CN115801317A - Service providing method, system, device, storage medium and electronic equipment - Google Patents

Service providing method, system, device, storage medium and electronic equipment Download PDF

Info

Publication number
CN115801317A
CN115801317A CN202211261573.0A CN202211261573A CN115801317A CN 115801317 A CN115801317 A CN 115801317A CN 202211261573 A CN202211261573 A CN 202211261573A CN 115801317 A CN115801317 A CN 115801317A
Authority
CN
China
Prior art keywords
data
target object
platform
service
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211261573.0A
Other languages
Chinese (zh)
Inventor
周健华
吴超
唐皓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202211261573.0A priority Critical patent/CN115801317A/en
Publication of CN115801317A publication Critical patent/CN115801317A/en
Pending legal-status Critical Current

Links

Images

Abstract

The embodiment of the specification discloses a service providing method, a system, a device, a storage medium and electronic equipment, wherein the method comprises the following steps: when a target object wants to use a target service provided by the service platform, the service platform acquires a privacy login account of the target object sent by the data trust platform, and the service platform realizes the login of the target object based on the privacy login account. In case of successful login, first object data of the target object is obtained through the data trust platform, the first object data is object data obtained through privacy calculation, and the service platform can use the first object data. The service platform provides the target service to the target object based on the first object data.

Description

Service providing method, system, device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of data security technologies, and in particular, to a service providing method, system, device, storage medium, and electronic device.
Background
With the development of computer technology, the types of online services provided by service platforms for users are increasing, for example, a financial service platform can provide online financial services for users, a take-away platform can provide take-away services for users, a shopping platform can provide online shopping services for users, and the like.
In the related technology, when the service platform provides online service, the actions of collecting, storing and sharing user data exist, so that the user data has leakage risks and is poor in safety.
Disclosure of Invention
The present specification provides a service providing method, system, device, storage medium, and electronic apparatus, which can reduce the risk of leakage of user data, thereby improving the security of user data.
In one aspect, an embodiment of the present specification provides a service providing method, including:
under the condition that a target object calls a target service, acquiring a privacy login account of the target object sent by a data trust platform, and completing login based on the privacy login account;
acquiring first object data of the target object through the data trust platform, wherein the first object data is obtained by privacy calculation of the object data of the target object, and the data trust platform stores object data of a plurality of objects;
providing the target service to the target object based on the first object data.
In one aspect, an embodiment of the present specification provides a service providing method, including:
the method comprises the steps of obtaining a privacy login account number obtaining request sent by a service platform, wherein the privacy login account number obtaining request is used for requesting to obtain a privacy login account number of a target object, and the target object is an object requesting to call a target service provided by the service platform;
responding to the privacy login account acquisition request, generating a privacy login account of the target object, and sending the privacy login account to the service platform, so that the service platform completes login based on the privacy login account;
sending the object data of the target object to a privacy computing platform, carrying out privacy computation on the object data of the target object by the privacy computing platform, and sending the computed first object data to the service platform, so that the service platform provides the target service for the target object based on the first object data.
In one aspect, an embodiment of the present specification provides a service providing system, including: the system comprises a service platform, a data trust platform and a privacy calculation platform, wherein object data of a plurality of objects are stored on the data trust platform;
the service platform is used for sending a privacy login account number acquisition request to the data trust platform under the condition that a target object calls a target service;
the data trust platform is used for acquiring a privacy login account acquisition request sent by a service platform, responding to the privacy login account acquisition request, generating a privacy login account of the target object, and sending the privacy login account to the service platform;
the service platform is also used for acquiring a privacy login account of the target object sent by the data trust platform and completing login based on the privacy login account;
the data trust platform is further used for sending the object data of the target object to a privacy computing platform;
the privacy calculation platform is used for acquiring the object data of the target object and performing privacy calculation on the object data of the target object to obtain first object data of the target object;
the privacy computing platform is further to send the first object data to the service platform;
the service platform is further used for acquiring the first object data and providing the target service to the target object based on the first object data.
In one aspect, an embodiment of the present specification provides a service providing apparatus, including:
the account number acquisition module is used for acquiring a privacy login account number of the target object sent by the data trust platform under the condition that the target object calls the target service, and completing login based on the privacy login account number;
the object data acquisition module is used for acquiring first object data of the target object through the data trust platform, wherein the first object data is obtained by carrying out privacy calculation on the object data of the target object, and the data trust platform stores object data of a plurality of objects;
a service providing module for providing the target service to the target object based on the first object data.
In a possible implementation manner, the account number obtaining module is configured to obtain a privacy login request of a target object, where the privacy login request is used to request that a login is completed by using an account number provided by a data trust platform; and responding to the privacy login request, and acquiring a one-time login account of the target object sent by the data trust platform.
In a possible implementation manner, the object data obtaining module is configured to send an object data obtaining request to a privacy computing platform, where the object data obtaining request carries the privacy login account, and the privacy computing platform is configured to perform privacy computation on object data; and acquiring first object data of the target object sent by the privacy computing platform, wherein the object data of the target object is sent to the privacy computing platform by the data trust platform.
In a possible embodiment, the service providing module is configured to perform risk verification on the target object based on the first object data; providing the target service to the target object if the target object passes risk verification.
In a possible embodiment, the apparatus further comprises:
the data export module is used for acquiring a data export request of the target object, wherein the data export request is used for requesting to export interactive data of the target object, and the interactive data belongs to object data of the target object; exporting the interaction data of the target object in response to the data export request; and sending the interactive data of the target object to the target object.
In a possible implementation manner, the data export module is configured to, in response to the data export request, perform tagging on the interaction data of the target object; the sending the interaction data of the target object to the target object comprises: and sending the interactive data after the tagging to the target object.
In a possible embodiment, the apparatus further comprises:
the first data processing module is used for acquiring a first data processing request of the target object, wherein the first data processing request is used for requesting to process interactive data of the target object; and in response to the first data processing request, deleting the interactive data of the target object or performing data desensitization on the interactive data of the target object.
In one possible embodiment, the apparatus further comprises:
a second data sending module, configured to send second object data to the data trust platform, so that the data trust platform stores the second object data, where the second object data is object data generated when the target object invokes the target service.
In a possible embodiment, the apparatus further comprises:
a second data processing module, configured to obtain a second data processing request of the target object, where the second data processing request is used to request to process second object data of the target object, and the second object data is object data generated when the target object calls the target service; deleting second object data of the target object or performing data desensitization on the second object data in response to the second data processing request.
In one aspect, an embodiment of the present specification provides a service providing apparatus, including:
the system comprises a request acquisition module, a service platform and a service processing module, wherein the request acquisition module is used for acquiring a privacy login account acquisition request sent by the service platform, the privacy login account acquisition request is used for requesting to acquire a privacy login account of a target object, and the target object is an object requesting to call a target service provided by the service platform;
an account generation module, configured to generate a privacy login account of the target object in response to the privacy login account acquisition request, and send the privacy login account to the service platform, so that the service platform completes login based on the privacy login account;
the sending module is used for sending the object data of the target object to a privacy computing platform, the privacy computing platform carries out privacy computing on the object data of the target object, and the first object data obtained through computing is sent to the service platform, so that the service platform provides the target service for the target object based on the first object data.
In a possible implementation manner, the account generating module is configured to generate a one-time login account of the target object in response to the private login account acquisition request.
In one possible embodiment, the apparatus further comprises:
the data acquisition module is used for acquiring second object data of the target object, wherein the second object data is object data generated when the target object calls the target service;
a storage module for storing the second object data of the target object;
and the data updating prompt sending module is used for sending a data updating prompt to the target object, wherein the data updating prompt is used for prompting that the second object data is stored.
In a possible embodiment, the apparatus further comprises:
the storage module is used for acquiring interactive data of the target object, and the interactive data belongs to object data of the target object; verifying the interactive data; and storing the interactive data of the target object under the condition that the interactive data passes the verification.
In a possible embodiment, the object data is derived from the service platform by the target object, and the storage module is configured to verify the interaction data based on a public key of the service platform.
In one aspect, embodiments of the present specification provide a computer storage medium storing a plurality of instructions adapted to be loaded by a processor and execute the above method.
In one aspect, an embodiment of the present specification provides an electronic device, including: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the above-mentioned method.
In one aspect, embodiments of the present specification provide a computer program product comprising instructions which, when run on a computer or processor, cause the computer or processor to perform the method described above.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the service platform obtains the privacy login account number of the target object sent by the data trust platform, and the service platform realizes the login of the target object based on the privacy login account number. In case of successful login, first object data of the target object is obtained by the data trust platform, the first object data being object data obtained by privacy calculation, the service platform being able to use the first object data but not knowing the identity of the target object. The service platform provides the target service to the target object based on the first object data, so that the security of the object data of the target object is improved under the condition that the target object is ensured to be capable of using the target service.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present specification, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of an implementation environment of a service providing method provided in an embodiment of the present specification;
fig. 2 is a flowchart of a service providing method provided by an embodiment of the present specification;
fig. 3 is a flowchart of another service providing method provided by the embodiments of the present specification;
fig. 4 is a flowchart of another service providing method provided by an embodiment of the present specification;
FIG. 5 is a schematic diagram of an agreement signing interface provided by an embodiment of the present specification;
FIG. 6 is a schematic diagram of an identity data acquisition interface provided in an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of a data viewing interface provided by an embodiment of the present disclosure;
FIG. 8 is a schematic diagram of a service presentation interface provided by an embodiment of the present specification;
fig. 9 is a schematic diagram of a login manner selection interface provided in an embodiment of the present specification;
fig. 10 is a schematic structural diagram of a service providing system provided in an embodiment of the present specification;
fig. 11 is a schematic structural diagram of a service providing apparatus provided in an embodiment of the present disclosure;
fig. 12 is a schematic structural diagram of a service providing apparatus provided in an embodiment of the present disclosure;
fig. 13 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification.
Detailed Description
In order to make the features and advantages of the present specification more obvious and understandable, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in this specification fall within the scope of protection of this specification.
First, the noun terms to which one or more embodiments of the present specification relate are explained.
And (3) privacy calculation: the method is a technical set for realizing data analysis and calculation on the premise of protecting data from being leaked to the outside, and achieves the purpose of 'available and invisible' of the data; on the premise of fully protecting data and privacy safety, the conversion and release of data value are realized.
Adding a label: a unique signature is generated for the data using data encryption.
And (3) checking the label: anyone else can verify the signature by means of the public key, and if the signature is verified, the data is confirmed to be the user, and the identity of the user can be verified.
Trusting: trusts are an ancient system, which refers to the act of a principal entrusting the property that the principal legally owns to a delegate (currently, a trust company is a delegate) on the basis of trust in the delegate, and the delegate manages or handles the property in the interests or specific purposes of the beneficiary on its own behalf according to the relevant trust document.
Data trust: data trust is a new trust system in the non-traditional sense. The user delegates his own data to the delegate. The data trust is a system which entrusts all or part of rights and interests of data to an entrusted person as property, and the entrusted person takes the place of management and operation. Under the data trust, the ownership, use, income and other properties of the data assets can be separated, the unbalanced right relation among a data owner, a data collector and a data controller can be coordinated, meanwhile, the data management method is beneficial to reducing the data privacy disclosure and the data safety hidden danger, and a fair, reasonable and efficient data management mode is established.
Cloud Computing (Cloud Computing) refers to a mode of delivery and use of IT (Internet Technology) infrastructure, and refers to obtaining required resources through a network in an on-demand, easily extensible manner; the generalized cloud computing refers to a delivery and use mode of a service, and refers to obtaining a required service in an on-demand and easily-extensible manner through a network. Such services may be IT and software, internet related, or other services. Cloud Computing is a product of development and fusion of traditional computers and Network Technologies, such as Grid Computing (Grid Computing), distributed Computing (Distributed Computing), parallel Computing (Parallel Computing), utility Computing (Utility Computing), network Storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load Balance), and the like.
With the development of diversification of internet, real-time data stream and connecting equipment and the promotion of demands of search service, social network, mobile commerce, open collaboration and the like, cloud computing is rapidly developed. Different from the prior parallel distributed computing, the generation of cloud computing can promote the revolutionary change of the whole internet mode and the enterprise management mode in concept.
It should be noted that the information (including but not limited to user equipment information, user personal information, etc.), data (including but not limited to data for analysis, stored data, displayed data, etc.) and signals referred to in the embodiments of the present description are authorized by the user or fully authorized by various parties, and the collection, use and processing of the relevant data need to comply with relevant laws and regulations and standards in relevant countries and regions. For example, the object data and the object behavior referred to in the embodiments of the present specification are acquired with sufficient authorization.
Next, an environment for implementing the technical solutions provided in the embodiments of the present specification will be described.
Fig. 1 is a schematic diagram of an implementation environment of a service providing method provided by an embodiment of the present specification, and referring to fig. 1, the implementation environment includes a terminal 110, a service platform 120, a data trust platform 130, and a privacy computing platform 140.
Terminal 110 is connected to service platform 120 and data trust platform 130 via a wireless or wired network. Optionally, the terminal 110 is a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart watch, etc., but is not limited thereto. The terminal 110 is installed and operated with an application program supporting service invocation, and the terminal 110 is a terminal used by a target object.
The service platform 120 is an independent physical server, or a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, cloud database, cloud computing, cloud function, cloud storage, web service, cloud communication, middleware service, domain name service, security service, distribution Network (CDN), big data and artificial intelligence platform, and the like. The service platform 120 provides background services for the application running on the terminal 110, for example, the service platform 120 provides corresponding services for the application running on the terminal 110. The service platform 120 is connected to the data trust platform 130 and the privacy computing platform 140 via a wireless network or a wired network. It should be noted that the service platform 120 includes multiple types, and different types of service platforms provide different types of services for the target object.
The data trust platform 130 is an independent physical server, or a server cluster or distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, cloud database, cloud computing, cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, distribution Network (CDN), big data and artificial intelligence platform, and the like. The data trust platform 130 provides a data trust service for the target object, for example, the target object may upload the object data to the data trust platform 130 through the terminal 110 for storage, and when the service platform 120 needs to use the object data, the data trust platform 130 may obtain the object data of the target object. The data trust platform 130 is connected with the privacy computing platform 140 through a wireless network or a wired network, and the object data stored on the data trust platform 130 are sent to the service platform 120 after being subjected to privacy computation through the privacy computing platform 140, so that the safety of the object data is ensured.
The privacy computing platform 140 is an independent physical server, or a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, a distribution Network (CDN), a big data and artificial intelligence platform, and the like. The privacy computing platform 140 provides privacy computing services to achieve the purpose of "available, invisible" to data.
Those skilled in the art will appreciate that the number of terminals 110 and service platforms 120 described above may be greater or fewer. For example, only one terminal 110 and one service platform 120 are provided, or several tens or hundreds of terminals 110 and service platforms 120 are provided, or more, at this time, other terminals and service platforms are further included in the implementation environment, and the number of terminals and the type of the device are not limited in the embodiment of the present specification.
After the implementation environment of the embodiment of the present specification is described, an application scenario of the embodiment of the present specification will be described below with reference to the implementation environment, in the following description, a terminal is a terminal 110 in the implementation environment, a service platform is a service platform 120 in the implementation environment, a data trust platform is a data trust platform 130 in the implementation environment, and a privacy computing platform is a privacy computing platform 140 in the implementation environment. The technical solution provided in the embodiment of the present specification can be applied in a scenario where a user uses various services provided by a service platform, for example, in a scenario where the user uses an online financial service, or in a scenario where the user uses an online rental service, or in a scenario where the user uses an online shopping service, and the like, where the user is also referred to as a target object.
The technical scheme provided by the embodiment of the specification is applied to a scene that a user uses the online financial service as an example, and when a target object wants to use the online financial service, the target object can select to log in a service platform in a privacy login mode. The service platform can send a privacy login account number acquisition request to the data trust platform, the data trust platform receives the privacy login account number acquisition request, generates a privacy login account number of the target object, and sends the privacy login account number to the service platform. And the service platform receives the privacy login account number and completes login based on the privacy login account number. The data trust platform stores object data of a plurality of objects, the service platform obtains first object data of the target object through the data trust platform, the first object data is object data obtained through privacy calculation, after the privacy calculation, the service platform can provide online service for the target object by using the first object data, but does not know the actual identity of the target object, and therefore the safety of the object data of the target object is protected. In some embodiments, performing the privacy calculation on the object data of the target object, obtaining the first object data is performed by a privacy calculation platform.
In the above-mentioned application scenarios, the service platform can provide corresponding services for the target object through the above-mentioned manner, and details are not described herein again.
After the implementation environment and the application scenario of the embodiment of the present specification are introduced, a technical solution provided by the embodiment of the present specification is introduced below, referring to fig. 2, where an execution subject is a service platform, and the method includes the following steps.
202. And under the condition that the target object calls the target service, the service platform acquires a privacy login account number of the target object, which is sent by the data trust platform, and finishes login based on the privacy login account number.
The service platform is a platform for providing an online service, and accordingly, the target service is an online service, such as an online financial service, an online rental service, an online shopping service, a takeout service, and the like, which is not limited in the embodiment of the present specification. Since the target service is provided depending on the object data of the target object, and the object data of the target object is not stored on the service platform, the service platform can acquire the object data of the target object through the data trust platform. The data trusting platform and the target object have a trusting relation, the target object trusts the data trusting platform to manage object data, and the data trusting platform ensures the security of the object data of the target object. The privacy login account is used for logging in the service platform, and when the privacy login account is used for logging in, the service platform cannot acquire the identity of the target object.
204. The service platform obtains first object data of the target object through the data trust platform, the first object data is obtained by privacy calculation of the object data of the target object, and the data trust platform stores the object data of a plurality of objects.
The first object data is obtained by carrying out privacy calculation on the object data of the target object, anonymization of the object data can be realized by carrying out privacy calculation on the object data, the purpose that the data is usable and invisible is achieved, and the object data is utilized to the maximum extent.
206. The service platform provides the target service to the target object based on the first object data.
Wherein providing the target service to the target object indicates that the target object successfully invoked the target service.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the service platform obtains the privacy login account of the target object sent by the data trust platform, and the service platform realizes the login of the target object based on the privacy login account. In case of successful login, first object data of the target object is obtained by the data trust platform, the first object data being object data obtained by privacy calculation, the service platform being able to use the first object data but not knowing the identity of the target object. The service platform provides the target service to the target object based on the first object data, so that the security of the object data of the target object is improved under the condition that the target object is ensured to be capable of using the target service.
The above steps 202 to 206 are described by taking an execution subject as a service platform as an example, and the following steps are described by taking an execution subject as a data trust platform as an example, and referring to fig. 3, the method includes the following steps.
302. The data trust platform acquires a privacy login account acquisition request sent by the service platform, wherein the privacy login account acquisition request is used for requesting to acquire a privacy login account of a target object, and the target object is an object requesting to call a target service provided by the service platform.
304. Responding to the privacy login account acquisition request, the data trust platform generates a privacy login account of the target object, and sends the privacy login account to the service platform, so that the service platform completes login based on the privacy login account.
306. The data trust platform sends the object data of the target object to a privacy computing platform, the privacy computing platform carries out privacy computation on the object data of the target object, and the first object data obtained through computation is sent to the service platform, so that the service platform provides the target service for the target object based on the first object data.
In some embodiments, the object data includes identity data of the target object, asset data, interaction data generated when a service is called, and the like, the object data is stored after the target object is authorized, and the target object is an owner of the object data and can determine to delete all, delete part, retain and the like of the object data. In the embodiment of the specification, the first object data obtained by the privacy calculation can be used by the service platform for providing the target service, but the service platform cannot deduce the identity of the target object based on the first object data.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the data trust platform acquires the privacy login account number acquisition request sent by the service platform. Responding to the privacy login account number acquisition request, the data trust platform generates a privacy login account number of the target object, and the service platform can complete login by adopting the privacy login. The data trusting platform sends the object data of the target object to a privacy computing platform, the privacy computing platform carries out privacy computation on the object data, and sends the obtained first object data to a service platform so that the service platform can provide the target service, and therefore under the condition that the target object can use the target service, the safety of the object data of the target object is improved.
In order to more clearly describe the technical solution provided by the embodiment of the present specification, the service providing method provided by the embodiment of the present specification will be described below by combining some examples in a multi-execution-subject interactive manner, and referring to fig. 4, the method includes the following steps.
402. The terminal sends a data trust request of a target object to a data trust platform, wherein the data trust request is used for requesting to establish a data trust relationship between the target object and the data trust platform.
The target object is a user using the terminal, a data trust relation is established between the data trust platform and the plurality of objects, and the data trust platform stores object data of the plurality of objects. The object data comprises identity data and interaction data, the identity data is used for representing the identity of the corresponding object, and the interaction data is used for representing the interaction behavior of the corresponding object when the corresponding object uses the service. A data trust platform is a platform provided by a data trust authority, which is an authority with data trust qualifications. The object data that the target object stores on the data trusted platform is also the data asset of the target object.
Establishing a data trust relationship between a target object and the data trust platform means that the target object entrusts the data trust platform to manage the object data of the target object, and the data trust platform ensures the security of the object data of the target object. In some embodiments, requesting a data trust relationship between the target object and the data trust platform is also referred to as the target object signing a data trust agreement with the data trust platform, the data trust agreement referring to the target object delegating all or part of rights, benefits, and the like of the object data to a delegate (data trust platform), the data trust platform securing the security of the object data of the target object.
In one possible implementation, the terminal displays an agreement signing interface of the data trusted platform, the agreement signing interface including an agreement display area for displaying content of the data trusted agreement, a confirmation control, and a decline control. And responding to the click operation of the confirmation control, and sending a data trust request of the target object to the data trust platform by the terminal, wherein the data trust request is used for indicating that the target object reads and agrees with the data trust protocol and requesting to establish a data trust relationship between the target object and the data trust platform.
In the implementation mode, the terminal can show the data trust protocol to the target object through the protocol signing interface, and respond to the operation of the target object on the protocol signing interface and send the data trust request to the data trust platform, so that the efficiency of human-computer interaction is high.
For example, referring to fig. 5, the terminal displays an agreement signing interface 500 of the data trust platform, the agreement signing interface 500 including an agreement display area 501, a confirmation control 502, and a denial control 503. In the case where the time for displaying the data trust protocol in the protocol display area 501 is greater than or equal to the target duration, the terminal sends a data trust request of the target object to the data trust platform in response to the click operation on the confirmation control 502. In response to the click operation on the reject control 503, the terminal closes the agreement signing interface 500.
404. And under the condition that the data trust relationship is established between the target object and the data trust platform, the terminal sends the identity data of the target object to the data trust platform.
The data trust relationship established between the target object and the data trust platform indicates that the target object agrees to hand object data to the data trust platform for storage, and the data trust platform commits the security of the object data of the target object to the target object. The identity data of the target object is used for the identity of the target object, for example, the identity data of the target object includes a name, a certificate number, property information, real property information, and the like of the target object, it should be noted that the content included in the identity data of the target object is determined by the target object, that is, the identity data of the target object is sent to the data trust platform by the terminal after the target object agrees.
In a possible implementation, in a case that a data trust relationship is established between the target object and the data trust platform, the terminal displays an identity data acquisition interface, where the identity data acquisition interface is used to acquire the identity data of the target object. And responding to the operation on the identity data acquisition interface, and sending the identity data acquired through the identity data acquisition interface to the data trust platform by the terminal.
In the embodiment, the terminal can display the identity data acquisition interface under the condition that the data trust relationship is established between the target object and the data trust platform, and acquire the identity data of the target object through the identity data acquisition interface, so that a convenient input mode of the identity data is provided for the target object, and the human-computer interaction efficiency is improved.
For example, referring to fig. 6, the terminal obtains a data trust relationship establishment prompt sent by the data trust platform, where the data trust relationship establishment prompt is used to indicate that a data trust relationship is established between the target object and the data trust platform. In response to the data trust relationship establishment prompt, the terminal displays an identity data acquisition interface 600, where the identity data acquisition interface 600 includes a plurality of identity data acquisition areas 601-605, and different identity data acquisition areas are used to acquire different types of identity data, for example, the identity data acquisition area 601 is used to acquire the name of the target object. In response to the click operation of the confirmation control 606 displayed on the identity data acquisition interface 600, the terminal sends the identity data acquired through the identity data acquisition interface 600 to the data trusted platform.
406. The data trust platform receives the identity data of the target object and stores the identity data of the target object.
In one possible embodiment, the data trust platform receives identity data of the target object and verifies the authenticity of the identity data. In the event that the identity data passes the authenticity verification, the data trust platform stores the identity data of the target object.
Wherein the authenticity verification of the identity data is performed for the purpose of confirming that the identity data is authentic identity data of the target object.
In such an embodiment, the data trust platform may verify the authenticity of the identity data of the target object before storing the identity data, and store the identity data after the verification is passed, thereby ensuring the authenticity of the identity data stored on the data trust platform.
For example, the data trust platform receives the identity data of the target object and obtains the identification of the target object from the identity data of the target object. The data trust platform queries in a plurality of identity databases based on the identification of the target object, compares the queried identity data with the received identity data, and the plurality of identity databases store a plurality of types of identity data. And under the condition that the inquired identity data is the same as the received identity data, the identity data passes authenticity verification, and the data trust platform stores the identity data of the target object.
In some embodiments, storing the identity data of the target object at the data trust platform enables generation of a data trust platform account number for the target object, which can subsequently be logged into the data trust platform via the data trust platform account number.
408. And the terminal sends a data export request of the target object to the service platform, wherein the data export request is used for requesting to export the interactive data of the target object.
The service platform can provide services for the object, and therefore, the service platform is a platform provided by a merchant (service provider), and the target object can use the services provided by the service platform through the service platform. For example, in the case that the service platform is a financial service platform, the target object can use an online financial service through the financial service platform; under the condition that the service platform is a lease service platform, the target object can use the on-line lease service through the lease service platform; in the case where the service platform is a takeaway service platform, the target object can use the takeaway service through the takeaway service platform.
The interaction data of the target object refers to data generated when the target object uses a service provided by a service platform, for example, in the case that the service platform is a financial service platform, the interaction data of the target object refers to data generated when the target object uses a financial service provided by the financial service platform, for example, the interaction data of the target object includes data related to a financial product purchased by the target object on the financial service platform; and under the condition that the service platform is a rental service platform, the interactive data of the target object comprises rental information of the target object on the rental service platform, and the rental information comprises a rental commodity name, rental duration, rental cost and the like. When the target object uses the services provided by the plurality of service platforms, the interaction data of the target object is stored in the plurality of service platforms. For ease of understanding, in the following description, the interaction data of the target object refers to interaction data generated by the target object when using the service provided by the service platform.
The interactive data requesting export of the target object requests the service platform to export data generated by the target object when using the service provided by the service platform.
In one possible implementation mode, in response to an operation on the data viewing interface of the target object, the terminal sends a data export request of the target object to the service platform, wherein the data export request is used for requesting to export the interactive data of the target object.
The data viewing interface of the target object is an interface provided by the service platform, and a user views, exports and deletes the interactive data of the target object.
For example, the terminal displays a data viewing interface of the target object, a data display area and an export control are displayed on the data viewing interface, and interactive data of the target object is displayed in the data display area. And responding to the click operation of the export control, the terminal sends a data export request of the target object to the service platform, and the data export request is used for requesting to export the interactive data of the target object selected in the data display area. For example, referring to fig. 7, the terminal displays a data viewing interface 700 of the target object, a data display area 701 and a derivation control 702 are displayed on the data viewing interface 700, multiple pieces of interactive data of the target object are displayed in the data display area 701, a selection control is displayed in front of each piece of interactive data, and a click operation is performed on any selection control to indicate that the interactive data corresponding to the selection control is selected. In response to the click operation on the export control 702, the terminal sends a data export request of the target object to the service platform.
410. The service platform receives the data export request of the target object and exports the interactive data of the target object in response to the data export request.
In a possible implementation manner, the service platform receives a data export request of the target object, and in response to the data export request, the service platform acquires the interactive data of the target object and performs tagging on the interactive data of the target object.
Wherein the purpose of signing the interactive data is to guarantee the authenticity of the derived interactive data.
In this embodiment, the service platform can export the interactive data of the target object and simultaneously tag the interactive data, so that the interactive data is complete and cannot be tampered, and authenticity of the exported interactive data is guaranteed.
For example, the service platform receives a data export request of the target object, where the data export request carries an identifier of the target object. In response to the data export request, the service platform queries in the interaction database based on the identifier of the target object to obtain interaction data of the target object, which is also interaction data generated when the target object uses the service provided by the service platform. The service platform adopts a private key of the service platform to sign the interactive data, wherein the purpose of signing the interactive data is to encrypt the interactive data, the private key is a private key in an asymmetric encryption algorithm, and after the private key is used for encrypting the data, a public key corresponding to the private key can be used for completing decryption of the encrypted data.
412. And the service platform sends the interactive data of the target object to the target object.
In a possible implementation manner, in a case that the service platform performs tagging on the service data, the service platform sends the tagged object data to the target object, where the sending to the target object is also sent to a terminal used by the target object.
After step 412, the following steps 414 and 416 may be executed, or the following step 418 may be executed, which is not limited in this embodiment of the present specification. In the embodiment of the present specification, the steps 414 and 416 are performed after the step 412.
414. The service platform acquires a first data processing request of the target object, wherein the first data processing request is used for requesting to process interactive data of the target object on the service platform.
Processing the interactive data of the target object on the service platform means desensitizing the interactive data of the target object on the service platform, and after desensitizing the interactive data of the target object, the service platform cannot associate the interactive data with the target object, and desensitizing the interactive data is also referred to as anonymizing the interactive data. Of course, desensitizing the interaction data also includes deleting the interaction data. In some embodiments, the first data processing request is for requesting processing of interaction data of the target object exported on the service platform.
416. In response to the first data processing request, the service platform deletes or desensitizes the interactive data of the target object.
In a possible implementation manner, in response to the first data processing request, the service platform deletes the interactive data of the target object according to a preset deletion process, where the preset deletion process is a deletion process set by a technician according to an actual situation, and it can be ensured that the deleted data cannot be recovered.
In this embodiment, after the service platform sends the interactive data of the target object to the terminal, in response to the first data processing request, the service platform can completely delete the interactive data of the target object, thereby eliminating the possibility that the service platform reveals the interactive data.
In a possible implementation manner, in response to the first data processing request, the service platform deletes the object identifier of the interactive data of the target object, so as to implement data desensitization on the interactive data of the target object, and the service platform cannot reversely deduce the identity of the target object through the interactive data.
In this embodiment, after the service platform sends the interactive data of the target object to the terminal, in response to the first data processing request, the service platform can desensitize the interactive data of the target object, thereby ensuring that the identity of the target object cannot be inferred when the interactive data is subsequently used, and protecting the privacy of the target object.
Through the steps 414 and 416, the target object can autonomously decide whether to process the interactive data on the service platform, so that ownership of the interactive data by the target object is embodied, and the right to dispose the interactive data is provided for the user.
418. And the terminal sends the interactive data of the target object to the data trust platform.
Through the above steps 402-406, a data trust relationship is established between the target object and the data trust platform, and the sending of the interactive data of the target object to the data trust platform is to deliver the interactive data of the target object to the data trust platform for storage, and the subsequent service platform can obtain the interactive data of the target object through the data trust platform when needing to use the interactive data of the target object.
420. And the data trust platform checks the interactive data of the target object.
The data trust platform checks the interactive data of the target object to ensure that the interactive data is finished and is not tampered after being exported from the service platform.
In one possible embodiment, the data trust platform verifies the interaction data based on the public key of the service platform.
The public key of the service platform corresponds to the private key of the service platform in step 410, and after the data is encrypted by using the private key, the data can only be decrypted by using the public key of the service platform. When the public key of the service platform is used to successfully decrypt the interactive data, it indicates that the interactive data is complete and has not been tampered with, because the private key is only kept by the interactive platform, and after the interactive data is deleted by using the public key, the deleted interactive data cannot be re-encrypted because the private key is unknown.
422. And in the case that the interactive data passes the verification, the data trust platform stores the interactive data of the target object.
The data trust platform stores the identity data and the interaction data of the target object, the identity data and the interaction data are collectively called the object data of the target object, and the data trust platform also stores the object data of the target object.
424. And the data trust platform sends a data confirmation prompt to the terminal, wherein the data confirmation prompt is used for prompting that the interactive data of the target object is stored.
In some embodiments, the data confirmation prompt is displayed by the terminal to alert the target object that the data trust platform stores the interaction data for the target object.
It should be noted that, the steps 402 to 424 are optional steps, and the following step 426 may be directly executed after the step 424, or the following step 426 may be executed after the step 424 is executed for any time, which is not limited in this embodiment of the specification.
426. And the terminal sends a calling request of the target object to the target service to the service platform.
Wherein the target object's call request to the target service indicates that the target object wants to use the target service. The target service is an online service provided by the service platform, such as an online financial service, an online rental service, an online shopping service, a takeout service, and the like, which is not limited in this specification. The calling request of the target object to the target service is sent by the target object to the service platform through the terminal and is used for calling the target service. The data trust platform stores object data of a plurality of objects, and the service platform can provide target service based on the object data. Since the provision of the target service depends on the object data of the target object, which is not stored on the service platform, the service platform can acquire the object data of the target object through the data trust platform. For example, in a case where the target service is an online financial service, the online financial service depends on the object data of the target object to perform credit assessment on the target object, and the service platform can acquire the object data of the target object through the data trust platform, thereby completing the credit assessment on the target object.
In a possible implementation manner, in the case that a target service in a plurality of services provided by the service platform is selected and the target service is required to be registered or the object data of the target object is required to be called, the terminal sends a calling request of the target object to the target service to the service platform.
For example, the terminal displays a service display interface of the service platform, and a plurality of services provided by the service platform are displayed on the service display interface. And responding to the click operation of the target service in the plurality of services, and sending a call request of the target object to the target service to the service platform by the terminal. For example, referring to fig. 8, a terminal displays a service presentation interface 800 of a service platform, and a plurality of services 801 to 805 provided by the service platform are displayed on the service presentation interface 800. In response to the click operation on the target service 802 in the multiple services, the terminal sends a call request of the target object to the target service to the service platform.
428. The service platform acquires the call request, responds to the call request, and sends a login request to the terminal under the condition that the target service is called and needs to be logged in, wherein the login request is used for requesting to log in the service platform and carries a plurality of candidate login modes.
The multiple candidate login modes are multiple selectable login modes provided by the service platform for the target object, for example, the multiple candidate login modes are login by using different accounts.
430. The terminal receives the login request.
432. And under the condition that a privacy login mode in the candidate login modes is selected, the terminal sends a privacy login request to the service platform, wherein the privacy login request is used for requesting to complete login by using an account number provided by the data trust platform.
The private login is also called anonymous login, and after the login is performed in a private login mode, the service platform cannot determine the identity of a login object.
In one possible implementation manner, in response to the login request, the terminal displays a login manner selection interface on which the candidate login manners are displayed. And when the privacy login is selected through the login mode selection interface, the terminal sends the privacy login request to the service platform.
In this embodiment, upon receiving a login request, the terminal can display a login manner selection interface in a manner to present alternative login manners for selection by the target object, providing sufficient autonomy for the target object.
For example, referring to fig. 9, in response to the login request, the terminal displays a login manner selection interface 900, and the login manner selection interface 900 displays the plurality of candidate login manners 901 to 905. In response to a click operation on the privacy login manner 902 of the plurality of candidate login manners, the terminal sends the privacy login request to the service platform.
In some embodiments, the privacy login request carries an object identifier of the target object, where of course, the object identifier is an encrypted object identifier, an encryption mode of the object identifier is an encryption mode predetermined by the target object and the data trust platform, and the service platform cannot decrypt the object identifier.
434. And the service platform receives the privacy login request, responds to the privacy login request, and sends a privacy login account number acquisition request to the data trust platform.
The privacy login account number obtaining request is sent by the service platform after receiving the privacy login request and is used for requesting the data platform to send the privacy login account number of the target object. And the private account login request carries the encrypted identifier of the target object.
436. And the data trust platform acquires a privacy login account number acquisition request sent by the service platform, generates a privacy login account number of the target object and sends the privacy login account number to the service platform.
In a possible implementation manner, the data trust platform obtains a privacy login account number obtaining request sent by the service platform, and obtains the object identifier of the target object from the privacy login account number obtaining request. And the data trusting platform generates a privacy login account of the target object based on the object identification of the target object, and sends the privacy login account to the service platform.
The privacy login account is also called a one-time object login account, and the one-time object login account means that the privacy login accounts generated by the target object each time are different, so that the privacy of the target object is ensured, and the service platform cannot confirm the identity of the target object based on the privacy login account. In some embodiments, this manner of logging in using a private login account generated on the data trusted platform is also referred to as private login.
In this embodiment, the data trust platform can realize the login of the target object on the service platform by generating the first private login account, and the privacy of the target object is ensured on the premise of ensuring the successful login.
For example, the data trust platform obtains a privacy login account number obtaining request sent by the service platform, and obtains an object identifier of the target object from the privacy login account number obtaining request, where the object identifier is an encrypted object identifier. And the data trusting platform decrypts the object identification by adopting a preset decryption mode to obtain the object identification decrypted by the target object. And the data trusting platform generates a privacy login account of the target object based on the object identifier decrypted by the target object, and sends the privacy login account to the service platform.
438. And the service platform acquires the privacy login account of the target object sent by the data trust platform and completes login based on the privacy login account.
440. The data trusted platform sends the object data of the target object to the privacy computing platform.
The privacy calculation platform is used for carrying out privacy calculation on the object data, and after the privacy calculation is carried out on the object data, the object data becomes available but invisible, so that the safety of the object data is ensured. In some embodiments, the data trust platform sends the object data of the target object to the privacy computing platform in addition to sending the privacy login account number of the target object to the privacy computing platform for the privacy computing platform to determine to which of the object data pertains.
442. And the privacy calculation platform acquires the object data of the target object, and performs privacy calculation on the object data of the target object to obtain first object data of the target object.
The privacy computing platform can perform privacy computing on the object data by adopting any one of a cryptography-based privacy computing technology represented by multi-party security computing, a technology derived by fusing artificial intelligence represented by federal learning and a privacy protection technology, or a trusted hardware-based privacy computing technology represented by a trusted execution environment to obtain the first object data. Of course, with the development of scientific technology, the privacy computing platform may also perform privacy computing in other manners, and the privacy computing manner in the embodiments of the present description is not limited to this
444. And the service platform sends an object data acquisition request of the target object to the privacy computing platform, wherein the object data acquisition request is carried in the privacy login account.
The private login account can represent the target object, and the target data carrying the private login account can represent the target for acquiring the target data.
446. The privacy computing platform receives the object data acquisition request, and sends first object data of the target object to the service platform in response to the object data acquisition request.
In one possible implementation, the privacy computing platform receives the object data acquisition request, and acquires the privacy login account of the target object from the object data acquisition request in response to the object data acquisition request. The privacy computing platform determines first object data of the target object based on the privacy login account, and sends the first object data to the service platform.
448. The service platform receives first object data of the target object and provides the target service to the target object based on the first object data.
In one possible embodiment, the service platform performs risk verification on the target object based on the first object data. And in the case that the target object passes the risk verification, the service platform provides the target service for the target object.
Wherein the risk verification is used for verifying the risk of the target object using the target service. For example, in the case where the target service is an online financial service, the risk verification is used to verify the risk of the target object using the online financial service, and in the case where the online financial service is an online loan, the risk verification refers to the risk of a loan to the target object. And under the condition that the target service is the online leasing service, the risk verification is used for verifying the risk of the target object using the online leasing service, and taking a leasing article as a mobile phone as an example, the risk verification refers to the risk of leasing the mobile phone to the target object. It should be noted that, in different application scenarios, the risk verification has different meanings. The target object passes risk verification, that is, the target object is provided with the target service with higher security, and the level of security is determined by the service platform, which is not limited in the embodiment of the present specification.
Optionally, after step 448, steps 450-458, described below, can also be performed.
450. And the service platform sends second object data to the data trust platform, wherein the second object data is object data generated when the target object calls the target service.
The second object data is interaction data generated when the target object uses the target service, for example, in the case of an online financial service of the target service, the second object data is interaction data generated when the target object uses the online financial service. Taking the online financial service as an online loan, the second object data includes the amount, interest rate, time, and the like of the target object loan.
452. The data trusted platform receives the second object data and stores the second object data.
After the data trust platform stores the second object data, the second object data can be used in subsequent service invocation processes.
454. The data trusted platform sends a data update prompt to the target object, the data update prompt prompting that the second object data is stored.
In some embodiments, the data update prompt is displayed by the terminal to alert the target object that the data trusted platform has added object data for the target object.
456. The service platform acquires a second data processing request of the target object, wherein the second data processing request is used for requesting to process second object data of the target object, and the second object data is object data generated when the target object calls the target service.
The step of processing the second object data of the target object on the service platform means desensitizing the second object data of the target object on the service platform, and after desensitizing the second object data of the target object, the service platform cannot associate the second object data with the target object, and desensitizing the second object data is also referred to as anonymizing the second object data. Of course, desensitizing the second object data also includes deleting the second object data. In some embodiments, the second data processing request requests processing of second object data of the target object exported on the service platform.
458. In response to the second data processing request, the service platform deletes or desensitizes the second object data of the target object.
In a possible implementation manner, in response to the second data processing request, the service platform deletes the second object data of the target object according to a preset deletion process, where the preset deletion process is a deletion process set by a technician according to an actual situation, and it can be ensured that the deleted data cannot be recovered.
In this embodiment, after the service platform sends the second object data of the target object to the terminal, in response to the second data processing request, the service platform can completely delete the second object data of the target object, thereby eliminating the possibility that the service platform leaks the second object data.
In a possible implementation manner, in response to the second data processing request, the service platform deletes the object identifier of the second object data of the target object, so as to implement data desensitization on the second object data of the target object, and the service platform cannot reversely deduce the identity of the target object through the second object data.
In this embodiment, after the service platform sends the second object data of the target object to the terminal, in response to the second data processing request, the service platform can desensitize the second object data of the target object, so as to ensure that the identity of the target object cannot be inferred in subsequent use of the second object data, thereby protecting the privacy of the target object.
All the above optional technical solutions may be combined arbitrarily to form an optional embodiment of the present specification, and are not described herein again.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the service platform obtains the privacy login account number of the target object sent by the data trust platform, and the service platform realizes the login of the target object based on the privacy login account number. In case of successful login, first object data of the target object is obtained through the data trust platform, the first object data is object data obtained through privacy calculation, and the service platform can use the first object data but does not know the identity of the target object. The service platform provides the target service to the target object based on the first object data, so that the security of the object data of the target object is improved under the condition that the target object is ensured to be capable of using the target service.
In summary, after the technical solution provided by the embodiment of the present specification is adopted, the data asset of the user is managed to the data trust authority in a protocol manner, and the data trust authority will ensure data security. The user really obtains ownership and use right of the data assets in a data trust mode. When the user uses the online service, the data assets are owned by the user, and the data assets are shared with the merchant by the data trust authority through privacy calculation. Under the premise that a merchant cannot acquire the identity of a user, limited data which are anonymized are acquired through a privacy computing platform, and service can be provided for a common user. The merchant cannot acquire the true identity of the user. And the privacy calculation mode avoids data leakage.
The present specification further provides a service providing system, and referring to fig. 10, the system 1000 includes a service platform 1001, a data trust platform 1002, and a privacy computing platform 1003, where the data trust platform 1002 stores object data of a plurality of objects.
The service platform 1001 is configured to send a privacy login account acquisition request to the data trust platform 1002 when a target object invokes a target service.
The data trust platform 1002 is configured to obtain a privacy login account acquisition request sent by the service platform 1001, generate a privacy login account of the target object in response to the privacy login account acquisition request, and send the privacy login account to the service platform 1001.
The service platform 1001 is further configured to obtain a private login account of the target object sent by the data trust platform 1002, and complete login based on the private login account.
The data trust platform 1002 is also configured to send the object data of the target object to the privacy computing platform 1003.
The privacy computing platform 1003 is configured to obtain object data of the target object, perform privacy computation on the object data of the target object, and obtain first object data of the target object.
The private computing platform 1003 is further configured to send the first object data to the service platform 1001.
The service platform 1001 is further configured to obtain the first object data, and provide the target service to the target object based on the first object data.
In one possible embodiment, the service platform 1001 is configured to obtain a private login request of a target object, where the private login request is used to request that login be completed using an account provided by the data trust platform 1002. In response to the privacy login request, the one-time login account of the target object sent by the data trust platform 1002 is obtained.
In a possible embodiment, the service platform 1001 is configured to send an object data obtaining request to the privacy computing platform 1003, where the object data obtaining request carries the privacy login account, and the privacy computing platform 1003 is configured to perform privacy computation on the object data. First object data of the target object sent by the private computing platform 1003 is acquired, and the object data of the target object is sent to the private computing platform 1003 by the data trust platform 1002.
In one possible embodiment, the service platform 1001 is configured to perform risk verification on the target object based on the first object data. And providing the target service to the target object under the condition that the target object passes the risk verification.
In a possible implementation manner, the service platform 1001 is further configured to obtain a data export request of the target object, where the data export request is used to request for exporting interaction data of the target object, and the interaction data belongs to object data of the target object. In response to the data export request, export interaction data for the target object. And sending the interactive data of the target object to the target object.
In one possible implementation, the service platform 1001 is further configured to tag the interaction data of the target object in response to the data export request. The sending the interaction data of the target object to the target object includes: and sending the interactive data after the tag is added to the target object.
In a possible implementation manner, the service platform 1001 is further configured to obtain a first data processing request of the target object, where the first data processing request is used to request processing of the interactive data of the target object. And in response to the first data processing request, deleting the interactive data of the target object or performing data desensitization on the interactive data of the target object.
In one possible embodiment, the service platform 1001 is further configured to send second object data to the data trust platform 1002, such that the data trust platform 1002 stores the second object data, the second object data being object data generated when the target object invokes the target service.
In a possible implementation manner, the service platform 1001 is further configured to obtain a second data processing request of the target object, where the second data processing request is used to request to process second object data of the target object, and the second object data is object data generated when the target object invokes the target service. In response to the second data processing request, second object data of the target object is deleted or data desensitization is performed on the second object data.
In one possible implementation, the data trust platform 1002 is further configured to generate a one-time login account for the target object in response to the private login account acquisition request.
In one possible implementation, the data trust platform 1002 is further configured to obtain second object data of the target object, the second object data being object data generated when the target object invokes the target service. The second object data of the target object is stored. And sending a data updating prompt to the target object, wherein the data updating prompt is used for prompting that the second object data is stored.
In one possible implementation, the data trust platform 1002 is also configured to obtain interaction data for the target object. And checking the interactive data. And storing the interactive data of the target object under the condition that the interactive data passes the verification.
In one possible embodiment, the data trust platform 1002 is further configured to verify the interaction data based on a public key of the service platform 1001.
It should be noted that, the processing procedure of each part in the service providing system and the method described in the above steps 402 to 458 belong to the same inventive concept, and the implementation procedure refers to the related description of the above steps 402 to 458, and is not described herein again.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the service platform obtains the privacy login account of the target object sent by the data trust platform, and the service platform realizes the login of the target object based on the privacy login account. In case of successful login, first object data of the target object is obtained through the data trust platform, the first object data is object data obtained through privacy calculation, and the service platform can use the first object data but does not know the identity of the target object. The service platform provides the target service to the target object based on the first object data, so that the safety of the object data of the target object is improved under the condition that the target object can use the target service.
Fig. 11 is a schematic structural diagram of a service providing device provided in an embodiment of the present specification, and referring to fig. 11, the device includes: an account acquisition module 1101, an object data acquisition module 1102, and a service providing module 1103.
The account acquisition module 1101 is configured to, when a target object invokes a target service, acquire a privacy login account of the target object sent by a data trusted platform, and complete login based on the privacy login account.
An object data obtaining module 1102, configured to obtain, by the data trust platform, first object data of the target object, where the first object data is obtained through privacy calculation, and the data trust platform stores object data of multiple objects.
A service providing module 1103, configured to provide the target service to the target object based on the first object data.
In a possible implementation manner, the account obtaining module 1101 is configured to obtain a privacy login request of the target object, where the privacy login request is used to request that login is completed by using an account provided by a data trust platform. And responding to the privacy login request, and acquiring a one-time login account of the target object sent by the data trust platform.
In a possible implementation manner, the object data obtaining module 1102 is configured to send an object data obtaining request to a privacy computing platform, where the object data obtaining request carries the privacy login account, and the privacy computing platform is configured to perform privacy computation on object data. And acquiring first object data of the target object sent by the privacy computing platform, wherein the object data of the target object is sent to the privacy computing platform by the data trust platform.
In a possible implementation, the service providing module 1103 is configured to perform risk verification on the target object based on the first object data. And providing the target service to the target object under the condition that the target object passes the risk verification.
In one possible embodiment, the apparatus further comprises:
and the data export module is used for acquiring a data export request of the target object, wherein the data export request is used for requesting to export the interactive data of the target object, and the interactive data belongs to the object data of the target object. In response to the data export request, export interaction data for the target object. And sending the interactive data of the target object to the target object.
In one possible implementation, the data export module is configured to tag the interaction data of the target object in response to the data export request. The sending the interaction data of the target object to the target object includes: and sending the interactive data after the tagging to the target object.
In one possible embodiment, the apparatus further comprises:
and the first data processing module is used for acquiring a first data processing request of the target object, wherein the first data processing request is used for requesting to process the interactive data of the target object. And in response to the first data processing request, deleting the interactive data of the target object or performing data desensitization on the interactive data of the target object.
In one possible embodiment, the apparatus further comprises:
and the second data sending module is used for sending the second object data to the data trust platform so that the data trust platform stores the second object data, and the second object data is object data generated when the target object calls the target service.
In one possible embodiment, the apparatus further comprises:
and the second data processing module is used for acquiring a second data processing request of the target object, wherein the second data processing request is used for requesting to process second object data of the target object, and the second object data is object data generated when the target object calls the target service. In response to the second data processing request, second object data of the target object is deleted or data desensitization is performed on the second object data.
It should be noted that: in the service providing apparatus provided in the above embodiment, when providing a service, only the division of the above functional modules is exemplified, and in practical applications, the above functions may be distributed by different functional modules according to needs, that is, the internal structure of the computer device may be divided into different functional modules to complete all or part of the above described functions. In addition, the service providing apparatus and the service providing method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the service platform obtains the privacy login account number of the target object sent by the data trust platform, and the service platform realizes the login of the target object based on the privacy login account number. In case of successful login, first object data of the target object is obtained through the data trust platform, the first object data is object data obtained through privacy calculation, and the service platform can use the first object data but does not know the identity of the target object. The service platform provides the target service to the target object based on the first object data, so that the security of the object data of the target object is improved under the condition that the target object is ensured to be capable of using the target service.
Fig. 12 is a schematic structural diagram of a service providing apparatus provided in an embodiment of the present specification, and referring to fig. 12, the apparatus includes: a request acquisition module 1201, an account generation module 1202 and a sending module 1203.
The request obtaining module 1201 is configured to obtain a privacy login account obtaining request sent by a service platform, where the privacy login account obtaining request is used to request to obtain a privacy login account of a target object, and the target object is an object that requests to invoke a target service provided by the service platform.
The account generation module 1202 is configured to generate a privacy login account of the target object in response to the privacy login account acquisition request, and send the privacy login account to the service platform, so that the service platform completes login based on the privacy login account.
A sending module 1203, configured to send the object data of the target object to a privacy computing platform, where the privacy computing platform performs privacy computation on the object data of the target object, and sends the computed first object data to the service platform, so that the service platform provides the target service for the target object based on the first object data.
In a possible implementation manner, the account generating module 1202 is configured to generate a one-time login account of the target object in response to the private login account acquisition request.
In one possible embodiment, the apparatus further comprises:
and the data acquisition module is used for acquiring second object data of the target object, and the second object data is object data generated when the target object calls the target service.
And the storage module is used for storing the second object data of the target object.
A data update prompt sending module 1203, configured to send a data update prompt to the target object, where the data update prompt is used to prompt that the second object data is stored.
In one possible embodiment, the apparatus further comprises:
and the storage module is used for acquiring the interactive data of the target object, and the interactive data belongs to the object data of the target object. And checking the interactive data. And storing the interactive data of the target object under the condition that the interactive data passes the verification.
In a possible implementation manner, the object data is derived from the service platform by the target object, and the storage module is configured to verify the interaction data based on a public key of the service platform.
It should be noted that: in the service providing apparatus provided in the foregoing embodiment, when providing a service, only the division of the functional modules is illustrated, and in practical applications, the functions may be distributed by different functional modules as needed, that is, the internal structure of the computer device may be divided into different functional modules to complete all or part of the functions described above. In addition, the service providing apparatus and the service providing method provided by the above embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiments and are not described herein again.
According to the technical scheme provided by the embodiment of the specification, when the target object wants to use the target service provided by the service platform, the data trust platform acquires the privacy login account number acquisition request sent by the service platform. Responding to the privacy login account number acquisition request, the data trust platform generates a privacy login account number of the target object, and the service platform can complete login by adopting the privacy login. The data trust platform sends the object data of the target object to a privacy computing platform, the privacy computing platform carries out privacy computation on the object data, and sends the obtained first object data to a service platform so that the service platform can provide the target service, and therefore under the condition that the target object can use the target service, the safety of the object data of the target object is improved.
The embodiments of this specification further provide a computer storage medium, where the computer storage medium may store a plurality of program instructions, where the program instructions are suitable for being loaded by a processor and executing the method steps in the embodiments shown in fig. 2 to fig. 4, and a specific execution process may refer to specific descriptions of the embodiments shown in fig. 2 to fig. 4, which is not described herein again.
An embodiment of the present specification further provides a computer program product, where the computer program product stores at least one instruction, and the at least one instruction is loaded by the processor and executes the service providing method according to the embodiment shown in fig. 2 to 4, where a specific execution process may refer to a specific description of the embodiment shown in fig. 2 to 4, and is not described herein again.
Referring to fig. 13, a schematic structural diagram of an electronic device provided in an exemplary embodiment of the present disclosure is shown. The electronic device in this specification may include one or more of the following components: a processor 1310, a memory 1320, an input device 1330, an output device 1340, and a bus 1350. The processor 1310, memory 1320, input device 1330, and output device 1340 may be connected by a bus 1350.
Processor 1310 may include one or more processing cores. The processor 1310 interfaces with various interfaces and circuitry throughout the electronic device to perform various functions of the electronic device 1300 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 1320 and invoking data stored in the memory 1320. Alternatively, the processor 1310 may be implemented in hardware using at least one of Digital Signal Processing (DSP), field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). Processor 1310 may integrate one or a combination of Central Processing Units (CPUs), service providers (GPUs), modems, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is to be understood that the modem may not be integrated into the processor 1310, but may be implemented by a communication chip.
The Memory 1320 may include a Random Access Memory (RAM) or a Read-only Memory (ROM). Optionally, the memory 1320 includes a Non-transitory Computer-readable Medium (Non-transitory Computer-readable Storage Medium). The memory 1320 may be used to store instructions, programs, code, sets of codes, or sets of instructions. The memory 1320 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for implementing at least one function (e.g., a touch function, a sound playing function, an image playing function, etc.), instructions for implementing various method embodiments described below, and the like, and the operating system may be an Android (Android) system, including a system based on Android system depth development, an IOS system developed by apple, including a system based on IOS system depth development, or other systems.
In order to enable the operating system to distinguish a specific application scenario of the third-party application program, data communication between the third-party application program and the operating system needs to be opened, so that the operating system can acquire current scenario information of the third-party application program at any time, and further perform targeted system resource adaptation based on the current scenario.
The input device 1330 is used for receiving input commands or data, and the input device 1330 includes, but is not limited to, a keyboard, a mouse, a camera, a microphone, or a touch device. The output device 1340 is used for outputting instructions or data, and the output device 1340 includes but is not limited to a display device, a speaker, and the like. In one example, the input device 1330 and the output device 1340 may be combined, and the input device 1330 and the output device 1340 are touch display screens.
In addition, those skilled in the art will appreciate that the configurations of the electronic devices illustrated in the above-described figures are not meant to be limiting, and that the electronic devices may include more or fewer components than those shown, or some components may be combined, or different arrangements of components may be used. For example, the electronic device further includes a radio frequency circuit, an input unit, a sensor, an audio circuit, a Wireless Fidelity (WiFi) module, a power supply, a bluetooth module, and other components, which are not described herein again.
In the electronic device shown in fig. 13, the processor 1310 may be configured to call a service providing application stored in the memory 1320 for performing the method described in the method embodiment above.
The above is a schematic scheme of an electronic device according to an embodiment of the present specification. It should be noted that the technical solution of the electronic device and the technical solution of the service providing method belong to the same concept, and details that are not described in detail in the technical solution of the electronic device can be referred to the description of the technical solution of the service providing method.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by a computer program, which may be stored in a computer readable storage medium and executed by a computer, and the processes of the embodiments of the methods described above may be included in the programs. The storage medium of the computer program may be a magnetic disk, an optical disk, a read-only memory or a random access memory.
The above description is only an example of the alternative embodiments of the present disclosure, and not intended to limit the present disclosure, and any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.
The foregoing description of specific embodiments has been presented for purposes of illustration and description. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Claims (21)

1. A service providing method, comprising:
under the condition that a target object calls a target service, acquiring a privacy login account of the target object sent by a data trust platform, and completing login based on the privacy login account;
acquiring first object data of the target object through the data trust platform, wherein the first object data is obtained by privacy calculation of the object data of the target object, and the data trust platform stores the object data of a plurality of objects;
providing the target service to the target object based on the first object data.
2. The method of claim 1, the obtaining the private login account number of the target object sent by the data trust platform comprising:
obtaining a privacy login request of a target object, wherein the privacy login request is used for requesting to complete login by adopting an account number provided by a data trust platform;
and responding to the privacy login request, and acquiring a one-time login account of the target object sent by the data trust platform.
3. The method of claim 1, the obtaining, by the data trust platform, first object data of the target object comprising:
sending an object data acquisition request to a privacy computing platform, wherein the object data acquisition request carries the privacy login account, and the privacy computing platform is used for carrying out privacy computation on object data;
and acquiring first object data of the target object sent by the privacy computing platform, wherein the object data of the target object is sent to the privacy computing platform by the data trust platform.
4. The method of claim 1, the providing the target service to the target object based on the first object data comprising:
performing risk verification on the target object based on the first object data;
providing the target service to the target object if the target object passes risk verification.
5. The method of claim 1, wherein prior to obtaining the target object's private login account sent by the data trust platform in the event that the target object invokes the target service, the method further comprises:
acquiring a data export request of the target object, wherein the data export request is used for requesting to export interactive data of the target object, and the interactive data belongs to object data of the target object;
exporting the interaction data of the target object in response to the data export request;
and sending the interactive data of the target object to the target object.
6. The method of claim 5, said exporting, in response to the data export request, interaction data of the target object comprising:
in response to the data export request, tagging interactive data of the target object;
the sending the interaction data of the target object to the target object comprises:
and sending the interactive data after the tag is added to the target object.
7. The method of claim 5, after the transmitting the object data of the target object to the target object, the method further comprising:
acquiring a first data processing request of the target object, wherein the first data processing request is used for requesting to process interactive data of the target object;
and in response to the first data processing request, deleting the interactive data of the target object or performing data desensitization on the interactive data of the target object.
8. The method of claim 1, after the providing the target service to the target object based on the first object data, the method further comprising:
and sending second object data to the data trust platform so that the data trust platform stores the second object data, wherein the second object data is object data generated when the target object calls the target service.
9. The method of claim 1, after the target service is provided to the target object based on the first object data, the method further comprising:
acquiring a second data processing request of the target object, wherein the second data processing request is used for requesting to process second object data of the target object, and the second object data is object data generated when the target object calls the target service;
deleting second object data of the target object or performing data desensitization on the second object data in response to the second data processing request.
10. A service providing method, comprising:
the method comprises the steps of obtaining a privacy login account number obtaining request sent by a service platform, wherein the privacy login account number obtaining request is used for requesting to obtain a privacy login account number of a target object, and the target object is an object requesting to call a target service provided by the service platform;
responding to the privacy login account acquisition request, generating a privacy login account of the target object, and sending the privacy login account to the service platform, so that the service platform completes login based on the privacy login account;
sending the object data of the target object to a privacy computing platform, carrying out privacy computation on the object data of the target object by the privacy computing platform, and sending the computed first object data to the service platform, so that the service platform provides the target service for the target object based on the first object data.
11. The method of claim 10, the generating a private login account for the target object in response to the private login account acquisition request comprising:
and responding to the privacy login account acquisition request, and generating a one-time login account of the target object.
12. The method of claim 10, after sending the object data of the target object to a privacy computing platform, the method further comprising:
acquiring second object data of the target object, wherein the second object data is object data generated when the target object calls the target service;
storing the second object data of the target object;
and sending a data updating prompt to the target object, wherein the data updating prompt is used for prompting that the second object data is stored.
13. The method of claim 10, wherein before the obtaining the private login account obtaining request sent by the service platform, the method further comprises:
acquiring interactive data of the target object, wherein the interactive data belongs to the object data of the target object;
verifying the interactive data;
and storing the interactive data of the target object under the condition that the interactive data pass the verification.
14. The method of claim 13, the object data being derived by the target object from the service platform, the interaction data being signed by the service platform using a private key of the service platform, the verifying the interaction data comprising:
and verifying the interactive data based on the public key of the service platform.
15. A service providing system comprising: the system comprises a service platform, a data trust platform and a privacy calculation platform, wherein object data of a plurality of objects are stored on the data trust platform;
the service platform is used for sending a privacy login account number acquisition request to the data trust platform under the condition that a target object calls a target service;
the data trust platform is used for acquiring a privacy login account acquisition request sent by a service platform, responding to the privacy login account acquisition request, generating a privacy login account of the target object, and sending the privacy login account to the service platform;
the service platform is also used for acquiring a privacy login account of the target object sent by the data trust platform and completing login based on the privacy login account;
the data trust platform is further used for sending the object data of the target object to a privacy computing platform;
the privacy calculation platform is used for acquiring the object data of the target object and carrying out privacy calculation on the object data of the target object to obtain first object data of the target object;
the privacy computing platform is further to send the first object data to the service platform;
the service platform is further used for acquiring the first object data and providing the target service to the target object based on the first object data.
16. The system of claim 15, the service platform further configured to obtain a data export request of the target object, the data export request requesting export of interaction data of the target object, the interaction data belonging to object data of the target object; exporting the interaction data of the target object in response to the data export request; and sending the interactive data of the target object to the target object.
17. The system of claim 16, the data trust platform further for obtaining interaction data of the target object, the interaction data belonging to object data of the target object; verifying the interactive data; and storing the interactive data of the target object under the condition that the interactive data passes the verification.
18. A service providing apparatus comprising:
the account number acquisition module is used for acquiring a privacy login account number of the target object sent by the data trust platform under the condition that the target object calls the target service, and completing login based on the privacy login account number;
the object data acquisition module is used for acquiring first object data of the target object through the data trust platform, wherein the first object data is obtained by carrying out privacy calculation on the object data of the target object, and the data trust platform stores object data of a plurality of objects;
a service providing module for providing the target service to the target object based on the first object data.
19. A service providing apparatus comprising:
the system comprises a request acquisition module, a service platform and a service processing module, wherein the request acquisition module is used for acquiring a privacy login account acquisition request sent by the service platform, the privacy login account acquisition request is used for requesting to acquire a privacy login account of a target object, and the target object is an object requesting to call a target service provided by the service platform;
an account generation module, configured to generate a privacy login account of the target object in response to the privacy login account acquisition request, and send the privacy login account to the service platform, so that the service platform completes login based on the privacy login account;
the sending module is used for sending the object data of the target object to a privacy computing platform, the privacy computing platform carries out privacy computing on the object data of the target object, and the first object data obtained through computing is sent to the service platform, so that the service platform provides the target service for the target object based on the first object data.
20. A computer storage medium having stored thereon a plurality of instructions adapted to be loaded by a processor and to carry out the method according to any one of claims 1 to 14.
21. An electronic device, comprising: a processor and a memory; wherein the memory stores a computer program adapted to be loaded by the processor and to perform the method according to any of claims 1 to 14.
CN202211261573.0A 2022-10-14 2022-10-14 Service providing method, system, device, storage medium and electronic equipment Pending CN115801317A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211261573.0A CN115801317A (en) 2022-10-14 2022-10-14 Service providing method, system, device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211261573.0A CN115801317A (en) 2022-10-14 2022-10-14 Service providing method, system, device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN115801317A true CN115801317A (en) 2023-03-14

Family

ID=85432997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211261573.0A Pending CN115801317A (en) 2022-10-14 2022-10-14 Service providing method, system, device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115801317A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987690A (en) * 2023-03-20 2023-04-18 天聚地合(苏州)科技股份有限公司 Privacy calculation method based on API, API calling end and API providing end

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987690A (en) * 2023-03-20 2023-04-18 天聚地合(苏州)科技股份有限公司 Privacy calculation method based on API, API calling end and API providing end
CN115987690B (en) * 2023-03-20 2023-08-08 天聚地合(苏州)科技股份有限公司 Privacy computing method based on API, API calling terminal and API providing terminal

Similar Documents

Publication Publication Date Title
US11539685B2 (en) Federated identity management with decentralized computing platforms
US11438764B2 (en) Secure mobile initiated authentication
US20210243037A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
CN111369242B (en) Method for recovering blockchain assets through intelligent contracts, wallet and blockchain nodes
CN110458559B (en) Transaction data processing method, device, server and storage medium
CN109412812A (en) Data safe processing system, method, apparatus and storage medium
CN105871786A (en) User information authentication method, device and system
US20180218364A1 (en) Managing distributed content using layered permissions
WO2019011187A1 (en) Method, device, and apparatus for loss reporting, removing loss report, and service management of electronic account
CN109660534A (en) Safety certifying method, device, electronic equipment and storage medium based on more trade companies
CN113486122A (en) Data sharing method and electronic equipment
CN114513373B (en) Trusted data exchange method, device, system, electronic equipment and storage medium
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
CN114240347A (en) Business service secure docking method and device, computer equipment and storage medium
CN115801317A (en) Service providing method, system, device, storage medium and electronic equipment
CN112600830B (en) Service data processing method and device, electronic equipment and storage medium
US11133926B2 (en) Attribute-based key management system
CN113051611B (en) Authority control method of online file and related product
CN111125734B (en) Data processing method and system
CN111681009A (en) Multi-platform centralized authentication and authorization system and method, authentication and authorization and service device
CN116095671B (en) Resource sharing method based on meta universe and related equipment thereof
US11963006B2 (en) Secure mobile initiated authentication
CN111539020B (en) Material purchase management system and method
CN117061221A (en) Method and device for realizing cloud password service
CN117422416A (en) Block chain-based business handling method, device, equipment, medium and product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination