CN114244546A - Method and device for service provider to acquire user information - Google Patents

Method and device for service provider to acquire user information Download PDF

Info

Publication number
CN114244546A
CN114244546A CN202010938429.0A CN202010938429A CN114244546A CN 114244546 A CN114244546 A CN 114244546A CN 202010938429 A CN202010938429 A CN 202010938429A CN 114244546 A CN114244546 A CN 114244546A
Authority
CN
China
Prior art keywords
user
user information
trusted
party
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010938429.0A
Other languages
Chinese (zh)
Other versions
CN114244546B (en
Inventor
王海光
康鑫
雷中定
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202010938429.0A priority Critical patent/CN114244546B/en
Publication of CN114244546A publication Critical patent/CN114244546A/en
Application granted granted Critical
Publication of CN114244546B publication Critical patent/CN114244546B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a method and a device for a service provider to acquire user information. The method comprises the following steps: receiving a user information request which is from a service provider and passes the authentication of a trusted third party, wherein the user information request comprises a user identity information item to be provided; and under the condition that the user information request is determined to pass the authentication of the trusted third party, sending the user identity information to the service provider according to the user information request. The user only provides the required user identity information under the condition that the user identity information required to be provided by the service provider is authenticated by the trusted third party, so that the reasonability of the user identity information requirement of the service provider can be enhanced, and the privacy safety of the user can be guaranteed. In addition, the reasonability of the trusted third party for helping the user to confirm the user identity information requirement of the service provider is realized, and the trust of the user on the service provider can be enhanced, so that the normal network service access is ensured.

Description

Method and device for service provider to acquire user information
Technical Field
The present application relates to the field of computer technology and information security, and in particular, to a method and an apparatus for a service provider to obtain user information.
Background
On the current internet, when a user uses a certain website for the first time, the website usually requires that the user register first, provide specified user identity information, and then allocate an account to the user to obtain information of the website. The website may intentionally or unintentionally require the user to provide additional identity information, such as personal privacy information, for example, age, home address, or birthday, during the process of acquiring the identity information of the user. This poses a threat to the privacy security of the user and also causes the user to distrust the website, thereby denying the use of the service and further affecting the normal website access.
Disclosure of Invention
The application provides a method and a device for a service provider to acquire user information, and under the condition that the user identity information required to be provided by the service provider is authenticated by a trusted third party, a user only provides the required user identity information, so that the reasonability of the user identity information requirement of the service provider can be enhanced, and the privacy and the safety of the user can be guaranteed.
In a first aspect, a method for a service provider to obtain user information is provided, the method comprising: receiving a user information request which is from a service provider and passes the authentication of a trusted third party, wherein the user information request comprises a user identity information item to be provided; and under the condition that the user information request is determined to pass the authentication of the trusted third party, sending user identity information to the service provider according to the user information request.
The user identity information item contained in the user information request represents user identity information required by the service provider.
In the prior art, a service provider can obtain a certificate of a trusted authority, but user identity information to be collected by the service provider is determined by the service provider, and no limitation is provided, so that the reasonability of the user identity information required by the service provider cannot be guaranteed, the security of the user identity information is easily threatened, and the user can also cause distrust on the service provider.
In the application, the service provider requires that the user identity information provided by the user needs to be authenticated by a trusted third party, and the user provides the user identity information to the service provider under the condition that the user identity information required to be provided by the service provider is determined to pass the authentication of the trusted third party. The reasonability of the user identity information required by the service provider can be ensured to a certain extent, so that the privacy and the safety of the user can be ensured. In addition, the reasonability of the trusted third party for helping the user to confirm the user identity information requirement of the service provider is realized, and the trust of the user on the service provider can be enhanced, so that the normal network service access is ensured.
With reference to the first aspect, in a possible implementation manner, the sending, according to the user information request, user identity information to the service provider when it is determined that the user information request passes authentication of the trusted third party includes: verifying that the user information request has an endorsement of the trusted third party using a certificate of the trusted third party; and under the condition that the user information request has endorsement of the trusted third party, sending user identity information to the service provider according to the user information request.
With reference to the first aspect, in a possible implementation manner, the sending user identity information to the service provider according to the user information request includes: automatically acquiring user identity information required by the user information request; and sending the user identity information to the service provider.
Optionally, the user identity information required by the user information request is automatically acquired by: and extracting user identity information required by the user information request from a user information management module, wherein the user information management module prestores the identity information of the user. Taking the execution subject of the first aspect as User Equipment (UE) for example, the user information management module may be located locally in the user equipment, or may also be located in the cloud. For example, the user information management module is a cloud server.
With reference to the first aspect, in a possible implementation manner, the method further includes: sending information of the trusted third party to the service provider to instruct the service provider to send a user information request authenticated by the trusted third party before receiving the user information request.
With reference to the first aspect, in a possible implementation manner, the user information request authenticated by the trusted third party satisfies: the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or the service provided by the service provider matches the user identity information required by the user information request.
With reference to the first aspect, in a possible implementation manner, an execution subject of the method is a user equipment, or a user information management module, where identity information of a user is prestored in the user information management module.
In a second aspect, a method for a service provider to obtain user information is provided, the method comprising: sending a user information request authenticated by a trusted third party to a user information provider, wherein the user information request comprises a user identity information item to be provided; and receiving the user identity information sent by the user information provider according to the user information request.
With reference to the second aspect, in a possible implementation manner, the user information request authenticated by the trusted third party has an endorsement of the trusted third party.
With reference to the second aspect, in a possible implementation manner, the method further includes: sending an authentication request to the trusted third party, wherein the authentication request comprises service information and user information requirement items; and receiving a user information request which is sent by the trusted third party and passes the authentication of the trusted third party when the service information and the user information requirement item meet the authentication condition.
With reference to the second aspect, in a possible implementation manner, the method further includes: sending a user information request to be authenticated to a block chain, wherein the user information request to be authenticated comprises service information and a user information requirement item; obtaining, from the blockchain, a user information request authenticated by the trusted third party, wherein the trusted third party is configured to: and acquiring the user information request to be authenticated from the block chain, generating a user information request authenticated by the trusted third party under the condition that the service information and the user information requirement item meet the authentication condition, and sending the user information request to the block chain.
With reference to the second aspect, in a possible implementation manner, the user information request authenticated by the trusted third party satisfies: the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or the service provided by the service provider matches the user identity information required by the user information request.
With reference to the second aspect, in a possible implementation manner, the method further includes: receiving indication information of the trusted third party from the user information provider; wherein the sending of the user information request authenticated by the trusted third party to the user information provider comprises: and sending the user information request which passes the authentication of the trusted third party to the user information provider according to the indication information.
In a third aspect, a method for a service provider to obtain user information is provided, the method comprising: acquiring service information and user information requirement items of a service provider; under the condition that the service information and the user information requirement item meet the authentication condition, generating a user information request authenticated by the trusted third party according to the service information and the user information requirement item; sending the user information request to the service provider.
With reference to the third aspect, in a possible implementation manner, the authentication condition includes: the user identity information indicated by the user information requirement item does not exceed the requirement of the service indicated by the service information; or the service indicated by the service information is matched with the user identity information indicated by the user information requirement item.
With reference to the third aspect, in a possible implementation manner, the acquiring service information and user information requirement items of a service provider includes: and receiving an authentication request from the service provider, wherein the authentication request carries the service information and the user information requirement item.
With reference to the third aspect, in a possible implementation manner, the acquiring service information and user information requirement items of a service provider includes: acquiring a user information request to be authenticated of the service provider from a blockchain, wherein the user information request to be authenticated comprises the service information and the user information requirement item; wherein sending the user information request to the service provider comprises: and sending the user information request authenticated by the trusted third party to the blockchain so that the service provider can acquire the user information request from the blockchain.
With reference to the third aspect, in a possible implementation manner, an execution subject of the method is a trusted third party, where the user information authenticated by the trusted third party requests to have an endorsement of the trusted third party.
Optionally, in each of the foregoing implementation manners, the user information request is a user registration information acquisition template.
In a fourth aspect, a communication device is provided, which may be configured to perform a method of the methods of the first, second or third aspects.
Optionally, the communications apparatus may include means for performing a method of the methods in the first, second or third aspects.
When the communication device is used to perform the method of the first aspect, the communication device may be referred to as a user information provider. For example, user equipment or a user information storage module.
When the communication device is used to perform the method of the second aspect, the communication device may be referred to as a service provider. Such as a web server.
When the communication device is adapted to perform the method of the third aspect, the communication device may be referred to as a trusted third party, e.g. a server of a trusted authority.
In a fifth aspect, a communication device is provided, the communication device comprising a processor coupled with a memory, the memory for storing computer programs or instructions, the processor for executing the computer programs or instructions stored by the memory such that the method of the first, second or third aspect is performed.
For example, the processor is for executing a memory-stored computer program or instructions causing the communication apparatus to perform the method of the first, second or third aspect.
Optionally, the communication device comprises one or more processors.
Optionally, a memory coupled to the processor may also be included in the communication device.
Optionally, the communication device may include one or more memories.
Alternatively, the memory may be integral with the processor or provided separately.
Optionally, a transceiver may also be included in the communication device.
In a sixth aspect, a chip is provided, where the chip includes a processing module and a communication interface, the processing module is configured to control the communication interface to communicate with the outside, and the processing module is further configured to implement the method in the first aspect, the second aspect, or the third aspect.
In a seventh aspect, a computer readable storage medium is provided, on which a computer program (also referred to as instructions or code) for implementing the method in the first, second or third aspect is stored.
For example, the computer program, when executed by a computer, causes the computer to perform the method of the first, second or third aspect. The computer may be a communication device.
In an eighth aspect, there is provided a computer program product comprising a computer program (also referred to as instructions or code) which, when executed by a computer, causes the computer to carry out the method of the first, second or third aspect. The computer may be a communication device.
Based on the above description, in the present application, the service provider requires that the user identity information provided by the user needs to be authenticated by the trusted third party, and the user provides the user identity information to the service provider when it is determined that the user identity information provided by the service provider is authenticated by the trusted third party. The reasonability of the user identity information required by the service provider can be ensured to a certain extent, so that the privacy and the safety of the user can be ensured. In addition, the reasonability of the trusted third party for helping the user to confirm the user identity information requirement of the service provider is realized, and the trust of the user on the service provider can be enhanced, so that the normal network service access is ensured.
Drawings
Fig. 1 is a schematic flowchart of a method for a service provider to obtain user information according to an embodiment of the present application.
Fig. 2 is a schematic diagram of an implementation manner of a service provider obtaining a user information request authenticated by a trusted third party in the embodiment of the present application.
Fig. 3 is a schematic diagram illustrating another implementation manner of a service provider obtaining a user information request authenticated by a trusted third party in the embodiment of the present application.
Fig. 4 is a schematic diagram illustrating that a user information provider automatically obtains user identity information in an embodiment of the present application.
Fig. 5 is a diagram illustrating an example in which a user information provider sends user identity information to a service provider according to an embodiment of the present application.
Fig. 6 is a diagram illustrating an example of a service provider obtaining a user information obtaining request authenticated by a trusted third party in an embodiment of the present application.
Fig. 7 is another exemplary diagram of a service provider obtaining a user information obtaining request authenticated by a trusted third party in the embodiment of the present application.
Fig. 8 is another exemplary diagram of a user information provider sending user identity information to a service provider in an embodiment of the present application.
Fig. 9 is a diagram illustrating another example in which a user information provider transmits user identification information to a service provider according to an embodiment of the present application.
Fig. 10 is a diagram showing still another example in which a user information provider transmits user identification information to a service provider in an embodiment of the present application.
Fig. 11 is a schematic block diagram of a user information provider according to an embodiment of the present application.
Fig. 12 is a schematic block diagram of a service provider provided in an embodiment of the present application.
Fig. 13 is a schematic block diagram of a trusted third party provided in an embodiment of the present application.
Fig. 14 is a schematic block diagram of a system for a service provider to obtain user information according to an embodiment of the present application.
Fig. 15 is a schematic block diagram of a data processing apparatus according to an embodiment of the present application.
Detailed Description
The network identity is the basis for users to participate in all network activities and represents an entity mapped in the internet world by users, but with the enhancement of internet functions, network services are continuously merged with real services, and some network services need the real attribute information (namely real identity information) of users to participate in execution. On the current internet, when a user uses a certain website (or application) for the first time, the website (or application) often requires that the user register first, provide specified user identity information, and then allocate an account to the user to obtain information of the website (or application). For example, the website generally acquires the user identity information by providing a form, and the user provides corresponding personal identity information according to the requirements of the form.
The website (or application) may intentionally or unintentionally require the user to provide additional identity information, such as sensitive information such as age, home address, or birthday, in the process of obtaining the user's identity information. Such information is likely to be revealed through transactions, for example, during identity information buying and selling. The consequences caused by the leakage of the user identity information are very serious, not only the operation of network services and the reputation of enterprises are influenced, but also economic and legal responsibility needs to be assumed for the caused loss.
In addition, the acquisition of user identity information by the current website (or application) may also cause the user to deny trust in the website (or application) and refuse to use the service, thereby affecting the access of the normal website (or application).
In order to enhance the security of user identity information, the application provides a method and a device for a service provider to acquire user information. In the method and the device, the user only provides the required user identity information under the condition that the user identity information required to be provided by the service provider is authenticated by the trusted third party, so that the reasonability of the user identity information requirement of the service provider can be enhanced, and the privacy and the safety of the user can be guaranteed. In addition, the reasonability of the trusted third party for helping the user to confirm the user identity information requirement of the service provider is realized, and the trust of the user on the service provider can be enhanced, so that the normal network service access is ensured.
The technical solution in the present application will be described below with reference to the accompanying drawings.
The embodiments of the present application relate to a service provider, a user information provider, and a trusted third party, and each means is as follows.
A Service Provider (SP) denotes a device for acquiring user identity information. The service provider is also used to provide the relevant network traffic services. For example, a service provider may be a server of a web page or an Application (APP). As an example, the service provider may be a user registration server.
The user information provider means a device for submitting user identification information to the internet. For example, the user information provider may be a User Equipment (UE). For another example, the user information provider may be a user information management module, and the module may be a component provided inside the user device or may be a component independent from the user device.
A Trusted Third Party (TTP) represents a third party trusted authority. For example, the trusted third party may be a trusted authority server.
Fig. 1 is a schematic flow chart of a method 100 for a service provider to obtain user information according to an embodiment of the present application.
S110, the user information provider receives a user information request which is authenticated by the trusted third party and comes from the service provider.
The user information request comprises the user identity information item to be provided. The user identification information item indicates user identification information required by the service provider.
By way of example, the user identity information items to be provided contained in the user information request include, but are not limited to: name, date of birth, home address, etc.
For example, the user information request may be embodied as a table in which the identity information items required by the service provider are listed.
The user information request may further include service-related information, such as service type, service description, and the like.
The user information request may further include a signature of the service provider, which is used for the user information provider to verify whether the signature in the user information request is consistent with the identity of the service provider.
As an example, in the user registration scenario, the user information request is as shown in table 2 below. Table 2 will be described below, and will not be described in detail here.
For example, the user information request may be referred to as a user information acquisition template, and particularly, in a user registration scenario, may be referred to as a user registration information acquisition template (URIT), where a user identity information item required to be provided is specified in the template. For example, the user registration information acquisition template may also be referred to as a user registration information gathering template.
And S120, the user information provider sends the user identity information to the service provider according to the user information request under the condition that the user information request is determined to pass the authentication of the trusted third party.
The user information request is authenticated by the trusted third party, which means that the user identity information required by the user information request (i.e. the user identity information requirement of the service provider) passes the authentication of the trusted third party.
And sending user identity information to the service provider according to the user information request, wherein the user identity information represents that corresponding user identity information is provided according to the user identity information items listed in the user information request.
For example, if the user identity information items required by the user information request include the necessary options and the optional items, only the user identity information corresponding to the necessary options may be provided to the service provider, or the user information request corresponding to the necessary options and the optional items may also be provided to the service provider.
In the prior art, a service provider can obtain a certificate of a trusted authority, but user identity information to be collected by the service provider is determined by the service provider, and no limitation is provided, so that the reasonability of the user identity information required by the service provider cannot be guaranteed, the security of the user identity information is easily threatened, and the user can also cause distrust on the service provider.
In the embodiment of the application, the service provider requires that the user identity information provided by the user needs to be authenticated by the trusted third party, and the user provides the user identity information to the service provider under the condition that the user identity information required to be provided by the service provider is determined to pass the authentication of the trusted third party. The reasonability of the user identity information required by the service provider can be ensured to a certain extent, so that the privacy and the safety of the user can be ensured. In addition, the reasonability of the trusted third party for helping the user to confirm the user identity information requirement of the service provider is realized, and the trust of the user on the service provider can be enhanced, so that the normal network service access is ensured.
It should be appreciated that the present application may be applied to a user registration scenario.
For example, the method 100 further includes, before step S110, the service provider receiving a registration request of the user device; in step S110, the service provider sends a corresponding user information request to the user information provider according to the registration request; after step S120, the service provider completes user registration according to the user identity information.
It should also be understood that the present application may also be applied to other scenarios that require a user to submit user identity information in the internet.
For example, the user information request by the authentication of the trusted third party satisfies the authentication condition one or the authentication condition two.
And under the first authentication condition, the user identity information required by the user information request does not exceed the user information requirement of the service provided by the service provider.
And secondly, the service provided by the service provider is matched with the user identity information required by the user information request.
It should be understood that the authentication condition may be established by a trusted third party. For example, the trusted third party may formulate the authentication condition according to application requirements.
It should be understood that the authentication condition is set reasonably, which helps to ensure the security of the user identity information.
In step S120, the user information provider may verify whether the user information request passes the authentication of the trusted third party by using a verification method corresponding to the authentication method of the trusted third party for the user information request.
Optionally, the trusted third party authenticates the user information request in a manner that the trusted third party provides endorsements for the authenticated user identity information request content. I.e. a user information request sent by a service provider with endorsements of trusted third parties.
In this case, step S120 includes: the user information provider verifies whether the user information request has endorsements of the trusted third party by using the certificates of the trusted third party (assuming that the user information provider acquires the certificates of the trusted third party in advance); and under the condition that the user information request has endorsement of a trusted third party, sending user identity information to the service provider according to the user information request.
Alternatively, the trusted third party may provide endorsements for user identity information through digital signature techniques.
For example, the trusted third party adds a certificate (CERT _ TTP) of the trusted third party to the user identity information, and signs the information (the user identity information added with the CERT _ TTP) by using a private key corresponding to the certificate (CERT _ TTP), so as to generate the user identity information with endorsement of the trusted third party.
In this case, in step S120, the user information provider verifies whether the user information request has a signature of the trusted third party using a certificate of the trusted third party (which is assumed to have been acquired in advance), and if so, it is determined that the user identity information required by the service provider passes the authentication of the trusted third party.
It should be understood that the authentication manner of the trusted third party for the user information request may be selected according to application requirements, and a specific implementation manner thereof is not limited to the manner provided in the embodiment of the present application.
In the embodiment of the application, the user information request sent by the service provider needs to be authenticated by a trusted third party.
The service provider may obtain the user information request authenticated by the trusted third party in a variety of ways.
In the first obtaining manner, the service provider obtains the user information request authenticated by the trusted third party through steps S101 to S103 shown in fig. 2.
Optionally, as shown in fig. 2, in some embodiments, the method 100 further includes steps S101 to S103.
S101, the service provider sends an authentication request to a trusted third party, wherein the authentication request comprises service information and user information requirement items.
The service information indicates a service to be provided by the service provider. The user information requirement indicates that the service provider requires identity information provided by the user.
As an example, in a user registration scenario, the authentication request may be as shown in table 2. Table 2 will be described below, and will not be described in detail here.
And S102, the trusted third party generates a user information request which is corresponding to the service information and passes the authentication of the trusted third party under the condition that the service information and the user identity information requirement item meet the authentication condition.
For example, the authentication condition is that the user identity information indicated by the user information requirement item does not exceed the requirement of the service indicated by the service information.
Or, the authentication condition is that the service indicated by the service information matches the user identity information indicated by the user information requirement item.
S103, the trusted third party sends a user information request authenticated by the trusted third party to the service provider.
Optionally, the user information authenticated by the trusted third party requests endorsements with the trusted third party.
For example, in step S102, the trusted third party generates a user information request with endorsements of the trusted third party when the service information and the user identity information requirement satisfy the authentication condition.
As an example, in the user registration scenario, the user information request with endorsement of the trusted third party is shown in table 3. Table 3 will be described below, and will not be described in detail here.
Taking an application scenario as an example of a registration scenario, fig. 6 is a specific example of a first obtaining manner, and the following description is specifically described, which is not detailed here.
In the second obtaining mode, the service provider obtains the user information request authenticated by the trusted third party through steps S104 to S108 shown in fig. 3.
Optionally, as shown in fig. 3, in some embodiments, the method 100 further includes steps S104 to S108.
And S104, the service provider sends a user information request to be authenticated to the block chain, wherein the user information request to be authenticated comprises service information and a user information requirement item corresponding to the service information.
The service information indicates a service to be provided by the service provider. The user information requirement indicates that the service provider requires identity information provided by the user.
As an example, in the user registration scenario, the user information request to be authenticated is shown in table 2. Table 2 will be described below, and will not be described in detail here.
And S105, the trusted third party acquires the information request of the user to be authenticated from the block chain.
And S106, the trusted third party generates a user information request which is corresponding to the service information and passes the authentication of the trusted third party under the condition that the service information and the user identity information requirement item meet the authentication condition.
Step S106 is the same as step S104 in fig. 2, and for a detailed description, refer to step S104, which is not described herein again.
And S107, the trusted third party sends the user information request authenticated by the trusted third party to the block chain.
And S108, the service provider acquires the user information request authenticated by the trusted third party from the blockchain.
Optionally, in step S104, the service provider may send a plurality of user information requests to be authenticated to the blockchain, where each user information request to be authenticated corresponds to one network service (e.g., service). For example, each user information request to be authenticated includes a kind of service information and a corresponding user information requirement item.
Optionally, in the embodiment shown in fig. 3, multiple trusted third parties may obtain information of the user to be authenticated from the blockchain to request authentication.
Alternatively, in step S108, the service provider may obtain a plurality of user information requests authenticated by different trusted third parties from the blockchain. In step S110, the service provider may select a user information request authenticated by a trusted third party according to the application requirement. For example, if the user information provider specifies a certain trusted third party, the service provider selects a user information request to be transmitted, the user information request being authenticated by the trusted third party specified by the user information provider.
Taking an application scenario as an example of a registration scenario, fig. 7 is a specific example of an acquisition mode two, and the specific description is referred to the following description, which is not detailed here.
It should be noted that the blockchain mentioned in the embodiment of the present application may be replaced with another network service platform as long as it can support the service provider and the trusted third party to upload and download information thereon.
Optionally, in some embodiments, the method 100 further comprises: and before receiving the user information request, the user information provider sends indication information of the trusted third party to the service provider, wherein the indication information is used for indicating the service provider to send the user information request which passes the authentication of the trusted third party. In step S110, the service provider selects a user information request authenticated by the trusted third party to transmit, based on the instruction information.
As one example. In an application scenario where the user is registered, the user information provider is a user device, and before step S110, the method 100 further includes: the user equipment sends a registration request to the service provider, wherein the registration request carries information of a trusted third party and is used for indicating the service provider to adopt the trusted third party to authenticate the user information request.
In this example, in step S110, the service provider selects a user information request that passes authentication of the trusted third party to transmit according to the registration request.
It should be appreciated that specifying a trusted third party by the user for authenticating user information requests of the service provider may further secure the user identity information.
In step S120, the user information provider acquires user identity information required for the user information request, and then transmits the user identity information to the service provider. The user information provider can acquire user identity information required by the user information request in various ways.
Optionally, the user information provider is a user device, and step S120 includes: user equipment automatically acquires user identity information required by a user information request; user identity information is sent to the service provider.
For example, as shown in fig. 4, a method for a user equipment to automatically obtain user identity information required by a user information request includes: the user equipment extracts user identity information required by the user information request from the user information management module; user identity information is sent to the service provider.
The user information management module prestores the identity information of the user. The user information management module may be a component provided in the user equipment, or may be a component independent from the user equipment. For example, the user information management module may be a device located in the cloud. For example, the user information management module is a cloud server.
Fig. 8 shows an example of the embodiment shown in fig. 4, described in detail below, and not described in detail here.
In the prior art, when the user identity information needs to be provided, the user is usually required to manually input the corresponding identity information and then send the corresponding identity information to the service provider.
In this embodiment, the user identity information is acquired from the user information management module, so that automatic extraction of the user identity information is realized, manual filling operation by a user is omitted, efficiency of providing the user identity information to a service provider can be improved, and possible errors caused by manual filling by the user can be avoided.
Optionally, in some embodiments, in step S120, the required user identity information may also be acquired through user input.
For example, step S120 includes: notifying a user of a user information item required by a service provider; and acquiring user identity information manually filled by a user and sending the user identity information to a service provider.
Optionally, in some embodiments, the user information provider is a user device.
In this embodiment, the operation of verifying whether the user information request passes the authentication of the trusted third party may be performed by the user equipment, or may be performed by the user information management module.
Optionally, in this embodiment, the method 100 further includes: the user equipment transmits a user information request to a user information management module; and the user information management module feeds back the verification result to the user equipment. In step S120, in the case that the user information management module feeds back that the user information request passes the authentication of the trusted third party, the user device sends the required user identity information to the service provider.
Fig. 9 shows an example of the present embodiment, which will be described in detail below, and will not be described in detail here.
Optionally, in some embodiments, the user information provider is a user information management module.
For example, the method 100 further includes: the service provider sends a user information request authenticated by a trusted third party to the user equipment; and the user equipment sends a redirection message to the service provider, wherein the redirection message carries the address of the user information management module. In step S110, the service provider sends a user information request authenticated by the trusted third party to the user information management module according to the redirection message. In step S120, the user information management module sends the required user identity information to the service provider. In this embodiment, the operation of verifying whether the user information request passes the authentication of the trusted third party is also performed by the user information management module.
Fig. 10 shows an example of the present embodiment, described in detail below, and will not be described in detail here.
Alternatively, in some embodiments, if the user information provider verifies that the user identity information required by the service provider is not authenticated by the trusted third party, the user may decide whether to provide the user identity information to the service provider.
For example, the user information provider may present a user identity information acquisition request from the service provider to the user, and send user identity information required by the user information request to the service provider if the user indicates to provide the identity information, or not send the user identity information.
Based on the above description, in the application, the service provider requires that the user identity information provided by the user needs to be authenticated by the trusted third party, and the user provides the user identity information to the service provider under the condition that the user identity information provided by the service provider is verified to pass the authentication of the trusted third party, so that the reasonability of the user identity information required by the service provider can be ensured to a certain extent, the reasonability of the user identity information required by the service provider can be ensured by the trusted third party, the user can be helped to confirm the reasonability of the user identity information requirement of the service provider, the trust of the user on the service provider can be enhanced, and the reasonable data application requirement of the service provider can be met while the safety of the user identity information is ensured.
Several examples will be described below, taking the application of the present application to a user registration scenario as an example.
Example one.
Fig. 5 shows a schematic flow chart of a method for a user device to provide user identity information to a service provider (or, in other words, the service provider obtains user identity information from the user device). In fig. 5, a user registration request template (URIT) sent by a service provider is taken as an example of a user registration information acquisition template.
S501, the user equipment sends a registration request to the service provider.
For example, a user device issues a registration request to a service provider based on user input.
Optionally, the registration request may carry information of a trusted third party. It should be understood that this trusted third party may be considered a trusted third party for the user.
For example, the registration request may also carry information of multiple trusted authorities, for example, the information may be a list, and the multiple trusted authorities include the trusted third party.
S502, the service provider obtains a user registration information obtaining template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party according to the trusted third party provided by the user equipment in the registration request.
For example, the service provider extracts a user registration information acquisition template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party from a storage device in which the user registration information acquisition template endorsed by the trusted authority is prestored.
Alternatively, the service provider may acquire the user registration information acquisition template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party by the method shown in fig. 6, see example two to be described below.
Alternatively, the service provider may acquire the user registration information acquisition template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party by the method shown in fig. 7, see example three to be described below.
S503, the service provider signs the URIT _ SP _ SIG _ TTP with the certificate of the service provider, and sends the signature to the user equipment.
S504, after receiving the uri _ SP _ SIG _ TTP, the user equipment verifies whether the uri _ SP _ SIG _ TTP has endorsement of the trusted third party by using the certificate of the trusted third party (CERT _ TTP).
And if the URIT _ SP _ SIG _ TTP has the endorsement of the trusted third party, determining that the URIT _ SP _ SIG _ TTP is provided by the trusted third party by the user, namely determining that the URIT _ SP _ SIG _ TTP passes the authentication of the trusted third party.
In this example, it is assumed that the user equipment acquires a Certificate (CERT) of the trusted third party in advance. A certificate of a Trusted Third Party (TTP) may be abbreviated CERT _ TTP.
S505, in case it is verified that URIT _ SP _ SIG _ TTP has endorsement of trusted third party, the user device verifies that the signature contained in URIT _ SP _ SIG _ TTP received in step S503 matches the identity of the service provider using the certificate of the service provider.
For example, one method of authentication is to extract the service provider's certificate from the uri _ SP _ SIG _ TTP.
S506, the user equipment informs the user of the signature verification result through a user interface.
And S507, the user equipment sends the user identity information to the service provider according to the requirement of URIT _ SP _ SIG _ TTP.
For example, the user device may also sign user identity information to be provided and then send it to the service provider.
For example, according to an instruction for submitting user identity information input by a user, registration information is sent to a service provider, and the required user identity information is carried in the registration information.
Assuming that URIT _ SP _ SIG _ TTP is as shown in table 3 below, the user identity information sent by the service provider to the service provider includes: "name", "birthday", "address", "telephone", "mailbox", "income".
The user equipment may obtain the user identity information required by the uri _ SP _ SIG _ TTP in various ways.
Optionally, the user equipment extracts the user identity information required by the URIT _ SP _ SIG _ TTP from the user information management module, which prestores the identity information of the user, by using steps S807 and S808 as shown in fig. 8.
Optionally, the user equipment presents to the user identity information items required by URIT _ SP _ SIG _ TTP; and acquiring the user identity information manually filled by the user.
And S508, the service provider verifies whether the user identity information provided by the user equipment meets the requirements or not according to the URIT _ SP _ SIG _ TTP.
S509, under the condition that the user identity information provided by the user equipment is verified to meet the requirements, the service provider completes user registration according to the user identity information provided by the user equipment.
And S510, the service provider returns the registration result to the user equipment.
If the user identity information provided by the user equipment is verified to meet the requirement in step S508, the registration result returned to the user equipment in step S510 is a successful registration.
If the user identity information provided by the user equipment is not qualified in the step S508, the step S509 is not executed, and the registration result returned to the user equipment in the step S510 is unsuccessful.
Example two.
Fig. 6 shows a schematic flow diagram of a method for a service provider to obtain a user information request endorsed by a trusted third party.
In fig. 6, a user registration request acquisition template (URIT) is taken as an example.
S601, the Service Provider (SP) sends a registration template request (URIT _ request) to the Trusted Third Party (TTP).
For example, the type (T) of the template may be indicated in the enrollment template request for requesting a trusted third party to provide a user enrollment information acquisition template (URIT) of the specified type (T).
S602, the trusted third party sends a user registration information acquisition template (URIT) to the service provider according to the registration template request.
If the enrollment template request specifies a type, the trusted third party sends a user enrollment information acquisition template (URIT) of the specified type to the service provider.
As an example, a user registration information acquisition template (URIT) provided by a trusted third party is shown in table 1.
TABLE 1
Item(s) Assignment of value
Type (Type) T
Serial Number (SN) sn
NAME of service provider (NAME) Air (NULL)
Certificate of service provider (CERT) Air conditioner
Service type (service type, ST) Air conditioner
Service description (service description, SD) Air conditioner
Requiring provided User Identity Information (UII) Air conditioner
The assignments of the "type (T)" and "Serial Number (SN)" entries in table 1 may be specified by a trusted third party.
It should be noted that table 1 is only an example and not a limitation. For example, the information items shown in table 1 are included in, but not limited to, a user registration information acquisition template (URIT) provided by a trusted third party.
S603, the service provider assigns values to some items in the URIT, obtains a user registration information acquisition template (URIT _ SP) related to the service, and sends the URIT _ SP to the trusted third party.
For example, the service provider assigns values to certain items in the URIT according to the service provided, and obtains a user registration information acquisition template (URIT _ SP) related to the service.
As an example, a user registration information acquisition template (URIT _ SP) of the service provider is shown in table 2.
TABLE 2
Figure BDA0002672767270000121
X in table 2 indicates a service type specified by a service provider, for example, a college student registration service. Y in table 2 denotes a service description provided by the service provider.
As can be seen from table 2, the service provider assigns values to the items "NAME", "CERT", "ST", "SD", "UII". Wherein, assigning "UII" means that sub-items under the "UII" item are specified, such as "name", "birthday", "address", "telephone", "mailbox", and "income" shown in table 2.
The sub-item under the "UII" item is used to specify which identity information the user needs to provide at registration time.
S604, the trusted third party provides endorsement for the URIT _ SP and generates a user registration information acquisition template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party when determining that the URIT _ SP satisfies the authentication condition.
For example, the authentication condition is that the user identity information required by the service provider does not exceed the requirements of the service provided by the service provider, or that the service provided by the service provider matches the user identity information required by the service provider.
Taking the uri _ SP as the example in table 2, the trusted third party evaluates the service provided by the service provider and the required user identity information according to the service type, the service description and the sub-items of the UII item in the uri _ SP, and provides endorsements for the uri _ SP to generate the uri _ SP _ SIG _ TTP if the uri _ SP satisfies the authentication conditions.
As an example, the trusted third party provides endorsement for the URIT _ SP in such a manner that the trusted third party adds a certificate (CERT _ TTP) of the trusted third party to the URIT _ SP, and signs (SIG _ TTP) the information (the URIT _ SP added with the CERT _ TTP) by using a private key corresponding to the certificate (CERT _ TTP), thereby generating the URIT _ SP _ SIG _ TTP with endorsement.
As an example, the user registration information acquisition template (URIT _ SP _ SIG _ TTP) of the trusted third party authentication is as shown in table 3.
TABLE 3
Figure BDA0002672767270000131
S605, the trusted third party sends the user registration information acquisition template (URIT _ SP _ SIG _ TTP) authenticated by the trusted third party to the service provider.
S606, the service provider checks whether the content in the URIT _ SP _ SIG _ TTP is the same as the content of the URIT _ SP provided in step S603.
S607, the service provider checks whether the certificate of the trusted authority included in the URIT _ SP _ SIG _ TTP is consistent with the certificate of the trusted third party, and further verifies whether the signature in the URIT _ SP _ SIG _ TTP is correct.
In this example, it is assumed that the service provider previously acquired a certificate (CERT _ TTP) of the trusted third party.
The execution order of steps S606 and S607 may be interchanged.
S608, after the checks in steps S606 and S607 pass, the service provider stores URIT _ SP _ SIG _ TTP.
For example, URIT _ SP _ SIG _ TTP is stored in the storage device.
It should be noted that tables 1, 2 and 3 are only examples and not limiting.
Example three.
FIG. 7 illustrates another schematic flow chart of a method for a service provider to obtain a user information request endorsed by a trusted third party.
In fig. 7, a user registration request acquisition template (URIT) is taken as an example.
S701, the service provider generates a user registration information acquisition template (URIT _ SP) related to the service, and sends the URIT _ SP to the block chain.
For example, the service provider generates a user registration information acquisition template (URIT _ SP) related to a service to be provided, based on a user registration information acquisition template acquired in advance.
S702, the blockchain stores a user registration information acquisition template (URIT _ SP) from the service provider.
The user registration information acquisition template (URIT SP) stored on the blockchain may be acquired by any trusted authority. In this example, the trusted third party acquires URIT _ SP from the block chain is taken as an example for explanation.
S703, the trusted third party (or some trusted authority) obtains a URIT _ SP from the service provider from the blockchain.
S704, the trusted third party provides endorsements for the URIT _ SP when determining that the URIT _ SP satisfies the authentication condition, and generates a user registration information acquisition template (URIT _ SP _ SIG _ TTP) authenticated by the trusted third party. I.e. URIT _ SP _ SIG _ TTP has an endorsement of a trusted third party.
Step S704 corresponds to step S604 shown in fig. 6, and the detailed description is referred to above, and is not repeated here.
S705, the trusted third party sends URIT _ SP _ SIG _ TTP onto the block chain.
S706, the service provider acquires a user registration information acquisition template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party from the blockchain.
S707, the service provider checks whether the content in the URIT _ SP _ SIG _ TTP is the same as that of the URIT _ SP.
S708, the service provider checks whether the certificate of the trusted authority included in the URIT _ SP _ SIG _ TTP is consistent with the certificate of the trusted third party, and further verifies whether the signature in the URIT _ SP _ SIG _ TTP is correct.
In this example, it is assumed that the service provider previously acquired a certificate (CERT _ TTP) of the trusted third party.
The execution order of steps S707 and S708 may be interchanged.
S709, after the checks in steps S707 and S708 are passed, the service provider decides whether or not to adopt the user registration information acquisition template (URIT _ SP _ SIG _ TTP) endorsed by the trusted third party.
S710, if the service provider determines to adopt URIT _ SP _ SIG _ TTP, it stores URIT _ SP _ SIG _ TTP.
For example, URIT _ SP _ SIG _ TTP is stored in the storage device.
S711, the service provider block chain sends an endorsement application completion notification to indicate that the endorsement application of URIT _ SP is completed.
S712, the blockchain issues URIT _ SP endorsement end information.
It should be understood that FIG. 7 is exemplary only and not limiting. For example, in practical applications, multiple trusted authorities may evaluate the uri _ SP on the blockchain and decide whether to endorse the block, and send the endorsement result to the blockchain. The service provider can acquire one or more user registration information acquisition templates endorsed by the trusted authorities from the blockchain, and can subsequently select a user registration information acquisition template endorsed by a certain trusted authority according to requirements to acquire user registration information from the user equipment.
Example four
Fig. 8 shows another schematic flow chart of a method for a user information provider to provide user identity information to a service provider.
Steps S801 to S806 are the same as steps S501 to S506 in fig. 5, and the detailed description is given above, and is not repeated here.
S807, the user equipment requests the user identity information required by the URIT _ SP _ SIG _ TTP from the user information management module.
Assuming that URIT _ SP _ SIG _ TTP is as shown in table 3, the user identity information requested by the user equipment to the user information management module includes: "name", "birthday", "address", "telephone", "mailbox", "income".
S808, the user information management module sends the user identity information required by URIT _ SP _ SIG _ TTP to the user equipment.
Steps S809 to S812 are the same as steps S507 to S510 in fig. 5, and the detailed description is given above, and is not repeated here.
Example five
Fig. 9 shows yet another schematic flow chart of a method for a user information provider to provide user identity information to a service provider.
Steps S901 to S903 are the same as steps S501 to S503 in fig. 5, and the detailed description is given above, and is not repeated here.
S904, the user equipment forwards the URIT _ SP _ SIG _ TTP to the user information management module.
S905, the user information management module verifies whether the URIT _ SP _ SIG _ TTP has endorsement of the trusted third party using the certificate of the trusted third party (CERT _ TTP).
And if the URIT _ SP _ SIG _ TTP has the endorsement of the trusted third party, determining that the URIT _ SP _ SIG _ TTP is provided by the trusted third party by the user, namely determining that the URIT _ SP _ SIG _ TTP passes the authentication of the trusted third party.
In this example, it is assumed that the user information management module acquires the certificate (CERT _ TTP) of the trusted third party in advance.
S906, in case it is verified that the uri _ SP _ SIG _ TTP has endorsement of the trusted third party, the user information management module verifies that the signature included in the uri _ SP _ SIG _ TTP matches the identity of the service provider using the certificate of the service provider.
For example, one method of authentication is to extract the service provider's certificate from the uri _ SP _ SIG _ TTP.
Steps S907 to S911 are the same as steps S808 to S812 in fig. 8, and the detailed description is given above, and is not repeated here.
In this embodiment, the user information management module has a verification capability of the reliability of the user registration information acquisition template, and therefore, the user equipment may not be in charge of the verification function of the reliability of the user registration information acquisition template.
Example five
Fig. 10 shows still another schematic flow chart of a method for providing user identity information to a service provider by a user information provider.
Steps S1001 to S1003 are the same as steps S501 to S503 in fig. 5, and the detailed description is given above, and is not repeated here.
S1004, the user equipment sends a redirection message to the service provider, where the redirection message includes address information of the user information management module.
For example, the redirection message includes a URL of the user information management module, or a Decentralized Identity (DID) address of the user information management module.
S1005, the service provider obtains the redirected address, i.e. the address of the user information management module, according to the redirection message.
For example, the service provider acquires the address of the user information management module according to the URL or DID included in the redirect message.
And judges whether to transmit the user registration information template (URIT _ SIG _ TTP) to the IIM to which the address points
S1006, in case of determining to transmit URIT _ SP _ SIG _ TTP to the address indicated by the redirection message, the service provider transmits URIT _ SP _ SIG _ TTP to the user information management module.
Steps S1007 and S1008 are the same as steps S905 and S906 of fig. 9, and the detailed description is given above, and is not repeated here.
S1008a, the user information management module issues an authorization request to the user device.
S1008b, the user provides an authorization response to the user information management module via the user device.
S1008a and S1008b are optional.
S1009: the user information management module directly provides the user identity information required by the URIT _ SP _ SIG _ TTP to the service provider.
Steps S1010 and S1011 are the same as steps S909 and S910 in fig. 9, and the detailed description is given above, and is not repeated here.
S1012: the service provider returns the registration result to the user information management module.
If the user identity information provided in step S1010 is verified to meet the requirement, the registration result returned in step S1012 is a successful registration.
If the user identity information provided by the verification in step S1010 is not satisfactory, step S1011 is not performed, and the registration result returned in step S1012 is unsuccessful.
S1013, in the case that the registration result returned in step S1012 is that the registration is successful, the user information management module stores the registration information.
For example, the registration information includes, but is not limited to, information such as an address of a service party, a service type, a user name, a password, or an authentication method.
S1014, the user information management module forwards the registration result received in step S1012 to the user equipment.
In this embodiment, the user equipment employs an address redirection method to redirect the service provider to the identity information management module. The identity information management module directly interacts with the service provider to complete the user registration, and then the identity information management module informs the user equipment of the registration result.
The various embodiments described herein may be implemented as stand-alone solutions or combined in accordance with inherent logic and are intended to fall within the scope of the present application.
Embodiments of the methods provided herein are described above, and embodiments of the apparatus provided herein are described below. It should be understood that the description of the apparatus embodiments corresponds to the description of the method embodiments, and therefore, for brevity, details are not repeated here, since the details that are not described in detail may be referred to the above method embodiments.
Fig. 11 is a schematic block diagram of a user information provider 1100 provided in an embodiment of the present application. The user information provider 1100 may correspond to the user information provider in the above method embodiment.
As shown in fig. 11, the user information provider 1100 includes a receiving unit 1110 and a transmitting unit 1120.
The receiving unit 1110 is configured to receive a user information request authenticated by a trusted third party from a service provider, where the user information request includes a user identity information item to be provided.
A sending unit 1120, configured to send the user identity information to the service provider according to the user information request, if it is determined that the user information request passes the authentication of the trusted third party.
Optionally, the user information provider 1100 further includes: a verification unit 1130 for verifying that the user information request has an endorsement of the trusted third party using the certificate of the trusted third party; the sending unit 1120 is configured to send the user identity information to the service provider according to the user information request when the user information request has endorsement of the trusted third party.
Optionally, the sending unit 1120 is configured to: extracting user identity information required by a user information request from a user information management module, wherein the user information management module prestores the identity information of a user; user identity information is sent to the service provider.
Optionally, the sending unit 1120 is further configured to send information of the trusted third party to the service provider to instruct the service provider to send the user information request authenticated by the trusted third party.
Optionally, the user information request authenticated by the trusted third party satisfies: the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or the service provided by the service provider matches the user identity information required by the user information request.
Optionally, the user information request is to register an information acquisition template for the user.
Optionally, the user information provider 1100 is a user device.
Alternatively, the user information provider 1100 is a user information management module in which identity information of a user is prestored.
Alternatively, the user information provider 1100 is a user device integrated with a user information management module, in which the identity information of the user is pre-stored.
Fig. 12 is a schematic block diagram of a service provider 1200 provided in an embodiment of the present application. The service provider 1200 may correspond to the service provider in the above method embodiment.
As shown in fig. 12, the service provider 1200 includes a transmitting unit 1210 and a receiving unit 1220.
A sending unit 1210, configured to send a user information request authenticated by a trusted third party to a user information provider, where the user information request includes a user identity information item to be provided.
The receiving unit 1220 is configured to receive user identity information sent by the user information provider according to the user information request.
Optionally, the user information authenticated by the trusted third party requests endorsements with the trusted third party.
Optionally, the sending unit 1210 is further configured to send an authentication request to the trusted third party, where the authentication request includes service information and a user information requirement item; the receiving unit 1220 is further configured to receive a user information request that is sent by the trusted third party and passes the authentication of the trusted third party when the service information and the user information requirement item satisfy the authentication condition.
Optionally, the sending unit 1210 is further configured to send a user information request to be authenticated to the block chain, where the user information request to be authenticated includes service information and a user information requirement item; the system further comprises an acquisition unit, configured to acquire, from the blockchain, a user information request authenticated by a trusted third party, where the trusted third party is configured to: and acquiring a user information request to be authenticated from the block chain, generating a user information request authenticated by a trusted third party under the condition that the service information and the user information requirement item meet the authentication condition, and sending the user information request to the block chain.
Optionally, the user information request authenticated by the trusted third party satisfies: the user identity information required for the user information request does not exceed the requirements of the service provided by the service provider 1200; or the service provided by the service provider 1200 matches the user identity information required by the user information request.
Optionally, the receiving unit 1220 is further configured to receive indication information from a trusted third party of the user information provider; the sending unit 1210 is configured to send, to the user information provider, a user information request authenticated by the trusted third party according to the indication information.
Optionally, the user information request is to register an information acquisition template for the user.
For example, the service provider 1200 is a web server. The network server may provide network services.
Fig. 13 is a schematic block diagram of a trusted third party 1300 provided in an embodiment of the present application. The trusted third party 1300 may correspond to the trusted third party in the above method embodiments.
As shown in fig. 13, the trusted third party 1300 includes an obtaining unit 1310, a generating unit 1320, and a transmitting unit 1330.
The obtaining unit 1310 is configured to obtain service information of a service provider and a user information requirement.
A generating unit 1320, configured to generate a user information request authenticated by the trusted third party 1300 according to the service information and the user information requirement item when the service information and the user information requirement item satisfy the authentication condition.
A transmitting unit 1330 configured to transmit the user information request to the service provider.
Optionally, the authentication condition includes: the user identity information indicated by the user information requirement item does not exceed the requirement of the service indicated by the service information; or the service indicated by the service information matches the user identity information indicated by the user information requirement.
Optionally, the obtaining unit 1310 is configured to receive an authentication request from a service provider, where the authentication request carries service information and a user information requirement item.
Optionally, the obtaining unit 1310 is configured to obtain a user information request to be authenticated of a service provider from a blockchain, where the user information request to be authenticated includes service information and a user information requirement item; the sending unit 1330 is configured to send the user information request authenticated by the trusted third party 1300 to the blockchain, so that the service provider obtains the user information request from the blockchain.
Optionally, the user information authenticated by the trusted third party 1300 requests endorsements with the trusted third party 1300.
Optionally, the user information request is to register an information acquisition template for the user.
For example, the trusted third party 1300 may be a server of a trusted authority.
As shown in fig. 14, the embodiment of the present application further provides a system 1400 for a service provider 1410 to obtain user information. The system 1400 includes a service provider 1410, a user information provider 1420, and a trusted third party 1430.
For example, the service provider 1410 may correspond to the service provider in the above method embodiment, the user information provider 1420 corresponds to the user information provider in the above method embodiment, and the trusted third party 1430 corresponds to the trusted third party in the above method embodiment.
For example, the service provider 1410 is the service provider 1200 shown in fig. 12, the user information provider 1420 is the user information provider 1100 shown in fig. 11, and the trusted third party 1430 is the trusted third party 1300 shown in fig. 13.
For one embodiment, the service provider 1410 is configured to send a user information request authenticated by the trusted third party 1430 to the user information provider 1420, where the user information request includes a user identity information item to be provided; the user information provider 1420 is configured to transmit user identity information to the service provider 1410 according to the user information request, in a case where it is determined that the user information request is authenticated by the trusted third party 1430.
Optionally, user information authenticated by the trusted third party 1430 requests endorsements with the trusted third party 1430; the user information provider 1420 is configured to: verifying whether the user information request has endorsement of the trusted third party 1430 using the certificate of the trusted third party 1430; in the case where the user information request has endorsements by trusted third parties 1430, user identity information is sent to the service provider 1410 according to the user information request.
Optionally, the user information provider 1420 is configured to send user identity information to the service provider 1410 by: extracting user identity information required by a user information request from a user information management module, wherein the user information management module prestores the identity information of a user; user identity information is sent to the service provider 1410.
Optionally, the service provider 1410 is further configured to send an authentication request to the trusted third party 1430, where the authentication request includes service information and a user information requirement item; the trusted third party 1430 is configured to, when the service information and the user information requirement item satisfy the authentication condition, generate a user information request authenticated by the trusted third party 1430 according to the service information and the user information requirement item, and send the user information request to the service provider 1410.
Optionally, the service provider 1410 is further configured to send a user information request to be authenticated to the blockchain, where the user information request to be authenticated includes service information and a user information requirement item; trusted third party 1430 is used to: acquiring a user information request to be authenticated of a service provider 1410 from a blockchain, wherein the user information request to be authenticated comprises service information and a user information requirement item; under the condition that the service information and user information requirement items meet the authentication conditions, generating a user information request authenticated by a trusted third party 1430 according to the service information and user information requirement items; sending a user information request authenticated by the trusted third party 1430 to the block chain; the service provider 1410 is also configured to obtain user information requests from the blockchain that are authenticated by the trusted third party 1430.
Optionally, the user information provider 1420 is also used to send information of the trusted third party 1430 to the service provider 1410; the service provider 1410 is further configured to: according to the indication information, a user information request through authentication of the trusted third party 1430 is transmitted to the user information provider 1420.
Optionally, the user information request authenticated by the trusted third party 1430 satisfies: the user identity information required for the user information request does not exceed the requirements of the service provided by the service provider 1410; or the service provided by the service provider 1410 matches the user identity information required by the user information request.
Optionally, the user information request is to register an information acquisition template for the user.
As shown in fig. 15, an embodiment of the present application further provides a data processing apparatus 1500. The apparatus 1500 comprises a processor 1510, the processor 1510 being coupled to a memory 1520, the memory 1520 being configured to store computer programs or instructions, the processor 1510 being configured to execute the computer programs or instructions stored by the memory 1520, such that the methods in the above method embodiments are performed.
Optionally, as shown in fig. 15, the apparatus 1500 may further include a memory 1520.
Optionally, as shown in fig. 15, the apparatus 1500 may further include a communication interface 1530, where the communication interface 1530 is used for data transmission with the outside.
Optionally, the apparatus 1500 is configured to implement the steps on the side of the user information provider in the above method embodiment.
Optionally, the apparatus 1500 is configured to implement the steps on the service provider side in the above method embodiment.
Optionally, as a further solution, the apparatus 1500 is configured to implement the steps on the trusted third party side in the above method embodiment.
Embodiments of the present application also provide a computer-readable medium storing program code for execution by a device, the program code including instructions for performing the method of the above-described embodiments.
Embodiments of the present application also provide a computer program product containing instructions, which when run on a computer, cause the computer to perform the method of the above embodiments.
The embodiment of the present application further provides a chip, where the chip includes a processor and a communication interface, and the processor reads an instruction stored in a memory through the communication interface to execute the method of the foregoing embodiment.
Optionally, as an implementation manner, the chip may further include a memory, where instructions are stored in the memory, and the processor is configured to execute the instructions stored in the memory, and when the instructions are executed, the processor is configured to perform the method in the foregoing embodiment.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
It should also be understood that reference herein to first, second, third, fourth, and various numerical designations is made merely for convenience in description and is not intended to limit the scope of embodiments of the invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (29)

1. A method for a service provider to obtain user information, comprising:
receiving a user information request which is from a service provider and passes the authentication of a trusted third party, wherein the user information request comprises a user identity information item to be provided;
and under the condition that the user information request is determined to pass the authentication of the trusted third party, sending user identity information to the service provider according to the user information request.
2. The method of claim 1, wherein sending user identity information to the service provider according to the user information request upon determining that the user information request passes authentication of the trusted third party comprises:
verifying that the user information request has an endorsement of the trusted third party using a certificate of the trusted third party;
and under the condition that the user information request has endorsement of the trusted third party, sending user identity information to the service provider according to the user information request.
3. The method of claim 1 or 2, wherein sending user identity information to the service provider in accordance with the user information request comprises:
automatically acquiring user identity information required by the user information request;
and sending the user identity information to the service provider.
4. The method according to any one of claims 1-3, further comprising:
sending information of the trusted third party to the service provider to instruct the service provider to send a user information request authenticated by the trusted third party before receiving the user information request.
5. The method according to any of claims 1-4, wherein the user information request authenticated by the trusted third party satisfies:
the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or
The service provided by the service provider matches the user identity information required by the user information request.
6. The method of any of claims 1-5, wherein the user information request is a user registration information acquisition template.
7. A method for a service provider to obtain user information, comprising:
sending a user information request authenticated by a trusted third party to a user information provider, wherein the user information request comprises a user identity information item to be provided;
and receiving the user identity information sent by the user information provider according to the user information request.
8. The method of claim 7, wherein the user information request authenticated by the trusted third party has an endorsement of the trusted third party.
9. The method of claim 7 or 8, further comprising:
sending an authentication request to the trusted third party, wherein the authentication request comprises service information and user information requirement items;
and receiving a user information request which is sent by the trusted third party and passes the authentication of the trusted third party when the service information and the user information requirement item meet the authentication condition.
10. The method of claim 7 or 8, further comprising:
sending a user information request to be authenticated to a block chain, wherein the user information request to be authenticated comprises service information and a user information requirement item;
obtaining a user information request authenticated by the trusted third party from the blockchain,
wherein the trusted third party is to: and acquiring the user information request to be authenticated from the block chain, generating a user information request authenticated by the trusted third party under the condition that the service information and the user information requirement item meet the authentication condition, and sending the user information request to the block chain.
11. The method according to any of claims 7-10, wherein the user information request authenticated by the trusted third party satisfies:
the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or
The service provided by the service provider matches the user identity information required by the user information request.
12. The method according to any one of claims 7-11, further comprising:
receiving indication information of the trusted third party from the user information provider;
wherein the sending of the user information request authenticated by the trusted third party to the user information provider comprises:
and sending the user information request which passes the authentication of the trusted third party to the user information provider according to the indication information.
13. The method according to any of claims 7-12, wherein the user information request is a user registration information acquisition template.
14. A user information provider, comprising:
the receiving unit is used for receiving a user information request which is from a service provider and passes the authentication of a trusted third party, wherein the user information request comprises a user identity information item which needs to be provided;
and the sending unit is used for sending the user identity information to the service provider according to the user information request under the condition that the user information request is determined to pass the authentication of the trusted third party.
15. The user information provider of claim 14, further comprising:
a verification unit configured to verify that the user information request has an endorsement of the trusted third party using a certificate of the trusted third party;
the sending unit is configured to send user identity information to the service provider according to the user information request when the user information request has endorsement of the trusted third party.
16. The user information provider according to claim 14 or 15, wherein the transmission unit is configured to:
extracting user identity information required by the user information request from a user information management module, wherein the user information management module prestores the identity information of the user;
and sending the user identity information to the service provider.
17. The user information provider according to any of claims 14-16, wherein the sending unit is further configured to send information of the trusted third party to the service provider to instruct the service provider to send a user information request authenticated by the trusted third party.
18. The user information provider according to any of claims 14-17, wherein the user information request authenticated by the trusted third party satisfies:
the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or
The service provided by the service provider matches the user identity information required by the user information request.
19. The user information provider according to any of claims 14-18, wherein the user information request is a user registration information acquisition template.
20. A service provider, comprising:
the device comprises a sending unit, a receiving unit and a sending unit, wherein the sending unit is used for sending a user information request authenticated by a trusted third party to a user information provider, and the user information request comprises a user identity information item required to be provided;
and the receiving unit is used for receiving the user identity information sent by the user information provider according to the user information request.
21. The service provider of claim 20, wherein the user information request authenticated by the trusted third party has an endorsement of the trusted third party.
22. The service provider according to claim 20 or 21, wherein the sending unit is further configured to send an authentication request to the trusted third party, where the authentication request includes service information and a user information requirement item;
the receiving unit is further configured to receive a user information request that is sent by the trusted third party and passes the authentication of the trusted third party when the service information and the user information requirement item meet an authentication condition.
23. The service provider according to claim 20 or 21, wherein the sending unit is further configured to send a user information request to be authenticated to the blockchain, where the user information request to be authenticated includes service information and a user information requirement item;
further comprising an obtaining unit for obtaining a user information request authenticated by the trusted third party from the blockchain,
wherein the trusted third party is to: and acquiring the user information request to be authenticated from the block chain, generating a user information request authenticated by the trusted third party under the condition that the service information and the user information requirement item meet the authentication condition, and sending the user information request to the block chain.
24. The service provider of any of claims 20-23, wherein the user information request authenticated by the trusted third party satisfies:
the user identity information required by the user information request does not exceed the requirements of the service provided by the service provider; or
The service provided by the service provider matches the user identity information required by the user information request.
25. The service provider according to any of claims 20-24,
the receiving unit is further configured to receive indication information of the trusted third party from the user information provider;
the sending unit is configured to send the user information request authenticated by the trusted third party to the user information provider according to the indication information.
26. The service provider of any of claims 20-25, wherein the user information request is a user registration information acquisition template.
27. A system for a service provider to obtain user information, comprising:
the service provider of any of claims 14-19;
a user information provider according to any of claims 20-26.
28. An apparatus for data processing, comprising:
a memory for storing executable instructions;
a processor for invoking and executing the executable instructions in the memory to perform the method of any one of claims 1-13.
29. A computer-readable storage medium, in which program instructions are stored, which, when executed by a processor, implement the method of any one of claims 1 to 13.
CN202010938429.0A 2020-09-09 2020-09-09 Method and device for service provider to acquire user information Active CN114244546B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010938429.0A CN114244546B (en) 2020-09-09 2020-09-09 Method and device for service provider to acquire user information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010938429.0A CN114244546B (en) 2020-09-09 2020-09-09 Method and device for service provider to acquire user information

Publications (2)

Publication Number Publication Date
CN114244546A true CN114244546A (en) 2022-03-25
CN114244546B CN114244546B (en) 2023-06-02

Family

ID=80742538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010938429.0A Active CN114244546B (en) 2020-09-09 2020-09-09 Method and device for service provider to acquire user information

Country Status (1)

Country Link
CN (1) CN114244546B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN108768991A (en) * 2018-05-18 2018-11-06 阿里巴巴集团控股有限公司 A kind of reality people's authentication method and system
CN109325342A (en) * 2018-09-10 2019-02-12 平安科技(深圳)有限公司 Identity information management method, apparatus, computer equipment and storage medium
CN109635536A (en) * 2018-12-14 2019-04-16 北京汉升链商科技有限公司 Identity data access control method, device and system
WO2020034700A1 (en) * 2018-08-15 2020-02-20 华为技术有限公司 Method and device for accounting, authenticating and accessing cloud

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079036A (en) * 2016-12-23 2017-08-18 深圳前海达闼云端智能科技有限公司 Registration and authorization method, apparatus and system
CN108768991A (en) * 2018-05-18 2018-11-06 阿里巴巴集团控股有限公司 A kind of reality people's authentication method and system
WO2020034700A1 (en) * 2018-08-15 2020-02-20 华为技术有限公司 Method and device for accounting, authenticating and accessing cloud
CN109325342A (en) * 2018-09-10 2019-02-12 平安科技(深圳)有限公司 Identity information management method, apparatus, computer equipment and storage medium
CN109635536A (en) * 2018-12-14 2019-04-16 北京汉升链商科技有限公司 Identity data access control method, device and system

Also Published As

Publication number Publication date
CN114244546B (en) 2023-06-02

Similar Documents

Publication Publication Date Title
CN108881290B (en) Block chain based digital certificate use method, system and storage medium
US10841100B2 (en) Dynamically managing exchanges of data using a distributed ledger and homomorphic commitments
EP3424176B1 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
US6789193B1 (en) Method and system for authenticating a network user
CN109684801B (en) Method and device for generating, issuing and verifying electronic certificate
CN101626369B (en) Method, device and system for single sign-on
US9065828B2 (en) System for delegation of authority, access management service system, medium, and method for controlling the system for delegation of authority
US20020004800A1 (en) Electronic notary method and system
US20220321357A1 (en) User credential control system and user credential control method
CN105591744A (en) Network real-name authentication method and system
CN110213223A (en) Business management method, device, system, computer equipment and storage medium
EP3210107A1 (en) Method and apparatus for facilitating the login of an account
WO2010149222A1 (en) Attribute management
Ribeiro et al. STORK: a real, heterogeneous, large-scale eID management system
JP5136843B2 (en) User authentication method and system
US20090165098A1 (en) method of and system for conducting a trusted transaction and/or communication
US20170104748A1 (en) System and method for managing network access with a certificate having soft expiration
JP2009175910A (en) Right transfer system, right transfer method and right transfer program
CN114303129A (en) Document authentication method and system
CN114519206A (en) Method for anonymously signing electronic contract and signature system
CN107347073B (en) A kind of resource information processing method
KR102462411B1 (en) Platform and method for authenticating electronic announcements for electronic identification and authentication services (EDS)
JP4027725B2 (en) Electronic signature method
WO2023233173A1 (en) Implementing self-sovereign identity (ssi) based on configurable individual profiles generated real-time from private attributes stored in the personal secure elements of the users
KR20100006811A (en) Contraction authenticating system using certification of contractor in mobile configuration and contractor authenticating method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant