least one processing unit 810, the at least one storage unit 820, a bus 830 connecting the different system components (including the storage unit 820 and the processing unit 810), and a display unit 840.
Wherein the storage unit stores program code that is executable by the processing unit 810 such that the processing unit 810 performs steps according to various exemplary embodiments of the present disclosure described in the above section of the present specification.
The storage unit 820 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 8201 and/or cache memory 8202, and may further include Read Only Memory (ROM) 8203.
Storage unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 830 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 800 may also communicate with one or more external devices 900 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 800, and/or any device (e.g., router, modem, etc.) that enables the electronic device 800 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 850. Also, electronic device 800 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 860. As shown, network adapter 860 communicates with other modules of electronic device 800 over bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 800, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Furthermore, the above-described figures are only schematic illustrations of processes included in the method according to the exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A blockchain-based service authorization method, comprising:
receiving a service right confirmation request carrying a service object identifier, and acquiring credential information corresponding to the service object identifier from privacy information stored in a first storage area, wherein the credential information is used for identifying the association relation between the privacy information stored in the first storage area and service data stored in a second storage area, each piece of service data in the second storage area has corresponding credential information and is associated to a record of the privacy information corresponding to the first storage area, and the service data is signed based on a private key of a corresponding sponsor;
and acquiring target service data stored in the second storage area according to the credential information, and checking the signature of the target service data according to the public key of the request object so as to determine service attribution according to a checking result.
2. The method of claim 1, wherein the obtaining credential information corresponding to the service object identifier from the privacy information stored in the first storage area includes:
Acquiring target role information in the privacy information according to the service object identifier;
verifying the real role of the service object by using the target role information;
if the service object identification passes, acquiring credential information corresponding to the service object identification from the privacy information;
wherein the private data in the private information in the first storage area is encrypted using the public key of the service object to prevent disclosure of the private data.
3. The method of claim 2, wherein verifying the true role of the service object using the target role information comprises:
acquiring preset credential conditions corresponding to the real roles;
and acquiring the corresponding number of the credential information according to the target role information, and checking the number of the credential information according to the preset credential condition.
4. The method of claim 1, wherein prior to the receiving the service confirmation request carrying the service object identifier, obtaining credential information corresponding to the service object identifier from the privacy information stored in the first storage area, the method further comprises:
carrying out hash processing on service data to obtain a service data hash result, storing the service data hash result in a second storage area, and synchronizing the service data hash result into the first storage area based on the credential information;
The obtaining the target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object, so as to determine service attribution according to the verification result, including:
obtaining a target service data hash result in the target service data, and comparing the target service data hash result with the service data hash result in the first storage area;
and if the signature is consistent with the signature, acquiring target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object so as to determine service attribution according to a verification result.
5. The method according to claim 1, wherein the acquiring the number of credential information corresponding to the service object identifier from the privacy information stored in the first storage area is plural;
the obtaining the target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object, so as to determine service attribution according to the verification result, including:
Acquiring a plurality of target service data according to the credential information, and verifying the signature of each target service data according to the public key of the request object;
and determining the request object passing verification as a service attribution party.
6. The method of claim 5, wherein the obtaining a plurality of target service data according to each of the credential information and verifying the signature of each of the target service data according to the public key of the request object comprises:
acquiring a target service data type corresponding to the type of the credential information according to the corresponding relation between the preset credential information type and the service data type;
screening target business data corresponding to the type of the target business data from the plurality of target business data;
and verifying the signature of the target service data corresponding to the target service data type according to the public key of the request object.
7. The method of claim 1, wherein the signature of the business data and the public key of the corresponding sponsor are correspondingly stored in the business data of the second storage area; the method further comprises the steps of:
receiving a service inquiry request carrying the service object identifier, and acquiring the credential information from the privacy information in the first storage area;
Acquiring a signature and a target public key of target service data in the second storage area according to the credential information;
and verifying the signature of the target service data by using the target public key, and feeding the target service data back to the requester after the verification is passed.
8. A blockchain-based service authorization device, comprising:
the information acquisition module is used for receiving a business right confirmation request carrying a service object identifier, acquiring credential information corresponding to the service object identifier from privacy information stored in a first storage area, wherein the credential information is used for identifying the association relation between the privacy information stored in the first storage area and business data stored in a second storage area, each piece of business data in the second storage area is provided with corresponding credential information and is associated to a record of the privacy information corresponding to the first storage area, and the business data is signed based on a private key of a corresponding sponsor;
and the information verification module is used for acquiring target service data stored in the second storage area according to the credential information, and verifying the signature of the target service data according to the public key of the request object so as to determine service attribution according to a verification result.
9. A computer storage medium having stored thereon a computer program which, when executed by a processor, implements the blockchain-based service validation method of any of claims 1 to 7.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the blockchain-based service validation method of any of claims 1 to 7.
CN202111483137.3A 2021-12-07 2021-12-07 Business right determining method and device based on block chain, storage medium and electronic equipment Active CN114172663B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111483137.3A CN114172663B (en) 2021-12-07 2021-12-07 Business right determining method and device based on block chain, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111483137.3A CN114172663B (en) 2021-12-07 2021-12-07 Business right determining method and device based on block chain, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN114172663A CN114172663A (en) 2022-03-11
CN114172663B true CN114172663B (en) 2023-09-26

Family

ID=80483713

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111483137.3A Active CN114172663B (en) 2021-12-07 2021-12-07 Business right determining method and device based on block chain, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN114172663B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664678A (en) * 2022-10-27 2023-01-31 成都质数斯达克科技有限公司 Block chain based trusted data verification method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327314A (en) * 2018-11-08 2019-02-12 阿里巴巴集团控股有限公司 Access method, device, electronic equipment and the system of business datum
CN110493007A (en) * 2019-09-06 2019-11-22 腾讯科技(深圳)有限公司 A kind of Information Authentication method, apparatus, equipment and storage medium based on block chain
CN112508576A (en) * 2021-02-04 2021-03-16 腾讯科技(深圳)有限公司 Key management method, system and storage medium based on block chain
CN112989400A (en) * 2019-12-13 2021-06-18 北京百度网讯科技有限公司 Privacy transaction processing method and device, electronic equipment and medium
WO2021209052A1 (en) * 2020-04-17 2021-10-21 支付宝(杭州)信息技术有限公司 Blockchain-based data processing

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11889307B2 (en) * 2018-08-20 2024-01-30 T-Mobile Usa, Inc. End-to-end security for roaming 5G-NR communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327314A (en) * 2018-11-08 2019-02-12 阿里巴巴集团控股有限公司 Access method, device, electronic equipment and the system of business datum
CN110493007A (en) * 2019-09-06 2019-11-22 腾讯科技(深圳)有限公司 A kind of Information Authentication method, apparatus, equipment and storage medium based on block chain
CN112989400A (en) * 2019-12-13 2021-06-18 北京百度网讯科技有限公司 Privacy transaction processing method and device, electronic equipment and medium
WO2021209052A1 (en) * 2020-04-17 2021-10-21 支付宝(杭州)信息技术有限公司 Blockchain-based data processing
CN112508576A (en) * 2021-02-04 2021-03-16 腾讯科技(深圳)有限公司 Key management method, system and storage medium based on block chain

Also Published As

Publication number Publication date
CN114172663A (en) 2022-03-11

Similar Documents

Publication Publication Date Title
CN108595126B (en) Data storage system, query method, query device, server, and storage medium
US11451392B2 (en) Token-based secure data management
CN111741036B (en) Trusted data transmission method, device and equipment
CN110414268B (en) Access control method, device, equipment and storage medium
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN113012008B (en) Identity management method, device and equipment based on trusted hardware
AU2019203848A1 (en) Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain
US20220060514A1 (en) Data sharing
US9900157B2 (en) Object signing within a cloud-based architecture
CN110555029A (en) ticket management method and device based on block chain and storage medium
CN109657492B (en) Database management method, medium, and electronic device
CN110636043A (en) File authorization access method, device and system based on block chain
CN106936588B (en) Hosting method, device and system of hardware control lock
US11405396B2 (en) Secure management and provisioning of interaction data using permissioned distributed ledgers
JP7223067B2 (en) Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests
CN114666168A (en) Decentralized identity certificate verification method and device, and electronic equipment
Kwame et al. V-chain: A blockchain-based car lease platform
WO2021114495A1 (en) Supply chain transaction privacy protection system and method based on blockchain, and related device
KR102131206B1 (en) Method, service server and authentication server for providing corporate-related services, supporting the same
CN114172663B (en) Business right determining method and device based on block chain, storage medium and electronic equipment
WO2022116761A1 (en) Self auditing blockchain
CN112862484A (en) Secure payment method and device based on multi-terminal interaction
CN114584324B (en) Identity authorization method and system based on block chain
CN112948894A (en) Block chain-based anti-counterfeiting method, device, equipment and medium for tally inspection report
Gabel et al. Privacy patterns for pseudonymity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant