CN116055057A - Information sharing method and device, storage medium and electronic equipment - Google Patents
Information sharing method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN116055057A CN116055057A CN202310034637.1A CN202310034637A CN116055057A CN 116055057 A CN116055057 A CN 116055057A CN 202310034637 A CN202310034637 A CN 202310034637A CN 116055057 A CN116055057 A CN 116055057A
- Authority
- CN
- China
- Prior art keywords
- airport
- information
- authorized
- passenger
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
技术领域technical field
本发明涉及信息处理技术领域,特别涉及一种信息共享方法及装置、存储介质及电子设备。The present invention relates to the technical field of information processing, in particular to an information sharing method and device, a storage medium and electronic equipment.
背景技术Background technique
OneID是由国际航空运输协会(IATA)提出的一个概念,旨在应用身份管理和生物识别技术,避免旅客在出行环节中对于身份证件的依赖,从而优化旅客的出行体验。OneID的核心思想是让乘客在出行前与航空公司、机场和其他机构共享其数字身份以及其他所需文件,从而消除出行中重复的身份证件查验过程,减少在值机、托运、登机、出入海关等环节消耗的排队等候时间。OneID is a concept proposed by the International Air Transport Association (IATA), which aims to apply identity management and biometric technology to avoid passengers' dependence on identity documents during travel, thereby optimizing the travel experience of passengers. The core idea of OneID is to allow passengers to share their digital identities and other required documents with airlines, airports and other agencies before travelling, thereby eliminating the repeated identity verification process during travel and reducing the time spent on check-in, consignment, boarding, and access. The waiting time consumed by customs and other links.
OneID服务的理想状态是,旅客从进入始发地机场开始,直至离开目的地机场,期间可以使用认证的数字身份通过全部必要流程并享受相应的服务。而目前机场之间并不能共享旅客使用OneID服务时所需的认证信息,使得旅客到每到达新的机场均需要进行注册和输入认证所需的信息,才能使用OneID服务,导致旅客的体验感不好。The ideal state of the OneID service is that passengers can use their authenticated digital identities to go through all the necessary processes and enjoy corresponding services from the time they enter the airport of departure until they leave the airport of destination. At present, airports cannot share the authentication information required by passengers to use the OneID service, so that passengers need to register and enter the information required for authentication every time they arrive at a new airport before they can use the OneID service, resulting in a bad experience for passengers. good.
发明内容Contents of the invention
有鉴于此,本发明提供一种信息共享方法及装置、存储介质及电子设备,可以在各个机场间共享旅客的信息,确保旅客在到达机场后可以直接使用OneID服务,为旅客提供更加优质的服务。In view of this, the present invention provides an information sharing method and device, storage medium and electronic equipment, which can share passenger information among various airports, ensure that passengers can directly use OneID services after arriving at the airport, and provide passengers with better services .
为实现上述目的,本发明实施例提供如下技术方案:In order to achieve the above purpose, embodiments of the present invention provide the following technical solutions:
一种信息共享方法,包括:A method of sharing information, comprising:
接收旅客发送的信息共享请求,并基于所述信息共享请求,确定各个待选机场;Receive the information sharing request sent by the passenger, and determine each candidate airport based on the information sharing request;
确定所述旅客在各个所述待选机场中选择的授权机场;determining the authorized airport selected by said passenger among each of said candidate airports;
采集所述旅客的登机认证信息,并使用所述授权机场的公钥对所述登机认证信息进行加密,得到加密数据;Collect the boarding authentication information of the passenger, and use the public key of the authorized airport to encrypt the boarding authentication information to obtain encrypted data;
生成所述登机认证信息的数字签名,并将所述数字签名添加至所述加密数据中,得到共享数据;generating a digital signature of the boarding authentication information, and adding the digital signature to the encrypted data to obtain shared data;
将所述共享数据上传至预设的区块链,并向所述授权机场发送共识请求;Upload the shared data to the preset blockchain, and send a consensus request to the authorized airport;
触发所述授权机场基于所述共识请求在所述区块链中获取所述共享数据,并对所述共享数据进行签名验证,当所述共享数据通过签名验证时,将所述共享数据中的登机认证信息保存并更新授权游客列表。Trigger the authorized airport to obtain the shared data in the block chain based on the consensus request, and perform signature verification on the shared data, and when the shared data passes the signature verification, the The boarding authentication information is saved and the list of authorized tourists is updated.
上述的方法,可选的,所述基于所述信息共享请求,确定各个待选机场,包括:In the above method, optionally, the determining each candidate airport based on the information sharing request includes:
对预设的机场数据共享协议进行解析,获取所述机场数据共享协议中的签约信息;Analyzing the preset airport data sharing agreement to obtain the signing information in the airport data sharing agreement;
基于所述签约信息,确定签订所述机场数据共享协议的各个参与机场;Based on the signing information, determine each participating airport that has signed the airport data sharing agreement;
将各个所述参与机场均确定为待选机场。Each of the participating airports is determined as a candidate airport.
上述的方法,可选的,所述生成所述登机认证信息的数字签名,包括:In the above method, optionally, generating the digital signature of the boarding authentication information includes:
确定所述旅客所处的机场的私钥,并使用该私钥对所述登机认证信息进行签名处理,得到数字签名。Determine the private key of the airport where the passenger is located, and use the private key to sign the boarding authentication information to obtain a digital signature.
上述的方法,可选的,所述将所述共享数据中的登机认证信息保存并更新授权游客列表,包括:In the above method, optionally, saving and updating the authorized tourist list in the boarding authentication information in the shared data includes:
所述授权机场获取所述共享数据中的加密数据,并调用自身的私钥对所述加密数据进行解密处理,得到所述登机认证信息;The authorized airport obtains the encrypted data in the shared data, and calls its own private key to decrypt the encrypted data to obtain the boarding authentication information;
将所述登机认证信息进行保存,并将所述旅客的信息更新至所述授权游客列表中。The boarding authentication information is saved, and the information of the passenger is updated to the list of authorized tourists.
上述的方法,可选的,在确定所述旅客在各个所述待选机场中选择的授权机场后,还包括:The above method, optionally, after determining the authorized airport selected by the passenger in each of the candidate airports, further includes:
获取所述旅客的历史授权列表;Obtain a list of historical authorizations for the passenger;
基于各个所述授权机场和所述历史授权列表,判断是否存在取消授权的机场;Based on each of the authorized airports and the historical authorization list, it is judged whether there is an airport whose authorization has been cancelled;
当确定存在取消授权的机场时,向取消授权的机场发送信息删除请求,使得所述取消授权的机场基于所述信息删除请求将所述旅客的信息删除。When it is determined that there is an airport with deauthorization, an information deletion request is sent to the airport with deauthorization, so that the airport with deauthorization deletes the passenger's information based on the information deletion request.
一种信息共享装置,包括:An information sharing device, comprising:
接收单元,用于接收旅客发送的信息共享请求,并基于所述信息共享请求,确定各个待选机场;a receiving unit, configured to receive an information sharing request sent by a passenger, and determine each candidate airport based on the information sharing request;
确定单元,用于确定所述旅客在各个所述待选机场中选择的授权机场;a determination unit, configured to determine the authorized airport selected by the passenger among each of the candidate airports;
采集单元,用于采集所述旅客的登机认证信息,并使用所述授权机场的公钥对所述登机认证信息进行加密,得到加密数据;The collection unit is used to collect the boarding authentication information of the passenger, and use the public key of the authorized airport to encrypt the boarding authentication information to obtain encrypted data;
生成单元,用于生成所述登机认证信息的数字签名,并将所述数字签名添加至所述加密数据中,得到共享数据;A generating unit, configured to generate a digital signature of the boarding authentication information, and add the digital signature to the encrypted data to obtain shared data;
发送单元,用于将所述共享数据上传至预设的区块链,并向所述授权机场发送共识请求;a sending unit, configured to upload the shared data to a preset blockchain, and send a consensus request to the authorized airport;
触发单元,用于触发所述授权机场基于所述共识请求在所述区块链中获取所述共享数据,并对所述共享数据进行签名验证,当所述共享数据通过签名验证时,将所述共享数据中的登机认证信息保存并更新授权游客列表。A trigger unit, configured to trigger the authorized airport to obtain the shared data in the block chain based on the consensus request, and perform signature verification on the shared data, and when the shared data passes the signature verification, the The boarding authentication information in the above-mentioned shared data saves and updates the list of authorized tourists.
上述的装置,可选的,所述接收单元,包括:In the above device, optionally, the receiving unit includes:
第一获取子单元,用于对预设的机场数据共享协议进行解析,获取所述机场数据共享协议中的签约信息;The first acquisition subunit is configured to analyze the preset airport data sharing agreement, and acquire the signing information in the airport data sharing agreement;
第一确定子单元,用于基于所述签约信息,确定签订所述机场数据共享协议的各个参与机场;The first determination subunit is configured to determine each participating airport that has signed the airport data sharing agreement based on the contract information;
第二确定子单元,用于将各个所述参与机场均确定为待选机场。The second determination subunit is configured to determine each of the participating airports as candidate airports.
上述的装置,可选的,所述生成单元,包括:In the above device, optionally, the generating unit includes:
第三确定子单元,用于确定所述旅客所处的机场的私钥,并使用该私钥对所述登机认证信息进行签名处理,得到数字签名。The third determining subunit is configured to determine the private key of the airport where the passenger is located, and use the private key to sign the boarding authentication information to obtain a digital signature.
上述的装置,可选的,所述触发单元,包括:The above device, optionally, the trigger unit includes:
调用子单元,用于所述授权机场获取所述共享数据中的加密数据,并调用自身的私钥对所述加密数据进行解密处理,得到所述登机认证信息;Calling a subunit, used for the authorized airport to obtain the encrypted data in the shared data, and call its own private key to decrypt the encrypted data to obtain the boarding authentication information;
保存子单元,用于将所述登机认证信息进行保存,并将所述旅客的信息更新至所述授权游客列表中。The saving subunit is used to save the boarding authentication information, and update the information of the passenger to the list of authorized tourists.
上述的装置,可选的,还包括:The above-mentioned device, optionally, also includes:
第二获取子单元,用于获取所述旅客的历史授权列表;The second obtaining subunit is used to obtain the historical authorization list of the passenger;
判断子单元,用于基于各个所述授权机场和所述历史授权列表,判断是否存在取消授权的机场;A judging subunit, configured to judge whether there is an airport that has been deauthorized based on each of the authorized airports and the historical authorization list;
删除子单元,用于当确定存在取消授权的机场时,向取消授权的机场发送信息删除请求,使得所述取消授权的机场基于所述信息删除请求将所述旅客的信息删除。The deletion subunit is configured to send an information deletion request to the deauthorization airport when it is determined that there is an airport deauthorization, so that the deauthorization airport deletes the passenger's information based on the information deletion request.
一种存储介质,所述存储介质包括存储的指令,其中,在所述指令运行时控制所述存储介质所在的设备执行如上所述的信息共享方法。A storage medium, the storage medium includes stored instructions, wherein when the instructions are run, the device where the storage medium is located is controlled to execute the information sharing method as described above.
一种电子设备,包括存储器,以及一个或者一个以上的指令,其中一个或者一个以上指令存储于存储器中,且经配置以由一个或者一个以上处理器执行如上所述的信息共享方法。An electronic device includes a memory and one or more instructions, wherein the one or more instructions are stored in the memory and are configured to be executed by one or more processors as described above in the information sharing method.
与背景技术相比,本发明具有以下优点:Compared with background technology, the present invention has the following advantages:
本发明提供的信息共享方法及装置、存储介质及电子设备中,接收旅客发送的信息共享请求,并基于信息共享请求,确定各个待选机场;确定旅客在各个待选机场中选择的授权机场;采集旅客的登机认证信息,并使用授权机场的公钥对登机认证信息进行加密,得到加密数据;生成登机认证信息的数字签名,并将数字签名添加至加密数据中,得到共享数据;将共享数据上传至预设的区块链,并向授权机场发送共识请求;触发授权机场基于共识请求在区块链中获取共享数据,并对共享数据进行签名验证,当共享数据通过签名验证时,将共享数据中的登机认证信息保存并更新授权游客列表。将旅客的登机认证信息进行签名、加密等操作后上传至区块链,并向对应的授权机场发送共识请求,使得授权机场从区块链中获取旅客的登机认证信息,完成信息的共享,使得旅客可以直接在各个授权机场直接使用OneID服务,为旅客提供优质的服务,提高旅客的使用体验感,并且信息共享的整个过程确保了信息的安全传输,防止信息被篡改。In the information sharing method and device, storage medium and electronic equipment provided by the present invention, an information sharing request sent by a passenger is received, and based on the information sharing request, each candidate airport is determined; and the authorized airport selected by the passenger among each candidate airport is determined; Collect the passenger's boarding authentication information, and use the public key of the authorized airport to encrypt the boarding authentication information to obtain encrypted data; generate a digital signature of the boarding authentication information, and add the digital signature to the encrypted data to obtain shared data; Upload the shared data to the preset blockchain, and send a consensus request to the authorized airport; trigger the authorized airport to obtain the shared data in the blockchain based on the consensus request, and perform signature verification on the shared data. When the shared data passes the signature verification , save the boarding authentication information in the shared data and update the list of authorized tourists. After signing and encrypting the passenger's boarding authentication information, upload it to the blockchain, and send a consensus request to the corresponding authorized airport, so that the authorized airport can obtain the passenger's boarding authentication information from the blockchain and complete the information sharing , so that passengers can directly use OneID service at each authorized airport, provide passengers with high-quality services, improve the passenger experience, and the whole process of information sharing ensures the safe transmission of information and prevents information from being tampered with.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.
图1为本发明实施例提供的一种信息共享方法的方法流程图;Fig. 1 is a method flowchart of an information sharing method provided by an embodiment of the present invention;
图2为本发明实施例提供的基于信息共享请求,确定各个待选机场的方法流程图;FIG. 2 is a flowchart of a method for determining each candidate airport based on an information sharing request provided by an embodiment of the present invention;
图3为本发明实施例提供的将共享数据中的登机认证信息保存并更新授权游客列表的方法流程图;3 is a flow chart of a method for saving boarding authentication information in shared data and updating a list of authorized tourists provided by an embodiment of the present invention;
图4为本发明实施例提供的取消信息共享的方法流程图;FIG. 4 is a flowchart of a method for canceling information sharing provided by an embodiment of the present invention;
图5为本发明实施例提供的信息共享的场景示例图;FIG. 5 is an example diagram of an information sharing scenario provided by an embodiment of the present invention;
图6为本发明实施例提供的一种信息共享装置的结构示意图;FIG. 6 is a schematic structural diagram of an information sharing device provided by an embodiment of the present invention;
图7为本发明实施例提供的一种电子设备的结构示意图。FIG. 7 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
在本申请中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。In this application, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes none. other elements specifically listed, or also include elements inherent in such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.
本发明可用于众多通用或专用的计算装置环境或配置中。例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器装置、包括以上任何装置或设备的分布式计算环境等等。本发明可以应用于机场的系统,执行主体可以为系统的处理器。The invention is applicable to numerous general purpose or special purpose computing device environments or configurations. For example: personal computer, server computer, handheld or portable device, tablet type device, multiprocessor device, distributed computing environment including any of the above devices or devices, etc. The present invention can be applied to the system of the airport, and the execution body can be the processor of the system.
参照图1,为本发明实施例提供的一种信息共享方法的方法流程图,具体说明如下所述:Referring to Fig. 1, it is a method flowchart of an information sharing method provided by an embodiment of the present invention, and the specific description is as follows:
S101、接收旅客发送的信息共享请求,并基于信息共享请求,确定各个待选机场。S101. Receive an information sharing request sent by a passenger, and determine each candidate airport based on the information sharing request.
旅客当前所处的机场的系统接收旅客发送的信息共享请求,优选的,旅客可以使用移动终端与机场的系统连接,然后向系统发送信息共享请求,还可以通过机场的APP向系统发送信息共享请求。The system of the airport where the passenger is currently located receives the information sharing request sent by the passenger. Preferably, the passenger can use a mobile terminal to connect to the airport system, and then send an information sharing request to the system, or send an information sharing request to the system through the airport's APP .
进一步的,旅客可以为已注册机场的OneID服务的旅客,还可以为新注册OneID服务的旅客,也可以为已注册OneID服务一段时间的旅客。Furthermore, the passenger may be a passenger who has already registered for OneID service at the airport, a passenger who has newly registered for OneID service, or a passenger who has registered for OneID service for a period of time.
信息共享请求用于触发处理系统为旅客提供信息共享服务,以便旅客选择进行信息共享的机场,然后将登机所需要的信息在这些机场间共享,从而可以在各个机场间使用OneID服务,进而实现旅客从进入始发地机场,直至离开目的地机场的这段时间使用OneID服务进行乘机所进行的身份认证流程。The information sharing request is used to trigger the processing system to provide information sharing services for passengers, so that passengers can choose the airport for information sharing, and then share the information required for boarding among these airports, so that OneID service can be used between various airports, and then realize Passengers use the OneID service to check in during the period from entering the departure airport to departure from the destination airport.
参照图2,为本发明实施例提供的基于信息共享请求,确定各个待选机场的方法流程图,具体说明如下所述:Referring to Fig. 2, it is a flow chart of the method for determining each candidate airport based on the information sharing request provided by the embodiment of the present invention, and the specific description is as follows:
S201、对预设的机场数据共享协议进行解析,获取机场数据共享协议中的签约信息。S201. Analyze the preset airport data sharing agreement, and acquire the signing information in the airport data sharing agreement.
机场数据共享协议为预先保存的协议,该协议为机场与其他共享数据的机场签订后保存的协议,进一步的,签订了此协议的机场均会保存该协议。The airport data sharing agreement is a pre-saved agreement, which is an agreement signed by the airport and other airports that share data and saved. Further, the airports that have signed this agreement will save the agreement.
例如机场A、机场B以及机场C之间确定可以进行信息共享,则机场A、机场B以及机场C签订数据共享协议,签订的数据共享协议中包含了机场A、机场B以及机场C的机场信息,以及各机场需要遵守的协议内容、可以共享的具体数据等等。For example, it is determined that information sharing can be carried out between airport A, airport B, and airport C, then airport A, airport B, and airport C sign a data sharing agreement, and the signed data sharing agreement includes the airport information of airport A, airport B, and airport C , as well as the content of the agreement that each airport needs to abide by, the specific data that can be shared, etc.
对机场数据共享协议进行解析,获取机场数据共享协议中的签约信息。Analyze the airport data sharing agreement, and obtain the signing information in the airport data sharing agreement.
S202、基于签约信息,确定签订机场数据共享协议的各个参与机场。S202. Based on the signing information, determine each participating airport that has signed the airport data sharing agreement.
签约信息中包含了参与签订该机场数据共享协议的各个机场信息,具体如机场名称、签约机场代表人、机场标识等信息。The signing information includes the information of each airport participating in the signing of the airport data sharing agreement, such as the name of the airport, the representative of the signing airport, and the airport logo.
将签约信息中的各个机场均确定为参与机场,此处的参与机场可以理解为签订该机场数据共享协议的机场。Each airport in the signing information is determined as a participating airport, and the participating airport here can be understood as the airport that signed the airport data sharing agreement.
S203、将各个参与机场均确定为待选机场。S203. Determine each participating airport as a candidate airport.
需要说明的是,待选机场为旅客可以选择进行数据共享的机场,即授权机场获取旅客的个人信息,使得旅客可以使用机场的OneID服务支持在机场的各种身份验证的业务。It should be noted that the airport to be selected is an airport where passengers can choose to share data, that is, the airport is authorized to obtain personal information of passengers, so that passengers can use the airport's OneID service to support various identity verification services at the airport.
S102、确定旅客在各个待选机场中选择的授权机场。S102. Determine the authorized airport selected by the passenger among each candidate airport.
进一步的,基于各个待选机场生成待选机场列表,待选机场列表中包含每个待选机场的机场名称、机场识别号等信息;将待选机场列表向旅客展示,使得旅客可以基于自身的需求选择机场,优选的,旅客可以根据本次的出行行程选择机场。获取旅客输入的机场选择信息,机场选择信息中包含至少一个选择标识;对于每个选择标识,将与该选择标识相同的机场标识所属的机场确定为授权机场。Further, a list of airports to be selected is generated based on each airport to be selected, and the list of airports to be selected includes information such as the airport name and the airport identification number of each airport to be selected; the list of airports to be selected is displayed to passengers, so that passengers can Need to select the airport, preferably, the passenger can select the airport according to the current travel itinerary. The airport selection information input by the passenger is acquired, and the airport selection information includes at least one selection identifier; for each selection identifier, the airport to which the airport identifier identical to the selection identifier belongs is determined as an authorized airport.
可选的,在确定了各个授权机场后,机场的系统基于各个授权机场生成授权协议,该授权协议包括但不限于各个授权机场的信息,例如机场的名称、识别标识等,还包含了旅客授予各个授权机场使用旅客的信息的内容,以及旅客与各个授权机场需要遵守的规则和注意事项。优选的,旅客需要与各个授权机场签订该授权协议。Optionally, after each authorized airport is determined, the airport's system generates an authorization agreement based on each authorized airport. The content of passenger information used by each authorized airport, as well as the rules and precautions that passengers and each authorized airport need to abide by. Preferably, the passenger needs to sign the authorization agreement with each authorized airport.
授权机场的个数为至少一个,为每个授权机场共享信息的过程是相同的。The number of authorized airports is at least one, and the process of sharing information for each authorized airport is the same.
S103、采集旅客的登机认证信息,并使用授权机场的公钥对登机认证信息进行加密,得到加密数据。S103. Collect the passenger's boarding authentication information, and use the public key of the authorized airport to encrypt the boarding authentication information to obtain encrypted data.
登机认证信息包括但不限于旅客的生物识别信息、基本信息以及授权信息等,进一步的,生物识别信息可以使用生物识别系统采集,生物识别信息包括但不限于旅客的人脸图片、虹膜、指纹、声音信息等,优选的,为了提高后续认证的准确性,人脸图片可以为本次采集的图片。Boarding authentication information includes but is not limited to passengers' biometric information, basic information, and authorization information. Further, biometric information can be collected using a biometric system. Biometric information includes but is not limited to passengers' face pictures, irises, and fingerprints. , voice information, etc. Preferably, in order to improve the accuracy of subsequent authentication, the face picture can be the picture collected this time.
基本信息包括但不限于旅客的名字、性别、出生日期、出行行程的航班信息等。Basic information includes, but is not limited to, the passenger's name, gender, date of birth, flight information for travel itinerary, etc.
授权信息包括但不限于上述的授权协议、各个授权机场的信息,例如每个授权机场的机场名称、机场标识等。Authorization information includes, but is not limited to, the above-mentioned authorization agreement and information on each authorized airport, such as the airport name and airport identification of each authorized airport.
需要说明的是,每个授权机场均存在公私钥对,公钥可以通过广播或是其他的方式发布。每个授权机场的公钥是不同的,对于每个授权机场,使用该授权机场的公钥对登机认证信息进行加密,得到与该授权机场对应的加密数据。It should be noted that each authorized airport has a public-private key pair, and the public key can be released by broadcast or other means. The public key of each authorized airport is different. For each authorized airport, the public key of the authorized airport is used to encrypt the boarding authentication information to obtain the encrypted data corresponding to the authorized airport.
S104、生成登机认证信息的数字签名,并将数字签名添加至加密数据中,得到共享数据。S104. Generate a digital signature of the boarding authentication information, and add the digital signature to the encrypted data to obtain shared data.
确定旅客所处的机场的私钥,并使用该私钥对登机认证信息进行签名处理,得到数字签名;优选的,旅客所处的机场即为当前系统的机场。Determine the private key of the airport where the passenger is, and use the private key to sign the boarding authentication information to obtain a digital signature; preferably, the airport where the passenger is is the airport of the current system.
优选的,使用旅客所处的机场的私钥对登机认证信息的摘要信息进行签名处理,从而得到数字签名;还可使用私钥对登机认证信息的所有内容进行签名处理,从而得到数字签名;需要说明的是,本发明生成数字签名的方式不局限于本发明举例的方式,还可以使用其他方式生成数字签名。Preferably, the summary information of the boarding authentication information is signed using the private key of the airport where the passenger is located to obtain a digital signature; the private key can also be used to sign all the contents of the boarding authentication information to obtain a digital signature ; It should be noted that the method of generating digital signatures in the present invention is not limited to the methods exemplified in the present invention, and other methods can also be used to generate digital signatures.
在生成数字签名后,可基于数字签名和加密数据作为共享数据。After the digital signature is generated, the digital signature and encrypted data can be used as shared data.
S105、将共享数据上传至预设的区块链,并向授权机场发送共识请求。S105. Upload the shared data to a preset blockchain, and send a consensus request to the authorized airport.
将共享数据上传至区块链可以防止不法分子对共享数据进行篡改,并且共享数据为加密数据,可以避免共享数据被调用的情况,提高机场之间数据共享的安全性,以及保证数据在共享时的可靠性。Uploading the shared data to the blockchain can prevent criminals from tampering with the shared data, and the shared data is encrypted data, which can avoid the situation that the shared data is called, improve the security of data sharing between airports, and ensure that the data is shared when it is shared. reliability.
向每个授权机场发送共识请求,优选的,本发明中的授权机场可以包括旅客当前所处的机场,也可以不包括旅客当前所处的机场。A consensus request is sent to each authorized airport. Preferably, the authorized airport in the present invention may include the airport where the passenger is currently located, or may not include the airport where the passenger is currently located.
共识请求用于触发授权机场去获取旅客共享的信息。优选的,共识请求中包含上传至区块链的共享数据的识别编码。Consensus requests are used to trigger authorized airports to obtain information shared by passengers. Preferably, the consensus request includes the identification code of the shared data uploaded to the block chain.
S106、触发授权机场基于共识请求在区块链中获取共享数据,并对共享数据进行签名验证,当共享数据通过签名验证时,将共享数据中的登机认证信息保存并更新授权游客列表。S106. Trigger the authorized airport to obtain the shared data in the blockchain based on the consensus request, and perform signature verification on the shared data. When the shared data passes the signature verification, save the boarding authentication information in the shared data and update the list of authorized tourists.
需要说明的是,每个授权机场均要执行S106这一步骤。It should be noted that each authorized airport must implement the step S106.
授权机场根据共识请求中的识别编码在区块链中获取共享数据,使用识别编码可以准确的获取共享数据,避免获取到错误的数据。Authorize the airport to obtain the shared data in the blockchain according to the identification code in the consensus request. Using the identification code can accurately obtain the shared data and avoid obtaining wrong data.
授权机场确定上传该共享数据的系统,并使用该系统所属的机场的公钥对共享数据进行签名认证,从而对上传该共享数据的系统的身份进行验证,有效避免不法分子冒充系统上传数据,提高数据共享环境的安全性。Authorize the airport to determine the system that uploads the shared data, and use the public key of the airport to which the system belongs to sign and authenticate the shared data, thereby verifying the identity of the system that uploaded the shared data, effectively preventing criminals from posing as the system to upload data, and improving Security of the data sharing environment.
当共享数据通过签名验证时,证明上传该共享数据的系统为可信的系统,该共享数据是安全的数据;当共享数据未通过签名验证时,表示上传该共享数据的系统为冒充的系统,该共享数据为风险数据,此时不应再对该共享数据进行操作,可进行报警,使得风险排查人员进行处理,保证数据共享的安全性。When the shared data passes the signature verification, it proves that the system uploading the shared data is a trusted system, and the shared data is safe data; when the shared data fails the signature verification, it means that the system uploading the shared data is a fake system, The shared data is risk data. At this time, no operations should be performed on the shared data, and an alarm can be issued, so that risk investigators can process it to ensure the security of data sharing.
参照图3,为本发明实施例提供的将共享数据中的登机认证信息保存并更新授权游客列表的方法流程图,具体说明如下所示:Referring to Fig. 3, it is a flow chart of a method for saving and updating the authorized tourist list in the boarding authentication information in the shared data provided by the embodiment of the present invention, and the specific description is as follows:
S301、授权机场获取共享数据中的加密数据,并调用自身的私钥对加密数据进行解密处理,得到登机认证信息。S301. Authorize the airport to obtain encrypted data in the shared data, and use its own private key to decrypt the encrypted data to obtain boarding authentication information.
S302、将登机认证信息进行保存,并将旅客的信息更新至授权游客列表中。S302. Save the boarding authentication information, and update the passenger information to the list of authorized tourists.
需要说明的是,授权游客列表中保存在授权机场中使用自身信息的旅客的信息,例如旅客的姓名、身份证号以及性别等。示例性的,假设存在旅客1、旅客2、旅客3以及机场A,旅客1和旅客2在授权机场A使用自身信息,则机场A的授权游客列表中包含了旅客1的信息和旅客2的信息。It should be noted that the authorized passenger list stores the information of passengers who use their own information at the authorized airport, such as the passenger's name, ID number and gender. Exemplarily, assuming that there are passenger 1, passenger 2, passenger 3 and airport A, passenger 1 and passenger 2 use their own information at authorized airport A, then the authorized passenger list of airport A contains the information of passenger 1 and the information of passenger 2 .
在将登机认证信息进行保存时,结构化存储负责保存旅客的基本数据、授权信息;非结构化存储负责保存旅客的生物识别信息,例如人脸图片。When storing boarding authentication information, the structured storage is responsible for storing the basic data and authorization information of passengers; the unstructured storage is responsible for storing the biometric information of passengers, such as face pictures.
优选的,授权机场将登机认证信息保存和更新授权游客列表后即完成了信息共享;由此,旅客在到达授权机场后,无需进行注册或是上传信息就可使用授权机场的OneID服务来实现机场中各种需要进行身份认证的业务;实现了旅客从进入始发机场至离开目的机场的过程中通过使用OneID服务来实现机场中各项身份认证的业务,使得旅客在机场核验身份时无需再翻找身份证等证件,缩短了旅客值机、存放行李过程中核验身份的时间,为旅客提供更加优质的服务,提高旅客对机场的体验感。Preferably, the authorized airport completes information sharing after saving the boarding authentication information and updating the list of authorized tourists; thus, after arriving at the authorized airport, passengers can use the OneID service of the authorized airport without registering or uploading information. Various services in the airport that require identity authentication; Realize that passengers use the OneID service to realize various identity authentication services in the airport from entering the departure airport to leaving the destination airport, so that passengers do not need to verify their identities at the airport. Searching for ID cards and other documents shortens the time for passengers to verify their identity during check-in and luggage storage, provides passengers with better services, and improves passengers' experience at the airport.
本发明实施例提供的方法中,接收旅客发送的信息共享请求,并基于信息共享请求,确定各个待选机场;确定旅客在各个待选机场中选择的授权机场;采集旅客的登机认证信息,并使用授权机场的公钥对登机认证信息进行加密,得到加密数据;生成登机认证信息的数字签名,并将数字签名添加至加密数据中,得到共享数据;将共享数据上传至预设的区块链,并向授权机场发送共识请求;触发授权机场基于共识请求在区块链中获取共享数据,并对共享数据进行签名验证,当共享数据通过签名验证时,将共享数据中的登机认证信息保存并更新授权游客列表。本发明对需要共享的登机认证信息进行加密,得到加密数据,并在加密数据中添加数字签名后得到共享数据,将共享数据上传至区块链,并触发旅客选择的授权机场从区块链中获取该共享数据,并在该共享数据通过验证时进行保存,进而完成信息的共享;通过在各个机场之间共享旅客的数据,使得旅客无需在到达新的机场进行注册和输入认证所需的信息,即可使用机场的OneID服务,实现了跨机场OneID服务,从而为旅客提供更加优质的服务,并且数据在共享的过程中,通过使用区块链技术、加密技术以及签名技术,使得共享的数据具有不可伪造、不可虚构、不可篡改等特点,还构建了一个可信、安全的共享环境。In the method provided by the embodiment of the present invention, the information sharing request sent by the passenger is received, and based on the information sharing request, each candidate airport is determined; the authorized airport selected by the passenger in each candidate airport is determined; the boarding authentication information of the passenger is collected, And use the public key of the authorized airport to encrypt the boarding authentication information to obtain encrypted data; generate a digital signature of the boarding authentication information, and add the digital signature to the encrypted data to obtain shared data; upload the shared data to the preset Blockchain, and send a consensus request to the authorized airport; trigger the authorized airport to obtain the shared data in the blockchain based on the consensus request, and perform signature verification on the shared data. When the shared data passes the signature verification, the boarding in the shared data will be Authentication information is saved and the list of authorized visitors is updated. The invention encrypts the boarding authentication information that needs to be shared to obtain encrypted data, and adds a digital signature to the encrypted data to obtain shared data, uploads the shared data to the block chain, and triggers the authorized airport selected by the passenger to transfer from the block chain Obtain the shared data in the airport and save it when the shared data is verified, and then complete the sharing of information; by sharing passenger data between various airports, passengers do not need to register and enter the required authentication information when arriving at a new airport. Information, you can use the airport's OneID service to realize the cross-airport OneID service, so as to provide passengers with better services, and in the process of data sharing, through the use of blockchain technology, encryption technology and signature technology, the shared Data has the characteristics of unforgeable, non-fictional, and non-tamperable, and also builds a credible and safe sharing environment.
优选的,在进行信息共享的过程中,还可以批量的接收旅客发送的共享请求,然后批量的将旅客的信息给机场共享,例如,旅客1和旅客2均选择了机场B作为授权机场,则可以使用机场B的公钥对旅客1的登机认证信息和旅客2的登机认证信息进行加密,得到加密数据,将加密数据上传至区块链后向机场B发送与该加密数据对应的共识请求,此处的加密数据中包含了旅客1的登机认证信息和旅客2的登机认证信息。优选的,还可使用机场B的公钥分别对旅客1和旅客2的登机认证信息进行加密,然后得到与旅客1对应的加密数据1和与旅客2对应的加密数据2,然后将这两个加密数据上传至区块链后,给机场B发送与加密数据1共识请求以及与加密数据2对应的共识请求。Preferably, in the process of information sharing, it is also possible to receive sharing requests sent by passengers in batches, and then share the passenger information with the airport in batches. For example, passenger 1 and passenger 2 both choose airport B as the authorized airport, then The public key of airport B can be used to encrypt the boarding authentication information of passenger 1 and the boarding authentication information of passenger 2 to obtain encrypted data, upload the encrypted data to the blockchain and send a consensus corresponding to the encrypted data to airport B Request, the encrypted data here contains the boarding authentication information of passenger 1 and the boarding authentication information of passenger 2. Preferably, the public key of airport B can also be used to encrypt the boarding authentication information of passenger 1 and passenger 2 respectively, and then the encrypted data 1 corresponding to passenger 1 and the encrypted data 2 corresponding to passenger 2 are obtained, and then the two After the encrypted data is uploaded to the blockchain, a consensus request corresponding to encrypted data 1 and a consensus request corresponding to encrypted data 2 are sent to airport B.
参照图4,为本发明实施例提供的取消信息共享的方法流程图,具体说明如下所述:Referring to FIG. 4, it is a flowchart of a method for canceling information sharing provided by an embodiment of the present invention, and the specific description is as follows:
S401、获取旅客的历史授权列表。S401. Obtain the historical authorization list of the passenger.
历史授权列表为旅客上一次请求信息共享时生成的机场授权列表,历史授权列表不为空时,历史授权列表中包含至少一个历史授权机场,需要说明的是,当旅客首次请求进行信息共享时,历史授权列表为空。The historical authorization list is the airport authorization list generated when the passenger requested information sharing last time. When the historical authorization list is not empty, the historical authorization list contains at least one historical authorized airport. It should be noted that when the passenger requests information sharing for the first time, Historical authorization list is empty.
S402、基于各个授权机场和历史授权列表,判断是否存在取消授权的机场;当确定存在取消授权的机场时,执行S403;当确定不存在取消授权的机场时,执行S404。S402. Based on each authorized airport and the historical authorization list, judge whether there is an airport that has been deauthorized; when it is determined that there is an airport that has been deauthorized, perform S403; when it is determined that there is no airport that has been deauthorized, perform S404.
对于历史授权列表的每个历史授权机场,判断各个授权机场中是否存在该历史授权机场,如果存在,则确定该历史授权机场不为取消授权的机场,如果不存在,则将该历史授权机场确定为取消授权的机场。For each historical authorized airport in the historical authorization list, determine whether the historical authorized airport exists in each authorized airport, if it exists, then determine that the historical authorized airport is not an airport for deauthorization, if not, then determine the historical authorized airport for the canceled airport.
S403、向取消授权的机场发送信息删除请求,使得取消授权的机场基于信息删除请求将旅客的信息删除。S403. Send an information deletion request to the deauthorized airport, so that the deauthorized airport deletes the passenger's information based on the information deletion request.
S404、结束。S404, end.
需要说明的是,取消授权的机场基于信息删除请求将本地中关于该旅客的信息都删除,至此,该机场中不存在该旅客的信息,且该旅客在该机场中不能使用OneID服务。It should be noted that the airport that canceled the authorization deleted all the information about the passenger in the local area based on the information deletion request. So far, there is no information about the passenger in the airport, and the passenger cannot use the OneID service in the airport.
优选的,取消授权的机场还可以是旅客选择的,例如机场A一开始为旅客上一次授权使用信息的机场,但在本次进行信息共享时,旅客将机场A设置为取消授权的机场。Preferably, the airport to be deauthorized can also be selected by the passenger. For example, airport A is initially the airport that was authorized to use information by the passenger last time, but when the information is shared this time, the passenger sets airport A as the airport to be deauthorized.
通过将取消授权的机场中的旅客的信息删除,可以避免旅客的信息泄露,确保旅客个人信息的安全。By deleting the passenger's information at the airport where the authorization is cancelled, the leakage of the passenger's information can be avoided and the safety of the passenger's personal information can be ensured.
参照图5,为本发明实施例提供的信息共享的场景示例图,具体说明如下所示。Referring to FIG. 5 , it is an example diagram of an information sharing scenario provided by an embodiment of the present invention, and the specific description is as follows.
图中包含旅客所处的机场的系统A、旅客选择的授权机场的系统B以及其他系统,进一步的,其他系统中包含生物识别信息采集系统、旅客数据供应系统以及OneID服务提供系统;当旅客向系统A发送信息共享请求时,系统A调用生物识别信息采集系统采集旅客的生物识别信息,以及调用旅客数据供应系统采集旅客的基本信息,将生成识别信息和基本信息确定为旅客的登机认证信息;旅客通过系统A中的授权信息管理系统确定各个授权机场,并对登机认证信息进行加密和签名处理,得到加密数据,并将加密数据上传至区块链,并向各个授权机场发送公式请求;优选的,如果机场A为旅客选择的授权机场,则系统A可以将登机认证信息进行保存。The figure includes system A of the airport where the passenger is, system B of the authorized airport selected by the passenger, and other systems. Further, other systems include a biometric information collection system, a passenger data supply system, and a OneID service provision system; When system A sends an information sharing request, system A calls the biometric information collection system to collect the passenger's biometric information, and calls the passenger data supply system to collect the passenger's basic information, and determines the generated identification information and basic information as the passenger's boarding authentication information Passengers determine each authorized airport through the authorization information management system in system A, and encrypt and sign the boarding authentication information to obtain encrypted data, upload the encrypted data to the blockchain, and send a formula request to each authorized airport ; Preferably, if the airport A is the authorized airport selected by the passenger, then the system A can save the boarding authentication information.
授权机场的系统B接收到共识请求后,基于共识请求从区块链中获取加密数据,并对加密数据进行签名认证和解密等操作,得到登机认证信息,并将登机认证信息进行保存。由此,机场A和机场B共享了旅客的信息,旅客可以在机场A和机场B享受OneID服务提供系统提供的OneID服务。After the system B of the authorized airport receives the consensus request, it obtains the encrypted data from the blockchain based on the consensus request, performs signature authentication and decryption on the encrypted data, obtains the boarding authentication information, and saves the boarding authentication information. Thus, airport A and airport B share passenger information, and passengers can enjoy the OneID service provided by the OneID service provision system at airport A and airport B.
优选的,本发明中的机场的系统保存登机认证信息时,保存的方式包括结构化存储、非结构化存储和缓存。结构化存储负责保存旅客数据、授权信息;非结构化存储负责保存图片信息;缓存负责提前将数据库中数据加载到内存,提高访问速度。Preferably, when the airport system in the present invention saves the boarding authentication information, the saving methods include structured storage, unstructured storage and cache. Structured storage is responsible for saving passenger data and authorization information; unstructured storage is responsible for saving picture information; cache is responsible for loading data from the database into memory in advance to improve access speed.
进一步的,系统在保存登机认证信息时,若本地存储中没有此旅客的信息,则将该旅客的信息更新到本地存储;若已注册旅客修改了授权信息且本机场仍在授权列表中,则更新旅客授权信息。优选的,若旅客取消对机场的授权,则被取消授权的机场需要从本地存储中删除对应旅客信息;优选的,本地存储中的数据被用于在本机场提供OneID服务。Further, when the system saves the boarding authentication information, if there is no information about the passenger in the local storage, the passenger's information will be updated to the local storage; if the registered passenger modifies the authorization information and the airport is still in the authorization list, Then update the passenger authorization information. Preferably, if the passenger cancels the authorization to the airport, the deauthorized airport needs to delete the corresponding passenger information from the local storage; preferably, the data in the local storage is used to provide OneID service at the airport.
本发明还提供具体的场景例子进行说明,以下假设三名旅客:旅客1、旅客2、旅客3,三名旅客均从始发地A机场出发,乘坐Z航班前往目的地B机场。A机场与B机场已达成数据共享协议。旅客1未进行过人脸注册;旅客2、旅客3已在A机场注册人脸信息,旅客2已授权A机场使用自己的生物识别信息,旅客3已同时授权A机场、B机场使用自己的生物识别信息。The present invention also provides specific scene examples for illustration. Assume that there are three passengers: Passenger 1, Passenger 2, and Passenger 3. All three passengers depart from the airport of origin A and take flight Z to destination B airport. Airport A and Airport B have reached a data sharing agreement. Passenger 1 has not performed face registration; Passenger 2 and Passenger 3 have registered face information at Airport A, Passenger 2 has authorized Airport A to use his biometric information, and Passenger 3 has authorized Airport A and Airport B to use his biometric information at the same time. identifying information.
步骤1、数据采集。Step 1. Data collection.
数据采集由旅客所在的机场的系统执行,即由机场A的系统执行,数据采集的过程具体如:The data collection is performed by the system of the airport where the passenger is located, that is, the system of Airport A. The specific process of data collection is as follows:
步骤1.1、获取旅客数据。通过旅客数据供应系统获取旅客1、旅客2、旅客3基本旅客信息。Step 1.1, obtain passenger data. Passenger 1, passenger 2, and passenger 3 basic passenger information are obtained through the passenger data supply system.
步骤1.2、获取生物识别信息。通过生物识别信息采集系统获取旅客1、旅客2、旅客3人脸图片。Step 1.2, obtaining biometric information. Obtain the face pictures of Passenger 1, Passenger 2, and Passenger 3 through the biometric information collection system.
步骤2、授权信息管理。Step 2, authorization information management.
授权信息管理即获取旅客提供的授权信息,旅客提供的授权信息可以为授权的机场的信息和取消授权的机场的信息,授权信息的管理由旅客所在的机场的系统执行,即由机场A的系统执行,具体如下所述:Authorization information management is to obtain the authorization information provided by the passenger. The authorization information provided by the passenger can be the information of the authorized airport and the information of the canceled airport. Execute, as follows:
步骤2.1、核对机场间数据共享协议。Step 2.1. Check the data sharing agreement between airports.
A机场核对现有机场间数据共享协议,确定可以与B机场共享旅客生物识别信息。Airport A checks the existing data sharing agreement between airports and confirms that it can share passenger biometric information with airport B.
步骤2.2、更新旅客的授权信息。Step 2.2, updating the passenger's authorization information.
旅客1进行人脸注册操作,A机场向旅客1反馈可授权机场列表,可授权机场列表包含A机场与B机场,旅客1同时授权A机场与B机场使用自己的生物识别信息;旅客2通过值机系统为B机场添加使用生物识别信息的授权;旅客3通过手机APP取消了B机场使用其生物识别信息的授权。Passenger 1 performs the face registration operation. Airport A feeds back the list of authorized airports to passenger 1. The list of authorized airports includes airports A and B. Passenger 1 authorizes both airports A and B to use his biometric information at the same time; passenger 2 passes the value The aircraft system adds authorization to use biometric information for airport B; Passenger 3 cancels the authorization for airport B to use his biometric information through the mobile APP.
至此,获得了旅客1、旅客2以及旅客3均已经选择授权的机场和取消授权的机场的信息。So far, the information of the airports that passenger 1, passenger 2, and passenger 3 have selected to be authorized and the airports that have been canceled is obtained.
步骤3、核对旅客授权信息并添加数字签名。Step 3. Check the passenger authorization information and add a digital signature.
旅客1、旅客2授权了B机场使用生物识别信息,旅客3取消了B机场使用生物识别信息的授权,因此使用B机场的公钥对三名旅客的基本信息、人脸图片、授权信息进行加密。机场A使用特定的哈希函数生成旅客基本信息、人脸图片、授权信息的摘要,并用机场A的私钥对摘要进行加密生成数字签名。Passenger 1 and Passenger 2 authorized Airport B to use biometric information, and Passenger 3 canceled the authorization of Airport B to use biometric information, so the public key of Airport B was used to encrypt the basic information, face pictures, and authorization information of the three passengers . Airport A uses a specific hash function to generate a summary of passenger basic information, face pictures, and authorization information, and encrypts the summary with airport A's private key to generate a digital signature.
步骤4、上传数据至区块链。Step 4. Upload data to the blockchain.
A机场将附有数字签名的加密信息上传至区块链并向B机场发起共识请求。Airport A uploads the encrypted information with digital signature to the blockchain and initiates a consensus request to Airport B.
步骤5、数据存储。Step 5, data storage.
将新注册旅客1的信息更新到本地存储。旅客2、旅客3修改了授权且A机场仍在授权列表中,则更新本地存储中旅客2、旅客3的授权信息。旅客1、旅客2、旅客3可以在A机场的值机、行李托运、安检、登机、智慧航显等环节享受OneID服务。Update the information of the newly registered passenger 1 to the local storage. Passenger 2 and passenger 3 modify the authorization and airport A is still in the authorization list, then update the authorization information of passenger 2 and passenger 3 in the local storage. Passenger 1, Passenger 2, and Passenger 3 can enjoy OneID services in check-in, baggage check-in, security check, boarding, and smart flight display at Airport A.
步骤6、验证共享数据并做处理。Step 6. Verify the shared data and process it.
B机场在收到共识请求后,使用B机场私钥解密旅客1、旅客2、旅客3的基本旅客信息、人脸图片、授权信息;使用A机场的公钥解析数字签名获得A机场生成的摘要,并使用与A机场相同的哈希函数对旅客基本信息、人脸图片、授权信息进行处理生成摘要。经核对,A机场与B机场生成的摘要一致,说明共享信息的上传者确实是A机场且信息未经篡改,B机场与A机场达成共识,完成数据的接收,机场B的系统执行步骤7的内容。After receiving the consensus request, Airport B uses the private key of Airport B to decrypt the basic passenger information, face pictures, and authorization information of Passenger 1, Passenger 2, and Passenger 3; uses the public key of Airport A to analyze the digital signature to obtain the summary generated by Airport A , and use the same hash function as that of airport A to process passenger basic information, face pictures, and authorization information to generate a summary. After checking, the summaries generated by Airport A and Airport B are consistent, indicating that the uploader of the shared information is indeed Airport A and the information has not been tampered with. Airport B and Airport A have reached a consensus to complete the data reception. The system of Airport B executes step 7. content.
步骤7、数据存储。Step 7, data storage.
B机场本地存储中没有旅客1、旅客2的信息,将两名旅客信息更新到本地存储。旅客3取消了B机场使用其生物识别信息的授权,因此B机场从本地存储中删除旅客3的信息。There is no information about passenger 1 and passenger 2 in the local storage of airport B, and the information of the two passengers is updated to the local storage. Passenger 3 revokes Airport B's authorization to use his biometric information, so Airport B deletes Passenger 3's information from local storage.
需要说明的是,旅客1、旅客2到达B机场后仍然可以享受OneID服务;旅客3取消了B机场使用其生物识别信息的授权,因此不能在B机场后享受OneID服务。It should be noted that Passenger 1 and Passenger 2 can still enjoy the OneID service after arriving at Airport B; Passenger 3 has canceled the authorization of Airport B to use his biometric information, so he cannot enjoy OneID service after arriving at Airport B.
本发明利用了区块链的非对称加密技术以及信息不可伪造、不可篡改的特点,来传输旅客生物识别及授权信息等敏感信息。同时对旅客生物识别信息授权的管理流程进行了优化,旅客可以动态修改授权范围,机场间根据旅客授权信息的变化实时共享旅客生物识别及授权信息。此技术方案实施后,可以为机场间提供了完全可信的数据传输环境,有效的解决机场间数据无法互信的问题,同时实现了让旅客进行跨机场生物识别信息授权,使旅客可以通过一次注册享受多个机场的OneID服务。The present invention utilizes the asymmetric encryption technology of the block chain and the characteristics that information cannot be forged and tampered with to transmit sensitive information such as passenger biometric identification and authorization information. At the same time, the management process of passenger biometric information authorization has been optimized. Passengers can dynamically modify the scope of authorization, and airports can share passenger biometric and authorization information in real time according to changes in passenger authorization information. After the implementation of this technical solution, it can provide a completely credible data transmission environment between airports, effectively solve the problem that data between airports cannot be trusted, and at the same time allow passengers to authorize cross-airport biometric information, so that passengers can register through one time Enjoy OneID service at multiple airports.
进一步的,本发明还允许旅客实时对生物识别信息的授权情况进行变更,并根据授权列表判断哪些机场需要实时更新此次变更信息,并通过对应的私钥加密信息并进行传输。由此,旅客变更的信息可以实时同步到所有需要参与数据变更的节点上,使得信息同步不存在时间延迟问题。Furthermore, the present invention also allows passengers to change the authorization status of biometric information in real time, and judge which airports need to update the change information in real time according to the authorization list, and encrypt the information with the corresponding private key and transmit it. As a result, passenger change information can be synchronized to all nodes that need to participate in data change in real time, so that there is no time delay in information synchronization.
与图1所示的方法相对应的,本发明还提供一种信息共享装置,该装置用于支持图1所示的方法的具体实现,该装置可以应用于机场的处理系统中。Corresponding to the method shown in FIG. 1 , the present invention also provides an information sharing device, which is used to support the specific realization of the method shown in FIG. 1 , and the device can be applied to a processing system of an airport.
参照图6,为本发明实施例提供的一种信息共享装置的结构示意图,具体说明如下所述:Referring to FIG. 6, it is a schematic structural diagram of an information sharing device provided by an embodiment of the present invention, and the specific description is as follows:
接收单元501,用于接收旅客发送的信息共享请求,并基于所述信息共享请求,确定各个待选机场;The receiving
确定单元502,用于确定所述旅客在各个所述待选机场中选择的授权机场;A determining
采集单元503,用于采集所述旅客的登机认证信息,并使用所述授权机场的公钥对所述登机认证信息进行加密,得到加密数据;The
生成单元504,用于生成所述登机认证信息的数字签名,并将所述数字签名添加至所述加密数据中,得到共享数据;A generating
发送单元505,用于将所述共享数据上传至预设的区块链,并向所述授权机场发送共识请求;A sending
触发单元506,用于触发所述授权机场基于所述共识请求在所述区块链中获取所述共享数据,并对所述共享数据进行签名验证,当所述共享数据通过签名验证时,将所述共享数据中的登机认证信息保存并更新授权游客列表。A triggering
在本发明实施例提供的另一装置中,该装置的接收单元501,包括:In another device provided by an embodiment of the present invention, the receiving
第一获取子单元,用于对预设的机场数据共享协议进行解析,获取所述机场数据共享协议中的签约信息;The first acquisition subunit is configured to analyze the preset airport data sharing agreement, and acquire the signing information in the airport data sharing agreement;
第一确定子单元,用于基于所述签约信息,确定签订所述机场数据共享协议的各个参与机场;The first determination subunit is configured to determine each participating airport that has signed the airport data sharing agreement based on the contract information;
第二确定子单元,用于将各个所述参与机场均确定为待选机场。The second determination subunit is configured to determine each of the participating airports as candidate airports.
在本发明实施例提供的另一装置中,该装置的生成单元504,包括:In another device provided by an embodiment of the present invention, the generating
第三确定子单元,用于确定所述旅客所处的机场的私钥,并使用该私钥对所述登机认证信息进行签名处理,得到数字签名。The third determining subunit is configured to determine the private key of the airport where the passenger is located, and use the private key to sign the boarding authentication information to obtain a digital signature.
在本发明实施例提供的另一装置中,该装置的触发单元506,包括:In another device provided by an embodiment of the present invention, the
调用子单元,用于所述授权机场获取所述共享数据中的加密数据,并调用自身的私钥对所述加密数据进行解密处理,得到所述登机认证信息;Calling a subunit, used for the authorized airport to obtain the encrypted data in the shared data, and call its own private key to decrypt the encrypted data to obtain the boarding authentication information;
保存子单元,用于将所述登机认证信息进行保存,并将所述旅客的信息更新至所述授权游客列表中。The saving subunit is used to save the boarding authentication information, and update the information of the passenger to the list of authorized tourists.
在本发明实施例提供的另一装置中,该装置还包括:In another device provided by an embodiment of the present invention, the device further includes:
第二获取子单元,用于获取所述旅客的历史授权列表;The second obtaining subunit is used to obtain the historical authorization list of the passenger;
判断子单元,用于基于各个所述授权机场和所述历史授权列表,判断是否存在取消授权的机场;A judging subunit, configured to judge whether there is an airport that has been deauthorized based on each of the authorized airports and the historical authorization list;
删除子单元,用于当确定存在取消授权的机场时,向取消授权的机场发送信息删除请求,使得所述取消授权的机场基于所述信息删除请求将所述旅客的信息删除。The deletion subunit is configured to send an information deletion request to the deauthorization airport when it is determined that there is an airport deauthorization, so that the deauthorization airport deletes the passenger's information based on the information deletion request.
本发明实施例还提供了一种存储介质,所述存储介质包括存储的指令,其中,在所述指令运行时控制所述存储介质所在的设备执行上述信息共享方法。An embodiment of the present invention also provides a storage medium, where the storage medium includes stored instructions, wherein when the instructions are run, the device where the storage medium is located is controlled to execute the above information sharing method.
本发明实施例还提供了一种电子设备,其结构示意图如图7所示,具体包括存储器601,以及一个或者一个以上的指令602,其中一个或者一个以上指令602存储于存储器601中,且经配置以由一个或者一个以上处理器603执行所述一个或者一个以上指令602执行上述信息共享方法。The embodiment of the present invention also provides an electronic device, the structural diagram of which is shown in FIG. It is configured to be executed by one or
上述各个实施例的具体实施过程及其衍生方式,均在本发明的保护范围之内。The specific implementation process of each of the above embodiments and its derivation methods are within the protection scope of the present invention.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统或系统实施例而言,由于其基本相似于方法实施例,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。以上所描述的系统及系统实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。Each embodiment in this specification is described in a progressive manner, the same and similar parts of each embodiment can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system or the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment. The systems and system embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is It can be located in one place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without creative effort.
专业人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Professionals can further realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software or a combination of the two. In order to clearly illustrate the possible For interchangeability, in the above description, the composition and steps of each example have been generally described according to their functions. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.
对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其它实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310034637.1A CN116055057B (en) | 2023-01-10 | 2023-01-10 | Information sharing method and device, storage medium and electronic device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310034637.1A CN116055057B (en) | 2023-01-10 | 2023-01-10 | Information sharing method and device, storage medium and electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116055057A true CN116055057A (en) | 2023-05-02 |
CN116055057B CN116055057B (en) | 2025-06-17 |
Family
ID=86119702
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310034637.1A Active CN116055057B (en) | 2023-01-10 | 2023-01-10 | Information sharing method and device, storage medium and electronic device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116055057B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107231351A (en) * | 2017-05-25 | 2017-10-03 | 远光软件股份有限公司 | The management method and relevant device of electronic certificate |
CN111213147A (en) * | 2019-07-02 | 2020-05-29 | 阿里巴巴集团控股有限公司 | System and method for block chain based cross entity authentication |
CN111914293A (en) * | 2020-07-31 | 2020-11-10 | 平安科技(深圳)有限公司 | Data access authority verification method and device, computer equipment and storage medium |
CN112308533A (en) * | 2020-11-19 | 2021-02-02 | 中国民航信息网络股份有限公司 | Business authorization method and device, electronic equipment and computer storage medium |
CN114499823A (en) * | 2021-12-29 | 2022-05-13 | 济南超级计算技术研究院 | Data sharing platform and method based on block chain |
WO2022114857A1 (en) * | 2020-11-26 | 2022-06-02 | 삼성전자 주식회사 | Electronic device that shares data by using blockchain network, and operation method therefor |
-
2023
- 2023-01-10 CN CN202310034637.1A patent/CN116055057B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107231351A (en) * | 2017-05-25 | 2017-10-03 | 远光软件股份有限公司 | The management method and relevant device of electronic certificate |
CN111213147A (en) * | 2019-07-02 | 2020-05-29 | 阿里巴巴集团控股有限公司 | System and method for block chain based cross entity authentication |
CN111914293A (en) * | 2020-07-31 | 2020-11-10 | 平安科技(深圳)有限公司 | Data access authority verification method and device, computer equipment and storage medium |
CN112308533A (en) * | 2020-11-19 | 2021-02-02 | 中国民航信息网络股份有限公司 | Business authorization method and device, electronic equipment and computer storage medium |
WO2022114857A1 (en) * | 2020-11-26 | 2022-06-02 | 삼성전자 주식회사 | Electronic device that shares data by using blockchain network, and operation method therefor |
CN114499823A (en) * | 2021-12-29 | 2022-05-13 | 济南超级计算技术研究院 | Data sharing platform and method based on block chain |
Also Published As
Publication number | Publication date |
---|---|
CN116055057B (en) | 2025-06-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11206544B2 (en) | Checkpoint identity verification on validation using mobile identification credential | |
KR102020000B1 (en) | Personal information providing system using one time private key based on block chain of proof of use and method thereof | |
US12189743B2 (en) | Self-service biometric enrollment and authentication method, system, and computer program | |
US20240232432A9 (en) | Privacy-preserving mobility as a service supported by blockchain | |
US20180336554A1 (en) | Secure electronic transaction authentication | |
JP7317137B2 (en) | Method and Distributed Ledger System for Supporting Identity Verification Management of Travelers in Airports | |
US12335419B2 (en) | Method and distributed ledger system for supporting sharing of digital health data of travelers in a travel environment | |
US12014363B2 (en) | Apparatus and methods for non-fungible tokens as universal digital identification | |
US20220188954A1 (en) | Identity management system and method | |
CN111914229A (en) | Identity authentication method and device, electronic equipment and storage medium | |
US12118843B2 (en) | Providing digital identifications generated for checkpoint validation based on biometric identification | |
JP2020135651A (en) | Authorization system, management server and authorization method | |
CN112446050B (en) | Business data processing method and device applied to block chain system | |
JP2023519050A (en) | Ways to Support Traveler Travel History Sharing at Airports | |
CN115168827A (en) | Two-dimensional code generating method and two-dimensional code reading method containing identity information | |
US10628665B1 (en) | Enhancing capabilities by cooperatively using identity systems and identification databases | |
CN116055057A (en) | Information sharing method and device, storage medium and electronic equipment | |
JP7451713B2 (en) | Ways to help travelers share their travel history within the airport | |
JP2005348106A (en) | Terminal management system, terminal management method and cellular phone terminal | |
US12342173B2 (en) | System and method for checkpoint access using mobile identification credential for international travel | |
JP2024510558A (en) | Communication network nodes, methods for providing communication network nodes, terminal devices, methods for operating terminal devices, and methods for communication networks | |
CN113516787A (en) | Automatic ticket checking method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |