CN116455657A - Service providing method, device, equipment and system - Google Patents

Service providing method, device, equipment and system Download PDF

Info

Publication number
CN116455657A
CN116455657A CN202310477189.2A CN202310477189A CN116455657A CN 116455657 A CN116455657 A CN 116455657A CN 202310477189 A CN202310477189 A CN 202310477189A CN 116455657 A CN116455657 A CN 116455657A
Authority
CN
China
Prior art keywords
service
service provider
ciphertext data
provider
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310477189.2A
Other languages
Chinese (zh)
Inventor
刘雷
胡锦华
张凯隆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202310477189.2A priority Critical patent/CN116455657A/en
Publication of CN116455657A publication Critical patent/CN116455657A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the specification provides a service providing method, device, equipment and system, wherein the method comprises the following steps: the method comprises the steps that a first service provider receives a first service request which is sent by a user and used for requesting a first service, and first target ciphertext data which is authorized to the first service provider by the user is obtained from a plurality of ciphertext data corresponding to the first service request; acquiring a service processing result of a second service provided by at least one second service provider; providing a first service for a user according to the first target ciphertext data and the acquired service processing result of the second service; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data; the second service provider is located after the first service provider in the service link.

Description

Service providing method, device, equipment and system
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a service providing method, device, equipment, and system.
Background
The information security of users is always a concern in business handling process. In the current business handling process, the user typically grants the use authority of the user information to the business provider of the target business, however, other businesses may be involved in the handling process of the target business, and the target business may be different from the user information required to be used by the other businesses. Under the condition, how to effectively manage the user information in a fine granularity, thereby guaranteeing the information security of the user is a technical problem which needs to be solved urgently.
Disclosure of Invention
One or more embodiments of the present specification provide a service providing method. The method comprises the following steps: and receiving a first service request sent by the user. The first service request is for requesting a first service provider to provide a first service. And acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request. The plurality of ciphertext data includes ciphertext data that the user authorizes to each service provider in a service link. Each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. And acquiring a service processing result of the second service provided by the at least one second service provider. The second service provider is located after the first service provider in the service link. And providing the first service for the user according to the first target ciphertext data and the service processing result.
One or more embodiments of the present specification provide a service providing method. The method includes receiving a second service request sent by a pre-service provider. The pre-service provider is a service provider in the service link that is adjacent to and before the second service provider. The second service request is for requesting the second service provider to provide a second service to the user. The second service request includes at least one ciphertext data. The ciphertext data includes ciphertext data that the user authorizes to at least one service provider in the service link. Each service provider has access to ciphertext data to which it is entitled. And acquiring second target ciphertext data authorized to the second service provider from the ciphertext data. And carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result. According to the service processing result, the service processing result is sent to the server the front-end service provider transmits the indication information. The indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result. Or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
One or more embodiments of the present specification provide a service providing apparatus. The device comprises a receiving module for receiving a first service request sent by a user. The first service request is for requesting a first service provider to provide a first service. The device also comprises a first acquisition module for acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request. The plurality of ciphertext data includes ciphertext data that the user authorizes to each service provider in a service link. Each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. The device also comprises a second acquisition module for acquiring service processing results of the second service provided by the at least one second service provider. The second service provider is located after the first service provider in the service link. The device also comprises a service module which provides the first service for the user according to the first target ciphertext data and the service processing result.
One or more embodiments of the present specification provide a service providing apparatus. The device comprises a receiving module for receiving a second service request sent by the front-end service provider. The pre-service provider is a service provider in the service link that is adjacent to and before the second service provider. The second service request is for requesting the second service provider to provide a second service to the user. The second service request includes at least one ciphertext data. The ciphertext data includes ciphertext data that the user authorizes to at least one service provider in the service link. Each service provider has access to ciphertext data to which it is entitled. The device also comprises an acquisition module for acquiring second target ciphertext data authorized for the second service provider from the ciphertext data. The device also comprises a processing module, and service processing of the second service is carried out according to the second target ciphertext data to obtain a service processing result. The device also comprises a sending module which sends indication information to the front-end service provider according to the service processing result. The indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result. Or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
One or more embodiments of the present specification provide a service providing system. The system includes a first service provider and a plurality of second service providers in a service link. The second service provider is located after the first service provider in the service link. The first service provider provides a first service. Each of the second service providers provides a second service. And the first service provider receives a first service request sent by the user. And acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request. And obtaining service processing results of at least one second service. And providing the first service for the user according to the first target ciphertext data and the service processing result. The plurality of ciphertext data includes the user's authorization to the subject ciphertext data for each service provider in the service link. Each service provider has access to ciphertext data to which it is entitled. And the second service provider performs service processing of the second service based on the acquired ciphertext data after acquiring the authorized ciphertext data, and obtains the service processing result.
One or more embodiments of the present specification provide a service providing apparatus. The apparatus includes a processor. The device further comprises a memory arranged to store computer executable instructions. The computer-executable instructions, when executed, cause the processor to receive a first service request sent by a user. The first service request is for requesting a first service provider to provide a first service. And acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request. The plurality of ciphertext data includes ciphertext data that the user authorizes to each service provider in a service link. Each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. And acquiring a service processing result of the second service provided by the at least one second service provider. The second service provider is located after the first service provider in the service link. And providing the first service for the user according to the first target ciphertext data and the service processing result.
One or more embodiments of the present specification provide a service providing apparatus. The apparatus includes a processor. The device further comprises a memory arranged to store computer executable instructions. The computer-executable instructions, when executed, cause the processor to receive a second service request sent by a pre-service provider. The pre-service provider is a service provider in the service link that is adjacent to and before the second service provider. The second service request is for requesting the second service provider to provide a second service to the user. The second service request includes at least one ciphertext data. The ciphertext data includes ciphertext data that the user authorizes to at least one service provider in the service link. Each service provider has access to ciphertext data to which it is entitled. And acquiring second target ciphertext data authorized to the second service provider from the ciphertext data. And carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result. And sending indication information to the front-end service provider according to the service processing result. The indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result. Or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
One or more embodiments of the present specification provide a computer-readable storage medium. The storage medium is for storing computer-executable instructions. The computer-executable instructions, when executed by the processor, receive a first service request sent by a user. The first service request is for requesting a first service provider to provide a first service. And acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request. The plurality of ciphertext data includes ciphertext data that the user authorizes to each service provider in a service link. Each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. And acquiring a service processing result of the second service provided by the at least one second service provider. The second service provider is located after the first service provider in the service link. And providing the first service for the user according to the first target ciphertext data and the service processing result.
One or more embodiments of the present specification provide a storage medium. The storage medium is for storing computer-executable instructions. The computer-executable instructions, when executed by the processor, receive a second service request sent by a pre-service provider. The pre-service provider is a service provider in the service link that is adjacent to and before the second service provider. The second service request is for requesting the second service provider to provide a second service to the user. The second service request includes at least one ciphertext data. The ciphertext data includes ciphertext data that the user authorizes to at least one service provider in the service link. Each service provider has access to ciphertext data to which it is entitled. And acquiring second target ciphertext data authorized to the second service provider from the ciphertext data. And carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result. And sending indication information to the front-end service provider according to the service processing result. The indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result. Or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
Drawings
For a clearer description of one or more embodiments of the present description or of the solutions of the prior art, the drawings that are necessary for the description of the embodiments or of the prior art will be briefly described, it being apparent that the drawings in the description that follow are only some of the embodiments described in the description, from which, for a person skilled in the art, other drawings can be obtained without inventive faculty.
Fig. 1 is a schematic diagram of a first scenario of a service providing method according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a second scenario of a service providing method according to an embodiment of the present disclosure;
fig. 3 is a schematic flow chart of a first service providing method according to an embodiment of the present disclosure;
fig. 4 is a second flowchart of a service providing method according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of a third flow chart of a service providing method according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram illustrating a first module composition of a service providing apparatus according to an embodiment of the present disclosure;
fig. 7 is a schematic diagram of a second module composition of a service providing apparatus according to an embodiment of the present disclosure;
Fig. 8 is a schematic diagram of a service providing system according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a service providing apparatus according to one or more embodiments of the present disclosure.
Detailed Description
In order to enable a person skilled in the art to better understand the technical solutions in one or more embodiments of the present specification, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the drawings in one or more embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments, which can be made by one or more embodiments of the present disclosure without inventive faculty, are intended to be within the scope of the present disclosure.
Fig. 1 is a schematic application scenario diagram of a service providing method according to one or more embodiments of the present disclosure, where, as shown in fig. 1, the scenario includes: the first terminal device of the user, the second terminal devices of the first service provider included in the service link, and the third terminal devices of the N second service providers, N being an integer greater than 1. Wherein the first service provider is located before the second service provider in the service link, each service provider may be an enterprise, an organization, a person, etc. The first service provider provides a first service, the second service provider provides a second service, and the first service is provided based on a service processing result of at least one second service. It will be appreciated that a different second service provider provides a different second service. The first terminal device may be a mobile device such as a mobile phone, a tablet computer, a desktop computer, a portable notebook computer (only the mobile phone is shown in fig. 1), and a related Application for requesting the first service is installed in the first terminal device, where the Application may be an independent Application program (App), an applet set in other Application programs, or a web Application. The second terminal device and the third terminal device may be mobile devices or service terminals; the mobile device may be a mobile phone, a tablet computer, a desktop computer, a portable notebook computer, etc.; the server may be an independent server, or may be a server cluster formed by a plurality of servers (e.g. only the independent server is shown in fig. 1).
Specifically, when a user wants to request a first service provider to provide a first service, operating a related application for requesting the first service in a first terminal device of the user to submit an acquisition request of the first service; the first terminal device sends a first service request to a second terminal device of the first service provider in response to a submitting operation of a user. The second terminal equipment receives a first service request sent by the first terminal equipment, and acquires first target ciphertext data authorized by a user to a first service provider from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data corresponding to the first service request comprises ciphertext data authorized by the user to each service provider in the service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data; that is, when the third terminal device of each second service provider acquires ciphertext data authorized by the corresponding second service provider, service processing of the second service is performed based on the acquired ciphertext data, and a service processing result is obtained. The second terminal device of the first service provider sends a second service request to the second terminal device of the rear second service provider, and when a service processing result of the second service provided by at least one second service provider is obtained, the second terminal device of the first service provider provides a first service for the user according to the first target ciphertext data and the obtained service processing result, and sends a service providing result to the first terminal device of the user.
It can be seen that in the service providing process, the plurality of ciphertext data corresponding to the first service request includes ciphertext data authorized by the user to each service provider in the service link, and each service provider only has access rights to the ciphertext data authorized by the user. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
Further, in one or more embodiments of the present disclosure, on the basis of the application scenario, as shown in fig. 2, the method may further include: a third party authority, a fourth terminal device of a third service provider, and a blockchain system.
The third-party authority can register the corresponding service provider in the service link based on the registration request sent by each service provider in the service link, issue a digital certificate for the corresponding service provider and store the corresponding registration record information in the blockchain system. The service providers perform data interaction based on the digital certificates, and when each second service provider acquires authorized ciphertext data and the digital certificate to be verified, a first verification request is sent to a third party authority; correspondingly, the third party authority further performs verification processing based on the received first verification request, sends a verification result to the second service provider, and stores verification record information into the blockchain system. For details of the registration process and the verification process of the third party authority, see the following description.
The third service provider is used for providing authorization service and the like, and after receiving the first service request, the second terminal equipment of the first service provider sends authorization completion information to the fourth terminal equipment of the third service provider according to the authorization protocol and the obtained plaintext data to be processed if the authorization protocol signed by the user is obtained. Correspondingly, the fourth terminal device stores the authorization record information generated based on the authorization protocol to the blockchain system, acquires the public key of each service provider in the service link, encrypts the corresponding plaintext data by using the public key according to the authorization information included in the authorization protocol to obtain a plurality of ciphertext data, and sends the ciphertext data to the second terminal device of the first service provider.
The blockchain system may include a plurality of blockchain nodes (not shown in fig. 2) that access the blockchain, with the aforementioned registration record information, authentication record information, authorization record information, and the like maintained in the blockchain system.
Therefore, registration service, verification service and the like of the service link are provided by the third party authority, and the effectiveness of the service link and the credibility of data interaction among all service providers are ensured; the third service provider provides the authorization service and encrypts the plaintext data of the user, so that fine granularity management of the user data is realized, and the data security of the user is ensured; by storing each record information through the block chain system, the validity of the related information and the basis and traceability of data transfer can be ensured based on the characteristics of credibility, non-falsification and the like of the block chain.
Based on the above application scenario, one or more embodiments of the present specification provide a service provider. Fig. 3 is a flowchart of a service providing method according to one or more embodiments of the present disclosure, where the method in fig. 3 can be performed by a second terminal device of the first service provider in fig. 1, and as shown in fig. 3, the method includes the following steps:
step S102, receiving a first service request sent by a user; the first service request is for requesting the first service provider to provide the first service;
the specific service type of the first service may be set according to needs in practical applications, and the present disclosure is not limited specifically. For example, the first service is any one of an account opening service, a payment service, a lending service, and the like.
Step S104, obtaining first target ciphertext data authorized to a first service provider by a user from a plurality of ciphertext data corresponding to a first service request; the plurality of ciphertext data comprises ciphertext data authorized to each service provider in the service link by the user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
In order to achieve fine granularity management of user data and ensure data security of the user, in one or more embodiments of the present disclosure, after receiving a first service request, a second terminal device of a first service provider obtains a plurality of ciphertext data corresponding to the first service request from a third service provider that provides an authorization service, and obtains first target ciphertext data authorized to the first service provider by the user from the plurality of ciphertext data. The detailed process of the second terminal device obtaining the plurality of ciphertext data corresponding to the first service request from the third service provider may be referred to as related description hereinafter.
According to the sequence of the above ciphertext data flowing among the service providers, the service link sequentially comprises a first service provider and a plurality of second service providers, namely the second service provider is positioned behind the first service provider in the service link. The second service provider provides second services, and different second service providers provide different second services, wherein the different second services can comprise independent relations or association relations. The independent relationship refers to a service processing process of a certain second service independent of a service processing result of another second service, and the association relationship refers to a service processing process of a certain second service which needs to depend on the service processing result of another associated second service or services. It should be noted that, the relationship between the second services and the service type of the second service may be set in actual application according to needs, which is not specifically limited in this specification. By way of example, the second service may include a credit service, a wind control service, or the like.
Step S106, obtaining a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
in one or more embodiments of the present specification, the first service may be provided based on a service provision result of each of the second services. For example, the service link includes 3 second service providers, and for convenience of description, the 3 second service providers are respectively denoted as a second service provider 1, a second service provider 2, and a second service provider 3 according to the order in which ciphertext data flows between the service providers; wherein the second service provider 1 provides the second service 1, the second service provider 2 provides the second service 2, and the second service provider 3 provides the second service 3; the second service 1, the second service 2 and the second service 3 may be independent from each other; the second service 1 and the second service 2 can be independent relations, and the second service 2 and the second service 3 can be association relations; the association relationship between the second service 1 and the second service 2, the association relationship between the second service 2 and the second service 3, and the like may be also used. The first service is provided based on the service processing result 1 of the second service 1, the service processing result 2 of the second service 2, and the processing result 3 of the second service 3; accordingly, in step S106, the service processing result of the second service provided by each second service provider is obtained.
In another or more embodiments of the present specification, the first service may be provided based on a service provision result of a part of the second service. For example, the service link includes 3 second service providers in the above example, where the second service 1 is an independent relationship with the second service 2, the second service 1 is an independent relationship with the second service 3, the second service 2 is an association relationship with the second service 3 (i.e., the service processing of the second service 2 depends on the service processing result 3 of the second service 3), and the first service is provided based on the service processing result 1 of the second service 1 and the service processing result 2 of the second service 2, and accordingly, the service processing results of the second service provided by the second service provider 1 and the second service provider 2 are obtained in step S106.
Step S108, providing a first service for the user according to the first target ciphertext data and the service processing result.
In one or more embodiments of the present disclosure, a first service provider receives a first service request sent by a user, and obtains first target ciphertext data authorized by the user to the first service provider from a plurality of ciphertext data corresponding to the first service request; obtaining a service processing result of a second service provided by at least one second service provider positioned behind the first service provider in the service link, and providing a first service for a user according to the first target ciphertext data and the obtained service processing result; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
In order for the first service provider to smoothly provide the first service to the user, as shown in fig. 4, after the third party authority succeeds in registration, each second service provider (two second service providers are shown in fig. 4 as an example) in the service link sends a registration request to the third party authority to request registration in the service link. Specifically, in one or more embodiments of the present disclosure, the following steps S100-2 to S100-4 may be further included before step S102:
step S100-2, acquiring registration information of a first service provider;
specifically, the second terminal device is provided with a registration application for registering the service link, and the registration application may be an independent application program, an applet set in other application programs, a web application, or the like. The first service provider can operate the registration application in the second terminal equipment, edit the registration information and then submit. And the second terminal equipment responds to the submitting operation of the first service provider and acquires the registration information of the first service provider. The registration information may include, among other things, a provider identification of the first service provider, a provider identification of a second service provider that is subsequent to the first service provider, a relevant qualification that the first service provider may provide the first service, and so on. The second service provider behind the first service provider is a second service provider adjacent to the first service provider in the service link and located behind the first service provider. The provider identifier may be the name of the service provider, or may be a business license number of the service provider, etc., which may be set in actual application according to needs.
It should be noted that, after each service provider in the service link is successfully registered, the circulation sequence of ciphertext data between each service provider and the circulation sequence of service processing results between each service provider are also determined immediately, so that in order to ensure the validity of data circulation, the provider identification of the post service provider needs to be included in the registration information of each service provider except the last second service provider according to the circulation sequence of ciphertext data. Wherein the post service provider is a service provider adjacent to and behind the service provider in the service link. That is, the order of the positions of the service providers in the service link is identical to the order of the ciphertext data flowing between the service providers, the order of the ciphertext data flowing between the service providers is opposite to the registration order of the service providers, and the order of the service processing results flowing between the service providers is identical to the registration order of the service providers.
For example, the service link includes a first service provider, a second service provider 1, and a second service provider 2 in this order. The post-service provider of the first service provider is a second service provider 1, the post-service provider of the second service provider 1 is a second service provider 2, and the second service provider 2 has no post-service provider. Then, the order of the ciphertext data is from the first service provider to the second service provider 1, and then from the second service provider 1 to the second service provider 2; the circulation sequence of the service results is from the second service provider 2 to the second service provider 1 and then from the second service provider 1 to the first service provider; the registration order is the second service provider 2, the second service provider 1, the first service provider in order; that is, the second service provider 2 registers first, and after the second service provider 2 registers successfully, the second service provider 1 registers based on the provider identification of the second service provider 2; after the second service provider 1 is successfully registered, the first service provider registers based on the provider identification of the second service provider 1.
Step S100-4, a registration request is sent to a third party authority according to registration information; the registration request is used for requesting a third party authority to register the first service provider in the service link, issuing a digital certificate for the first service provider, and storing the generated registration record information to the blockchain system after successful registration;
when the third-party authority receives the registration request, determining whether the post-service provider is successfully registered according to the provider identification of the post-service provider included in the registration information; if yes, registering the first service provider into the service link according to the registration information, and issuing a digital certificate for the first service provider; and after the successful registration is determined, generating registration record information according to the registration information, storing the registration record information into a blockchain system, and sending a registration result to the second terminal equipment of the first service provider.
Wherein issuing a digital certificate for the first service provider may include: assigning a key pair to a first service provider; carrying out signature processing on the appointed information according to the private key of the third party authority to obtain second signature data; a digital certificate is generated from the provider identification of the first service provider, the provider identification of the post service provider, the public key of the key pair, and the second signature data. The registration result may also include the private key of the key pair.
The third party authority determines whether the post service provider is successfully registered according to the provider identifier of the post service provider included in the registration information, which may include: and determining whether the associated registration record information is queried from the blockchain system according to the provider identification of the rear service provider included in the registration information, if so, determining that the rear service provider is successfully registered, and if not, determining that the target rear service provider is not successfully registered.
Further, considering that in practical application, the same service provider may register into a plurality of different service links, in order to effectively distinguish different service links, thereby completing effective registration, in one or more embodiments of the present disclosure, when a third party authority receives a registration request, if it is determined that the service provider corresponding to the registration request is the first registered service provider of the corresponding service link, a link identifier may be further allocated to the service link, and a registration result may be sent to the service provider according to the link identifier, relevant information representing successful registration and an issued digital certificate. Correspondingly, the foregoing registration information may further include the link identifier, and the determining, by the third party authority, whether the post service provider has successfully registered according to the provider identifier of the post service provider included in the registration information may further include: and determining whether the associated registration record information is queried from the blockchain system according to the provider identification and the link identification of the rear service provider included in the registration information, if so, determining that the rear service provider is successfully registered, and if not, determining that the rear service provider is unsuccessfully registered.
In one or more embodiments of the present description, a third party authority may be provided with a blockchain node that accesses a blockchain; correspondingly, the third party authority stores each record information into the blockchain system, which may include: storing each record information to a block chain system through a block chain link point of the block chain system;
in another or more embodiments of the present disclosure, the third party authority may not further set a blockchain node that accesses the blockchain; correspondingly, the third party authority stores each record information into the blockchain system, which may include: and sending a save request to a blockchain node in the blockchain system according to each piece of record information, wherein the save request is used for requesting the blockchain node to save the corresponding piece of record information into the blockchain system.
Step S100-6, receiving a registration result sent by a third party authority; the registration result comprises relevant information and a digital certificate which represent successful registration;
the registration result may further include a private key allocated to the first service provider by the third party authority, and correspondingly, after receiving the registration result sent by the third party authority, the second terminal device of the first service provider may further store the digital certificate and the private key in the registration result.
By registering in the service link, the identity credibility of the first service provider in the service link and the credibility of data flow in the providing process of the first service are guaranteed.
Considering that in practical applications, the user data that needs to be used by different second service providers when providing their second services are often different, in order to avoid that plaintext data of a user flows widely in the processing procedure of the first service, and in order to make the user perceive which service providers will be used by their user data, in one or more embodiments of the present disclosure, as shown in fig. 4, when receiving a first service request, the second terminal device of the first service provider further sends an authorization protocol to be signed to the first terminal device, and sends authorization completion information to the fourth terminal device of the third service provider based on the obtained signing completion information, so as to obtain, from the fourth terminal device of the third service provider, a plurality of ciphertext data corresponding to the first processing request. Specifically, the step S104 may be preceded by the following steps S103-2 and S103-4:
step S103-2, if the authorization protocol signed by the user is obtained, transmitting authorization completion information to a third service provider providing authorization service according to the authorization protocol and the obtained plaintext data to be processed; the authorization completion information is used for indicating a third service provider to store authorization record information generated based on an authorization protocol into the blockchain system, and obtaining public keys of all service providers in a service link, and according to the authorization information included in the authorization protocol, encrypting corresponding plaintext data by using the public keys to obtain a plurality of ciphertext data; the authorization information comprises a data identifier of data authorized to each service provider;
Specifically, when the second terminal device receives a first service request sent by the first terminal device, sending an authorization protocol to be signed to the first terminal device; the first terminal equipment displays the received authorization protocol, and when the signing completion information of the user is obtained, the signing result is sent to the second terminal equipment according to the authorization protocol signed by the user. The second terminal equipment acquires an authorization protocol signed by a user from a signing result sent by the first terminal equipment, and acquires plaintext data to be processed corresponding to the first processing request; and sending authorization completion information to fourth terminal equipment of the third service provider according to the authorization protocol signed by the user and the to-be-processed plaintext data. And the fourth terminal equipment acquires the digital certificates of all the service providers in the service link when receiving the authorization completion information, and sends a second verification request to the third party authority according to the acquired digital certificates. The third party authority acquires the digital certificates to be verified from the second verification request, performs signature verification processing on the second signature data in each digital certificate according to the public key of the third party authority, and determines whether a service link formed by the service provider corresponding to each digital certificate is effective or not according to registration record information stored in the blockchain system, if so, a verification result for verifying and characterizing verification is sent to the fourth terminal equipment; if not, sending a verification result that the verification characterization verification fails to pass to the fourth terminal equipment. If the fourth terminal device determines that the received verification result represents that verification is passed, according to authorization information included in an authorization protocol, encrypting corresponding plaintext data by using a public key of a service provider included in a digital certificate to obtain a plurality of ciphertext data, and transmitting the plurality of ciphertext data to second terminal devices of the first service provider; wherein the authorization information includes a data identification of data authorized to each service provider.
As an example, the service link includes a first service provider, a second service provider 1 and a second service provider 2, and the authorization information includes authorizing user data 1 and user data 2 to the first service provider, user data 1 and user data 3 to the second service provider 1, and user data 1, user data 2 and user data 3 to the second service provider 2; the fourth terminal device encrypts the user data 1 and the user data 2 according to the public key in the digital certificate of the first service provider to obtain ciphertext data 1; encrypting the user data 1 and the user data 3 according to the public key in the digital certificate of the second service provider 1 to obtain ciphertext data 2; the user data 1, the user data 2 and the user data 3 are encrypted according to the public key in the digital certificate according to the second service provider 2, so as to obtain ciphertext data 3.
Further, the obtaining, by the second terminal device, plaintext data to be processed corresponding to the first processing request may include: and acquiring the plaintext data to be processed from the first service request, and/or acquiring the associated plaintext data to be processed according to the login information of the related application of the user for requesting the first service. It may be appreciated that, when the user registers the relevant application for requesting the first service, user data (e.g. a mobile phone number of the user) may be provided, so as to avoid that the user provides his user data multiple times, in one or more embodiments of the present disclosure, the second terminal device may store, in association with login information (e.g. a login account) of the user, the user data provided when the user registers the application; and when the authorization protocol signed by the user is acquired, if the plaintext data to be processed is determined to comprise the user data provided when the user registers the application, acquiring the user data stored in association according to the login information of the user, and determining the acquired user data as the plaintext data to be processed.
Further, when each service provider in the third service provider and the service link is deployed with a blockchain node accessing the blockchain system, the fourth terminal device (i.e. the blockchain node of the third service provider) obtains the digital certificate of each service provider in the service link, which may include: broadcasting a digital certificate acquisition request in a block chain system, so that when the block chain node of each service provider acquires the digital certificate acquisition request, a digital integer is sent to fourth terminal equipment; digital integers sent by the service providers are received. When the third service provider and each service provider in the service link do not deploy a blockchain node accessing the blockchain system, the fourth terminal device obtains a digital certificate of each service provider in the service link, which may include: and sending a digital certificate acquisition request to each service provider in the service link, and receiving the digital certificate sent by each service provider.
Step S103-4, a plurality of ciphertext data transmitted by the third service provider are received.
Further, in order to ensure that each service provider in the service link can accurately acquire the authorized ciphertext data, in one or more embodiments of the present disclosure, when the fourth terminal device sends multiple ciphertext data to the second terminal device, the fourth terminal device may send the ciphertext data and the provider identifier of each service provider to the second terminal device in association with each other; accordingly, in step S104, the obtaining, from the plurality of ciphertext data corresponding to the first service request, first target ciphertext data authorized by the user to the first service provider may include: acquiring associated ciphertext data from the association relationship between a plurality of ciphertext data corresponding to the first service request and the provider identifier according to the provider identifier of the first service provider; and determining the acquired ciphertext data as first target ciphertext data authorized to the first service provider by the user. In one embodiment, the association may be in the form of a key-value, where key is the provider identification and value is ciphertext data. It should be noted that, for the specific form of the association relationship, the association relationship can be set according to the needs in practical application.
In another or more embodiments of the present disclosure, when the fourth terminal device sends a plurality of ciphertext data to the second terminal device, the fourth terminal device may generate, according to the determined data flow sequence of the ciphertext data, splicing data based on the ciphertext data and a preset segmentation identifier, where the segmentation identifier is set between ciphertext data corresponding to different service providers in the splicing data; accordingly, in step S104, the obtaining, from the plurality of ciphertext data corresponding to the first service request, the first target ciphertext data authorized by the user to the first service provider may include: acquiring a first preset segmentation identifier from spliced data of a plurality of ciphertext data corresponding to a first service request according to a front-to-back sequence; and determining the ciphertext data before the first preset segmentation mark as first target ciphertext data authorized to the first service provider by the user.
Therefore, different user data are authorized to different service providers through the user signing authorization protocol, and each service provider only has the authorized access right to ciphertext data, so that not only is the fine-grained authorization of the user data realized, but also the fine-grained management of the user data is realized, the large-scale circulation of plaintext of the user data can be effectively avoided, and the data security of the user is ensured.
Further, after the second terminal device obtains the first target ciphertext data, in order to implement the providing process of the first service, a service processing result of at least one second service is obtained from a second service provider arranged behind the second terminal device. Specifically, the step S106 of obtaining the service processing result of the second service provided by the at least one second service provider may include the following steps S106-2:
step S106-2, based on a plurality of ciphertext data corresponding to the first service request and the digital certificate of the first service provider, acquiring a service processing result of the second service provided by at least one second service provider from a rear-mounted second service provider;
specifically, determining data to be sent in a plurality of ciphertext data corresponding to a first service request; signing the data to be sent by using a private key of a first service provider to obtain first signed data; according to the data to be sent, the first signature data, the service parameters corresponding to the first service request and the digital certificate of the first service provider, sending a second service request to a rear-mounted second service provider; receiving indication information sent by a rear second service provider, and acquiring a service processing result of at least one second service from the indication information. Wherein the digital certificate of the first service provider is issued by the third party authority when the first service provider registers with the service link. Each second service provider transmits the acquired service processing result of at least one second service to the adjacent previous service provider in the service link after performing service processing of the second service based on the acquired ciphertext data. The second service request is used for requesting a rear-mounted second service provider, and after a verification passing result of the digital certificate is obtained from the third party authority based on the hash value of the service parameter and the first signature data is verified according to the public key of the first service provider sent by the third party authority, service processing of the second service is carried out based on ciphertext data authorized by the rear-mounted second service provider; and sending indication information to the first service provider according to the acquired service processing result of the at least one second service.
Wherein determining data to be transmitted in the plurality of ciphertext data corresponding to the first service request may include: and determining ciphertext data except the first target ciphertext data in the plurality of ciphertext data as data to be transmitted. The private key of the first service provider may be the private key of a key pair assigned to the first service provider by the third party authority when the first service provider sends a registration request to the third party authority. The service parameters corresponding to the first service request may include a user identifier of the user, a timestamp of the second terminal device for receiving the first service request, and the like, and the specific content of the service parameters may be set according to needs in practical applications. Operations performed by the post-second service provider after receiving the second service request may be referred to in the following related description, and will not be repeated here.
Therefore, the second service request is sent to the rear-mounted second service provider based on the first signature data, the digital certificate issued by the third-party authority and the corresponding service parameters of the first service request, so that the service processing result of the second service is obtained, the validity of the identity of the first service provider can be proved based on the first signature data and the digital certificate, the first service request and the data transfer link thereof can be identified based on the service parameters, and the third-party authority can conveniently verify the data transfer link later.
Further, in order to ensure that the first service can be reasonably provided, in one or more embodiments of the present disclosure, the step S108 may include the following steps S108-2 to S108-6:
step S108-2, determining whether the service processing result meets a preset condition;
in one embodiment, the first service may be an internet financial service, the second service may include a credit investigation service, a wind control service, and the like, and if it is determined that the credit rating of the user represented by the service processing result of the credit investigation service is higher than a preset rating, and the risk does not exist in the service processing result representation of the wind control service, it is determined that the service processing result meets a preset condition. It can be appreciated that the preset conditions may be different according to the second service, and may be set according to the needs in practical applications.
Step S108-4, if yes, decrypting the first target ciphertext data by using a private key of the first service provider to obtain first target plaintext data;
specifically, a stored private key of a first service provider is obtained, and according to a preset decryption algorithm, the obtained private key is utilized to decrypt the first target ciphertext data, so that the first target plaintext data is obtained.
Step S108-6, providing the first service to the user according to the first target plaintext data and the service processing result.
As an example, if the first service is an account opening service, the account opening service is provided to the user according to the first target plaintext data and the service processing result.
It should be noted that, in one or more embodiments of the present disclosure, the second terminal device may further perform, before obtaining the service processing result of the second service, the related processing of the first service based on the first target ciphertext, that is, step S108 may further include: decrypting the first target ciphertext data by using a private key of the first service provider to obtain first target plaintext data; performing first processing of the first service according to the first target plaintext data to obtain a target processing result; determining whether a service processing result of the second service meets a preset condition, if so, performing second processing of the first service according to the target processing result and the service processing result of the second service to obtain a providing result of the first service; or if the service processing result of the second service meets the preset condition, determining the target processing result as the providing result of the first service.
In one or more embodiments of the present disclosure, a first service provider receives a first service request sent by a user, and obtains first target ciphertext data authorized by the user to the first service provider from a plurality of ciphertext data corresponding to the first service request; obtaining a service processing result of a second service provided by at least one second service provider positioned behind the first service provider in the service link, and providing a first service for a user according to the first target ciphertext data and the obtained service processing result; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
Corresponding to the above-described service providing method, one or more embodiments of the present specification provide another service providing method based on the same technical idea, fig. 5 is a flow diagram of another service providing method provided by one or more embodiments of the present disclosure, where the method of fig. 5 can be performed by a third terminal device of the second service provider in fig. 1; as shown in fig. 5, the method comprises the steps of:
step S202, receiving a second service request sent by a front-end service provider; the pre-service provider is a service provider adjacent to and before the second service provider in the service link; the second service request is used for requesting a second service provider to provide a second service to the user, the second service request comprises at least one ciphertext data, and the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
wherein the second service provider is any one of the second service providers in the service link. It will be appreciated that the pre-service provider varies from one second service provider to another. For example, according to the data flow direction of the ciphertext data, the service link sequentially includes a first service provider, a second service provider 1, a second service provider 2, and a second service provider 3, and then the first service provider has no front service provider, and for the second service provider 1, the front service provider is the first service provider; for the second service provider 2, its front service provider is the first service provider 1; for the second service provider 3, its front-end service provider is the service provider 2.
Step S204, obtaining second target ciphertext data authorized to a second service provider by a user from ciphertext data included in the second service request;
specifically, when the fourth terminal device of the third service provider associates and sends the ciphertext data with the provider identifier of each service provider to the second terminal device of the first service provider, the second service request includes an association relationship between the ciphertext data and the provider identifier; accordingly, step S204 may include: and the second service provider acquires the associated ciphertext data from the association relationship according to the provider identification, and determines the acquired ciphertext data as second target ciphertext data authorized to the second service provider by the user. When the fourth terminal equipment of the third service provider splices the ciphertext data through a preset segmentation mark according to the circulation sequence of the ciphertext data and sends the spliced data to the second terminal equipment of the first service provider, the second service request comprises spliced data to be processed currently; accordingly, step S204 may include: acquiring a first preset segmentation identifier from the current spliced data to be processed according to the sequence from front to back; and determining the ciphertext data before the first preset segmentation mark as second target ciphertext data authorized to the second service provider by the user.
Step S206, performing service processing of the second service according to the second target ciphertext data to obtain a service processing result;
the service processing process may be different according to the second service, and may be set according to the needs in practical application, which is not specifically limited in this specification.
Step S208, sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide the first service for the user according to the service processing result; or, the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
It will be appreciated that the role of the indication information varies from one pre-service provider to another. When the front-end service provider is a first service provider, the indication information is used for indicating the front-end service provider to provide a first service for the user according to a service processing result; when the front-end service provider is the second service provider, the indication information is used for indicating the front-end service provider to process the service processing result according to the target processing mode. The target processing mode may include a first processing mode and a second processing mode, where the first processing mode is to provide a second service based on a corresponding service processing result, and the second processing mode is to send indication information to the front-end service provider based on the corresponding service processing result.
In one or more embodiments of the present disclosure, when a second service provider receives a second service request sent by a front-end service provider, the second service provider obtains second target ciphertext data authorized by a user to the second service provider from at least one ciphertext data included in the second service request; and carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result, and sending indication information to the front-end service provider according to the service processing result. The ciphertext data comprises ciphertext data which is authorized to at least one service provider in the service link by a user; each service provider has access to ciphertext data to which it is entitled. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
In order for the second service provider to participate in the service provision process of the first service, in one or more embodiments of the present description, the second service provider first registers with a third party authority as shown in fig. 4. Specifically, the step S202 may be preceded by the following steps S200-2 to S200-6:
Step S200-2, obtaining registration information of a second service provider;
step S200-4, a registration request is sent to the third party authority according to registration information; the registration request is used for requesting the third party authority to register the second service provider into the service link, issuing a digital certificate to the second service provider, and storing the generated registration record information into the blockchain system after the registration is successful;
step S200-6, receiving a registration result sent by a third party authority; the registration result includes relevant information characterizing the success of the registration and a digital certificate issued to the second service provider.
The specific implementation process of step S200-2 to step S200-6 is the same as the specific implementation process of step S100-2 to step S100-6, and reference may be made to the above description, and the repetition is not repeated here. It should be noted that, as described above, the order of data flow of the ciphertext data is opposite to the order of registration of the service providers, so that the second service provider who performs registration for the first one does not include the provider identification of the latter second service provider in the order of flow of the ciphertext data, because it does not have the latter second service provider. It will be appreciated that for a second service provider, a post-second service provider is a second service provider in the service link that is adjacent to and behind the second service provider. For example, the service link includes a first service provider, a second service provider 1, a second service provider 2, and a second service provider 3 in this order, and then the second service provider is the second service provider 1 for the first service provider. For the second service provider 1, the latter second service provider is the second service provider 2; for the second service provider 2, the latter second service provider is the second service provider 3; for the second service provider 3 it has no post service provider.
Therefore, the second service provider sends a registration request to the third authority to register in the service link, so that the validity of the identity of the second service provider can be ensured, and the accuracy of subsequent data circulation can be ensured.
In order to ensure the identity of the front-end service provider is valid and the accuracy of data streaming, in one or more embodiments of the present disclosure, the second service request may further include: the method comprises the steps of carrying out signature processing on ciphertext data based on a digital certificate of a front-end service provider, first signature data obtained by carrying out signature processing on the ciphertext data based on a private key of the front-end service provider, and service parameters of a user about first service; correspondingly, after step S202, the following step S203 may be further included:
step S203, the public key of the front service provider is obtained from the third party authority according to the digital certificate of the front service provider, the service parameters and the digital certificate of the second service provider; performing signature verification processing on the first signature data included in the second service request according to the obtained public key;
specifically, the third terminal device performs hash processing on service parameters included in the service processing request according to a preset hash algorithm to obtain a hash value; sending a first verification request to a third party authority according to the hash value, the digital certificate of the front service provider and the digital certificate of the second service provider; and acquiring the public key of the front-end service provider from the received verification result sent by the third-party authority. The first verification request is used for requesting the third party authority to send a verification result representing that verification is passed to a second service provider corresponding to the first verification request according to a public key of the front service provider after the digital certificate included in the verification request is verified, and storing verification record information generated based on the hash value to the blockchain system.
When a third party authority receives a first verification request sent by a second terminal device, performing verification processing on a digital certificate (a digital certificate of a front service provider and a digital certificate of a second service provider) included in the first verification request, acquiring a public key of the front service provider from the digital certificate of the front service provider after verification is passed, and sending a verification result representing that verification is passed to the third terminal device of the second service provider corresponding to the first verification request according to the acquired public key; and generating verification record information according to the hash value included in the first verification request and the determined current data flow link of the ciphertext data, and storing the verification record information to the blockchain system. The current data flow link is used for characterizing the service provider to which the ciphertext data is currently circulated according to the flow sequence of the ciphertext data among the service providers.
The third party service organization performs verification processing on the digital certificate included in the first verification request, which may include: respectively carrying out signature verification processing on second signature data in the digital certificate of the front service provider and second signature data in the digital certificate of the second service provider, which are included in the first verification request, by utilizing a public key of the third party authority; and determining whether the provider identification of the rear service provider included in the digital certificate of the front service provider is consistent with the provider identification of the second service provider; if the signing verification processes are all passed and the provider identification is consistent, the digital certificate of the front-end service provider and the digital certificate of the second service provider are confirmed to be passed.
Further, in order to ensure the validity of the data flow link, in one or more embodiments of the present disclosure, before performing the verification process on the digital certificate included in the first verification request, the third party authority may further include: determining the position information of a second service provider corresponding to the first verification request in a service link; if the location information characterizes that the second service provider is the first second service provider in the service link, executing a step of verifying the digital certificate included in the first verification request; if the position information represents that the second service provider is not the first second service provider in the service link and is not the last service provider, determining whether the associated verification record information is queried in the blockchain system according to the hash value; if yes, executing a step of verifying the digital certificate included in the first verification request; if the position information represents that the second service provider is the last service provider in the service link and the associated verification record information is queried in the blockchain system according to the hash value, determining whether the current data flow link included in the verification record information is matched with the service link, and if so, executing the step of verifying the digital certificate included in the first verification request.
Correspondingly, generating verification record information according to the hash value included in the first verification request and the determined current data flow link corresponding to the first request, and storing the verification record information to the blockchain system, which may include: if the second service provider corresponding to the first verification request is determined to be the first second service provider in the service links, determining that the current data stream link is the user-first service provider-first second service provider (also referred to as the second service provider 1), associating the hash value included in the first verification request with the determined current data stream link, determining the recorded information as verification record information, and storing the verification record information to the blockchain system. If the second service provider corresponding to the first verification request is not the first second service provider in the service link, inquiring the associated last verification record information from the blockchain system according to the hash value included in the first verification request, reading a data stream link in the last verification record information, and adding the second service provider corresponding to the first verification request to the read data stream link to obtain a current data stream link; and associating the hash value included in the first verification request with the determined current data stream link to record, determining recorded information as verification record information, and storing the verification record information into a blockchain system. For example, according to the circulation direction of ciphertext data, the service link sequentially includes a first service provider, a second service provider 1, a second service provider 2 and a second service provider 3, the second service provider corresponding to the first verification request is the second service provider 2, and then the data circulation link included in the last piece of verification record information obtained from the blockchain system according to the hash value included in the first verification request is "user-first service provider-second service provider 1", and the determined current data circulation link is "user-first service provider-second service provider 1-second service provider 2".
In one embodiment, the hash value in the verification record information and the current data stream link may be in the form of key-value, that is, the hash value is key, and the current data stream link is value; when the second service provider corresponding to the first verification request is not the first second service provider in the service link, the step of storing the verification record information into the blockchain system can be to add the determined current data stream link to the verification record information queried from the blockchain system based on the hash value; or generating new verification record information according to the hash value and the determined current data stream link, and storing the new verification record information into the block chain system.
It should be noted that, for the specific form of the verification record information and the current data stream link, the specific limitation is not made in the present specification, and it can be set according to the needs in practical application.
Further, the determining, by the third party authority, the location information of the second service provider corresponding to the first verification request in the service link may include: if the digital certificate of the front-end service provider included in the first verification request is determined to be the digital certificate of the first service provider, determining that the position information of the second service provider corresponding to the first verification request is the first second service provider in the service link; if the digital certificate of the front service provider included in the first verification request is not the digital certificate of the first service provider, and the digital certificate of the second service provider included in the first verification request contains the provider identification of the rear service provider, determining that the position information of the second service provider corresponding to the first verification request is not the first second service provider in the service link and is not the last service provider; and if the digital certificate of the front service provider included in the first verification request is not the digital certificate of the first service provider, and the digital certificate of the second service provider included in the first verification request does not contain the provider identification of the rear service provider, determining that the position information of the second service provider corresponding to the first verification request is the last service provider in the service link.
Corresponding to step S203 described above, step S204 may include: if the result of the signature verification processing is that the signature verification passes, second target ciphertext data authorized to the second service provider is obtained from ciphertext data included in the second service request.
When receiving a second service request sent by the front-end service provider, the second service provider firstly sends a first verification request to a third-party authority based on the digital certificate and the hash value of the service parameter, and the third-party authority stores verification record information generated based on the hash value and the determined current data flow link to the blockchain system, so that the validity of the identity of the front-end service provider can be ensured, and the data flow link can be traced and verified based on the verification record information in the blockchain system, so that the accuracy of data flow is ensured.
In order to enable the first service to be smoothly provided, in one or more embodiments of the present disclosure, when the second service provider is not the last second service provider in the service link, the method may further include:
if receiving the indication information sent by the rear second service provider of the second service provider, acquiring at least one service processing result to be processed from the received indication information; determining a target processing mode of each service processing result to be processed;
If the target processing mode is the first processing mode, in step S206, service processing of the second service is performed according to the second target ciphertext data, so as to obtain a service processing result, including:
performing service processing of the second service according to the second target ciphertext data and the service processing result to be processed corresponding to the first processing mode to obtain a service processing result;
if the target processing mode is the second processing mode, in step S208, instruction information is sent to the front-end service provider according to the service processing result, including:
and sending indication information to the front-end service provider according to the service processing result to be processed corresponding to the second processing mode and the service processing result of the second service provider.
For example, according to the circulation direction of the ciphertext data, the service link sequentially comprises a first service provider, a second service provider 1, a second service provider 2 and a second service provider 3, wherein the second service 1 of the second service provider 1 and the second service 2 of the second service provider 2 are in an association relationship, and the second service 2 of the second service provider 2 and the second service 3 of the second service provider 3 are in an independent relationship. The above steps S202 to S208 are currently performed by the third terminal device of the second service provider 1, and then the third terminal device of the second service provider 1 also receives the indication information sent by the third terminal device of the second service provider 2, the indication information comprises a service processing result 2 of the second service 2 to be processed and a service processing result 3 of the second service 3; in step S206, the third terminal device of the second service provider 1 performs service processing of the second service according to the second target ciphertext data and the service processing result 2, to obtain a service processing result 1; and in step S208, the indication information is transmitted to the second terminal device of the first service provider according to the service processing result 3 and the service processing result 1.
Further, in order for each second service provider to be able to provide its second service, in one or more embodiments of the present disclosure, the method further includes: and if the second service provider is determined to exist in the rear-mounted second service provider, sending a second service request to the rear-mounted second service provider based on the at least one ciphertext data. Specifically, if it is determined that the second service provider has a post-second service provider in the service link, determining data to be sent in ciphertext data included in the second service request, and sending the second service request to the post-second service provider according to the data to be sent, a digital certificate of the second service provider, a request parameter included in the second service request, and the like. The post second service provider performs the aforementioned steps S202 to S208.
It should be noted that fig. 4 is only for illustration and not for limitation, and the specific implementation of each step in fig. 4 may be referred to in the foregoing description.
In one or more embodiments of the present disclosure, when a second service provider receives a second service request sent by a front-end service provider, the second service provider obtains second target ciphertext data authorized by a user to the second service provider from at least one ciphertext data included in the second service request; and carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result, and sending indication information to the front-end service provider according to the service processing result. The ciphertext data comprises ciphertext data which is authorized to at least one service provider in the service link by a user; each service provider has access to ciphertext data to which it is entitled. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
Corresponding to the service providing method described above, one or more embodiments of the present specification further provide a service providing apparatus based on the same technical concept. Fig. 6 is a schematic block diagram of a service providing apparatus according to one or more embodiments of the present disclosure, where, as shown in fig. 6, the apparatus includes:
a receiving module 301, configured to receive a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
a first obtaining module 302, configured to obtain, from a plurality of ciphertext data corresponding to the first service request, first target ciphertext data authorized by the user to the first service provider; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
a second obtaining module 303, configured to obtain a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
And a service module 304, configured to provide the first service to the user according to the first target ciphertext data and the service processing result.
The service providing device provided by one or more embodiments of the present disclosure receives a first service request sent by a user, and obtains first target ciphertext data authorized by the user to a first service provider from a plurality of ciphertext data corresponding to the first service request; obtaining a service processing result of a second service provided by at least one second service provider positioned behind the first service provider in the service link, and providing a first service for a user according to the first target ciphertext data and the obtained service processing result; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
Further, according to the service providing method described above, one or more embodiments of the present disclosure further provide another service providing apparatus based on the same technical concept. Fig. 7 is a schematic block diagram of another service providing apparatus according to one or more embodiments of the present disclosure, as shown in fig. 7, where the apparatus includes:
a receiving module 401 for receiving a second service request sent by a pre-service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
an obtaining module 402, configured to obtain second target ciphertext data authorized to the second service provider from the ciphertext data;
the processing module 403 performs service processing of the second service according to the second target ciphertext data to obtain a service processing result;
A sending module 404, configured to send indication information to the pre-service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
The service providing device provided by one or more embodiments of the present disclosure obtains, when receiving a second service request sent by a front-end service provider, second target ciphertext data authorized by a user to the second service provider from at least one ciphertext data included in the second service request; and carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result, and sending indication information to the front-end service provider according to the service processing result. The ciphertext data comprises ciphertext data which is authorized to at least one service provider in the service link by a user; each service provider has access to ciphertext data to which it is entitled. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
It should be noted that, in the present specification, the embodiment about the service providing apparatus and the embodiment about the service providing method in the present specification are based on the same inventive concept, so the specific implementation of this embodiment may refer to the implementation of the corresponding service providing method, and the repetition is not repeated.
Further, corresponding to the service providing method described above, one or more embodiments of the present disclosure further provide a service providing system based on the same technical concept. The system comprises: a first service provider 501 and a plurality of second service providers 502 in a service link, said second service provider 502 being located after said first service provider 502 in said service link; the first service provider 501 provides a first service, and each of the second service providers 502 provides a second service;
the first service provider 501 receives a first service request sent by a user; acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; acquiring a service processing result of at least one second service; providing the first service to the user according to the first target ciphertext data and the service processing result; the plurality of ciphertext data comprises ciphertext data that the user authorizes to each service provider in the service link; each service provider has access to ciphertext data that it is authorized to;
And the second service provider 502 performs service processing of the second service based on the obtained ciphertext data after obtaining the authorized ciphertext data, and obtains the service processing result.
Optionally, the system further comprises: a third party authority 503 and a blockchain system 504;
the second service provider 502 receives a second service request sent by a pre-service provider, where the second service request includes a digital certificate of the pre-service provider and a service parameter corresponding to the first service processing request; the pre-service provider is a service provider in the service link that is adjacent to and before the second service provider; carrying out hash processing on the service parameters according to a preset hash algorithm to obtain a hash value; sending a first authentication request to the third party authority 503 according to the hash value, the digital certificate of the front-end service provider and the digital certificate of the second service provider 502;
the third party authority 503 receives the first authentication request; performing verification processing on the digital certificate included in the first verification request, acquiring a public key of the front-end service provider after verification is passed, and sending a verification result representing that verification is passed to the second service provider 502 according to the public key; generating verification record information according to the hash value and the current data flow link of the ciphertext data, and storing the verification record information to the blockchain system 503;
The second service provider 502 receives the verification result sent by the third party authority 503, performs signature verification processing on the first signature data included in the second service request according to a public key in the verification result, and if the result of the signature verification processing is that the signature verification passes, obtains second target ciphertext data authorized to the second service provider 502 from at least one ciphertext data included in the second service request, and performs service processing on the second service according to the second target ciphertext data;
the blockchain system 504 stores the verification record information.
Optionally, the third party authority 503 further determines location information of the second service provider 502 in the service link before performing the verification process on the digital certificate included in the first verification request; if the location information characterizes that the second service provider 502 is the first second service provider in the service link, executing a step of performing verification processing on the digital certificate included in the first verification request; if the location information characterizes the second service provider 502 as not the first second service provider in the service link and as not the last service provider, determining whether the associated verification record information is queried in the blockchain system 504 based on the hash value; if yes, executing a step of verifying the digital certificate included in the first verification request; if the location information characterizes the second service provider 502 as the last service provider in the service link and the associated verification record information is queried in the blockchain system 504 according to the hash value, determining whether the current data stream link included in the verification record information is matched with the service link, if so, executing a step of performing verification processing on the digital certificate included in the first verification request.
Optionally, the first service provider 501 and the second service provider 502 further acquire own registration information, and send a registration request to the third party authority 503 according to the registration information;
the third party authority 503 receives the registration request, and registers a service provider corresponding to the registration request into the service link according to the registration information; issuing a digital certificate for a service provider corresponding to the registration request, and sending a registration result to the service provider corresponding to the registration request according to the digital certificate; storing the generated registration record information to the blockchain system;
the blockchain system 504 also stores the registration record information.
Optionally, the system further comprises: a third service provider 505 that provides an authorization service;
after receiving a first service request sent by a user, the first service provider 501 sends authorization completion information to the third service provider 505 according to an authorization protocol and the obtained plaintext data to be processed if an authorization protocol signed by the user is obtained, and receives the plurality of ciphertext data sent by the third service provider 505;
The third service provider 505 stores the authorization record information generated based on the authorization protocol in the blockchain system 504, obtains the digital certificates of the service providers in the service link, and sends a second verification request to the third party authority 503 according to the obtained digital certificates; if the verification result characterizations sent by the third party authority 503 are verified, according to the authorization information included in the authorization protocol, encrypting the corresponding plaintext data by using the public key of the service provider included in the digital certificate to obtain the plurality of ciphertext data, and sending the plurality of ciphertext data to the first service provider 501; the authorization information comprises a data identifier of data authorized to each service provider;
the third party authority 503 further receives the second verification request, performs verification processing on each digital certificate included in the second verification request, and sends the verification result to the third service provider 505.
In one embodiment, as shown in FIG. 8, the service providing system includes the first service provider 1, the second service provider 502, the third party authority 503, the blockchain system 504, and the third service provider 505 described above.
In the service providing system provided by one or more embodiments of the present disclosure, a first service provider receives a first service request sent by a user, and obtains first target ciphertext data authorized by the user to the first service provider from a plurality of ciphertext data corresponding to the first service request; obtaining a service processing result of a second service provided by at least one second service provider positioned behind the first service provider in the service link, and providing a first service for a user according to the first target ciphertext data and the obtained service processing result; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
It should be noted that, in the present specification, the embodiment about the service providing system and the embodiment about the service providing method in the present specification are based on the same inventive concept, so the specific implementation of this embodiment may refer to the implementation of the corresponding service providing method, and the repetition is not repeated.
Further, according to the service providing method described above, based on the same technical concept, one or more embodiments of the present disclosure further provide a service providing apparatus for performing the service providing method described above, and fig. 9 is a schematic structural diagram of a service providing apparatus provided by one or more embodiments of the present disclosure.
As shown in fig. 9, the service providing apparatus may have a relatively large difference according to a configuration or performance, and may include one or more processors 601 and a memory 602, and one or more storage applications or data may be stored in the memory 602. Wherein the memory 602 may be transient storage or persistent storage. The application programs stored in the memory 602 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in the service providing device. Still further, the processor 601 may be arranged to communicate with the memory 602 and execute a series of computer executable instructions in the memory 602 on the service providing device. The service providing device may also include one or more power supplies 603, one or more wired or wireless network interfaces 604, one or more input/output interfaces 605, one or more keyboards 606, and the like.
In a particular embodiment, a service providing device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the service providing device, and configured to be executed by one or more processors, the one or more programs comprising computer-executable instructions for:
receiving a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
acquiring a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
And providing the first service for the user according to the first target ciphertext data and the service processing result.
The service providing device provided by one or more embodiments of the present disclosure receives a first service request sent by a user, and obtains first target ciphertext data authorized by the user to a first service provider from a plurality of ciphertext data corresponding to the first service request; obtaining a service processing result of a second service provided by at least one second service provider positioned behind the first service provider in the service link, and providing a first service for a user according to the first target ciphertext data and the obtained service processing result; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
In another particular embodiment, a service providing device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the service providing device, and configured to be executed by one or more processors, the one or more programs comprising computer-executable instructions for:
receiving a second service request sent by a front-end service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
acquiring second target ciphertext data authorized to the second service provider from the ciphertext data;
Performing service processing of the second service according to the second target ciphertext data to obtain a service processing result;
sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or, the indication information is used for indicating the front-end service provider to process the service processing result according to the target processing mode.
The service providing device provided by one or more embodiments of the present disclosure, when receiving a second service request sent by a front-end service provider, obtains second target ciphertext data authorized by a user to the second service provider from at least one ciphertext data included in the second service request; and carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result, and sending indication information to the front-end service provider according to the service processing result. The ciphertext data comprises ciphertext data which is authorized to at least one service provider in the service link by a user; each service provider has access to ciphertext data to which it is entitled. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
It should be noted that, in the present specification, the embodiment about the service providing apparatus and the embodiment about the service providing method in the present specification are based on the same inventive concept, so that the specific implementation of this embodiment may refer to the implementation of the corresponding service providing method, and the repetition is not repeated.
Further, in accordance with the service providing method described above, based on the same technical concept, one or more embodiments of the present disclosure further provide a computer readable storage medium for storing computer executable instructions, where in a specific embodiment, the storage medium may be a U disc, an optical disc, a hard disc, etc., and the computer executable instructions stored in the storage medium can implement the following flow when executed by a processor:
receiving a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
Acquiring a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
and providing the first service for the user according to the first target ciphertext data and the service processing result.
When the computer executable instructions stored in the storage medium provided by one or more embodiments of the present disclosure are executed by a processor, a first service request sent by a user is received, and first target ciphertext data authorized by the user to a first service provider is obtained from a plurality of ciphertext data corresponding to the first service request; obtaining a service processing result of a second service provided by at least one second service provider positioned behind the first service provider in the service link, and providing a first service for a user according to the first target ciphertext data and the obtained service processing result; the plurality of ciphertext data comprise ciphertext data authorized to each service provider in the service link by a user; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
In another specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, where the computer executable instructions stored in the storage medium when executed by the processor implement the following procedures:
receiving a second service request sent by a front-end service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
acquiring second target ciphertext data authorized to the second service provider from the ciphertext data;
performing service processing of the second service according to the second target ciphertext data to obtain a service processing result;
sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
The storage medium provided in one or more embodiments of the present disclosure stores computer-executable instructions that, when executed by a processor, upon receiving a second service request sent by a pre-service provider, obtain second target ciphertext data authorized by a user to the second service provider from at least one ciphertext data included in the second service request; and carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result, and sending indication information to the front-end service provider according to the service processing result. The ciphertext data comprises ciphertext data which is authorized to at least one service provider in the service link by a user; each service provider has access to ciphertext data to which it is entitled. Therefore, the fine granularity management of the user data is realized by granting the access rights of the user to the corresponding data to each service provider in the service link, and each service provider only has the access rights to the authorized ciphertext data, so that the large-scale circulation of the plaintext data of the user is avoided, and the data security of the user is greatly ensured.
It should be noted that, in the present specification, the embodiment about the storage medium and the embodiment about the service providing method in the present specification are based on the same inventive concept, so the specific implementation of this embodiment may refer to the implementation of the corresponding service providing method, and the repetition is not repeated.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each unit may be implemented in the same piece or pieces of software and/or hardware when implementing the embodiments of the present specification.
One skilled in the relevant art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present description is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
One or more embodiments of the present specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is by way of example only and is not intended to limit the present disclosure. Various modifications and changes may occur to those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. that fall within the spirit and principles of the present document are intended to be included within the scope of the claims of the present document.

Claims (24)

1. A service providing method, comprising:
receiving a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
Acquiring a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
and providing the first service for the user according to the first target ciphertext data and the service processing result.
2. The method of claim 1, the obtaining service processing results of a second service provided by at least one second service provider, comprising:
acquiring a service processing result of a second service provided by at least one second service provider from a rear-mounted second service provider based on the plurality of ciphertext data and the digital certificate of the first service provider;
wherein the digital certificate is issued by a third party authority when the first service provider registers with the service link; the post second service provider is a second service provider in the service link adjacent to the first service provider and located behind the first service provider; and each second service provider sends the acquired service processing result of at least one second service to the adjacent previous service provider in the service link after performing service processing of the second service based on the acquired ciphertext data.
3. The method of claim 2, the obtaining, from a post second service provider, a service processing result of a second service provided by at least one second service provider based on the plurality of ciphertext data and the digital certificate of the first service provider, comprising:
determining data to be transmitted in the plurality of ciphertext data;
signing the data to be sent by using the private key of the first service provider to obtain first signature data;
sending a second service request to a rear second service provider according to the data to be sent, the first signature data, the service parameters corresponding to the first service request and the digital certificate of the first service provider; the second service request is used for requesting the rear-mounted second service provider, and after a verification passing result of the digital certificate is obtained from the third party authority based on the hash value of the service parameter, and the first signature data is verified according to the public key of the first service provider sent by the third party authority, service processing of second service is performed based on ciphertext data authorized by the rear-mounted second service provider; according to the acquired service processing result of at least one second service, sending indication information to the first service provider;
And receiving the indication information sent by the rear-mounted second service provider, and acquiring a service processing result of at least one second service from the indication information.
4. The method of claim 1, after the receiving the first service request sent by the user, the method further comprising:
if the authorization protocol signed by the user is obtained, transmitting authorization completion information to a third service provider providing authorization service according to the authorization protocol and the obtained plaintext data to be processed; the authorization completion information is used for indicating the third service provider to store authorization record information generated based on the authorization protocol to a blockchain system, acquiring public keys of all service providers in the service link, and encrypting corresponding plaintext data by utilizing the public keys according to the authorization information included in the authorization protocol to obtain the ciphertext data; the authorization information comprises a data identifier of data authorized to each service provider;
and receiving the plurality of ciphertext data transmitted by the third service provider.
5. The method of claim 1, wherein the obtaining, from the plurality of ciphertext data corresponding to the first service request, first target ciphertext data authorized by the user to the first service provider comprises:
Acquiring associated ciphertext data from the association relationship between a plurality of ciphertext data corresponding to the first service request and the provider identifier according to the provider identifier of the first service provider; determining the acquired ciphertext data as first target ciphertext data which is authorized to the first service provider by the user; or,
acquiring a first preset segmentation identifier from spliced data of a plurality of ciphertext data corresponding to the first service request according to a front-to-back sequence; and determining ciphertext data before the first preset segmentation mark as first target ciphertext data authorized to the first service provider by the user.
6. The method of claim 1, the providing the first service to the user according to the first target ciphertext data and the service processing result, comprising:
determining whether the service processing result meets a preset condition;
if yes, decrypting the first target ciphertext data by using the private key of the first service provider to obtain first target plaintext data;
and providing the first service to the user according to the first target plaintext data and the service processing result.
7. The method of claim 2, the method further comprising, prior to receiving the first service request sent by the user:
acquiring registration information of the first service provider;
sending a registration request to the third party authority according to the registration information; the registration request is used for requesting the third party authority to register the first service provider in the service link, issuing the digital certificate for the first service provider, and storing the generated registration record information to a blockchain system after successful registration;
receiving a registration result sent by the third party authority; the registration result comprises relevant information representing successful registration and the digital certificate.
8. A service providing method, comprising:
receiving a second service request sent by a front-end service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
Acquiring second target ciphertext data authorized to the second service provider from the ciphertext data;
performing service processing of the second service according to the second target ciphertext data to obtain a service processing result;
sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
9. The method of claim 10, the second service request further comprising: the digital certificate of the front-end service provider, first signature data obtained by signing the at least one ciphertext data based on a private key of the front-end service provider, and service parameters of the user about the first service;
after receiving the second service request sent by the pre-service provider, the method further includes:
acquiring a public key of the front-end service provider from a third-party authority according to the digital certificate of the front-end service provider, the service parameters and the digital certificate of the second service provider;
Performing signature verification processing on the first signature data according to the public key;
the obtaining, from the ciphertext data, second target ciphertext data that is authorized for the second service provider, includes:
and if the result of the signature verification processing is that the signature verification passes, acquiring second target ciphertext data authorized to the second service provider from the ciphertext data.
10. The method of claim 9, the obtaining the public key of the pre-service provider from a third party authority based on the digital certificate of the pre-service provider, the service parameter, and the digital certificate of the second service provider, comprising:
carrying out hash processing on the service parameters according to a preset hash algorithm to obtain a hash value;
sending a first verification request to a third party authority according to the hash value, the digital certificate of the front-end service provider and the digital certificate of the second service provider; the first verification request is used for requesting the third party authority to send a verification result representing that the verification is passed to the second service provider according to the public key of the front service provider after the digital certificate is verified, and storing verification record information generated based on the hash value to a blockchain system;
And acquiring the public key of the front-end service provider from the received verification result.
11. The method of claim 8, the method further comprising:
if the indication information sent by the rear second service provider of the second service provider is received, acquiring at least one service processing result to be processed from the received indication information; the post second service provider is a second service provider in the service link adjacent to and behind the second service provider;
determining a target processing mode of each service processing result to be processed;
if the target processing mode is a first processing mode, performing service processing of the second service according to the second target ciphertext data to obtain a service processing result, including:
performing service processing of the second service according to the second target ciphertext data and a service processing result to be processed corresponding to the first processing mode to obtain a service processing result;
if the target processing mode is the second processing mode, the sending instruction information to the pre-service provider according to the service processing result includes:
And sending indication information to the front-end service provider according to the service processing result to be processed corresponding to the second processing mode and the service processing result of the second service provider.
12. The method of claim 8, the method further comprising:
if the second service provider is determined to have a rear-mounted second service provider, a second service request is sent to the rear-mounted second service provider based on the at least one ciphertext data; the post second service provider is a second service provider in the service link that is adjacent to and behind the second service provider.
13. The method of claim 9, prior to the receiving the second service request sent by the pre-service provider, the method further comprising:
acquiring registration information of the second service provider;
sending a registration request to the third party authority according to the registration information; the registration request is used for requesting the third party authority to register the second service provider in the service link, issuing a digital certificate to the second service provider, and storing the generated registration record information to a blockchain system after successful registration;
Receiving a registration result sent by the third party authority; the registration result includes related information characterizing registration success and a digital certificate issued to the second service provider.
14. A service providing apparatus comprising:
the receiving module is used for receiving a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
the first acquisition module acquires first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
the second acquisition module acquires a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
and the service module is used for providing the first service for the user according to the first target ciphertext data and the service processing result.
15. A service providing apparatus comprising:
the receiving module is used for receiving a second service request sent by the front-end service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
the acquisition module acquires second target ciphertext data authorized for the second service provider from the ciphertext data;
the processing module is used for carrying out service processing of the second service according to the second target ciphertext data to obtain a service processing result;
the sending module is used for sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
16. A service providing system, comprising: a first service provider and a plurality of second service providers in a service link, the second service provider being located after the first service provider in the service link; the first service provider provides a first service, and each second service provider provides a second service;
the first service provider receives a first service request sent by a user; acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; acquiring a service processing result of at least one second service; providing the first service to the user according to the first target ciphertext data and the service processing result; the plurality of ciphertext data comprises ciphertext data that the user authorizes to each service provider in the service link; each service provider has access to ciphertext data that it is authorized to;
and the second service provider performs service processing of the second service based on the acquired ciphertext data after acquiring the authorized ciphertext data, and obtains the service processing result.
17. The system of claim 16, the system further comprising: a third party authority and blockchain system;
the second service provider receives a second service request sent by a front-end service provider, wherein the second service request comprises a digital certificate of the front-end service provider and a service parameter corresponding to the first service processing request; the pre-service provider is a service provider in the service link that is adjacent to and before the second service provider; carrying out hash processing on the service parameters according to a preset hash algorithm to obtain a hash value; sending a first verification request to the third party authority according to the hash value, the digital certificate of the front-end service provider and the digital certificate of the second service provider;
the third party authority receives the first verification request; carrying out verification processing on the digital certificate included in the first verification request, acquiring a public key of the front-end service provider after verification is passed, and sending a verification result representing that verification is passed to the second service provider according to the public key; generating verification record information according to the hash value and the current data flow link of the ciphertext data, and storing the verification record information to the blockchain system;
The second service provider receives the verification result sent by the third party authority, performs signature verification processing on first signature data included in the second service request according to a public key in the verification result, and if the signature verification processing result is that the signature verification passes, acquires second target ciphertext data authorized to the second service provider from at least one ciphertext data included in the second service request, and performs service processing on the second service according to the second target ciphertext data;
and the block chain system stores the verification record information.
18. The system according to claim 17,
the third party authority further determines the position information of the second service provider in the service link before performing verification processing on the digital certificate included in the first verification request; if the location information characterizes that the second service provider is the first second service provider in the service link, executing a step of verifying a digital certificate included in the first verification request; if the location information characterizes that the second service provider is not the first second service provider in the service link and is not the last service provider, determining whether the associated verification record information is queried in the blockchain system according to the hash value; if yes, executing a step of verifying the digital certificate included in the first verification request; and if the position information characterizes that the second service provider is the last service provider in the service link and the associated verification record information is queried in the blockchain system according to the hash value, determining whether the current data stream link included in the verification record information is matched with the service link, and if so, executing the step of performing verification processing on the digital certificate included in the first verification request.
19. The system according to claim 17,
the first service provider and the second service provider also acquire own registration information, and send a registration request to the third party authority according to the registration information;
the third party authority receives the registration request and registers a service provider corresponding to the registration request into the service link according to the registration information; issuing a digital certificate for a service provider corresponding to the registration request, and sending a registration result to the service provider corresponding to the registration request according to the digital certificate; storing the generated registration record information to the blockchain system;
the blockchain system also stores the registration record information.
20. The system of claim 17, the system further comprising: a blockchain system and a third service provider providing an authorization service;
after receiving a first service request sent by a user, the first service provider sends authorization completion information to the third service provider according to an authorization protocol and the obtained plaintext data to be processed if an authorization protocol signed by the user is obtained, and receives the plurality of ciphertext data sent by the third service provider;
The third service provider saves the authorization record information generated based on the authorization protocol to a blockchain system, acquires digital certificates of all service providers in the service link, and sends a second verification request to the third party authority according to the acquired digital certificates; if the verification result characterizations sent by the third party authority mechanism are verified, according to the authorization information included in the authorization protocol, encrypting corresponding plaintext data by using a public key of a service provider included in the digital certificate to obtain a plurality of ciphertext data, and sending the ciphertext data to the first service provider; the authorization information comprises a data identifier of data authorized to each service provider;
the third party authority also receives the second verification request, performs verification processing on each digital certificate included in the second verification request, and sends the verification result to the third service provider.
21. A service providing apparatus comprising:
a processor; the method comprises the steps of,
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
Receiving a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
acquiring a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
and providing the first service for the user according to the first target ciphertext data and the service processing result.
22. A service providing apparatus comprising:
a processor; the method comprises the steps of,
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving a second service request sent by a front-end service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
Acquiring second target ciphertext data authorized to the second service provider from the ciphertext data;
performing service processing of the second service according to the second target ciphertext data to obtain a service processing result;
sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
23. A computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the following:
receiving a first service request sent by a user; the first service request is used for requesting a first service provider to provide a first service;
acquiring first target ciphertext data authorized to the first service provider by the user from a plurality of ciphertext data corresponding to the first service request; the plurality of ciphertext data comprise ciphertext data that the user authorizes to each service provider in a service link; each service provider has access rights to the authorized ciphertext data, and performs service processing based on the obtained ciphertext data after obtaining the authorized ciphertext data;
Acquiring a service processing result of a second service provided by at least one second service provider; the second service provider is located after the first service provider in the service link;
and providing the first service for the user according to the first target ciphertext data and the service processing result.
24. A computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the following:
receiving a second service request sent by a front-end service provider; the front-end service provider is a service provider adjacent to and in front of a second service provider in a service link; the second service request is used for requesting the second service provider to provide a second service for the user, and the second service request comprises at least one ciphertext data, wherein the ciphertext data comprises ciphertext data authorized to at least one service provider in the service link by the user; each service provider has access to ciphertext data that it is authorized to;
acquiring second target ciphertext data authorized to the second service provider from the ciphertext data;
Performing service processing of the second service according to the second target ciphertext data to obtain a service processing result;
sending indication information to the front-end service provider according to the service processing result; the indication information is used for indicating the front-end service provider to provide a first service for the user according to the service processing result; or the indication information is used for indicating the pre-service provider to process the service processing result according to the target processing mode.
CN202310477189.2A 2023-04-27 2023-04-27 Service providing method, device, equipment and system Pending CN116455657A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310477189.2A CN116455657A (en) 2023-04-27 2023-04-27 Service providing method, device, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310477189.2A CN116455657A (en) 2023-04-27 2023-04-27 Service providing method, device, equipment and system

Publications (1)

Publication Number Publication Date
CN116455657A true CN116455657A (en) 2023-07-18

Family

ID=87125555

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310477189.2A Pending CN116455657A (en) 2023-04-27 2023-04-27 Service providing method, device, equipment and system

Country Status (1)

Country Link
CN (1) CN116455657A (en)

Similar Documents

Publication Publication Date Title
CN112184222B (en) Service processing method, device and equipment based on block chain
CN112818380B (en) Backtracking processing method, device, equipment and system for business behaviors
CN108932297B (en) Data query method, data sharing method, device and equipment
CN110222531B (en) Method, system and equipment for accessing database
CN111191268A (en) Storage method, device and equipment capable of verifying statement
CN112714117B (en) Service processing method, device, equipment and system
CN111526166B (en) Information verification method, device and equipment
CN112287376B (en) Method and device for processing privacy data
CN113821817B (en) Data processing method, device, equipment and system based on block chain
CN111193597A (en) A verifiable claim transmission method, device, device and system
CN111190974A (en) Method, device and equipment for forwarding and acquiring verifiable statement
CN112182506A (en) Data compliance detection method, device and equipment
CN116011028B (en) Electronic signature method, electronic signature device and electronic signature system
CN111737304A (en) Processing method, device and equipment of block chain data
CN113037764B (en) System, method and device for executing service
CN113704734A (en) Distributed digital identity-based method for realizing certificate verification and related device
CN111600882A (en) Block chain-based account password management method and device and electronic equipment
CN113761496B (en) Identity verification method and device based on blockchain and electronic equipment
CN116962061A (en) User identity verification method, device and equipment based on blockchain
CN115733672A (en) Data processing method, device and equipment
CN116455657A (en) Service providing method, device, equipment and system
CN112866235B (en) Data processing method, device and equipment
CN117436875A (en) Service execution method and device, storage medium and electronic equipment
CN114626944A (en) Service processing method and device
CN115758418A (en) Data management method, device and equipment based on block chain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination