CN116595495A - Automatic transfer method and system for personal data cross-network application program - Google Patents
Automatic transfer method and system for personal data cross-network application program Download PDFInfo
- Publication number
- CN116595495A CN116595495A CN202310574682.6A CN202310574682A CN116595495A CN 116595495 A CN116595495 A CN 116595495A CN 202310574682 A CN202310574682 A CN 202310574682A CN 116595495 A CN116595495 A CN 116595495A
- Authority
- CN
- China
- Prior art keywords
- personal data
- authorization
- application program
- information
- authentication service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012546 transfer Methods 0.000 title claims description 43
- 238000013475 authorization Methods 0.000 claims abstract description 176
- 238000013523 data management Methods 0.000 claims abstract description 66
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 230000006399 behavior Effects 0.000 description 8
- 238000012795 verification Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Abstract
The invention provides a personal data cross-network application program automatic circulation method and a system, wherein, the personal data management device receives the authorization request information of the personal data automatic circulation and sends the electronic signature authorization request information to the identity authentication service device; the identity authentication service device sends request information for electronic signature to the digital identity carrier device, the digital identity carrier device obtains authorization signature information of a target user, generates an authorization signature value and sends the authorization signature value to the identity authentication service device; the identity authentication service device checks the authorization signature value and then sends a user authorization result to the personal data management device, and if the authorization signature value passes the check, the identity authentication service device also sends the authorization signature value to the personal data management device; the identity authentication service device also transmits authorization data of automatic personal data circulation to the personal data management device. The invention also provides a system for realizing the method. The invention can avoid frequent authorization operation execution of the user.
Description
Technical Field
The invention relates to the technical field of personal data security protection, in particular to a cross-network application program automatic circulation method of personal data and a system for realizing the method.
Background
With the rapid development of internet technology, users are gradually used to finish various operations, transacting business and acquiring service on line. The internet technology brings convenience to users for handling business and brings potential safety hazards to the users, for example, personal data of the users can be leaked due to circulation among different network application programs.
For this reason, it is desirable to limit personal data transfer between different network applications, for example, the patent application publication No. CN116070273a discloses a personal data transfer method and system across network applications, which applies to transfer requests of personal data to users between a plurality of network applications. Specifically, after the first network application program sends request information for acquiring personal data of the target user to the second network application program, the second network application program sends second digital identity information and the request information for acquiring the personal data of the target user to the digital identity authentication server, and the digital identity authentication server sends request information for checking the identity of the user and an authorization request to the digital identity carrier device corresponding to the target user; the digital identity carrier device acquires identity authentication data, and returns an authentication result to the digital identity authentication server when the identity authentication data passes the verification; the digital identity authentication server checks the authentication result, for example, the authentication result sends the digital identity authentication result and the authorization result of personal data acquisition to the second network application program through the check.
With personal credit information popularization, each network application program widely collects personal data of users and scores the credit for the users. Because credit scoring algorithms cannot function independently of personal information, credit scoring institutions typically collect personal data of users in multiple different applications, which involves the transfer and sharing of personal data of users between multiple different applications. Prior to personal data collection, sharing, exchange of users, authorization consent by the user must be required. Meanwhile, only the data authorized by the user can be used as the basis for credit rating of the user by the credit rating mechanism. However, when personal data exchange is too frequent, the user needs to perform authorization multiple times, the user experience is poor, and the user privacy is difficult to be ensured. In addition, if the data flow channel is blocked, the credit score is often inaccurate, which can greatly affect the effectiveness of the credit score, resulting in credit risk.
Because the existing personal data transfer method is only used for authorizing a single personal data transfer, if the credit scoring application program needs to acquire the personal data of the user in different network application programs for multiple times, the user needs to execute the authorization operation for multiple times, and the user operation is too frequent, instead, the user is usually not aware of the authorized content to directly execute the authorization operation when the user performs the authorization, and the risk of misuse of the personal data exists.
Disclosure of Invention
A first object of the present invention is to provide an automatic cross-web application circulation method of personal data that avoids a user from performing an authorization operation multiple times.
A second object of the present invention is to provide a cross-web application automatic transfer system of personal data, which implements the cross-web application automatic transfer method of personal data described above.
In order to achieve the first object, the present invention provides an automatic transfer method of personal data across network applications, comprising a personal data management device receiving authorization request information for automatic transfer of personal data, and sending electronic signature authorization request information to an identity authentication service device; the identity authentication service device sends request information for electronic signature to the digital identity carrier device, the digital identity carrier device obtains authorization signature information of a target user, generates an authorization signature value and sends the authorization signature value to the identity authentication service device; the identity authentication service device checks the authorization signature value, sends a user authorization result to the personal data management device, and sends the authorization signature value to the personal data management device if the authorization signature value passes the check; the personal data management device is used for managing personal data, wherein the personal data management device is used for managing personal data, and the personal data management device is used for managing personal data.
According to the scheme, the target user can authorize the application program to automatically transfer the personal data, so that the authorized application program can automatically share the personal data which is authorized to transfer by the user to another application program, the authorization operation is not needed before the automatic data transfer is performed each time, frequent execution of the authorization operation by the user is avoided, and user experience is improved.
In addition, since the filling limit of the authorization parameters in the authorization data is determined according to different authorization scenes, that is, which authorization data needs to be filled, the user authorization must be limited, so that the shared personal data is correspondingly limited, unnecessary collection and sharing of the personal data are avoided, and the security of the personal data is protected.
Preferably, the authorization data includes at least one of the following types of data: information of an authorization behavior generation application, information of a personal data sender application, information of a personal data receiver application, information of an authorization validity period, information of circulation data, and signature information.
Therefore, different types of authorization data can be set according to different authorization scenes, and particularly whether the corresponding types of authorization data can be vacant or not is required to be limited, so that the situation that the target user omits authorization data which need to be filled in when the target user performs authorization is avoided, and further, the personal data cannot be widely shared.
The further scheme is that the identity authentication service device determines filling limit of each authorization parameter in the authorization data according to the authorization scene, and the filling limit comprises: and determining whether various types of data in the authorization data can be blank data according to the authorization scene.
In this way, the target user is required to fill out for non-vacancy authorisation data, avoiding excessive sharing of personal data.
Further, if the target user directly authorizes the personal data sender application program to automatically circulate the personal data, the information of the personal data receiver application program can be left blank.
It follows that for personal data sharing authorization in a specific scenario, information such as a personal data receiving party application program may not need to be filled in, thereby providing greater convenience for the operation of the user.
Alternatively, if the target user authorizes the personal data sender application program to automatically transfer personal data to the personal data receiver application program, the authorization action generating application program and the personal data sender application program are the same network application program, the personal data receiver application program is another network application program, and the information of the personal data receiver application program is not available.
In this way, in the case of sharing personal data to a specific personal data receiving side application program, the information of the personal data receiving side application program is set to be indispensable, so that the personal data can be prevented from being received by other application programs, the leakage of the personal data is avoided, and the safe use of the personal data is ensured.
Alternatively, if the target user performs authorization at the personal data management device, and the application program of the personal data sender is authorized to perform automatic personal data circulation to the application program of the personal data receiver, the application program of the authorization behavior generation is the personal data management device, and the application program of the personal data sender is different from the application program of the personal data receiver.
Therefore, by setting corresponding limiting conditions, the user can conveniently fill in the authorized range, and the information filled by multiple users can be checked, so that information filling errors are avoided.
The identity authentication service device determines filling limit of each authorization parameter in the authorization data according to the authorization scene: the first network application program sends request information for acquiring personal data to a second network application program, the second network application program sends a second network identification of a target user in the second network application program to an identity authentication service device, the identity authentication service device converts the second network identification into a third network identification of the target user on a personal data management device, the third network identification is sent to the personal data management device, and request information for inquiring whether a personal data flow authorization record exists or not is sent; after the personal data management device returns the query result to the identity authentication service device, the identity authentication service device returns user authorization result information to the second network application program; the second network application program sends network identification conversion request information to the identity authentication service device, the identity authentication service device converts the second network identification into a first network identification of a target user in the first network application program and then sends the first network identification to the first network application program, and the second network application program sends personal data of authorization circulation to the first network application program.
Therefore, after the user authorizes the automatic circulation of the personal data, the first network application program can conveniently obtain the personal data of the target user from the second network application program, and the personal data of the target user which is authorized to automatically circulate can be obtained without the authorization of the target user.
Further, after the personal data management device queries whether the request information of the personal data transfer authorization record exists, the personal data management device queries whether the second network application program has the personal data transfer right for the target user or can automatically perform the personal data transfer right for the target user according to the received request information.
Therefore, the personal data management device shares the personal data within the authorized range according to the authorization of the target user, so that the personal data shared by all the network application programs can be ensured to be within the authorized range of the user, and the network application programs are prevented from excessively sharing the personal data.
In order to achieve the second object, the present invention provides an automatic transfer system of personal data across network applications, comprising a personal data management device, an identity authentication service device and a digital identity carrier device; the personal data management device is used for receiving the authorization request information of personal data automatic circulation and sending the electronic signature authorization request information to the identity authentication service device; the identity authentication service device sends request information for electronic signature to the digital identity carrier device, the digital identity carrier device obtains authorization signature information of a target user, generates an authorization signature value and sends the authorization signature value to the identity authentication service device; the identity authentication service device checks the authorization signature value, sends a user authorization result to the personal data management device, and sends the authorization signature value to the personal data management device if the authorization signature value passes the check; the personal data management device is used for managing personal data, wherein the personal data management device is used for managing personal data, and the personal data management device is used for managing personal data.
According to the scheme, the user sets the authorization for the automatic circulation of the personal data in advance, and then if the network application program needs to acquire the personal data of the user, the user is not required to perform the authorization operation again, so that the user can be prevented from frequently executing the authorization operation. And the filling limit of the authorization data is set, so that the authorization of the user is ensured to be in a reasonable range, and the excessive sharing of the personal data is avoided.
Drawings
FIG. 1 is a block diagram of the user authorization phase of an embodiment of an automated cross-web application streaming system for personal data in accordance with the present invention.
FIG. 2 is a flow chart of the user authorization phase of an embodiment of the automatic cross-web application streaming method of personal data of the present invention.
Fig. 3 is a block diagram of the personal data stream phase of an embodiment of the automatic stream method of personal data across network applications of the present invention.
Fig. 4 is a first part of a flow chart of a personal data stream phase of an embodiment of an automatic stream method for personal data across network applications of the present invention.
Fig. 5 is a second part of a flow chart of a personal data stream phase of an embodiment of an automatic stream method for personal data across network applications of the present invention.
The invention is further described below with reference to the drawings and examples.
Detailed Description
According to the method and the system for automatically transferring the personal data across the network application programs, the user authorizes the network application programs to automatically transfer the personal data, so that the situation that the network application programs need to carry out authorization operation every time the personal data transfer is avoided, the times of the authorization operation of the user for carrying out the personal data transfer can be reduced, and the user experience is improved. On the other hand, by setting filling limits of the authorization data according to different authorization scenes, the personal data is ensured not to be excessively shared, and the use safety of the personal data is ensured.
Cross-web application automatic circulation system embodiment of personal data:
referring to fig. 1, the present embodiment involves, in the user authorization phase, a personal data management device 12, an authentication service device 13, and a digital identity carrier device 14, where the target user 11 can send information to the personal data management device 12, the personal data management device 12 records the authorization condition of the target user 11 for personal data, for example, whether the target user 11 performs personal data sharing for which network applications, and records the scope of authorization, for example, which personal data can be shared, in such a manner that it is shared only with a specific other network application, or it can be shared with an arbitrary third party application, and so on. The personal data management device 12 also records the personal data sharing of the target user 11, for example, when one network application transmits personal data to another network application, and records the time of transmitting personal data, specific contents, the range in which the other network application is permitted to use personal data, and the like.
The authentication service 13 is used for verifying the identity of the user, for example, the authentication service 13 may receive the request information sent by the personal data management device 12, and verify the identity of the target user 11 according to the received request information. Also, the authentication service 13 needs to store the true personal information of the target user 11 in advance, and can authenticate the true personal information of the target user 11.
In addition, the authentication service 13 stores in advance the network identifications of the target user 11 in a plurality of network applications, for example, the target user 11 sets one network identification on the first network application, the network identification being ID-a, sets another network identification on the second network application, the network identification being ID-B, and so on. Since the authentication service 13 records the actual identity information of the target user 11 and records the network identifications of the target user 11 among the plurality of network applications, the authentication service 13 can convert the network identifications of the target user 11 among the plurality of network applications. The authentication service device 13 may be an authentication server, or may be an application running on an intelligent terminal device or a server, to provide digital identity related services for the user, such as authentication, authentication result verification, and querying of a user network identifier.
The digital identity carrier means 14 is a small-sized security means for verifying the identity of the target user 11, e.g. the target user 11 may be requested to be electronically signed and a corresponding authorization signature value generated, which may be sent to the authentication service means 13, which authorization signature value is verified by the authentication service means 13.
Each target user 11 has a digital identity carrier means 14 and the identity authentication service means 13 records the correspondence of each target user 11 to the digital identity carrier means 14 of that target user 11 and the identity authentication service means 13 is capable of communicating with a plurality of digital identity carrier means 14. Thus, when it is necessary to authenticate the target user 11, the authentication service device 13 can search the digital identity carrier device 14 corresponding to the target user 11, send information to the digital identity carrier device 14, and also receive the returned authorization signature value from the digital identity carrier device 14.
An embodiment of a cross-network application automatic circulation method of personal data:
the following describes the automatic transfer method of personal data across network application program in this embodiment in detail with reference to fig. 2. First, the target user 11 issues authorization request information for automatic transfer of personal data to the personal data management device 12. Accordingly, the personal data management device 12 will perform step S1 to receive the personal data automatic circulation authorization request information issued by the target user 11, for example, by the target user 11 clicking the corresponding button on the web page or client of the personal data management device 12.
Then, the personal data management device 12 performs step S2 to send the request information of the electronic signature authorization to the authentication service device 13, preferably, the request information of the electronic signature authorization includes the personal information of the target user 11, for example, the network identifier of the target user 11 in the personal data management device 12, so that the authentication service device 13 knows which target user 11 needs to be electronically signed.
Next, the authentication service device 13 performs step S3 to determine the target user 11 currently requiring electronic signature authorization according to the identity information of the target user 11, and searches for the digital identity carrier device 14 corresponding to the target user 11. For example, the identity authentication service means 13 records the correspondence between each target user 11 and the digital identity carrier means 14, for example records the ID of the digital identity carrier means 14 corresponding to each target user 11, and sends information to the corresponding digital identity carrier means 14, i.e. sends request information for verifying the identity of the user. The authentication service means 13 may communicate with the digital identity carrier means 14 by means of wireless communication.
After receiving the request information for verifying the user identity, the digital identity carrier device 14 executes step S4 to send out information for requesting the target user 11 to perform an electronic signature, for example, a prompt sound or a prompt text, then executes step S5 to receive the authorization signature information of the target user 11, and executes step S6, where the digital identity carrier device 14 generates an authorization signature value according to the received authorization signature information, for example, performs an encryption operation on the authorization signature information according to a preset algorithm, and generates the authorization signature value. When the target user 11 performs authorization signature, biological information such as a fingerprint and an iris may be input, or a preset password or the like of the target user 11 may be input, and after the digital identity carrier device 11 receives the fingerprint, the iris or the password, the received information needs to be checked, and an authorization signature value is generated after the received information passes the check.
Then, the digital identity carrier device 14 performs step S7 to transmit the generated authorization signature value to the identity authentication service device 13, and the identity authentication service device 13 performs step S8 to verify the received authorization signature value. For example, the authentication service device 13 decrypts the authorization signature value by a predetermined decryption algorithm, determines whether decryption can be performed correctly, and determines whether the decrypted data is a decryption result for the target user. If the decryption can be successfully performed and the obtained decrypted data is a result for the target user 11, it is confirmed that the authorization signature value verification is successful.
After determining that the authorization signature value passes the verification, the authentication service apparatus 13 performs step S9 to return, to the personal data management apparatus 12, a user authorization result, which is a result of the user allowing automatic transfer of the personal data, and also includes authority, range, etc. of the automatic transfer of the personal data, which will limit subsequent automatic transfer of the personal data of the target user 11, that is, limit the range, mode, etc. of the automatic transfer of the personal data.
Finally, the personal data management device 12 performs step S10 to record the authorization information for automatically performing the data stream this time. In this way, the subsequent personal data management device 12 automatically circulates the personal data in accordance with the automatic circulation range set by the target user 11.
In this embodiment, the target user 11 may set or cancel a network application program capable of automatically performing data flow, and may perform operations on a certain network application program singly or perform operations on a plurality of network application programs in batch. In addition, the target user 11 may set or cancel a personal data list in which data transfer can be automatically performed, set a time limit in which data transfer authorization can be automatically performed, set a limit of the number of times in which data transfer authorization can be automatically performed, and the like, and the personal data management device 12 needs to record the above-set limit of the target user 11.
In addition, in the present embodiment, in step S9, the filling limits of the respective authorization parameters in the authorization data are set for different authorization scenarios. Preferably, the authorisation data comprises at least one of the following types of data: information of an authorization behavior generation application, information of a personal data sender application, information of a personal data receiver application, information of an authorization validity period, information of circulation data, and signature information.
Specifically, the scenario of automatic circulation of personal data authorized by the target user may include the following three types: the first scenario is that the target user 11 directly authorizes the personal data sender application to perform personal data automatic circulation, in which case the authorization behavior generation application and the personal data sender application are the same network application, and the information of the personal data receiver application may be blank, that is, not need to be filled; the second scenario is that the target user 11 authorizes the personal data sender application to perform personal data automatic circulation to the personal data receiver application, in this scenario, the authorization behavior generation application and the personal data sender application are the same network application, the personal data receiver application is another network application, and the information of the personal data receiver application is not available; in a third scenario, the target user 11 performs authorization on the personal data management device 12, and authorizes the personal data sender application to automatically transfer personal data to the personal data receiver application, and in this scenario, the authorization behavior generation application is the personal data management device, and the personal data sender application is different from the personal data receiver application, and the information of the personal data receiver application may not be available.
According to the above three scenarios, the network application program mainly related to authorization mainly comprises an authorization behavior generation application program, a personal data sender application program and a personal data receiver application program. Based on this, the population limits for the individual authorization parameters of the authorization data are shown in table 1 for different scenarios and authorization behaviors.
TABLE 1
Of course, for other usage patterns, for example for the same configuration of different types of authorization data, the filling limits of the individual authorization parameters may be defined in the manner of table 2.
TABLE 2
Thus, for different types of authorization parameters, corresponding setting rules are set, the personal data management device 12 must set each authorization parameter of the authorization data according to table 1 or table 2, if the authorization parameter does not meet the above requirement, it is determined that the authorization data is missing or not meet the requirement, and the authorization is not recorded.
After the target user 11 sets the automatic circulation authorization of the personal data, each network application program can perform automatic circulation of the personal data according to the authorization set by the user. The specific operation of each web application in automatic circulation is described below in conjunction with fig. 3. For example, the first network application 21 needs to acquire the personal data of the target user 11 from the second network application 22, and then needs to perform corresponding operations according to the steps of fig. 4 and 5.
First, the first network application 21 performs step S11 to send the request information for acquiring the personal data to the second network application 22, and preferably, the first network application 21 needs to send the personal information of the target user 11, such as the mobile phone number of the target user 11, to the second network application 22.
Then, the second network application 22 performs step S12 of transmitting the second network identification ID-B and the request information of sharing personal data to the authentication service apparatus 13. Thus, upon receiving the request information for sharing personal data, the authentication service apparatus 13 performs step S13 of converting the second network identification of the second network application 22 into a third network identification ID-C, which is the network identification used by the target user 11 at the personal data management apparatus 12. The authentication service apparatus 13 also transmits the third network identification ID-C to the personal data management apparatus 12 and also transmits to the personal data management apparatus 12 whether or not there is request information for the inquiry target user 11 to transmit the personal data transfer authorization record from the second network application 12 to the first network application 11, in step S14.
Then, the personal data management device 12 performs step S15 of inquiring whether or not the inquiry target user 11 has a personal data transfer authorization record for transmission by the first network application 11 to the second network application 12, based on the received request information, and performs step S16 of returning the inquiry result to the authentication service device 13. If the target user 11 has authorized the second web application 12 to send personal data to the first web application 11, the query results may also include a range of personal data queries authorized by the target user 11, a use limit, etc., e.g., the target user 11 may only be allowed to query personal data for a specific period of time, or may only be allowed to query data for a specific activity, e.g., shopping activity or repayment activity, etc.
After receiving the query result, the authentication service 13 performs step S17 to return a user authorization result including the range of data that the target user 11 can automatically stream to the second web application 22. Then, the second network application 22 performs step S18 of transmitting network identification conversion request information to the authentication service apparatus 13 requesting conversion of the second network identification ID-B used by the target user 11 in the second network application into the first network identification ID-a used by the target user 11 in the first network application 21.
Upon receiving the request, the authentication service 13 performs step S19 of converting the second network identification ID-B into the first network identification ID-a used by the target user 11 in the first network application 21, and performs step S19 of transmitting the converted first network identification ID-a to the first network application 21, so that the first network application 21 knows that the request for acquiring personal data transmitted to the second network application 22 passes, and the second network application 22 will transmit the personal data of the target user 11 to the first network application 21.
Personal data capable of automatic circulation is sent to the first web application 21. In this way, the first web application 21 can automatically obtain personal data of the second web application 22. For the case that the first network application 21 may need to frequently acquire personal data from different network applications, the target user does not need to perform an authorization operation for each personal data transfer, so that the personal data transfer of the target user is facilitated. In addition, the target user can set the authorized circulation range of the personal data, so that the personal data is prevented from being excessively shared, and the use safety of the personal data is ensured.
Finally, it should be emphasized that the foregoing is merely a preferred embodiment of the present invention, and is not intended to limit the invention, but rather that various changes and modifications can be made by those skilled in the art without departing from the spirit and principles of the invention, and any modifications, equivalent substitutions, improvements, etc. are intended to be included within the scope of the present invention.
Claims (10)
1. The automatic transfer method of the personal data across the network application program is characterized by comprising the following steps:
the personal data management device receives the authorization request information of personal data automatic circulation and sends the electronic signature authorization request information to the identity authentication service device;
the identity authentication service device sends request information for carrying out electronic signature to the digital identity carrier device, the digital identity carrier device obtains authorization signature information of a target user, generates an authorization signature value and sends the authorization signature value to the identity authentication service device;
the identity authentication service device checks the authorization signature value, sends a user authorization result to the personal data management device, and also sends the authorization signature value to the personal data management device if the authorization signature value passes the check;
the personal data management device is used for managing personal data, wherein the personal data management device is used for managing personal data, and the personal data management device is used for managing personal data and managing personal data.
2. The method for automatically streaming personal data across a network application of claim 1, wherein:
the authorization data includes at least one of the following types of data: information of an authorization behavior generation application, information of a personal data sender application, information of a personal data receiver application, information of an authorization validity period, information of circulation data, and signature information.
3. The method for automatically streaming personal data across a network application according to claim 2, wherein:
the authentication service device determining filling limits of all authorization parameters in the authorization data according to an authorization scene comprises the following steps: and determining whether various types of data in the authorization data can be blank data according to the authorization scene.
4. The method for automatically streaming personal data across a network application according to claim 3, wherein:
if the target user directly authorizes the personal data sender application program to automatically circulate personal data, the information of the personal data receiver application program can be left blank.
5. The method for automatically streaming personal data across a network application according to claim 3, wherein:
if the target user authorizes the personal data sender application program to automatically flow personal data to the personal data receiver application program, the authorization behavior generation application program and the personal data sender application program are the same network application program, the personal data receiver application program is another network application program, and the information of the personal data receiver application program is indispensable.
6. The method for automatically streaming personal data across a network application according to claim 3, wherein:
if the target user authorizes the personal data management device and authorizes the personal data sender application program to automatically transfer personal data to the personal data receiver application program, the authorization behavior generation application program is the personal data management device, and the personal data sender application program is different from the personal data receiver application program.
7. The automatic cross-web application circulation method of personal data according to any one of claims 1 to 6, wherein:
after the identity authentication service device determines filling limits of all authorization parameters in the authorization data according to an authorization scene:
the first network application program sends request information for acquiring personal data to a second network application program, the second network application program sends a second network identification of a target user in the second network application program to the identity authentication service device, the identity authentication service device converts the second network identification into a third network identification of the target user on the personal data management device, the third network identification is sent to the personal data management device, and meanwhile, request information for inquiring whether a personal data transfer authorization record exists or not is sent;
after the personal data management device returns the query result to the identity authentication service device, the identity authentication service device returns user authorization result information to the second network application program;
the second network application program sends network identification conversion request information to the identity authentication service device, the identity authentication service device converts the second network identification into a first network identification of the target user in the first network application program and then sends the first network identification to the first network application program, and the second network application program sends personal data of authorization circulation to the first network application program.
8. The method for automatically streaming personal data across a network application of claim 7, wherein:
after the personal data management device inquires whether the request information of the personal data transfer authorization record exists, the personal data management device inquires whether the second network application program has the personal data transfer right aiming at the target user or can automatically carry out the personal data transfer right aiming at the target user according to the received request information.
9. The system is characterized by comprising a personal data management device, an identity authentication service device and a digital identity carrier device;
the personal data management device is used for receiving the authorization request information of personal data automatic circulation and sending the electronic signature authorization request information to the identity authentication service device;
the identity authentication service device sends request information for carrying out electronic signature to the digital identity carrier device, the digital identity carrier device obtains authorization signature information of a target user, generates an authorization signature value and sends the authorization signature value to the identity authentication service device;
the identity authentication service device checks the authorization signature value, sends a user authorization result to the personal data management device, and also sends the authorization signature value to the personal data management device if the authorization signature value passes the check;
the personal data management device is used for managing personal data, wherein the personal data management device is used for managing personal data, and the personal data management device is used for managing personal data and managing personal data.
10. The automated cross-web application circulation system for personal data of claim 9, wherein:
the authorization data includes at least one of the following types of data: information of an authorization behavior generation application, information of a personal data sender application, information of a personal data receiver application, information of an authorization validity period, information of circulation data, and signature information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310574682.6A CN116595495A (en) | 2023-05-19 | 2023-05-19 | Automatic transfer method and system for personal data cross-network application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310574682.6A CN116595495A (en) | 2023-05-19 | 2023-05-19 | Automatic transfer method and system for personal data cross-network application program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116595495A true CN116595495A (en) | 2023-08-15 |
Family
ID=87595164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310574682.6A Withdrawn CN116595495A (en) | 2023-05-19 | 2023-05-19 | Automatic transfer method and system for personal data cross-network application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116595495A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117056983A (en) * | 2023-10-13 | 2023-11-14 | 中国移动紫金(江苏)创新研究院有限公司 | Multistage controllable data sharing authorization method, device and blockchain system |
-
2023
- 2023-05-19 CN CN202310574682.6A patent/CN116595495A/en not_active Withdrawn
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117056983A (en) * | 2023-10-13 | 2023-11-14 | 中国移动紫金(江苏)创新研究院有限公司 | Multistage controllable data sharing authorization method, device and blockchain system |
| CN117056983B (en) * | 2023-10-13 | 2024-01-02 | 中国移动紫金(江苏)创新研究院有限公司 | Multistage controllable data sharing authorization method, device and blockchain system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9185104B2 (en) | Method and apparatus for communication, and method and apparatus for controlling communication | |
| CN100580610C (en) | Security link management method in dynamic networks | |
| US8332919B2 (en) | Distributed authentication system and distributed authentication method | |
| US7774611B2 (en) | Enforcing file authorization access | |
| EP3297243B1 (en) | Trusted login method and device | |
| US9025769B2 (en) | Method of registering smart phone when accessing security authentication device and method of granting access permission to registered smart phone | |
| CN102739664B (en) | Improve the method and apparatus of safety of network ID authentication | |
| EP2879421B1 (en) | Terminal identity verification and service authentication method, system, and terminal | |
| US20040186880A1 (en) | Management apparatus, terminal apparatus, and management system | |
| KR101451359B1 (en) | User account recovery | |
| US20110167263A1 (en) | Wireless connections to a wireless access point | |
| DK2924944T3 (en) | Presence authentication | |
| US10615974B2 (en) | Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor | |
| CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
| US11848926B2 (en) | Network authentication | |
| US10951510B2 (en) | Communication device and communication method | |
| CN116595495A (en) | Automatic transfer method and system for personal data cross-network application program | |
| KR101273285B1 (en) | Authentification agent and method for authentificating online service and system thereof | |
| US7389418B2 (en) | Method of and system for controlling access to contents provided by a contents supplier | |
| KR102372503B1 (en) | Method for providing authentification service by using decentralized identity and server using the same | |
| US10615975B2 (en) | Security authentication method for generating secure key by combining authentication elements of multi-users | |
| KR102278808B1 (en) | System for single packet authentication using tcp packet and method thereof | |
| CN114389890B (en) | User request proxy method, server and storage medium | |
| CN114548035A (en) | Document online preview method, device and equipment | |
| KR20170070379A (en) | cryptograpic communication method and system based on USIM card of mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20230815 |