TW201812673A - System and method for authorized query on proof of assets - Google Patents
System and method for authorized query on proof of assets Download PDFInfo
- Publication number
- TW201812673A TW201812673A TW106137280A TW106137280A TW201812673A TW 201812673 A TW201812673 A TW 201812673A TW 106137280 A TW106137280 A TW 106137280A TW 106137280 A TW106137280 A TW 106137280A TW 201812673 A TW201812673 A TW 201812673A
- Authority
- TW
- Taiwan
- Prior art keywords
- certificate
- asset
- authorization
- data
- owner
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
Description
本發明涉及資訊傳輸領域,尤其涉及一種資產證明授權查詢方法與系統。The invention relates to the field of information transmission, in particular to a method and system for querying asset certificate authorization.
現有技術中,資產所有權者通常需要到各個銀行或者相關機構查詢所需資料,並且查詢到的資料將由所述資產所有權者提供給資料需求方,這樣,不僅資產所有權者進行線下收集資料的步驟繁複,且由於所述查詢到的資料不是由資料提供方直接提供給所述資料需求方,將導致資料有被篡改的風險,使所述資料需求方無法得到想要的資料。In the prior art, asset owners usually need to go to various banks or related institutions to inquire the required information, and the inquired information will be provided by the asset owner to the data demander. In this way, not only the asset owner performs the offline data collection step It is complicated, and because the inquired data is not directly provided by the data provider to the data demander, there will be a risk that the data will be tampered, and the data demander will not be able to obtain the desired data.
鑒於以上內容,有必要提供一種資產證明授權查詢方法與系統,以實現資料傳輸的自動化,同時有效降低資料被篡改的風險。In view of the above, it is necessary to provide a method and system for asset certificate authorization inquiry to realize the automation of data transmission and effectively reduce the risk of data tampering.
一種資產證明授權查詢系統,應用於資料提供方,所述資產證明授權查詢系統與資產所有權者及資料需求方相通信,所述資產證明授權查詢系統包括:第一資產證明產生模組,用於在收到所述資產所有權者發送的資產證明申請請求,且所述資產所有權者的身份通過認證後,根據所述資產所有權者在所述資料提供方進行管理的資產生成包含所述資料提供方數位憑證簽章的資產證明,且以所述資產所有權者的身份授權證明擁有者的公鑰對所述資產證明進行加密;所述第一資產證明產生模組,還用於對加密的資產證明加入查詢條件;第一授權證明產生模組,用於根據所述資產證明申請請求,生成第一授權證明;第一發送模組,用於將所述第一授權證明及加入查詢條件後的加密的資產證明發送至所述資料提供方的資產證明資料庫;所述第一發送模組,還用於將所述第一授權證明發送至所述資產所有權者以使所述資產所有權者將所述第一授權證明提供給所述資料需求方;第一接收模組,用於接收所述資產所有權者及/或所述資料需求方提供的授權證明及查詢條件;第一認證模組,用於根據所述第一授權證明及加入查詢條件後的加密的資產證明,認證所述資產所有權者及/或所述資料需求方提供的授權證明及查詢條件是否有效;第一資產證明運算模組,用於當所述資產所有權者及/或所述資料需求方提供的授權證明及查詢條件有效時,根據所述資產所有權者及/或所述資料需求方提供的授權證明,運算出所述資產所有權者及/或所述資料需求方所需的資產證明;第一資產證明查詢模組,用於從所述資料提供方的資產證明資料庫或與所述資料提供方的資產證明資料庫相通信的關聯資產證明資料庫中獲取運算出的資產證明;所述第一發送模組,還用於將獲取到的資產證明發送給所述資產所有權者及/或所述資料需求方以使所述資產所有權者及/或所述資料需求方以所述授權證明擁有者的私鑰對所述獲取到的資產證明進行解密。An asset certificate authorization inquiry system is applied to a data provider. The asset certificate authorization inquiry system communicates with asset owners and data demanders. The asset certificate authorization inquiry system includes a first asset certificate generation module for: After receiving the asset certification application request sent by the asset owner, and the identity of the asset owner is authenticated, the asset provider includes the data provider according to the assets managed by the asset owner at the data provider Digital certificate signed asset certificate, and using the identity of the asset owner to authorize the owner ’s public key to encrypt the asset certificate; the first asset certificate generating module is also used to encrypt the asset certificate Add query conditions; a first authorization certificate generation module is used to generate a first authorization certificate according to the asset certificate application request; a first sending module is used to encrypt the first authorization certificate and the encrypted query conditions Send the asset certificate to the asset certificate database of the data provider; the first sending module also uses Sending the first authorization certificate to the asset owner so that the asset owner provides the first authorization certificate to the data demander; a first receiving module for receiving the asset owner And / or authorization certificate and query conditions provided by the data demander; a first authentication module for authenticating the owner of the asset and / or the encrypted asset certificate after adding the query conditions and / Or whether the authorization certificate and query conditions provided by the data requester are valid; the first asset certificate operation module is used when the authorization certificate and query conditions provided by the asset owner and / or the data requester are valid, Calculate the asset certificate required by the asset owner and / or the data demander according to the authorization certificate provided by the asset owner and / or the data demander; a first asset certificate query module for Obtain the calculated data from the asset certificate database of the data provider or the associated asset certificate database that communicates with the asset certificate database of the data provider Asset certificate; the first sending module is further configured to send the acquired asset certificate to the asset owner and / or the data demander so that the asset owner and / or the data demander Decrypting the acquired asset certificate with the private key of the authorization proof owner.
一種資產證明授權查詢方法,該方法包括:第一資產證明產生步驟,在收到所述資產所有權者發送的資產證明申請請求,且所述資產所有權者的身份通過認證後,根據所述資產所有權者在所述資料提供方進行管理的資產生成包含所述資料提供方數位憑證簽章的資產證明,且以所述資產所有權者的身份授權證明擁有者的公鑰對所述資產證明進行加密;所述第一資產證明產生步驟,對加密的資產證明加入查詢條件;第一授權證明產生步驟,根據所述資產證明申請請求,生成第一授權證明;第一發送步驟,將所述第一授權證明及加入查詢條件後的加密的資產證明發送至所述資料提供方的資產證明資料庫;所述第一發送步驟,將所述第一授權證明發送至所述資產所有權者以使所述資產所有權者將所述第一授權證明提供給所述資料需求方;第一接收步驟,接收所述資產所有權者及/或所述資料需求方提供的授權證明及查詢條件;第一認證步驟,根據所述第一授權證明及加入查詢條件後的加密的資產證明,認證所述資產所有權者及/或所述資料需求方提供的授權證明及查詢條件是否有效;第一資產證明運算步驟,當所述資產所有權者及/或所述資料需求方提供的授權證明及查詢條件有效時,根據所述資產所有權者及/或所述資料需求方提供的授權證明,運算出所述資產所有權者及/或所述資料需求方所需的資產證明;第一資產證明查詢步驟,從所述資料提供方的資產證明資料庫或與所述資料提供方的資產證明資料庫相通信的關聯資產證明資料庫中獲取運算出的資產證明;所述第一發送步驟,將獲取到的資產證明發送給所述資產所有權者及/或所述資料需求方以使所述資產所有權者及/或所述資料需求方以所述授權證明擁有者的私鑰對所述獲取到的資產證明進行解密。An asset certificate authorization inquiry method, the method includes: a first asset certificate generating step, after receiving an asset certificate application request sent by the asset owner, and after the identity of the asset owner is authenticated, according to the asset ownership The asset managed by the developer on the data provider generates an asset certificate including the digital certificate signature of the data provider, and authorizes the certificate owner's public key to encrypt the asset certificate with the identity of the asset owner; The first asset certificate generation step adds query conditions to the encrypted asset certificate; the first authorization certificate generation step generates a first authorization certificate according to the asset certificate application request; the first sending step authorizes the first authorization The certificate and the encrypted asset certificate after adding the query conditions are sent to the asset certificate database of the data provider; the first sending step sends the first authorization certificate to the asset owner to make the asset The owner provides the first authorization certificate to the data demander; a first receiving step, Authorization certificate and query conditions provided by the asset owner and / or the data demander; a first authentication step of authenticating the asset owner according to the first authorization certificate and the encrypted asset certificate after adding the query condition And / or whether the authorization certificate and query conditions provided by the data requester are valid; the first asset certificate calculation step, when the authorization certificate and query conditions provided by the asset owner and / or the data requester are valid, according to The authorization certificate provided by the asset owner and / or the data demander calculates the asset certificate required by the asset owner and / or the data demander; the first asset certificate query step is based on the data Obtain the calculated asset certificate from the asset certificate database of the provider or the associated asset certificate database that communicates with the asset certificate database of the data provider; the first sending step sends the acquired asset certificate to The asset owner and / or the data demander causes the asset owner and / or the data demander to use the grant The owner of the private key proof of the acquired assets prove to decrypt.
相較於現有技術,本發明提供的資產證明授權查詢方法與系統,可以提供一種更加方便、更有效率、更加真實,且更加自動化的資料傳輸方法,使資料傳輸更加智能化。Compared with the prior art, the asset certificate authorization query method and system provided by the present invention can provide a more convenient, more efficient, more authentic, and more automated data transmission method to make data transmission more intelligent.
參閱圖1所示,是本發明資產證明授權查詢方法的較佳實施方式的應用環境示意圖。在本實施例中,所述資產證明授權查詢系統10應用於資料提供方11,所述資料提供方11分別與資產所有權者2及資料需求方3相通信。Refer to FIG. 1, which is a schematic diagram of an application environment of a preferred embodiment of an asset certificate authorization query method according to the present invention. In this embodiment, the asset certificate authorization inquiry system 10 is applied to a data provider 11, and the data provider 11 communicates with the asset owner 2 and the data demander 3 respectively.
在本實施例中,所述資料提供方11用於管理所述資產所有權者2的資產,本發明對所述資料提供方11的身份不做限制。In this embodiment, the data provider 11 is used to manage the assets of the asset owner 2, and the present invention does not limit the identity of the data provider 11.
在本實施例中,所述資產所有權者2是擁有資產的一方,所述資產所有權者2也可以查詢資產證明。In this embodiment, the asset owner 2 is the party who owns the asset, and the asset owner 2 may also query the asset certificate.
在本實施例中,所述資料需求方3是需要查詢資產證明的一方。In this embodiment, the data demander 3 is a party that needs to query asset certificates.
在本實施例中,所述資料提供方11用於根據所述資產所有權者2在所述資料提供方11進行管理的資產生成資產證明,以供所述資產所有權者2及/或所述資料需求方3進行查詢。In this embodiment, the data provider 11 is configured to generate an asset certificate based on an asset managed by the asset owner 2 at the data provider 11 for the asset owner 2 and / or the data Demand side 3 makes an inquiry.
在本實施例中,所述資料提供方11對應一個資產證明資料庫13,所述資產所有權者2對應一個資產證明資料庫23,所述資料需求方3對應一個資產證明資料庫33,所述資料提供方11的資產證明資料庫13、所述資產所有權者2的資產證明資料庫23及所述資料需求方3的資產證明資料庫33互相通信,且所述資料提供方11的資產證明資料庫13、所述資產所有權者2的資產證明資料庫23及所述資料需求方3的資產證明資料庫33是分散式同步的機制,所述資料提供方11的資產證明資料庫13用於儲存所述第一授權證明及加入查詢條件後的加密的資產證明,並將所述第一授權證明及加入查詢條件後的加密的資產證明同步存儲於所述資產所有權者2的資產證明資料庫23及所述資料需求方3的資產證明資料庫33。In this embodiment, the data provider 11 corresponds to an asset certification database 13, the asset owner 2 corresponds to an asset certification database 23, and the data demander 3 corresponds to an asset certification database 33. The asset certificate database 13 of the data provider 11, the asset certificate database 23 of the asset owner 2 and the asset certificate database 33 of the data demander 3 communicate with each other, and the asset certificate data of the data provider 11 The database 13, the asset certification database 23 of the asset owner 2 and the asset certification database 33 of the data demander 3 are a decentralized synchronization mechanism, and the asset certification database 13 of the data provider 11 is used for storage The first authorization certificate and the encrypted asset certificate after adding the query condition, and storing the first authorization certificate and the encrypted asset certificate after adding the query condition in the asset certificate database 23 of the asset owner 2 And the asset certificate database 33 of the data demander 3.
在本實施例中,所述資產證明授權查詢系統10可以運行於計算機裝置中,該計算機裝置是一種能够按照事先設定或儲存的指令,自動進行數值計算和/或信息處理的設備,其硬體包括但不限於微處理器、專用集成電路(Application Specific Integrated Circuit,ASIC)、可編程門陣列(Field-Programmable Gate Array,FPGA)、數字處理器(Digital Signal Processor,DSP)、嵌入式設備等。所述計算機裝置包括但不限於單個網路伺服器、多個網路伺服器組成的伺服器組或基於雲計算(Cloud Computing)的由大量主機或網路伺服器構成的雲。In this embodiment, the asset certificate authorization inquiry system 10 may be run in a computer device, which is a device capable of automatically performing numerical calculation and / or information processing according to an instruction set or stored in advance. These include, but are not limited to, microprocessors, application specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), digital signal processors (DSPs), and embedded devices. The computer device includes, but is not limited to, a single network server, a server group composed of multiple network servers, or a cloud composed of a large number of hosts or network servers based on Cloud Computing.
參閱圖2所示,是本發明資產證明授權查詢系統的第一較佳實施方式的功能模塊圖。在本實施方式中,所述資產證明授權查詢系統10可以被分割成一個或多個模組。例如,所述資產證明授權查詢系統10被分割成第一資產證明產生模組101、第一授權證明產生模組102、第一發送模組103、第一接收模組104、第一認證模組105、第一資產證明運算模組106及第一資產證明查詢模組107。關於各模組的詳細功能將在後文圖3中作具體描述。Refer to FIG. 2, which is a functional block diagram of a first preferred embodiment of the asset certificate authorization query system of the present invention. In this embodiment, the asset certificate authorization inquiry system 10 may be divided into one or more modules. For example, the asset certificate authorization inquiry system 10 is divided into a first asset certificate generation module 101, a first authorization certificate generation module 102, a first sending module 103, a first receiving module 104, and a first authentication module. 105. The first asset certificate calculation module 106 and the first asset certificate query module 107. The detailed functions of each module will be described in detail in FIG. 3 later.
參閱圖3所示,是本發明資產證明授權查詢方法的第一較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。Refer to FIG. 3, which is a flowchart of a first preferred embodiment of an inquiry method for asset certificate authorization according to the present invention. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted or combined.
步驟S10,第一資產證明產生模組101在收到所述資產所有權者2發送的資產證明申請請求,且所述資產所有權者2的身份通過認證後,根據所述資產所有權者2在所述資料提供方11進行管理的資產生成包含所述資料提供方11數位憑證簽章的資產證明,且以所述資產所有權者2的身份授權證明擁有者的公鑰對所述資產證明進行加密。In step S10, the first asset certificate generation module 101 receives the asset certificate application request sent by the asset owner 2 and the identity of the asset owner 2 is authenticated, and then the The asset managed by the data provider 11 generates an asset certificate including the digital certificate signed by the data provider 11 and encrypts the asset certificate by using the public key of the asset owner 2 to authorize the owner of the certificate.
在本實施例中,在所述第一資產證明產生模組101根據所述資產所有權者2在所述資料提供方11進行管理的資產生成包含所述資料提供方11數位憑證簽章的資產證明之前,第一接收模組104接收所述資產所有權者2發送的資產證明申請請求。In this embodiment, the first asset certificate generating module 101 generates an asset certificate including the digital certificate signature of the data provider 11 according to the assets managed by the data owner 2 at the data provider 11. Previously, the first receiving module 104 received the asset certification application request sent by the asset owner 2.
在本實施例中,所述資產證明申請請求包括,但不限於以下一種或者多種的組合:In this embodiment, the asset certificate application request includes, but is not limited to, one or more of the following combinations:
所述資產所有權者2的身份證明、所述資產所有權者2的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。The identity certificate of the asset owner 2, the name of the asset owner 2, the identity certificate of the data demander 3, the name of the data demander 3, the authorization scope conditions, and the like.
在本實施例中,在所述第一資產證明產生模組101根據所述資產所有權者2在所述資料提供方11進行管理的資產生成包含所述資料提供方11數位憑證簽章的資產證明之前,第一接收模組104還用於:接收認證中心發送的所述資產所有權者2的身份通過認證的認證信息,根據所述認證信息確定所述資產所有權者2的身份通過認證。In this embodiment, the first asset certificate generating module 101 generates an asset certificate including the digital certificate signature of the data provider 11 according to the assets managed by the data owner 2 at the data provider 11. Before, the first receiving module 104 is further configured to receive authentication information that the identity of the asset owner 2 is authenticated and send the authentication center, and determine that the identity of the asset owner 2 is authenticated according to the authentication information.
在本實施例中,所述認證中心在確定所述資產所有權者2的身份通過認證後,為所述資產所有權者2生成一個授權證明擁有者的身份,並為所述授權證明擁有者生成一組公鑰及私鑰,以供後續對生成的資產證明進行加密及解密操作。In this embodiment, after determining that the identity of the asset owner 2 is authenticated, the authentication center generates an identity of the authorization certificate owner for the asset owner 2 and generates a Group public and private keys for subsequent encryption and decryption of the generated asset certificate.
在本實施例中,所述資產所有權者2將所述授權證明擁有者的公鑰及所述授權證明擁有者的私鑰提供給所述資料需求方3。In this embodiment, the asset owner 2 provides a public key of the authorization certificate owner and a private key of the authorization certificate owner to the data demander 3.
在本實施例中,所述認證中心是一種對所述資產所有權者2的身份提供認證的機制,所述認證中心包括,但不限於以下一項或者多項的組合:In this embodiment, the authentication center is a mechanism that provides authentication for the identity of the asset owner 2. The authentication center includes, but is not limited to, one or more of the following combinations:
所述資料提供方11的認證中心、與所述資料提供方11相通信的認證中心等。A certification center of the data provider 11, a certification center in communication with the data provider 11, and the like.
在本實施例中,所述資產的類型包括,但不限於以下一項或者多項的組合:In this embodiment, the type of the asset includes, but is not limited to, one or more of the following combinations:
銀行存款、外幣、股票、債券、基金等。Bank deposits, foreign currencies, stocks, bonds, funds, etc.
在本實施例中,所述資產證明包括,但不限於以下一項或者多項的組合:In this embodiment, the asset certificate includes, but is not limited to, one or more of the following combinations:
交易日期、交易明細、交易總額、帳戶餘額及幣別等。Transaction date, transaction details, transaction total, account balance, currency, etc.
在本實施例中,所述生成的資產證明以所述資料提供方11的數位憑證簽章進行簽章,以證明所述生成的資產證明是由所述資料提供方11產生。In this embodiment, the generated asset certificate is signed with the digital certificate signature of the data provider 11 to prove that the generated asset certificate is generated by the data provider 11.
步驟S11,所述第一資產證明產生模組101對加密的資產證明加入查詢條件。In step S11, the first asset certificate generating module 101 adds a query condition to the encrypted asset certificate.
在本實施例中,所述查詢條件包括,但不限於以下一項或者多項的組合:In this embodiment, the query condition includes, but is not limited to, one or more of the following combinations:
查詢密碼、身份證明、可查詢時間、可查詢內容等。Query password, identity certificate, query time, query content, etc.
步驟S12,第一授權證明產生模組102根據所述資產證明申請請求,生成第一授權證明。In step S12, the first authorization certificate generation module 102 generates a first authorization certificate according to the asset certificate application request.
在本實施例中,所述第一授權證明產生模組102根據所述資產證明申請請求確定授權範圍,並根據所述授權範圍以哈希方式生成所述第一授權證明。In this embodiment, the first authorization certificate generation module 102 determines an authorization range according to the asset certificate application request, and generates the first authorization certificate in a hash manner according to the authorization range.
需要說明的是,所述哈希方式是一種單向密碼體制,也就是說,通過所述哈希方式加密是一種從明文到密文的不可逆映射,只包含加密過程,而沒有解密過程。這樣,通過所述哈希方式生成所述第一授權證明,將會更加安全可靠,有效降低被篡改的風險。It should be noted that the hash method is a one-way cryptosystem, that is, the encryption by the hash method is an irreversible mapping from plain text to cipher text, which only includes an encryption process and no decryption process. In this way, generating the first authorization certificate by using the hash method will be more secure and reliable, and effectively reduce the risk of being tampered with.
在本實施例中,所述第一授權證明包括,但不限於以下一項或者多項的組合:In this embodiment, the first authorization certificate includes, but is not limited to, one or more of the following combinations:
所述資料所有權者2的身份證明、所述資料所有權者2的名稱、所述資料提供方11的身份證明、所述資料提供方11的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。The identity certificate of the data owner 2, the name of the data owner 2, the identity certificate of the data provider 11, the name of the data provider 11, the identity certificate of the data requester 3, the Name of data acquirer 3, authorization scope conditions, etc.
在本實施例中,所述授權範圍條件包括,但不限於以下一種或者多種的組合:In this embodiment, the authorization scope condition includes, but is not limited to, one or more of the following combinations:
有效期間、查詢的最大次數、查詢科目的時間點、查詢科目等。Validity period, maximum number of inquiries, time point of inquiry subject, inquiry subject, etc.
步驟S13,第一發送模組103將所述第一授權證明及加入查詢條件後的加密的資產證明發送至所述資料提供方11的資產證明資料庫13。In step S13, the first sending module 103 sends the first authorization certificate and the encrypted asset certificate after adding the query conditions to the asset certificate database 13 of the data provider 11.
在本實施例中,所述資產證明資料庫13的存儲機制將所述第一授權證明及加入查詢條件後的加密的資產證明同步存儲於所述資產所有權者2的資產證明資料庫23及所述資料需求方3的資產證明資料庫33中,這樣,所述資產所有權者2或者所述資料需求方3可以到任意一個相通信的資產證明資料庫中進行資產證明的查詢。In this embodiment, the storage mechanism of the asset certificate database 13 stores the first authorization certificate and the encrypted asset certificate after adding the query conditions in the asset certificate database 23 and the asset owner 2 In the asset certificate database 33 of the data demander 3, in this way, the asset owner 2 or the data demander 3 can query the asset certificate in any of the asset certificate databases that are in communication.
步驟S14,所述第一發送模組103將所述第一授權證明發送至所述資產所有權者2以使所述資產所有權者2將所述第一授權證明提供給所述資料需求方3。In step S14, the first sending module 103 sends the first authorization certificate to the asset owner 2 so that the asset owner 2 provides the first authorization certificate to the data demander 3.
在本實施例中,在所述第一發送模組103將所述第一授權證明發送至所述資產所有權者2後,所述資產所有權者2將所述第一授權證明提供給所述資料需求方3,這樣,所述資產所有權者2及所述資料需求方3均可以將所述第一授權證明作為憑證以查詢所述生成的資產證明。In this embodiment, after the first sending module 103 sends the first authorization certificate to the asset owner 2, the asset owner 2 provides the first authorization certificate to the data The demander 3, so that both the asset owner 2 and the data demander 3 can use the first authorization certificate as a voucher to query the generated asset certificate.
在本實施例中,對於所述資產所有權者2將所述第一授權證明提供給所述資料需求方3的方式不做限制。例如:所述資產所有權者2可以採用郵件、社交軟件、電子文件等方式將所述第一授權證明提供給所述資料需求方3。In this embodiment, the manner in which the asset owner 2 provides the first authorization certificate to the data demander 3 is not limited. For example, the asset owner 2 may provide the first authorization certificate to the data demander 3 by using email, social software, electronic files, and the like.
步驟S15,第一接收模組104接收所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件。In step S15, the first receiving module 104 receives the authorization certificate and query conditions provided by the asset owner 2 and / or the data demander 3.
步驟S16,第一認證模組105根據所述第一授權證明及加入查詢條件後的加密的資產證明,認證所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件是否有效。Step S16, the first authentication module 105 authenticates the authorization certificate and query conditions provided by the asset owner 2 and / or the data demander 3 according to the first authorization certificate and the encrypted asset certificate after adding the query conditions. is it effective.
在本實施例中,所述第一認證模組105根據所述第一授權證明及加入查詢條件後的加密的資產證明,認證所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件是否有效包括:所述第一認證模組105將所述資產所有權者2及/或所述資料需求方3提供的授權證明與所述第一授權證明進行匹配,並將所述資產所有權者2及/或所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件進行匹配。In this embodiment, the first authentication module 105 authenticates the asset owner 2 and / or the data demander 3 according to the first authorization certificate and the encrypted asset certificate after adding the query conditions. Whether the authorization certificate and the query conditions are valid include: the first authentication module 105 matches the authorization certificate provided by the asset owner 2 and / or the data demander 3 with the first authorization certificate, and The query conditions provided by the asset owner 2 and / or the data demander 3 are matched with the query conditions previously added to the generated asset certificate.
在本實施例中,認證的結果包括:In this embodiment, the authentication result includes:
(1)當所述資產所有權者2及/或所述資料需求方3提供的授權證明與所述第一授權證明都匹配,並且所述資產所有權者2及/或所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件也都匹配時,所述第一認證模組105確認所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件有效。(1) When the authorization certificate provided by the asset owner 2 and / or the data demander 3 matches the first authorization certificate, and the asset owner 2 and / or the data requester 3 provide When both the search conditions and the search conditions added in advance to the generated asset certificate also match, the first authentication module 105 confirms the authorization certificate provided by the asset owner 2 and / or the data demander 3 and The query condition is valid.
(2)當所述資產所有權者2及/或所述資料需求方3提供的授權證明與所述第一授權證明都匹配,但是所述資產所有權者2及/或所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件不都匹配時,所述第一認證模組105確認所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件無效。(2) When the authorization certificate provided by the asset owner 2 and / or the data demander 3 matches the first authorization certificate, but provided by the asset owner 2 and / or the data requester 3 When the query conditions of and the query conditions previously added to the generated asset certificate do not match, the first authentication module 105 confirms the authorization certificate provided by the asset owner 2 and / or the data demander 3 and The query condition is invalid.
(3)當所述資產所有權者2及/或所述資料需求方3提供的授權證明與所述第一授權證明不都匹配,但是所述資產所有權者2及/或所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件都匹配時,所述第一認證模組105確認所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件無效。(3) When the authorization certificate provided by the asset owner 2 and / or the data demander 3 does not all match the first authorization certificate, but the asset owner 2 and / or the data requester 3 do not match When the provided search conditions match the search conditions previously added to the generated asset certificate, the first authentication module 105 confirms the authorization certificate provided by the asset owner 2 and / or the data demander 3 and The query condition is invalid.
(4)當所述資產所有權者2及/或所述資料需求方3提供的授權證明與所述第一授權證明不都匹配,並且所述資產所有權者2及/或所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件也不都匹配時,所述第一認證模組105確認所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件無效。(4) When the authorization certificate provided by the asset owner 2 and / or the data demander 3 does not match the first authorization certificate, and the asset owner 2 and / or the data requester 3 do not match When the provided search conditions do not match the search conditions previously added to the generated asset certificate, the first authentication module 105 confirms the authorization provided by the asset owner 2 and / or the data demander 3 The certification and inquiry conditions are invalid.
步驟S17,當所述資產所有權者2及/或所述資料需求方3提供的授權證明及查詢條件有效時,第一資產證明運算模組106根據所述資產所有權者2及/或所述資料需求方3提供的授權證明,運算出所述資產所有權者2及/或所述資料需求方3所需的資產證明。Step S17, when the authorization certificate and the query conditions provided by the asset owner 2 and / or the data demander 3 are valid, the first asset certification operation module 106 is based on the asset owner 2 and / or the data The authorization certificate provided by the demander 3 calculates the asset certificate required by the asset owner 2 and / or the data demander 3.
在本實施例中,運算出的資產證明就是存儲於所述資料提供方11的資產證明資料庫13或與所述資料提供方11的資產證明資料庫13相通信的關聯資產證明資料庫中的所述加入查詢條件後的加密的資產證明。In this embodiment, the calculated asset certificate is stored in the asset certificate database 13 of the data provider 11 or the associated asset certificate database in communication with the asset certificate database 13 of the data provider 11 The encrypted asset certificate after adding the query condition.
步驟S18,第一資產證明查詢模組107從所述資料提供方11的資產證明資料庫13或與所述資料提供方11的資產證明資料庫13相通信的關聯資產證明資料庫中獲取運算出的資產證明。In step S18, the first asset certification query module 107 obtains an operation from the asset certification database 13 of the data provider 11 or the associated asset certification database that communicates with the asset certification database 13 of the data provider 11. Proof of assets.
在本實施例中,所述資產所有權者2及所述資料需求方3可以是會員或者是非會員。In this embodiment, the asset owner 2 and the data demander 3 may be members or non-members.
具體地,當所述資產所有權者2及所述資料需求方3是會員時,所述資產所有權者2及所述資料需求方3可以在所述資料提供方11的資產證明資料庫13或與所述資料提供方11的資產證明資料庫13相通信的任意關聯資產證明資料庫中獲取運算出的資產證明。但是,當所述資產所有權者2及所述資料需求方3是非會員時,所述資產所有權者2及所述資料需求方3可以通過屬於會員的節點(如:所述資料提供方11的所述第一資產證明查詢模組107)連接到對應的資產證明資料庫中獲取運算出的資產證明。Specifically, when the asset owner 2 and the data demander 3 are members, the asset owner 2 and the data demander 3 may be in the asset certification database 13 of the data provider 11 or with The calculated asset certificate is obtained from any associated asset certificate database communicated with the asset certificate database 13 of the data provider 11. However, when the asset owner 2 and the data demander 3 are non-members, the asset owner 2 and the data demander 3 may pass through a node belonging to the member (such as the data provider 11 The first asset certificate query module 107) is connected to a corresponding asset certificate database to obtain a calculated asset certificate.
在本實施例中,所述關聯資產證明資料庫包括,但不限於以下一種或者多種的組合:所述資產所有權者2的資產證明資料庫23、所述資料需求方3的資產證明資料庫33等。In this embodiment, the related asset certificate database includes, but is not limited to, one or more of the following: the asset certificate database 23 of the asset owner 2 and the asset certificate database 33 of the data demander 3 Wait.
步驟S19,所述第一發送模組103將獲取到的資產證明發送給所述資產所有權者2及/或所述資料需求方3以使所述資產所有權者2及/或所述資料需求方3以所述授權證明擁有者的私鑰對所述獲取到的資產證明進行解密。Step S19, the first sending module 103 sends the acquired asset certificate to the asset owner 2 and / or the data demander 3 so that the asset owner 2 and / or the data demander 3 3 Decrypt the acquired asset certificate with the private key of the authorization certificate owner.
在本實施例中,在所述第一發送模組103將獲取到的資產證明發送給所述資產所有權者2及/或所述資料需求方3後,所述資產所有權者2及/或所述資料需求方3以所述授權證明擁有者的私鑰對所述獲取到的資產證明進行解密,並以所述資料提供方11的數位憑證簽章對所述獲取到的資產證明進行驗證,確認所述獲取到的資產證明是否為所述資料提供方11所產生。In this embodiment, after the first sending module 103 sends the acquired asset certificate to the asset owner 2 and / or the data demander 3, the asset owner 2 and / or The data requester 3 decrypts the acquired asset certificate with the private key of the authorized certificate owner, and verifies the acquired asset certificate with the digital certificate signature of the data provider 11, It is confirmed whether the acquired asset certificate is generated by the data provider 11.
在本實施例中,所述資產證明授權查詢系統10的實施方式還包括:以區塊鏈的方式實施,所述資產證明授權查詢系統10產生一個區塊於區塊鏈上,所述區塊的擁有者為所述資產所有權者2,所述區塊的區塊位址為所述第一授權證明。In this embodiment, the implementation of the asset certificate authorization query system 10 further includes: implementing in a blockchain manner, the asset certificate authorization query system 10 generates a block on the blockchain, and the block The owner of is the asset owner 2, and the block address of the block is the first authorization certificate.
參閱圖4所示,是本發明資產證明授權查詢系統的第二較佳實施方式的功能模塊圖。在本實施方式中,所述資產證明授權查詢系統10可以被分割成一個或多個模組。例如,所述資產證明授權查詢系統10被分割成第二接收模組201、第二認證模組202、第二資產證明產生模組203、第二授權證明產生模組204、第二發送模組205、第二資產證明運算模組206及第二資產證明查詢模組207。關於各模組的詳細功能將在後文圖5中作具體描述。Refer to FIG. 4, which is a functional block diagram of a second preferred embodiment of the asset certificate authorization query system of the present invention. In this embodiment, the asset certificate authorization inquiry system 10 may be divided into one or more modules. For example, the asset certificate authorization inquiry system 10 is divided into a second receiving module 201, a second authentication module 202, a second asset certificate generating module 203, a second authorization certificate generating module 204, and a second sending module. 205. The second asset certificate calculation module 206 and the second asset certificate query module 207. The detailed functions of each module will be described in detail in FIG. 5 later.
參閱圖5所示,是本發明資產證明授權查詢方法的第二較佳實施方式的流程圖。根據不同需求,該流程圖中步驟的順序可以改變,某些步驟可以省略或合併。Referring to FIG. 5, it is a flowchart of a second preferred embodiment of the asset certificate authorization query method of the present invention. According to different requirements, the order of the steps in the flowchart can be changed, and some steps can be omitted or combined.
步驟S200,第二接收模組201接收所述資料需求方3發送的資產證明申請請求及第二授權證明。In step S200, the second receiving module 201 receives the asset certificate application request and the second authorization certificate sent by the data requester 3.
在本實施例中,所述第二授權證明由所述資產所有權者2產生,所述第二授權證明包含所述資產所有權者2的數位憑證簽章,以證明所述第二授權證明由所述資產所有權者2產生。In this embodiment, the second authorization certificate is generated by the asset owner 2, and the second authorization certificate includes a digital certificate signature of the asset owner 2 to prove that the second authorization certificate is issued by the The asset owner 2 is mentioned.
在本實施例中,所述資產證明申請請求包括,但不限於以下一種或者多種的組合:In this embodiment, the asset certificate application request includes, but is not limited to, one or more of the following combinations:
所述資產所有權者2的身份證明、所述資產所有權者2的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。The identity certificate of the asset owner 2, the name of the asset owner 2, the identity certificate of the data demander 3, the name of the data demander 3, the authorization scope conditions, and the like.
步驟S201,第二認證模組202認證所述第二授權證明是否為所述資產所有權者2產生。In step S201, the second authentication module 202 authenticates whether the second authorization certificate is generated by the asset owner 2.
在本實施例中,所述第二認證模組202可以通過所述資產所有權者2的數位憑證簽章證明所述第二授權證明是否由所述資產所有權者2產生。In this embodiment, the second authentication module 202 may prove whether the second authorization certificate is generated by the asset owner 2 through the digital certificate signature of the asset owner 2.
步驟S202,當所述第二授權證明是所述資產所有權者2產生時,第二資產證明產生模組203根據所述資產所有權者2在所述資料提供方11進行管理的資產生成包含所述資料提供方11數位憑證簽章的資產證明,且以所述資料需求方3的公鑰對所述資產證明進行加密。In step S202, when the second authorization certificate is generated by the asset owner 2, the second asset certificate generating module 203 generates the asset according to the asset owner 2 that is managed by the data provider 11. The asset certificate signed by the data provider 11 digital certificate, and the asset certificate is encrypted with the public key of the data demand party 3.
在本實施例中,不同於所述第一較佳實施例,生成的資產證明採用所述資料需求方3的公鑰進行加密,後續也將採用所述資料需求方3的私鑰進行解密,這樣,所述資料需求方3可以直接與所述資料提供者11進行通信,並查詢所述資產證明,而不需要通過所述資產所有權者2,使所述資料需求方3的查詢更加便捷。In this embodiment, different from the first preferred embodiment, the generated asset certificate is encrypted using the public key of the data requester 3, and the private key of the data requester 3 will also be used for decryption later. In this way, the data demander 3 can directly communicate with the data provider 11 and query the asset certificate without having to go through the asset owner 2, so that the query of the data demander 3 is more convenient.
在本實施例中,所述資產的類型包括,但不限於以下一項或者多項的組合:In this embodiment, the type of the asset includes, but is not limited to, one or more of the following combinations:
銀行存款、外幣、股票、債券、基金等。Bank deposits, foreign currencies, stocks, bonds, funds, etc.
在本實施例中,所述資產證明包括,但不限於以下一項或者多項的組合:In this embodiment, the asset certificate includes, but is not limited to, one or more of the following combinations:
交易日期、交易明細、交易總額、帳戶餘額及幣別等。Transaction date, transaction details, transaction total, account balance, currency, etc.
在本實施例中,所述生成的資產證明以所述資料提供方11的數位憑證簽章進行簽章,以證明所述生成的資產證明是由所述資料提供方11產生。In this embodiment, the generated asset certificate is signed with the digital certificate signature of the data provider 11 to prove that the generated asset certificate is generated by the data provider 11.
步驟S203,所述第二資產證明產生模組203對加密的資產證明加入查詢條件。In step S203, the second asset certificate generating module 203 adds a query condition to the encrypted asset certificate.
在本實施例中,所述查詢條件包括,但不限於以下一項或者多項的組合:In this embodiment, the query condition includes, but is not limited to, one or more of the following combinations:
查詢密碼、身份證明、可查詢時間、可查詢內容等。Query password, identity certificate, query time, query content, etc.
步驟S204,第二授權證明產生模組204根據所述資產證明申請請求,生成第三授權證明。In step S204, the second authorization certificate generation module 204 generates a third authorization certificate according to the asset certificate application request.
在本實施例中,所述第二授權證明產生模組204根據所述資產證明申請請求確定授權範圍,並根據所述授權範圍以哈希方式生成所述第一授權證明。In this embodiment, the second authorization certificate generation module 204 determines an authorization range according to the asset certificate application request, and generates the first authorization certificate in a hash manner according to the authorization range.
在本實施例中,所述第三授權證明包括,但不限於以下一項或者多項的組合:In this embodiment, the third authorization certificate includes, but is not limited to, one or more of the following combinations:
所述資料所有權者2的身份證明、所述資料所有權者2的名稱、所述資料提供方11的身份證明、所述資料提供方11的名稱、所述資料需求方3的身份證明、所述資料需求方3的名稱、授權範圍條件等。The identity certificate of the data owner 2, the name of the data owner 2, the identity certificate of the data provider 11, the name of the data provider 11, the identity certificate of the data requester 3, the Name of data acquirer 3, authorization scope conditions, etc.
在本實施例中,所述授權範圍條件包括,但不限於以下一種或者多種的組合:In this embodiment, the authorization scope condition includes, but is not limited to, one or more of the following combinations:
有效期間、查詢的最大次數、查詢科目的時間點、查詢科目等。Validity period, maximum number of inquiries, time point of inquiry subject, inquiry subject, etc.
步驟S205,第二發送模組205將所述第三授權證明及加入查詢條件後的加密的資產證明發送至所述資料提供方11的資產證明資料庫13。In step S205, the second sending module 205 sends the third authorization certificate and the encrypted asset certificate after adding the query conditions to the asset certificate database 13 of the data provider 11.
在本實施例中,所述資產證明資料庫13的存儲機制將所述第三授權證明及加入查詢條件後的加密的資產證明同步存儲於所述資產所有權者2的資產證明資料庫23及所述資料需求方3的資產證明資料庫33中,這樣,所述資產所有權者2或者所述資料需求方3可以到任意一個相通信的資產證明資料庫中進行資產證明的查詢。In this embodiment, the storage mechanism of the asset certificate database 13 stores the third authorization certificate and the encrypted asset certificate after adding the query conditions in the asset certificate database 23 and the asset owner 2 In the asset certificate database 33 of the data demander 3, in this way, the asset owner 2 or the data demander 3 can query the asset certificate in any of the asset certificate databases that are in communication.
步驟S206,所述第二發送模組205將所述第三授權證明發送至所述資料需求方3。In step S206, the second sending module 205 sends the third authorization certificate to the data requester 3.
步驟S207,所述第二接收模組201接收所述資料需求方3提供的授權證明及查詢條件。In step S207, the second receiving module 201 receives the authorization certificate and query conditions provided by the data requester 3.
步驟S208,所述第二認證模組202根據所述第三授權證明及加入查詢條件後的加密的資產證明,認證所述資料需求方3提供的授權證明及查詢條件是否有效。In step S208, the second authentication module 202 verifies whether the authorization certificate and the query condition provided by the data requester 3 are valid according to the third authorization certificate and the encrypted asset certificate after adding the query condition.
在本實施例中,所述第二認證模組202根據所述第三授權證明及加入查詢條件後的加密的資產證明,認證所述資料需求方3提供的授權證明及查詢條件是否有效包括:所述第二認證模組202將所述資料需求方3提供的授權證明與所述第三授權證明進行匹配,並將所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件進行匹配。In this embodiment, the second authentication module 202 verifies whether the authorization certificate and the query conditions provided by the data requester 3 are valid according to the third authorization certificate and the encrypted asset certificate after adding the query conditions include: The second authentication module 202 matches the authorization certificate provided by the data requester 3 with the third authorization certificate, and matches the query conditions provided by the data requester 3 with the assets added in advance. Prove the query conditions to match.
在本實施例中,認證的結果包括:In this embodiment, the authentication result includes:
(1)當所述資料需求方3提供的授權證明與所述第三授權證明都匹配,並且所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件也都匹配時,所述第二認證模組202確認所述資料需求方3提供的授權證明及查詢條件有效。(1) When the authorization certificate provided by the data requester 3 matches the third authorization certificate, and the query conditions provided by the data requester 3 and the query conditions added in advance to the generated asset certificate are also When matched, the second authentication module 202 confirms that the authorization certificate and query conditions provided by the data requester 3 are valid.
(2)當所述資料需求方3提供的授權證明與所述第三授權證明都匹配,但是所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件不都匹配時,所述第二認證模組202確認所述資料需求方3提供的授權證明及查詢條件無效。(2) When the authorization certificate provided by the data requester 3 and the third authorization certificate match, but the query conditions provided by the data requester 3 and the query conditions added in advance to the generated asset certificate are not all When matched, the second authentication module 202 confirms that the authorization certificate and query conditions provided by the data requester 3 are invalid.
(3)當所述資料需求方3提供的授權證明與所述第三授權證明不都匹配,但是所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件都匹配時,所述第二認證模組202確認所述資料需求方3提供的授權證明及查詢條件無效。(3) When the authorization certificate provided by the data requester 3 does not match the third authorization certificate, but the query conditions provided by the data requester 3 and the query conditions added in advance to the generated asset certificate are both When matched, the second authentication module 202 confirms that the authorization certificate and query conditions provided by the data requester 3 are invalid.
(4)當所述資料需求方3提供的授權證明與所述第三授權證明不都匹配,並且所述資料需求方3提供的查詢條件與預先加入於所述生成的資產證明的查詢條件也不都匹配時,所述第二認證模組202確認所述資料需求方3提供的授權證明及查詢條件無效。(4) When the authorization certificate provided by the data requester 3 does not match the third authorization certificate, and the query conditions provided by the data requester 3 and the query conditions added in advance to the generated asset certificate are also When they do not match, the second authentication module 202 confirms that the authorization certificate and query conditions provided by the data requester 3 are invalid.
步驟S209,當所述資料需求方3提供的授權證明及查詢條件有效時,第二資產證明運算模組206根據所述資料需求方3提供的授權證明,運算出所述資料需求方3所需的資產證明。Step S209, when the authorization certificate and query conditions provided by the data requester 3 are valid, the second asset certification operation module 206 calculates the data requester 3 required according to the authorization certificate provided by the data requester 3. Proof of assets.
在本實施例中,運算出的資產證明就是存儲於所述資料提供方11的資產證明資料庫13或與所述資料提供方11的資產證明資料庫13相通信的關聯資產證明資料庫中的所述加入查詢條件後的加密的資產證明。In this embodiment, the calculated asset certificate is stored in the asset certificate database 13 of the data provider 11 or the associated asset certificate database in communication with the asset certificate database 13 of the data provider 11 The encrypted asset certificate after adding the query condition.
步驟S210,第二資產證明查詢模組207從所述資料提供方11的資產證明資料庫13或與所述資料提供方11的資產證明資料庫13相通信的關聯資產證明資料庫中獲取運算出的資產證明。Step S210: The second asset certification query module 207 obtains an operation from the asset certification database 13 of the data provider 11 or an associated asset certification database that communicates with the asset certification database 13 of the data provider 11. Proof of assets.
在本實施例中,所述資料需求方3可以是會員或者是非會員。In this embodiment, the data demander 3 may be a member or a non-member.
具體地,當所述資料需求方3是會員時,所述資料需求方3可以在所述資料提供方11的資產證明資料庫13或與所述資料提供方11的資產證明資料庫13相通信的任意關聯資產證明資料庫中獲取運算出的資產證明。但是,當所述資料需求方3是非會員時,所述資料需求方3可以通過屬於會員的節點(如:所述資料提供方11的所述第二資產證明查詢模組207)連接到對應的資產證明資料庫中獲取運算出的資產證明。Specifically, when the data demander 3 is a member, the data demander 3 may communicate with the asset certification database 13 of the data provider 11 or communicate with the asset certification database 13 of the data provider 11 To obtain the calculated asset certificate from any of the associated asset certificate databases. However, when the data demander 3 is a non-member, the data demander 3 may be connected to the corresponding node through a node belonging to the member (such as the second asset certification query module 207 of the data provider 11). Obtain the calculated asset certificate from the asset certificate database.
在本實施例中,所述關聯資產證明資料庫包括,但不限於以下一種或者多種的組合:所述資產所有權者2的資產證明資料庫23、所述資料需求方3的資產證明資料庫33等。In this embodiment, the related asset certificate database includes, but is not limited to, one or more of the following: the asset certificate database 23 of the asset owner 2 and the asset certificate database 33 of the data demander 3 Wait.
步驟S211,所述第二發送模組205將獲取到的資產證明發送給所述資料需求方3以使所述資料需求方3以所述資料需求方3的私鑰對所述獲取到的資產證明進行解密。Step S211, the second sending module 205 sends the acquired asset certificate to the data demander 3 so that the data demander 3 uses the data demander 3's private key to pair the acquired assets Proof is decrypted.
在本實施例中,在所述第二發送模組205將獲取到的資產證明發送給所述資料需求方3後,所述資料需求方3以所述資料需求方3的私鑰對所述獲取到的資產證明進行解密,並以所述資料提供方11的數位憑證簽章對所述獲取到的資產證明進行驗證,確認所述獲取到的資產證明是否為所述資料提供方11所產生。In this embodiment, after the second sending module 205 sends the acquired asset certificate to the data requester 3, the data requester 3 pairs the data requester 3 with the private key of the data requester 3. The acquired asset certificate is decrypted, and the acquired asset certificate is verified with the digital certificate signature of the data provider 11 to confirm whether the acquired asset certificate is generated by the data provider 11 .
在本實施例中,所述資產證明授權查詢系統10的實施方式還包括:以區塊鏈的方式實施,所述資產證明授權查詢系統10產生一個區塊於區塊鏈上,所述區塊的擁有者為所述資料需求方3,所述區塊的區塊位址為所述第三授權證明。In this embodiment, the implementation of the asset certificate authorization query system 10 further includes: implementing in a blockchain manner, the asset certificate authorization query system 10 generates a block on the blockchain, and the block The owner of is the data demander 3, and the block address of the block is the third authorization certificate.
以上實施例僅用以說明本發明的技術方案而非限制,儘管參照以上較佳實施例對本發明進行了詳細說明,本領域的普通技術人員應當理解,可以對本發明的技術方案進行修改或者等同替換都不應脫離本發明技術方案的精神和範圍。The above embodiments are only used to illustrate the technical solution of the present invention and are not limiting. Although the present invention has been described in detail with reference to the above preferred embodiments, those skilled in the art should understand that the technical solution of the present invention may be modified or equivalently replaced. All should not depart from the spirit and scope of the technical solution of the present invention.
在本發明所提供的幾個實施例中,應該理解到,所揭露的系統,裝置和方法,可以透過其它的方式實現。例如,以上所描述的裝置實施例僅僅是示意性的,例如,所述模組的劃分,僅僅爲一種邏輯功能劃分,實際實現時可以有另外的劃分方式。In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the modules is only a logical function division, and there may be another division manner in actual implementation.
所述作爲分離部件說明的模組可以是或者也可以不是物理上分開的,作爲模組顯示的部件可以是或者也可以不是物理單元,即可以位於一個地方,或者也可以分布到多個網路單元上。可以根據實際的需要選擇其中的部分或者全部模組來實現本實施例方案的目的。The modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, which may be located in one place, or may be distributed to multiple networks. On the unit. Some or all of the modules may be selected according to actual needs to achieve the objective of the solution of this embodiment.
另外,在本發明各個實施例中的各功能模組可以集成在一個處理單元中,也可以是各個單元單獨物理存在,也可以兩個或兩個以上單元集成在一個單元中。上述集成的單元既可以采用硬體的形式實現,也可以采用硬體加軟體功能模組的形式實現。In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or in the form of hardware plus software function modules.
上述以軟體功能模組的形式實現的集成的單元,可以儲存在一個計算機可讀取儲存介質中。上述軟體功能模組儲存在一個儲存介質中,包括若干指令用以使得一台計算機設備(可以是個人計算機,伺服器,或者網路設備等)或處理器(processor)執行本發明各個實施例所述方法的部分步驟。The integrated unit implemented in the form of a software functional module may be stored in a computer-readable storage medium. The above software function module is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to execute the embodiments of the present invention. Part of the method is described.
後續申請專利範圍中的某些電腦程式產品請求項全部以電腦程式流程為依據,與前述的流程圖中的電腦程式流程內容對應一致。因此,這些電腦程式產品請求項,應當理解為主要透過說明書記載的電腦程式實現前述解決方案的功能模組架構,而不應當理解為主要通過硬體方式實現該解決方案的實體裝置。Some computer program product requests in the scope of subsequent patent applications are all based on the computer program flow, which corresponds to the content of the computer program flow in the aforementioned flowchart. Therefore, these computer program product request items should be understood as the functional module structure of the aforementioned solution mainly realized by the computer program described in the description, and should not be understood as the physical device that implements the solution mainly by hardware.
對於本領域技術人員而言,顯然本發明不限於上述示範性實施例的細節,而且在不背離本發明的精神或基本特徵的情况下,能够以其他的具體形式實現本發明。因此,無論從哪一點來看,均應將實施例看作是示範性的,而且是非限制性的,本發明的範圍由所附申請專利範圍而不是上述說明限定,因此旨在將落在申請專利範圍的等同要件的含義和範圍內的所有變化涵括在本發明內。不應將申請專利範圍中的任何附關聯圖標記視爲限制所涉及的申請專利範圍。此外,顯然“包括”一詞不排除其他單元或步驟,單數不排除複數。系統申請專利範圍中陳述的多個單元或裝置也可以由一個單元或裝置透過軟體或者硬體來實現。“第一”,“第二”(如果存在)等詞語用來表示名稱,而並不表示任何特定的順序。It is obvious to a person skilled in the art that the present invention is not limited to the details of the above-mentioned exemplary embodiments, and the present invention can be implemented in other specific forms without departing from the spirit or basic features of the present invention. Therefore, regardless of the point of view, the embodiments should be regarded as exemplary and non-limiting. The scope of the present invention is defined by the scope of the attached patent application rather than the above description. The meaning of the equivalent scope of the patent scope and all changes within the scope are included in the present invention. Any associated figure mark in the scope of patent application should not be regarded as limiting the scope of patent application involved. In addition, it is clear that the word "comprising" does not exclude other units or steps, and that the singular does not exclude the plural. Multiple units or devices stated in the scope of the system application patent can also be implemented by one unit or device through software or hardware. Words such as "first", "second" (if present) are used to indicate names, and do not indicate any particular order.
最後應說明的是,以上實施例僅用以說明本發明的技術方案而非限制,儘管參照較佳實施例對本發明進行了詳細說明,本領域的普通技術人員應當理解,可以對本發明的技術方案進行修改或等同替換,而不脫離本發明技術方案的精神和範圍。Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention and are not limiting. Although the present invention is described in detail with reference to the preferred embodiments, those skilled in the art should understand that the technical solution of the present invention Modifications or equivalent substitutions can be made without departing from the spirit and scope of the technical solution of the present invention.
11‧‧‧資料提供方11‧‧‧ Data Provider
13、23、33‧‧‧資產證明資料庫 13, 23, 33‧‧‧ Asset Certificate Database
2‧‧‧資產所有權者 2‧‧‧ Asset Owner
3‧‧‧資料需求方 3‧‧‧ Data Requester
10‧‧‧資產證明授權查詢系統 10‧‧‧ Asset Certificate Authorization Inquiry System
101‧‧‧第一資產證明產生模組 101‧‧‧First Asset Proof Generation Module
102‧‧‧第一授權證明產生模組 102‧‧‧First authorization certificate generation module
103‧‧‧第一發送模組 103‧‧‧First sending module
104‧‧‧第一接收模組 104‧‧‧First receiving module
105‧‧‧第一認證模組 105‧‧‧First certification module
106‧‧‧第一資產證明運算模組 106‧‧‧First Asset Proof Operation Module
107‧‧‧第一資產證明查詢模組 107‧‧‧The first asset certification inquiry module
201‧‧‧第二接收模組 201‧‧‧Second receiving module
202‧‧‧第二認證模組 202‧‧‧Second Certification Module
203‧‧‧第二資產證明產生模組 203‧‧‧Second asset certificate generation module
204‧‧‧第二授權證明產生模組 204‧‧‧Second authorization certificate generation module
205‧‧‧第二發送模組 205‧‧‧Second sending module
206‧‧‧第二資產證明運算模組 206‧‧‧Second Asset Proof Operation Module
207‧‧‧第二資產證明查詢模組 207‧‧‧Second Asset Certificate Query Module
圖1是本發明資產證明授權查詢方法的較佳實施方式的應用環境示意圖。 圖2是本發明資產證明授權查詢系統的第一較佳實施方式的功能模塊圖。 圖3是本發明資產證明授權查詢方法的第一較佳實施方式的流程圖。 圖4是本發明資產證明授權查詢系統的第二較佳實施方式的功能模塊圖。 圖5是本發明資產證明授權查詢方法的第二較佳實施方式的流程圖。FIG. 1 is a schematic diagram of an application environment of a preferred embodiment of an asset certificate authorization query method according to the present invention. FIG. 2 is a functional block diagram of the first preferred embodiment of the asset certificate authorization inquiry system of the present invention. FIG. 3 is a flowchart of a first preferred embodiment of a query method for asset certificate authorization according to the present invention. FIG. 4 is a functional block diagram of a second preferred embodiment of the asset certificate authorization query system of the present invention. FIG. 5 is a flowchart of a second preferred implementation method of the asset certificate authorization query method of the present invention.
無。no.
Claims (35)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106137280A TWI650723B (en) | 2017-10-30 | 2017-10-30 | Asset certificate authorization query method and system |
| CN201711121632.3A CN107832632B (en) | 2017-10-30 | 2017-11-14 | Asset certification authorization query method, system, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106137280A TWI650723B (en) | 2017-10-30 | 2017-10-30 | Asset certificate authorization query method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201812673A true TW201812673A (en) | 2018-04-01 |
| TWI650723B TWI650723B (en) | 2019-02-11 |
Family
ID=61654321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW106137280A TWI650723B (en) | 2017-10-30 | 2017-10-30 | Asset certificate authorization query method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107832632B (en) |
| TW (1) | TWI650723B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI734426B (en) * | 2019-03-27 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Retrieving public data for blockchain networks using trusted execution environments |
| US11082240B2 (en) | 2019-03-27 | 2021-08-03 | Advanced New Technologies Co., Ltd. | Retrieving public data for blockchain networks using highly available trusted execution environments |
| US11095629B2 (en) | 2019-03-29 | 2021-08-17 | Advanced New Technologies Co., Ltd. | Retrieving access data for blockchain networks using highly available trusted execution environments |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109361688B (en) * | 2018-11-16 | 2021-01-22 | 大唐高鸿信息通信(义乌)有限公司 | Evidence storing method and system based on 5G architecture and block chain |
| CN109669955B (en) * | 2018-12-20 | 2022-05-31 | 姚前 | Digital asset query system and method based on block chain |
| CN110245472B (en) * | 2019-01-16 | 2021-05-11 | 腾讯科技(深圳)有限公司 | Identity authentication method, personal security kernel node, and medium |
| TWI687839B (en) * | 2019-07-15 | 2020-03-11 | 天逸財金科技服務股份有限公司 | Public document limited viewing method and system thereof |
| CN111932261A (en) * | 2020-09-22 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Asset data management method and device based on verifiable statement |
| TWI759090B (en) * | 2021-01-29 | 2022-03-21 | 國立中興大學 | Platform login method |
| CN114465734B (en) * | 2022-04-11 | 2022-08-02 | 成方金融科技有限公司 | Investor authentication method and storage medium |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6128602A (en) * | 1997-10-27 | 2000-10-03 | Bank Of America Corporation | Open-architecture system for real-time consolidation of information from multiple financial systems |
| US7451217B2 (en) * | 2002-12-19 | 2008-11-11 | International Business Machines Corporation | Method and system for peer-to-peer authorization |
| CN1667630A (en) * | 2005-04-08 | 2005-09-14 | 王志坚 | Finance and taxation monitoring method and system based on transaction original certificate data |
| US20070150724A1 (en) * | 2005-12-27 | 2007-06-28 | Taiwan Semiconductor Manufacturing Co., Ltd. | Data archiving and accessing methods and systems |
| US20160277412A1 (en) * | 2010-11-17 | 2016-09-22 | Invysta Technology Group | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
| CN103295126A (en) * | 2012-03-02 | 2013-09-11 | 刘家焜 | Transaction document method capable of being trusted |
| TWI610261B (en) * | 2012-08-10 | 2018-01-01 | Zhou yan ru | Transaction voucher management system and method thereof |
| CN104125063B (en) * | 2013-04-28 | 2016-10-12 | 腾讯科技(深圳)有限公司 | Authorization and authentication method, equipment and system |
| CN103391196A (en) * | 2013-07-04 | 2013-11-13 | 黄铁军 | Asset digital authentication method and device |
| CN105095693A (en) * | 2015-07-13 | 2015-11-25 | 江苏简果科技发展有限公司 | Method and system for safely sharing digital asset based on Internet |
| CN104966194A (en) * | 2015-07-21 | 2015-10-07 | 深圳市淘淘谷信息技术有限公司 | Composite cash register method and intelligent cash register system therefor |
| CN105956923B (en) * | 2016-04-20 | 2022-04-29 | 上海如鸽投资有限公司 | Asset transaction system and digital authentication and transaction method of assets |
| TWM539666U (en) * | 2016-12-15 | 2017-04-11 | 彰化商業銀行股份有限公司 | Integrated account system |
| CN106611372B (en) * | 2016-12-27 | 2021-01-08 | 深圳微众信用科技股份有限公司 | Credit investigation data query method and system |
| TWM545952U (en) * | 2017-05-09 | 2017-07-21 | 兆豐國際商業銀行股份有限公司 | System for account authority and verification process management |
-
2017
- 2017-10-30 TW TW106137280A patent/TWI650723B/en active
- 2017-11-14 CN CN201711121632.3A patent/CN107832632B/en active Active
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI734426B (en) * | 2019-03-27 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Retrieving public data for blockchain networks using trusted execution environments |
| US11080430B2 (en) | 2019-03-27 | 2021-08-03 | Advanced New Technologies Co., Ltd. | Integrity of communications between blockchain networks and external data sources |
| US11082240B2 (en) | 2019-03-27 | 2021-08-03 | Advanced New Technologies Co., Ltd. | Retrieving public data for blockchain networks using highly available trusted execution environments |
| US11088850B2 (en) | 2019-03-27 | 2021-08-10 | Advanced New Technologies Co., Ltd. | Retrieving public data for blockchain networks using highly available trusted execution environments |
| US11323271B2 (en) | 2019-03-27 | 2022-05-03 | Advanced New Technologies Co., Ltd. | Retrieving public data for blockchain networks using highly available trusted execution environments |
| US11449641B2 (en) | 2019-03-27 | 2022-09-20 | Advanced New Technologies Co., Ltd. | Integrity of communications between blockchain networks and external data sources |
| US11095629B2 (en) | 2019-03-29 | 2021-08-17 | Advanced New Technologies Co., Ltd. | Retrieving access data for blockchain networks using highly available trusted execution environments |
| US11405372B2 (en) | 2019-03-29 | 2022-08-02 | Advanced New Technologies Co., Ltd. | Retrieving access data for blockchain networks using highly available trusted execution environments |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107832632A (en) | 2018-03-23 |
| TWI650723B (en) | 2019-02-11 |
| CN107832632B (en) | 2020-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI650723B (en) | Asset certificate authorization query method and system | |
| TWI730692B (en) | Improving integrity of communications between blockchain networks and external data sources | |
| US11677569B1 (en) | Systems and methods for notary agent for public key infrastructure names | |
| CN112989415B (en) | Private data storage and access control method and system based on block chain | |
| JP6841911B2 (en) | Information protection systems and methods | |
| US20190295069A1 (en) | Systems and methods for integrating cryptocurrency wallet identifiers with digital certificates | |
| TWI709314B (en) | Data processing method and device | |
| CN109845220B (en) | Method and apparatus for providing blockchain participant identity binding | |
| US20200284579A9 (en) | Certificate authority master key tracking on distributed ledger | |
| TWI650658B (en) | Method and system for querying data through verification of identity and authorization | |
| JP2020145733A (en) | Method for managing a trusted identity | |
| WO2018111302A1 (en) | System and method for securely processing an electronic identity | |
| CN111291407A (en) | Data sharing method based on block chain privacy protection | |
| CN111066017A (en) | Private data processing | |
| Win et al. | Privacy enabled digital rights management without trusted third party assumption | |
| GB2599416A (en) | Authentication system and method | |
| CN114389810B (en) | Method and device for generating certification, electronic equipment and storage medium | |
| Huynh et al. | A reliability guaranteed solution for data storing and sharing | |
| CN117371010A (en) | Data trace query method, electronic device and readable storage medium | |
| CN109146684B (en) | Decentralized transaction verification method | |
| CN114065253B (en) | Method for anonymous sharing and verification of certificate and result | |
| CN116015619A (en) | Blockchain data sharing protocol with privacy protection and data availability | |
| Jeyasheela Rakkini et al. | Secure decentralized public key infrastructure with multi-signature in blockchains | |
| KR20220059509A (en) | System and method for distributed storage of transactions | |
| Dong et al. | The secure data sharing and interchange model based on blockchain for single window in trade facilitation |