WO2019085699A1 - 数据共享方法、客户端、服务器、计算设备及存储介质 - Google Patents
数据共享方法、客户端、服务器、计算设备及存储介质 Download PDFInfo
- Publication number
- WO2019085699A1 WO2019085699A1 PCT/CN2018/107962 CN2018107962W WO2019085699A1 WO 2019085699 A1 WO2019085699 A1 WO 2019085699A1 CN 2018107962 W CN2018107962 W CN 2018107962W WO 2019085699 A1 WO2019085699 A1 WO 2019085699A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- authorization code
- client
- encrypted data
- data
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Definitions
- the present application relates to the field of computer technologies, and in particular, to a data sharing method, a client, a server, a computing device, and a storage medium.
- the information sharing system needs to adopt the following technical means to ensure the security of the data, for example, when a user requests access to a file, the information provided by the user is verified.
- the embodiment of the present application provides a data sharing method, which is performed by a first client, and includes: encrypting a piece of plaintext data according to a key to obtain an encrypted data; and uploading the encrypted data to a region of the information sharing system.
- the information sharing system is a blockchain system; uploading a first part of the key to an authorized access server corresponding to the information sharing system; and receiving an authorization code corresponding to the encrypted data from the authorized access server Transmitting the authorization code and the second portion of the key to the second client of the user when authorizing a user to access the encrypted data, the second portion of the key including the key And a remaining portion other than the first portion, such that when the second client sends an access request for the encrypted data to the authorized access server, the authorization code is carried in the access request and The second portion of the key, such that the authorized access server determines the first portion and the second portion of the key when determining that the authorization code is available Generating the key, decrypting the encrypted data acquired from the block of the information sharing system according to
- the embodiment of the present application further provides a data sharing method, including: receiving, from a first client, a first part of a first key, where the first key corresponds to a part uploaded to a block of the information sharing system.
- Encrypting data the encrypted data is obtained by performing encryption processing on a plaintext data according to the first key, the information sharing system is a blockchain system; and generating a first authorization code corresponding to the encrypted data; Transmitting the first authorization code to the first client, so that the first client, when authorizing the second client to access the encrypted data, the first authorization code and the first key
- the second part is sent to the second client, so that the second client carries the first authorization code and the second part of the first key during access when accessing the encrypted data
- the second portion of the first key includes a remaining portion of the first key other than the first portion; when receiving an access request for the encrypted data from any client,
- the method further includes: Obtaining a second authorization code and an incomplete key in the access request; when the second authorization code is the same as
- the embodiment of the present application provides a first client, including: an encryption module, which encrypts a plaintext data according to a key to obtain an encrypted data; and an uploading module that uploads the encrypted data to a region of the information sharing system.
- the information sharing system is a blockchain system, and the first part of the key is uploaded to an authorized access server corresponding to the information sharing system; and the authorization module receives the encrypted data corresponding to the authorized access server.
- Authorization code when authorizing a user to access the encrypted data, transmitting the authorization code and the second part of the key to the second client, the second part of the key including the key And a remaining portion other than the first portion, such that when the second client sends an access request for the encrypted data to the authorized access server, carrying the authorization code and the location in the access request Said second part of the key, such that said authorized access server determines said first part and said second part of said key when said authorization code is available
- Generating the key decrypting the encrypted data obtained from the block of the information sharing system according to the generated key to obtain the plaintext data and returning to the second client .
- An embodiment of the present application provides an authorization access server, including: an authorization module, which receives a first part of a first key from a first client, where the first key corresponds to a block uploaded to the information sharing system. Encrypted data obtained by encrypting a plaintext data according to the first key, the information sharing system is a blockchain system; generating a first authorization corresponding to the encrypted data Transmitting the first authorization code to the first client, so that the first client, when authorizing the second client to access the encrypted data, the first authorization code and the first Sending a second portion of the key to the second client, such that the second client carries the first authorization code and the second portion of the first key when accessing the encrypted data In the access request, the second portion of the first key includes a remaining portion of the first key other than the first portion; and the verification module receives the encrypted data from any client Access request Obtaining a second authorization code and an incomplete key from the access request; when the second authorization code is the same as the first authorization code and the second authorization code is available, triggering
- Embodiments of the present application also provide a computing device comprising: one or more processors; a memory; and one or more programs stored in the memory and configured to be executed by the one or more processors,
- the one or more programs include instructions for performing the above method.
- Embodiments of the present application also propose a storage medium storing one or more programs, the one or more programs including instructions that, when executed by a computing device, cause the computing device to perform the above method.
- FIG. 1 is a structural diagram of a system involved in an example of the present application.
- FIG. 3 is a flow chart of a method of an example of the present application.
- FIG. 5 is a user interface diagram of an example of the present application.
- FIG. 6 is a user interface diagram of an example of the present application.
- FIG. 7 is a schematic structural diagram of a client in an example of the present application.
- FIG. 8 is a schematic structural diagram of a server in an example of the present application.
- FIG. 9 is a schematic structural diagram of a computing device in an example of the present application.
- the embodiment of the present application proposes a data sharing method, which can be applied to the system architecture shown in FIG.
- the system architecture includes a first client 101, a second client 102, an authorized access server 103, and an information sharing system 104, which can communicate over the Internet 105.
- the information sharing system 104 is configured to store various data uploaded by the user, and the user can also access the data in the information sharing system 104.
- the authorized access server 103 can connect directly or via the Internet 105 to the information sharing system 104 for providing access to the information sharing system 104 (specifically referred to as an authorized referral service).
- the second client 102 obtains the data that it wants to access from the information sharing system 104 through the authorized access server 103.
- the second client 102 sends an access request for a certain data to the authorized access server 103 (specifically, it can be referred to as a lookup request).
- the encrypted data obtained from the information sharing system 104 is decrypted according to the key information carried in the access request, and if the plaintext data after decryption can be successfully obtained, the plaintext data is returned to the second client 102.
- the first client 101 and the second client 102 may be various APP clients or browsers that can access shared data, and the first client 101 and the second client 102 may run on various terminal devices, including : PC, mobile phone, tablet, PDA, ultrabook, wearable device, etc.
- the information sharing system 104 can be a variety of centralized or distributed data storage systems including, but not limited to, a blockchain system (or blockchain network), a database system, a network disk/cloud disk system, and the like.
- the data stored in the information sharing system 104 may relate to data generated in various business scenarios, including: digital assets, forensic services, shared books, sharing economy, and the like.
- digital assets refer to non-monetary assets that are owned or controlled by enterprises and exist in the form of electronic data, which are held in daily activities for sale or in the production process.
- Digital assets are generated by office automation, and digital assets are developed based on electronic payment systems for sharing points, coupons, digital currencies, and equity registrations.
- the attestation service is used for business scenarios such as copyright/ownership protection, judicial document preservation, charitable donations, personal and corporate certification.
- the shared ledger is used for business scenarios such as inter-agency clearing, bank factoring, inter-agency joint lending, supply chain finance, and cross-border remittances.
- a blockchain is a chained data structure that combines data blocks in a chronological order in a sequential manner, and cryptographically guaranteed non-tamperable and unforgeable distributed ledgers.
- the blockchain system is a brand new distributed infrastructure that uses blockchain data structures to validate and store data, uses distributed node consensus algorithms to generate and update data, and uses cryptography to ensure data transmission and access. Secure, using smart contracts consisting of automated script code to program and manipulate data.
- data uploaded to the information sharing system 104 needs to be encrypted, and data access is authorized, that is, some data is conditionally shared, and the data may be referred to as user privacy data, for example, an individual. Or the organization's real-name authentication information, financial account information, photo albums, original works, information that needs to be shared for authentication, etc. For these data, the user wants to share and does not want to make the content public, but can be shared among specific people. Therefore, the data is encrypted and stored in the information sharing system 104 and then authorized for viewing by a specific user.
- the application example provides a data sharing method applicable to the first client 101 in the terminal device. Only one first client 101 is shown in FIG. 1. In an actual application scenario, the first client 101 may have multiple, even massive, and each first client 101 may implement the method. As shown in FIG. 2, the method process 200 includes the following steps:
- Step 201 The first client 101 encrypts a plaintext data according to the key to obtain an encrypted data.
- Step 202 The first client 101 uploads the encrypted data into a block of the information sharing system 104, and the information sharing system is a blockchain system.
- the first client 101 used by the user encrypts the data (ie, the plaintext data) using a preset key, and then uploads the encrypted data to the information sharing system 104. .
- Step 203 The first client 101 uploads the first part of the key to the authorized access server 103 corresponding to the information sharing system 104.
- the authorized access server 103 corresponding to the information sharing system 104 refers to the authorized access server 103 to which it is connected.
- the key is a string, which can be divided into two strings as the first part and the second part of the key.
- the first part of the key is uploaded to Authorize access to the server 103.
- the first half of the key may be the first part and the second half of the key may be the second part.
- the second half of the key can be used as the first part and the first half of the key can be used as the second part.
- the lengths of the first part and the second part may be the same or different.
- the string of the corresponding length may be segmented as the first part of the key according to a preset string length value (ie, the number of characters included in the set string), and then the remaining characters are The string acts as the second part of the key.
- a preset string length value ie, the number of characters included in the set string
- Step 204 The first client 101 receives an authorization code corresponding to the encrypted data from the authorized access server 103.
- the authorized access server 103 when receiving the first part of the key for a certain encrypted data uploaded by the first client 101, the authorized access server 103 generates an authorization code for the encrypted data, and returns the authorization code to the first A client 101. Specifically, the authorized access server 103 may generate an authorization code according to a rule corresponding to the uploading user of the data.
- Step 205 When authorizing a user to access the encrypted data, the first client 101 sends the authorization code and the second part of the key to the client of the user (ie, the corresponding second client 102)
- the second portion of the key includes a remainder of the key other than the first portion to cause the second client 102 to send an access request for the encrypted data to the authorized access server 103 And carrying the authorization code and the second part of the key in the access request.
- the authorized access server 103 generates the key according to the first part and the second part of the key when determining that the authorization code is available, according to the generated key pair from the information sharing system 104.
- the encrypted data obtained in the block is decrypted, and the decrypted plaintext data is provided to the second client 102.
- the second client 103 used by the user requests the authorization code from the first client 101, and the first client 101 determines that the user is authorized to view the data.
- the authorization code and the second portion of the above key are sent to the second client 102.
- the authorized access server 103 can stitch together the first portion and the second portion of the key to form the complete key. If the second part of the key obtained by the authorized access server 103 from the second client 102 does not belong to the same key as the first part of the key obtained from the first client 101, it cannot be spliced into a correct key. In turn, the decryption will fail, and the second client 102 will not be able to obtain the plaintext data. The authorized access server 103 can return a failure response to the second client 102 or return encrypted data. In this way, the second client 102 cannot successfully access the content of the data, thereby effectively securing the data uploaded by the first client 101.
- the first client 101 holds the key and the authorization code
- the authorization access server 103 holds the authorization code and the first part of the key
- the second client 102 can hold the key when authorized.
- the second part and the authorization code such that when the second client 102 requests access to the corresponding data through the authorized access server 103, the authorized access server 103 can first verify whether the authorization code is available, and if the authorization code is available, reuse the The incomplete key (the first part and the second part of the key) obtained by the first client 101 and the second client 102 respectively obtain the complete key, and if the incomplete key provided by the second client 102 has a problem, If the correct full key cannot be obtained, the encrypted data cannot be successfully decrypted, thus ensuring the security of the data.
- the second client 102 and the authorized access server 103 respectively hold a part of the key, neither of which has the right to access the encrypted data, and only the key information held by the two can be obtained together.
- the key which effectively protects data security and user privacy.
- the first client 101 can authorize certain second clients 102 to access the plaintext of the encrypted data, thereby sharing information and privacy. The balance is reached, providing a better information sharing mechanism.
- the above examples can be applied to the data sharing scenario of the blockchain.
- the authorized access server 103 provides a service for private data authorization and access, and is an optional service for data privacy protection provided for the blockchain in the shared information system, and can be applied to the information sharing blockchain and the digital asset block.
- the blockchain is based on the principle of sharing, all users can freely access the above data. At this time, the user can freely check whether it is authorized or not, but only the data that the authorized access server 103 passes through is the decrypted plaintext data. If a user directly consults on the blockchain, the resulting data is encrypted and the plaintext data cannot be obtained.
- the first client 101 may further generate an access token (also referred to as a data lookup token) of the encrypted data after receiving the authorization code, the access token including the authorization And a second portion of the code and the key.
- the step of sending the authorization code and the second part of the key to the second client 102 may include: sending the access token to the second client 102. So that the second client 102 carries the access token in the access request.
- the first client 101 sends the authorization code and the second portion of the key to the second client 102.
- both the authorization code and the key may be a string of numbers and/or characters
- the access token consisting of the authorization code and the second part of the key may be a string of numbers and/or characters.
- the first client 101 can authorize the corresponding user to access the encrypted data uploaded by issuing the token to the second client 102, and there is no complete key in the issued token, and the authorization is required.
- the server 103 is further authenticated to obtain a complete key for decryption processing, thereby effectively securing data.
- step 202 when the encrypted data is uploaded to the information sharing system 104, the first client 101 further uploads the file identifier of the encrypted data and the user identifier of the holder (usually currently used) a user identifier of the first client 101) to cause the information sharing system 104 to associate the encrypted data with the file identifier and the user ID of the holder to authorize the access server 103 to identify and
- the user identification of the holder acquires the encrypted data from the information sharing system 104.
- uploading an encrypted data its file identifier and the user ID of the holder are simultaneously transmitted to the information sharing system 104, and the information sharing system 104 will identify the encrypted data with the file identifier and holder when saving the encrypted data.
- the user ID is associated.
- the authorized access server 103 queries a certain encrypted data from the information sharing system 104, the file identifier and the user identifier of the holder are carried in the query request, so that the information sharing server 104 can determine the file identifier and the holder's The user identifies the associated encrypted data and returns it to the authorized access server 103.
- step 203 when the first portion of the key is uploaded to the authorized access server 104, the first client 101 further uploads the file identifier and the user identifier of the holder to Causing the authorized access server 103 to generate the authorization code according to a rule corresponding to the user identifier of the holder, and the authorization code and the first part of the key, the file identifier, and the holder The user ID is associated.
- the authorized access server 103 may obtain the associated authorization code and the first part of the key according to the file identifier carried therein and the user identifier of the holder (may be The first part of the encrypted data corresponding to the authorization code and the key that is authorized to be accessed by the server 103, so as to determine whether the authorization code carried by the access request is available according to the obtained authorization code, according to the obtained location.
- the first portion of the key and the second portion carried by the access request generate the key.
- the authorization access server 103 is pre-configured with rules for generating an authorization code for each user, which may specify a data address, an expiration time, and the like that the generated authorization code allows access.
- the above data address may be, for example, a block height in a blockchain, a uniform resource locator (URL) address, or the like.
- the authorized access server 104 can determine the rules for generating the authorization code based on the user identification of the concurrently uploaded encrypted data holder.
- the authorized access server 103 can locally query the authorization code corresponding to the encrypted data currently requested to be accessed (ie, the file identifier and the authorization code associated with the user identifier of the holder), if the access request carries The authorization code is consistent with the authorization code obtained from the local query, indicating that the authorization code carried in the access request is legal, and further verifying whether the authorization code expires (such as whether the expiration time is reached or whether it is still in the effective use date).
- the access request sent by the second client 102 may carry the file identifier of the data to be consulted, and the authorized access server 103 may determine the block height of the data according to the file identifier, thereby verifying the location.
- the access request sent by the second client 102 can directly carry the block height of the data, and the authorized access server 103 can verify whether the block height carried by the access request is the block height allowed for access corresponding to the authorization code.
- the acquired first portion of the key associated with the file identification and the user identification of the holder and the second portion of the key carried by the access request may be combined into a complete key. This combination can be as simple as splicing the two parts together.
- the first client 101 may further generate an access token including the authorization code and the encrypted data of the second part of the key, Associating the access token with the file identification.
- the sending the authorization code and the second part of the key to the second client 102 may include: sending the access token associated with the file identifier to a second client.
- the terminal 102 is configured to enable the second client 102 to carry the access token in the access request.
- one or more access tokens are maintained in the first client 101, and each data uploaded by the first client 101 corresponds to one access token, that is, each file identifier is associated with an access token.
- the second client 102 requests the data access authorization from the first client 101, if the first client 101 agrees to authorize, the first client 101 can determine the corresponding access token and issue the access token to The second client 102.
- the second client 102 may request access authorization for a certain data or for a data set that meets certain conditions or for all data, the first client 101 may send the corresponding one or more access tokens to the second client. End 102.
- the method further includes: the first client 101 transmitting a cancellation request for the authorization code to the authorized access server 103 to cause the authorized access server 103 to invalidate the authorization code.
- the first client 101 also invalidates the local authorization code.
- the cancellation request for an authorization code may carry the corresponding file identifier, and the authorization access server 103 may determine the authorization code corresponding to the file identifier according to the file identifier, and may invalidate the authorization code, for example, setting the status to be invalid or Clear this authorization code and more.
- the authorized access server 103 can return a response to the first client 101 after the authorization code is invalidated, and the first client 101 invalidates the local authorization code when receiving the response, thereby completing the entire process of canceling the authorization code.
- the first client 101 can not only enable the authorized access server 103 to generate an authorization code for the uploaded data, but also request the authorized access server 103 to cancel the authorization code.
- the authorization code is cancelled, if the second client 102 requests access, When the data uses this authorization code or an access token containing the authorization code, the authorization code will be verified as unavailable, so that the access request will be rejected, the second client 102 cannot access the data, or can only obtain the encryption. The data cannot be decrypted and the plaintext data is not available. This forms a dynamic authorization mode for data access. Users sharing a certain data can cancel the corresponding authorization code as needed, so that users who have obtained the authorization code to access the data can no longer access the data.
- the first client 101 may further send a generation authorization code request for the encrypted data to the authorized access server 103 to enable the authorized access server 103 to generate the encryption.
- the new authorization code corresponding to the data after which the first client 101 receives the new authorization code corresponding to the encrypted data from the authorized access server 103.
- the user can not only cancel the authorization code at any time, so that the previously authorized user cannot access the plaintext of the encrypted data, and can also request to generate a new authorization code to re-authorize the user to access the plaintext of the encrypted data, thereby realizing flexible data access authorization.
- the first client 101 may also request the authorized access server 103 to update the authorization code after obtaining the authorization code.
- the authorization code obtained by the first client 101 has not been deleted or has not been used yet.
- the first client 101 sends an update authorization code request for a certain encrypted data to the authorized access server 103, so that the authorized access server 103 generates a new authorization code corresponding to the encrypted data, and replaces the previous authorization code with the new authorization code.
- the authorization code thereafter, the first client 101 receives the new authorization code from the authorized access server 103 and replaces the previous authorization code with the new authorization code. In this way, the first client 101 can cancel the previous authorization code through an authorization code update process, so that the previously authorized user cannot access the plaintext of the encrypted data, and a new authorization code can be obtained, and some users can be authorized subsequently.
- the cancellation request, the generation authorization code request, and the update authorization code request of the foregoing authorization code may coexist, and the user may select a cancellation authorization code, generate a new authorization code, or update an authorization code according to the need, thereby implementing a more perfect Dynamic authorization scheme.
- the present application example provides a data sharing method that can be applied to the authorized access server 103.
- the method process 300 includes the following steps:
- Step 301 Receive a first part of the first key from the first client 101, the first key corresponding to a piece of encrypted data uploaded into a block of the information sharing system 104, the encrypted data is according to the The first key is obtained by encrypting a plaintext data, and the information sharing system is a blockchain system.
- Step 302 Generate a first authorization code corresponding to the encrypted data.
- Step 303 Send the first authorization code to the first client 101, so that the first client 101, when authorizing the second client 102 to access the encrypted data, the first authorization code and the first
- the second portion of the key is sent to the second client 102 such that the second client 102 carries the first authorization code and the second portion of the first key on access when accessing the encrypted data
- the second portion of the first key includes a remaining portion of the first key other than the first portion.
- Step 304 When receiving an access request for the encrypted data from any client (possibly the above-mentioned authorized second client 102 may also be another unauthorized client), perform the following steps:
- Step 305 Obtain a second authorization code and an incomplete key from the access request.
- Step 306 When the second authorization code is the same as the first authorization code and the second authorization code is available, according to the incomplete key and the first key corresponding to the encrypted data. A portion generates a second key, wherein the generated second key is the same as the first key when the incomplete key is the same as the second portion of the first key.
- Step 307 Acquire the encrypted data from the block of the information sharing system 104. Decrypting the encrypted data according to the second key, wherein when the second key is the same as the first key, the plaintext data is decrypted and sent to send the access The requested client.
- the authorized access server 103 may first Verifying that the authorization code is available, and if the authorization code is available, using the incomplete key (the first part and the second part of the key) obtained from the first client 101 and the client respectively, obtain the complete key, if If there is a problem with the incomplete key provided by this client, the correct full key cannot be obtained, and the encrypted data cannot be successfully decrypted, thus ensuring the security of the data.
- the authorized second client 102 and the authorized access server 103 respectively hold a part of the key, neither of which has the right to access the encrypted data, only when the key information held by the two is merged together
- the first client 101 can authorize certain second clients 102 to access the plaintext of the encrypted data, thereby sharing information and privacy. The balance is reached, providing a better information sharing mechanism.
- the step of obtaining the second authorization code and the one incomplete key from the access request may include: acquiring an access token of the encrypted data from the access request; And obtaining the second authorization code and the incomplete key from the access token.
- step 301 when the first portion of the key is received from the first client, the authorized access server 103 further receives the file identification and the user identification of the holder of the encrypted data.
- step 302 the step of generating the first authorization code corresponding to the encrypted data may include: generating the authorization code according to a rule corresponding to the user identifier of the holder, and the authorization code and the The first part of the key, the file identifier, and the user identifier of the holder are associated; when the access request is received, the file identifier and the user identifier of the holder are obtained according to the access request The associated authorization code and the first portion of the key.
- the block corresponds to a block height.
- the generated first authorization code corresponds to a block height and/or an expiration time that is allowed to be accessed.
- the block height and/or the expiration time of the access allowed corresponding to the second authorization code is obtained. And when the block height of the encrypted data for the access request matches the block height of the access allowed corresponding to the second authorization code and/or the second authorization code does not reach the expiration time Determining that the second authorization code is available.
- the method further includes: invalidating the authorization code in response to a cancellation request for the authorization code from the first client 101.
- the authorized access server 103 can return a response to the first client 101 after the authorization code is invalidated, and the first client 101 invalidates the local authorization code when receiving the response, thereby completing the entire process of canceling the authorization code.
- the user can cancel the authorization code for some data as needed to cancel the sharing for some users or data, such as: the second client 102 that obtained the authorization code of one piece of data before, if the authorization code fails, then When the second client 102 requests access to this data using this authorization code, the authorization code will be verified as unavailable and cannot be accessed.
- the method further includes: generating a new authorization code corresponding to the encrypted data in response to a request for generating an authorization code for the encrypted data from the first client 101; transmitting the encryption to the first client 101 The new authorization code corresponding to the data.
- the user can also request a new authorization code to re-authorize some users to access the data, thereby realizing flexible data access authorization.
- the method further includes: generating a new authorization code corresponding to the encrypted data in response to the update authorization code request for the encrypted data from the first client 101, and replacing the previous location with the new authorization code The first authorization code is described. Sending the new authorization code corresponding to the encrypted data to the first client 101 to replace the previous first authorization code with the new authorization code.
- FIG. 4 shows a message interaction process in an embodiment of the present application. As shown in FIG. 4, the process involves at least four entities: a first client 101, a second client 102, an authorized access server 103, and an information sharing system 104, which may include the following processing steps:
- Step 401 The first client 101 holds an encryption key, and encrypts data to be uploaded to the information sharing system 104 to obtain a piece of encrypted data.
- the first client 101 uploads the encrypted data to the information sharing system 104, and also transmits the encrypted user's user identification and file identification associated with the encrypted data to the information sharing system 104 when uploading the encrypted data.
- the first client 101 can send a data upload request to the information sharing system 104, which carries the user ID, file identifier and encrypted data of the holder.
- the user identifier of the holder is an identifier of the currently logged-in user of the first client 101, for example, a QQ number, a cloud disk account, an account of a blockchain system, and the like; and the file identifier is used to identify the encrypted data.
- the information sharing system 104 can save the encrypted data uploaded by the first client 101 and associate it with the user identifier and the file identifier of the holder, so as to store the encrypted data in a directory corresponding to the holder's user identifier.
- the file identifier is used to identify the encrypted data.
- the first client 101 is a network disk client
- the information sharing system 104 is a cloud disk server (or simply a cloud disk server).
- Users can upload photos, videos and other files using this web client. For example, clicking the control 501 can upload a photo, and clicking the control 502 can upload a video.
- the network disk client can be configured to encrypt the uploaded data, so that the network disk client performs the encryption process of the above step 401.
- Step 402 The first client 101 uploads the first half of the key used for the encryption of step 401 (which may be referred to as the first half of the key) to the authorized access server 103, and also sends the user identifier of the holder associated with the encrypted data. Give authorization to access the server.
- the first client 101 may send a key upload request to the authorized access server 103, where the request carries the user identifier of the holder of the encrypted data and the first half of the key.
- the authorization access server 103 generates an authorization code according to the rule corresponding to the user identifier of the holder, and associates the authorization code with the first half of the key and the user identifier of the holder, and then returns the authorization code to the first Client 101.
- Step 403 The first client 101 combines the second half of the key used for the step 401 encryption (which may be referred to as the second half of the key) and the received authorization code into a data review token, and the data reference token is Associated with the file identification of the aforementioned encrypted data.
- the data review token may be provided to the second client 102.
- the second client 102 requests the first client 101 for the authorization of the data, and sends an authorization request for carrying the target file information to the first client 101, and the first client 101 can determine the first file according to the target file information.
- the object file information may include a file identifier, an identifier of a folder or a directory address, and the like, and the first client 101 may determine a corresponding file identifier set, and then determine an associated data review token through the file identifier set.
- a file identifier set (one or more file identifiers) may be associated with a data lookup token, and the first client 101 may batch-authorize a file set to the second client 102; a file identifier set may also be associated with multiple Data reference tokens, wherein different file identifiers associate different data lookup tokens, and the first client 101 provides a data lookup token to the second client 102 for each file.
- Step 404 After holding the data review token, the second client 102 sends a referral request to the authorized access server 103, the request carrying the user identifier, the file identifier and the data reference token of the holder of the encrypted data.
- the second client 102 is a browser that accesses the blockchain page
- the information sharing system 104 is a blockchain system.
- Users can view various information by accessing the blockchain page, and some information is private. Users can view plaintext data when they have a data access token. For example, if the user can click on the control 601, step 404 can be performed to issue a lookup request. If the data lookup token carried by the lookup request contains the correct available authorization code and the correct second half of the key, the browser may present a second page containing the plaintext data corresponding to the "details" item.
- Step 405 The authorized access server 103 extracts the data reference token, the user identifier and the file identifier of the holder from the received review request, extracts the authorization code from the data reference token, and determines whether the authorization code is available.
- the authorization access server 103 determines whether the authorization code is available, including two aspects: 1. Whether the authorization code extracted from the data review token is the same as the authorization code associated with the locally stored user identifier of the holder, if the data is read from the order If the authorization code extracted from the card is consistent with the authorization code obtained from the local query, the authorization code carried in the data reference token is legal. 2.
- the two authorization codes are the same, further verify whether the authorization code expires ( For example, whether the expiration time is reached or whether it is still within the effective use date, and/or whether the address of the encrypted data currently requested to be checked belongs to the data address permitted to be accessed corresponding to the authorization code.
- the authorized access server 103 acquires the first half of the key associated with the authorization code, extracts the second half of the key from the data reference token, and combines the first half of the key and the second half of the key into one complete Key.
- the authorization access server 103 also sends a query request to the information sharing system 104, the request carrying the user identifier and the file identifier of the holder, so that the information sharing server 104 queries the associated encrypted data according to the user identifier and the file identifier of the holder. It is returned to the authorized access server 103.
- Step 406 Decrypt the encrypted data using the complete key obtained in step 405. If the second half of the key extracted in the data lookup token is accurate, then an accurate complete key can be obtained in step 405, then the decrypted data (ie, plaintext data) can be successfully decrypted in this step, and the decrypted data is returned. To the second client 102. If the second half of the key extracted in the data lookup token is erroneous, the key obtained in step 405 is erroneous and cannot be successfully decrypted in this step. In this case, the second client 102 may report an error, or directly return an encrypted data to the second client 102. In short, the second client 102 cannot successfully access the plaintext data, thereby ensuring the first client. 101 The security of the uploaded data.
- the embodiment of the present application further provides a client (which may be the first client 101) that can implement the foregoing method.
- a client which may be the first client 101
- the first client 700 includes the following modules:
- the encryption module 701 encrypts a plaintext data according to the key to obtain an encrypted data.
- the uploading module 702 uploads the encrypted data to a block of the information sharing system 104.
- the information sharing system is a blockchain system, and the first part of the key is uploaded to the information sharing system 104. Authorize access to the server 103.
- the authorization module 703 receives an authorization code corresponding to the encrypted data from the authorized access server 103; when authorizing a user to access the encrypted data, sending the authorization code and the second part of the key to the second Client 102, the second portion of the key includes a remainder of the key other than the first portion, such that the second client 102 sends an access request for the encrypted data to the
- the authorization code and the second part of the key are carried in the access request, so that the authorized access server 103 is determined according to the key when determining that the authorization code is available.
- the first part and the second part generate the key, and decrypt the encrypted data acquired from the block of the information sharing system 104 according to the generated key to obtain the The plaintext data is returned to the second client 102.
- the authorization module 703 further generates an access token of the encrypted data, the access token including the authorization code and the second portion of the key; wherein the authorization module 703 The access token is sent to the second client 102 to cause the second client 102 to carry the access token in the access request.
- the uploading module 702 when the encrypted data is uploaded to the information sharing system 104, the uploading module 702 further uploads the file identifier of the encrypted data and the user identifier of the holder thereof to enable the information sharing.
- the system 104 associates the encrypted data with the file identification and the user identification of the holder such that the authorized access server 103 shares from the information based on the file identification and the user identification of the holder.
- System 104 obtains the encrypted data.
- the uploading module 702 when the first portion of the key is uploaded to the authorized access server 103, the uploading module 702 further uploads the file identifier and the user identification of the holder to The authorization access server 103 generates the authorization code according to a rule corresponding to the holder's user identifier, and the authorization code and the first part of the key, the file identifier, and the holder Corresponding to the user identifier, when the access request is received, obtaining the associated authorization code and the first part of the key according to the file identifier carried in the holder and the user identifier of the holder. And determining, according to the obtained authorization code, whether the authorization code carried by the access request is available, and generating the secret according to the obtained first part of the key and the second part carried by the access request. key.
- the authorization module 703 further generates an access token including the authorization code and the encrypted data of the second portion of the key, the access token being associated with the file identification And the authorization module 703 sends the access token associated with the file identifier to the second client 102, so that the second client 102 carries the access request in the access request The access token.
- the authorization module 703 further sends a cancellation request for the authorization code to the authorized access server 103 to cause the authorized access server 103 to invalidate the authorization code; the authorization module 703 further The local authorization code is invalid.
- the authorization module 703 sends a request for generating an authorization code for the encrypted data to the authorized access server 103 to cause the authorized access server 103 to generate a new authorization code corresponding to the encrypted data;
- the authorization module 703 also receives the new authorization code corresponding to the encrypted data from the authorized access service 103.
- the authorization module 703 further sends an update authorization code request for the encrypted data to the authorized access server 103, so that the authorized access server 103 generates a new authorization code corresponding to the encrypted data, and uses The new authorization code replaces the previous authorization code; the authorization module 703 also receives the new authorization code from the authorized access server 103, and replaces the previous authorization code with the new authorization code.
- the embodiment of the present application further provides an authorized access server (such as the foregoing authorized access server 103) that can implement the foregoing method.
- the server 800 can include the following modules:
- the authorization module 801 receives a first portion of the first key from the first client 101, the first key corresponding to a piece of encrypted data uploaded into a block of the information sharing system 104, the encrypted data being based on Obtaining, by the first key, a plaintext data, the information sharing system is a blockchain system; generating a first authorization code corresponding to the encrypted data; and sending the first authorization code to The first client 101, to enable the first client 101 to send the first authorization code and the second part of the first key to the second client 102 when the second client 102 is authorized to access the encrypted data
- the second client 102 so that the second client 102 carries the first authorization code and the second part of the first key in an access request when accessing the encrypted data,
- the second portion of the first key includes the remainder of the first key except the first portion.
- the verification module 802 when receiving an access request for the encrypted data from any client (such as the second client 102), obtain a second authorization code and an incomplete key from the access request; When the second authorization code is the same as the first authorization code and the second authorization code is available, the key module 803 is triggered.
- the key module 803 generates a second key according to the incomplete key and the first part of the first key corresponding to the encrypted data, where the incomplete key and the first key are When the second part is the same, the generated second key is the same as the first key.
- Decryption module 804 obtaining the encrypted data from the block of the information sharing system 104; decrypting the encrypted data according to the second key, wherein when the second key is When the first key is the same, the plaintext data is decrypted and sent to the client that sends the access request.
- the verification module 802 obtains an access token of the encrypted data from the access request, and obtains the second authorization code and the incomplete key from the access token.
- the authorization module 801 when receiving the first portion of the key from the first client 101, further receives a file identification and a user identification of a holder of the encrypted data; The authorization module 801 generates the first authorization code according to a rule corresponding to the user identifier of the holder, and the first authorization code and the first part of the key, the file identifier and The user identifier of the holder is associated; wherein, when the access request is received, the verification module 802 obtains an associated location according to the file identifier carried by the access request and the user identifier of the holder. Describe the first authorization code and the first portion of the key.
- the block corresponds to a block height
- the first authorization code generated by the authorization module 801 corresponds to a block height and/or an expiration time that is allowed to be accessed
- the verification module 802 is Obtaining a block height and/or an expiration time of the access allowed corresponding to the second authorization code when the second authorization code is the same as the first authorization code
- the block of the encrypted data for the access request When the height of the block that is allowed to access corresponding to the second authorization code is matched and/or the second authorization code does not reach the expiration time, it is determined that the second authorization code is available.
- the authorization module 801 further invalidates the first authorization code in response to a cancellation request for the authorization code from the first client 101; returns to the first client 101 Responding to cause the first client 101 to invalidate the local first authorization code.
- the authorization module 801 further generates a new authorization code corresponding to the encrypted data in response to a request for generating an authorization code for the encrypted data from the first client 101; to the first The client 101 sends the new authorization code corresponding to the encrypted data.
- the authorization module 801 further generates a new authorization code corresponding to the encrypted data in response to an update authorization code request for the encrypted data from the first client 101, and uses the new authorization The code replaces the previous first authorization code; the new authorization code corresponding to the encrypted data is sent to the first client 101 to replace the previous first authorization code with the new authorization code .
- client 700 and server 800 described above can be run in various computing devices and loaded into the memory of the computing device.
- Embodiments of the present application propose a computing device comprising: one or more processors; a memory; and one or more programs stored in the memory and configured to be executed by the one or more processors, The one or more programs include instructions for performing an instance of a method of the aforementioned person.
- FIG. 9 shows a compositional diagram of a computing device in which the client 700 or server 800 is located.
- the computing device includes one or more processors (CPUs) 902, communication modules 904, memory 906, user interface 910, and a communication bus 908 for interconnecting these components.
- processors CPUs
- communication modules 904
- memory 906 user interface 910
- communication bus 908 for interconnecting these components.
- the processor 902 can receive and transmit data through the communication module 904 to enable network communication and/or local communication.
- User interface 910 includes one or more output devices 912 that include one or more speakers and/or one or more visual displays.
- User interface 910 also includes one or more input devices 914 including, for example, a keyboard, a mouse, a voice command input unit or loudspeaker, a touch screen display, a touch sensitive tablet, a gesture capture camera or other input button or control, and the like.
- the memory 906 can be a high speed random access memory such as DRAM, SRAM, DDR RAM, or other random access solid state storage device; or a non-volatile memory such as one or more magnetic disk storage devices, optical disk storage devices, flash memory devices, Or other non-volatile solid-state storage devices.
- a high speed random access memory such as DRAM, SRAM, DDR RAM, or other random access solid state storage device
- non-volatile memory such as one or more magnetic disk storage devices, optical disk storage devices, flash memory devices, Or other non-volatile solid-state storage devices.
- the memory 906 stores a set of instructions executable by the processor 902, including:
- Operating system 916 including programs for processing various basic system services and for performing hardware related tasks
- the application 918 includes various applications that can implement the processing flow in the above examples, and may include, for example, the client 700 shown in FIG. 7 and/or the server 800 shown in FIG.
- client 700 may include some or all of modules 701-703 shown in FIG. 7, and modules 701-703 may store machine-executable instructions.
- the processor 902 can implement the functions of the above-described modules 701 to 703 by executing the machine executable instructions in the modules 701 to 703 in the memory 906.
- server 800 can include some or all of modules 801-804 shown in FIG. 8, and modules 801-804 can store machine-executable instructions.
- the processor 902 can implement the functions of the above-described modules 801 to 804 by executing the machine executable instructions in the modules 801 to 804 in the memory 906.
- the first client 101 holds a key and an authorization code
- the authorized access server 103 holds the authorization code and the first part of the key
- the second client 102 is authorized
- the second portion of the key and the authorization code can be held such that when the second client 102 requests access to the corresponding data through the authorized access server 103, the authorized access server 103 can first verify whether the authorization code is available, and the authorization code is available.
- the incomplete key (the first part and the second part of the key) obtained from the first client 101 and the second client 102, respectively, is used to obtain the complete key, if the second client 102 does not provide the full key.
- the second client 102 and the authorized access server 103 respectively hold a part of the key, neither of which has the right to access the encrypted data, and only the key information held by the two can be obtained together.
- the key which effectively protects data security and user privacy.
- the hardware modules in the embodiments may be implemented in a hardware manner or a hardware platform plus software.
- the above software includes machine readable instructions stored in a non-volatile storage medium.
- embodiments can also be embodied as software products.
- the hardware may be implemented by specialized hardware or hardware that executes machine readable instructions.
- the hardware can be a specially designed permanent circuit or logic device (such as a dedicated processor such as an FPGA or ASIC) for performing a particular operation.
- the hardware may also include programmable logic devices or circuits (such as including general purpose processors or other programmable processors) that are temporarily configured by software for performing particular operations.
- each instance of the present application can be implemented by a data processing program executed by a data processing device such as a computer.
- the data processing program constitutes the present application.
- a data processing program usually stored in a storage medium is executed by directly reading a program out of a storage medium or by installing or copying the program to a storage device (such as a hard disk and or a memory) of the data processing device. Therefore, such a storage medium also constitutes the present application.
- the embodiment of the present application further provides a non-volatile storage medium in which a data processing program is stored, which can be used to execute the method in the above method example of the present application. Any kind of instance.
- the machine readable instructions corresponding to the modules of Figures 7 and 8 may cause an operating system or the like operating on a computer to perform some or all of the operations described herein.
- the non-transitory computer readable storage medium may be inserted into a memory provided in an expansion board within the computer or written to a memory provided in an expansion unit connected to the computer.
- the CPU or the like installed on the expansion board or the expansion unit can perform part and all of the actual operations according to the instructions.
- the non-transitory computer readable storage medium includes a floppy disk, a hard disk, a magneto-optical disk, an optical disk (such as a CD-ROM, a CD-R, a CD-RW, a DVD-ROM, a DVD-RAM, a DVD-RW, a DVD+RW), and a magnetic tape. , non-volatile memory card and ROM.
- the program code can be downloaded from the server computer by the communication network.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims (15)
- 一种数据共享方法,由第一客户端执行,所述方法包括:根据密钥对一份明文数据进行加密得到一份加密数据;将所述加密数据上传至信息共享系统的一个区块中,所述信息共享系统为区块链系统;将所述密钥的第一部分上传至所述信息共享系统对应的授权访问服务器;从所述授权访问服务器接收所述加密数据对应的授权码;当授权一个用户访问所述加密数据时,将所述授权码和所述密钥的第二部分发送给所述用户的第二客户端,所述密钥的第二部分包括所述密钥中除所述第一部分之外的剩余部分,以使所述第二客户端当发送针对所述加密数据的访问请求至所述授权访问服务器时,在所述访问请求中携带所述授权码和所述密钥的所述第二部分,以便所述授权访问服务器在确定所述授权码可用时根据所述密钥的所述第一部分和所述第二部分生成所述密钥,根据所生成的所述密钥对从所述信息共享系统的所述区块中获取的所述加密数据进行解密而得到所述明文数据并返回给所述第二客户端。
- 根据权利要求1所述的方法,其中,当将所述加密数据上传至所述信息共享系统的所述区块中时,进一步上传所述加密数据的文件标识及其持有者的用户标识,以使所述信息共享系统将所述加密数据与所述文件标识和所述持有者的用户标识相关联,以便所述授权访问服务器根据所述文件标识和所述持有者的用户标识从所述信息共享系统的所述区块中获取所述加密数据。
- 根据权利要求2所述的方法,其中,当将所述密钥的所述第 一部分上传至所述授权访问服务器时,进一步上传所述文件标识和所述持有者的用户标识,以使所述授权访问服务器根据所述持有者的用户标识对应的规则生成所述授权码,并将所述授权码与所述密钥的所述第一部分、所述文件标识和所述持有者的用户标识相关联,在收到所述访问请求时根据其中携带的所述文件标识和所述持有者的用户标识获取相关联的所述授权码和所述密钥的所述第一部分,以便根据获取的所述授权码确定所述访问请求携带的所述授权码是否可用,根据获取的所述密钥的所述第一部分和所述访问请求携带的所述第二部分生成所述密钥。
- 根据权利要求1所述的方法,进一步包括:向所述授权访问服务器发送针对所述授权码的取消请求,以使所述授权访问服务器令所述授权码失效;令本地的所述授权码失效。
- 根据权利要求1所述的方法,进一步包括:向所述授权访问服务器发送针对所述加密数据的更新授权码请求,以使所述授权访问服务器生成所述加密数据对应的新授权码,并用所述新授权码替代之前的所述授权码;从所述授权访问服务器接收所述新授权码,并用所述新授权码替代之前的所述授权码。
- 一种数据共享方法,由授权访问服务器执行,所述方法包括:从第一客户端接收第一密钥的第一部分,所述第一密钥对应于一份上传到信息共享系统的一个区块中的加密数据,所述加密数据为根据所述第一密钥对一份明文数据进行加密处理而获得的,所述信息共享系统为区块链系统;生成所述加密数据对应的第一授权码;将所述第一授权码发送给所述第一客户端,以使所述第一客户端在授权第二客户端访问所述加密数据时将所述第一授权码和所述第一密钥的第二部分发送给所述第二客户端,以便所述第二客户端在访问所述加密数据时将所述第一授权码和所述第一密钥的所述第二部分携带在访问请求中,所述第一密钥的第二部分包括所述第一密钥中除所述第一部分之外的剩余部分;当接收到来自任一客户端的对于所述加密数据的访问请求时,所述方法还包括:从所述访问请求中获取第二授权码和一个不完整密钥;当所述第二授权码与所述第一授权码相同并且所述第二授权码可用时,根据所述不完整密钥和所述加密数据对应的所述第一密钥的第一部分生成第二密钥,其中,当所述不完整密钥与所述第一密钥的第二部分相同时,所生成的所述第二密钥与所述第一密钥相同;从所述信息共享系统的所述区块中获取所述加密数据;根据所述第二密钥对所述加密数据进行解密处理,其中,当所述第二密钥与所述第一密钥相同时,解密得到所述明文数据并将其发送给发送所述访问请求的所述客户端。
- 根据权利要求6所述的方法,其中,当从所述第一客户端接收所述密钥的所述第一部分时,进一步接收文件标识和所述加密数据的持有者的用户标识;所述生成所述加密数据对应的第一授权码包括:根据所述持有者的用户标识对应的规则生成所述第一授权码,并将所述第一授权码与所述密钥的所述第一部分、所述文件标识和所述持有者的用户标识相关联;当收到所述访问请求时,根据所述访问请求携带的文件标识和所 述持有者的用户标识获取相关联的所述第一授权码和所述密钥的所述第一部分。
- 根据权利要求6所述的方法,其中,所述区块对应一个区块高度;所生成的所述第一授权码对应允许访问的区块高度和/或过期时间;当所述第二授权码与所述第一授权码相同时,获取所述第二授权码对应的允许访问的区块高度和/或过期时间;当所述访问请求针对的所述加密数据的区块高度与所述第二授权码对应的所述允许访问的区块高度相匹配和/或所述第二授权码未达到所述过期时间时,确定所述第二授权码可用。
- 根据权利要求6所述的方法,进一步包括:响应于来自所述第一客户端的针对所述授权码的取消请求,令所述第一授权码失效;向所述第一客户端返回响应,以使所述第一客户端令本地的所述第一授权码失效。
- 根据权利要求6所述的方法,进一步包括:响应于来自所述第一客户端的针对所述加密数据的生成授权码请求,生成所述加密数据对应的新授权码;向所述第一客户端发送所述加密数据对应的所述新授权码。
- 根据权利要求6所述的方法,进一步包括:响应于来自所述第一客户端的针对所述加密数据的更新授权码请求,生成所述加密数据对应的新授权码,并用所述新授权码替代之前的所述第一授权码;向所述第一客户端发送所述加密数据对应的所述新授权码,以使 其用所述新授权码替代之前的所述第一授权码。
- 一种第一客户端,包括:加密模块,根据密钥对一份明文数据进行加密得到一份加密数据;上传模块,将所述加密数据上传至信息共享系统的一个区块中,所述信息共享系统为区块链系统,将所述密钥的第一部分上传至所述信息共享系统对应的授权访问服务器;授权模块,从所述授权访问服务器接收所述加密数据对应的授权码;当授权一个用户访问所述加密数据时,将所述授权码和所述密钥的第二部分发送给第二客户端,所述密钥的第二部分包括所述密钥中除所述第一部分之外的剩余部分,以使所述第二客户端当发送针对所述加密数据的访问请求至所述授权访问服务器时,在所述访问请求中携带所述授权码和所述密钥的所述第二部分,以便所述授权访问服务器在确定所述授权码可用时根据所述密钥的所述第一部分和所述第二部分生成所述密钥,根据所生成的所述密钥对从所述信息共享系统的所述区块中获取的所述加密数据进行解密而得到所述明文数据并返回给所述第二客户端。
- 一种授权访问服务器,包括:授权模块,从第一客户端接收第一密钥的第一部分,所述第一密钥对应于一份上传到信息共享系统的一个区块中的加密数据,所述加密数据为根据所述第一密钥对一份明文数据进行加密处理而获得的,所述信息共享系统为区块链系统;生成所述加密数据对应的第一授权码;将所述第一授权码发送给所述第一客户端,以使所述第一客户端在授权第二客户端访问所述加密数据时将所述第一授权码和所述第一密钥的第二部分发送给所述第二客户端,以便所述第二客户端在访问所述加密数据时将所述第一授权码和所述第一密钥的所述第二部 分携带在访问请求中,所述第一密钥的第二部分包括所述第一密钥中除所述第一部分之外的剩余部分;验证模块,当接收到来自任一客户端的对于所述加密数据的访问请求时,从所述访问请求中获取第二授权码和一个不完整密钥;当所述第二授权码与所述第一授权码相同并且所述第二授权码可用时,触发密钥模块;所述密钥模块,根据所述不完整密钥和所述加密数据对应的所述第一密钥的第一部分生成第二密钥,其中,当所述不完整密钥与所述第一密钥的第二部分相同时,所生成的所述第二密钥与所述第一密钥相同;解密模块,从所述信息共享系统的所述区块中获取所述加密数据;根据所述第二密钥对所述加密数据进行解密处理,其中,当所述第二密钥与所述第一密钥相同时,解密得到所述明文数据并将其发送给发送所述访问请求的所述客户端。
- 一种计算设备,包括:一个或多个处理器;存储器;以及一个或多个程序,存储在该存储器中并被配置为由所述一个或多个处理器执行,所述一个或多个程序包括用于执行权利要求1-11中任一项所述方法的指令。
- 一种存储介质,存储有一个或多个程序,所述一个或多个程序包括指令,所述指令当由计算设备执行时,使得所述计算设备执行如权利要求1-11中任一项所述的方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2020524318A JP6961818B2 (ja) | 2017-11-02 | 2018-09-27 | データ共有方法、クライアント、サーバ、コンピューティングデバイス、及び記憶媒体 |
EP18872127.8A EP3618394B1 (en) | 2017-11-02 | 2018-09-27 | Data sharing method, client, server, computing device, and storage medium |
KR1020197034696A KR102219008B1 (ko) | 2017-11-02 | 2018-09-27 | 데이터 공유 방법, 클라이언트, 서버, 컴퓨팅 장치 및 저장 매체 |
US16/683,597 US11223477B2 (en) | 2017-11-02 | 2019-11-14 | Data sharing method, client, server, computing device, and storage medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711065783.1 | 2017-11-02 | ||
CN201711065783.1A CN107979590B (zh) | 2017-11-02 | 2017-11-02 | 数据共享方法、客户端、服务器、计算设备及存储介质 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/683,597 Continuation US11223477B2 (en) | 2017-11-02 | 2019-11-14 | Data sharing method, client, server, computing device, and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019085699A1 true WO2019085699A1 (zh) | 2019-05-09 |
Family
ID=62012925
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/107962 WO2019085699A1 (zh) | 2017-11-02 | 2018-09-27 | 数据共享方法、客户端、服务器、计算设备及存储介质 |
Country Status (6)
Country | Link |
---|---|
US (1) | US11223477B2 (zh) |
EP (1) | EP3618394B1 (zh) |
JP (1) | JP6961818B2 (zh) |
KR (1) | KR102219008B1 (zh) |
CN (1) | CN107979590B (zh) |
WO (1) | WO2019085699A1 (zh) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333199A (zh) * | 2020-11-17 | 2021-02-05 | 珠海大横琴科技发展有限公司 | 一种数据处理的方法和装置 |
US11088833B1 (en) | 2020-01-26 | 2021-08-10 | International Business Machines Corporation | Decentralized secure data sharing |
JP2021136694A (ja) * | 2020-02-26 | 2021-09-13 | バイドゥ オンライン ネットワーク テクノロジー (ベイジン) カンパニー リミテッド | ブロックチェーンネットワークに基づくデータ共有方法、装置、機器及び媒体 |
US11194918B2 (en) * | 2019-07-10 | 2021-12-07 | International Business Machines Corporation | Data transmission based on verification codes |
US11271742B2 (en) | 2020-01-26 | 2022-03-08 | International Business Machines Corporation | Decentralized secure data sharing |
US11356260B2 (en) | 2020-01-26 | 2022-06-07 | International Business Machines Corporation | Decentralized secure data sharing |
Families Citing this family (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108632284B (zh) * | 2018-05-10 | 2021-02-23 | 网易(杭州)网络有限公司 | 基于区块链的用户数据授权方法、介质、装置和计算设备 |
CN108768972B (zh) * | 2018-05-16 | 2020-11-27 | 智车优行科技(北京)有限公司 | 车辆数据的存储和访问方法及装置、系统、电子设备 |
CN108462724B (zh) * | 2018-05-17 | 2020-07-31 | 京东数字科技控股有限公司 | 数据共享方法、装置、系统、成员节点和可读存储介质 |
CN108768633B (zh) * | 2018-05-30 | 2022-03-25 | 腾讯科技(深圳)有限公司 | 实现区块链中信息共享的方法及装置 |
US11108762B2 (en) | 2018-06-05 | 2021-08-31 | The Toronto-Dominion Bank | Methods and systems for controlling access to a protected resource |
CN112567441A (zh) * | 2018-06-29 | 2021-03-26 | 索尼公司 | 信息处理系统、信息处理方法和信息处理装置 |
CN109032694A (zh) * | 2018-07-03 | 2018-12-18 | 郑州云海信息技术有限公司 | 一种数据加载方法及终端 |
CN108985863A (zh) * | 2018-08-27 | 2018-12-11 | 中国联合网络通信集团有限公司 | 一种募捐捐赠方法及系统 |
CN110958211B (zh) * | 2018-09-27 | 2022-05-27 | 安徽华峪文化科技有限公司 | 一种基于区块链的数据处理系统及方法 |
CN109559117B (zh) * | 2018-11-14 | 2022-05-20 | 北京科技大学 | 基于属性基加密的区块链合约隐私保护方法与系统 |
CN109474597A (zh) * | 2018-11-19 | 2019-03-15 | 中链科技有限公司 | 一种基于区块链的分布式消息发送与接收方法以及装置 |
WO2020102974A1 (zh) * | 2018-11-20 | 2020-05-28 | 深圳市欢太科技有限公司 | 一种数据访问方法、数据访问装置及移动终端 |
CN109583905A (zh) * | 2018-12-21 | 2019-04-05 | 众安信息技术服务有限公司 | 基于区块链网络的利用通证来实现数据共享的方法和设备 |
CN111385266B (zh) * | 2018-12-29 | 2022-06-17 | 湖南亚信软件有限公司 | 数据共享方法、装置、计算机设备和存储介质 |
US11368441B2 (en) * | 2019-01-29 | 2022-06-21 | Mastercard International Incorporated | Method and system for general data protection compliance via blockchain |
CN110147410B (zh) * | 2019-04-18 | 2020-08-04 | 阿里巴巴集团控股有限公司 | 一种块链式账本中的数据验证方法、系统、装置及设备 |
CN110263556A (zh) * | 2019-05-22 | 2019-09-20 | 广东安创信息科技开发有限公司 | 一种oa系统数据的加解密方法及系统 |
CN110177092A (zh) * | 2019-05-22 | 2019-08-27 | 南京邮电大学 | 一种基于区块链的电子数据可信下载方法 |
EP3764613A1 (en) * | 2019-07-09 | 2021-01-13 | Gemalto Sa | Method, first device, first server, second server and system for accessing a private key |
CN111010386B (zh) * | 2019-12-10 | 2021-12-21 | 上海信联信息发展股份有限公司 | 一种基于共享账本的隐私保护与数据监管控制方法 |
CN111061982B (zh) * | 2019-12-11 | 2023-04-18 | 电子科技大学 | 一种基于区块链的新闻资讯发布及管理系统 |
CN111179067B (zh) * | 2019-12-31 | 2023-06-27 | 杭州趣链科技有限公司 | 一种基于区块链的银行间客户信息交换系统 |
CN111448565B (zh) * | 2020-02-14 | 2024-04-05 | 支付宝(杭州)信息技术有限公司 | 基于去中心化标识的数据授权 |
US11658816B2 (en) * | 2020-04-15 | 2023-05-23 | Philips North America Llc | Document control system for blockchain |
CN111639350B (zh) * | 2020-05-16 | 2023-01-31 | 中信银行股份有限公司 | 密码服务系统及加密方法 |
CN111740986B (zh) * | 2020-06-19 | 2022-07-19 | 公安部第三研究所 | 基于标识密码技术的实现数据共享控制的系统及其方法 |
CN111914293B (zh) * | 2020-07-31 | 2024-05-24 | 平安科技(深圳)有限公司 | 一种数据访问权限验证方法、装置、计算机设备及存储介质 |
US11621837B2 (en) * | 2020-09-03 | 2023-04-04 | Theon Technology Llc | Secure encryption of data using partial-key cryptography |
US11310042B2 (en) | 2020-09-11 | 2022-04-19 | Crown Sterling Limited, LLC | Methods of storing and distributing large keys |
CN112184426A (zh) * | 2020-10-12 | 2021-01-05 | 深圳壹账通智能科技有限公司 | 数据共享方法、系统、服务器及计算机可读存储介质 |
CN112637177B (zh) * | 2020-12-17 | 2022-09-27 | 赛尔网络有限公司 | 数据加密传输方法、装置、设备及介质 |
CN112615936A (zh) * | 2020-12-28 | 2021-04-06 | 南京披云信息科技有限公司 | 提升物联网安全的方法及装置 |
EP4289107A4 (en) * | 2021-02-05 | 2024-03-20 | Visa International Service Association | SECRET PROTECTION SYSTEM AND METHOD FOR MOBILE DEVICE |
CN113515728B (zh) * | 2021-05-18 | 2023-08-04 | 北京飞利信电子技术有限公司 | 一种基于多级部署的物联网平台软件授权控制系统和方法 |
US11615375B2 (en) * | 2021-07-02 | 2023-03-28 | dexFreight, Inc. | Electronic management of supply chain factoring with shared state storage in a distributed ledger |
US11755772B2 (en) | 2021-09-20 | 2023-09-12 | Crown Sterling Limited, LLC | Securing data in a blockchain with a one-time pad |
CN113868605B (zh) * | 2021-09-30 | 2024-03-22 | 新华三大数据技术有限公司 | 授权管理方法、装置及系统 |
CN113722695B (zh) * | 2021-11-02 | 2022-02-08 | 佳瑛科技有限公司 | 基于云端服务器的财务数据安全共享方法、装置及系统 |
US11943336B2 (en) | 2021-11-22 | 2024-03-26 | Theon Technology Llc | Use of gradient decent function in cryptography |
US11791988B2 (en) | 2021-11-22 | 2023-10-17 | Theon Technology Llc | Use of random entropy in cryptography |
US11902420B2 (en) | 2021-11-23 | 2024-02-13 | Theon Technology Llc | Partial cryptographic key transport using one-time pad encryption |
CN114124572B (zh) * | 2021-12-07 | 2023-06-27 | 建信金融科技有限责任公司 | 基于单向网络的数据传输方法、装置、设备和介质 |
KR102602189B1 (ko) * | 2022-02-18 | 2023-11-14 | 주식회사 한글과컴퓨터 | 클라우드 기반의 문서 공유 서비스를 운영하기 위한 문서 공유 서비스 서버 및 그 동작 방법 |
US11727145B1 (en) | 2022-06-10 | 2023-08-15 | Playback Health Inc. | Multi-party controlled transient user credentialing for interaction with patient health data |
CN116155619B (zh) * | 2023-04-04 | 2023-07-07 | 江西农业大学 | 数据处理方法、数据请求端、数据拥有端及数据处理装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106612275A (zh) * | 2015-10-27 | 2017-05-03 | 连株式会社 | 用于传送和接收消息的用户终端和方法 |
US20170177898A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Personal ledger blockchain |
CN107196900A (zh) * | 2017-03-24 | 2017-09-22 | 阿里巴巴集团控股有限公司 | 一种共识校验的方法及装置 |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8464353B2 (en) * | 2003-10-03 | 2013-06-11 | Hewlett-Packard Development Company, L. P. | Method and system for content downloads via an insecure communications channel to devices |
JP2007089098A (ja) * | 2005-09-20 | 2007-04-05 | Chaosware Inc | クライアント・サーバ型暗号化システム |
JP2008103936A (ja) * | 2006-10-18 | 2008-05-01 | Toshiba Corp | 秘密情報管理装置および秘密情報管理システム |
KR20100042457A (ko) * | 2008-10-16 | 2010-04-26 | 삼성전자주식회사 | 데이터 암호화 방법 및 장치와 데이터 복호화 방법 및 장치 |
US9171298B2 (en) * | 2011-02-24 | 2015-10-27 | Dvdcase, Inc. | Systems and methods for managing access to benefits associated with products |
JP6019453B2 (ja) * | 2012-07-05 | 2016-11-02 | 株式会社クリプト・ベーシック | 暗号化装置、復号化装置、及びプログラム |
CN103973736B (zh) * | 2013-01-30 | 2017-12-29 | 华为终端(东莞)有限公司 | 一种数据共享的方法及装置 |
CN103442059B (zh) * | 2013-08-27 | 2017-02-01 | 华为终端有限公司 | 一种文件共享方法及装置 |
CN103561034B (zh) * | 2013-11-11 | 2016-08-17 | 武汉理工大学 | 一种安全文件共享系统 |
CN104980477B (zh) * | 2014-04-14 | 2019-07-09 | 航天信息股份有限公司 | 云存储环境下的数据访问控制方法和系统 |
US9769664B1 (en) * | 2014-09-04 | 2017-09-19 | Sensys Networks | Nonce silent and replay resistant encryption and authentication wireless sensor network |
US20160379220A1 (en) * | 2015-06-23 | 2016-12-29 | NXT-ID, Inc. | Multi-Instance Shared Authentication (MISA) Method and System Prior to Data Access |
US11121867B2 (en) * | 2016-02-19 | 2021-09-14 | Micro Focus Llc | Encryption methods based on plaintext length |
KR101783281B1 (ko) * | 2016-03-11 | 2017-09-29 | 주식회사 다날 | 신분증 데이터의 안전 보관이 가능한 전자 단말 장치 및 그 동작 방법 |
US10137860B2 (en) * | 2016-11-17 | 2018-11-27 | Ford Global Technologies, Llc | Remote keyless entry message authentication |
JP6302592B2 (ja) * | 2017-06-23 | 2018-03-28 | 株式会社エヌ・ティ・ティ・データ | 情報処理装置、情報処理方法およびプログラム |
-
2017
- 2017-11-02 CN CN201711065783.1A patent/CN107979590B/zh active Active
-
2018
- 2018-09-27 JP JP2020524318A patent/JP6961818B2/ja active Active
- 2018-09-27 EP EP18872127.8A patent/EP3618394B1/en active Active
- 2018-09-27 WO PCT/CN2018/107962 patent/WO2019085699A1/zh unknown
- 2018-09-27 KR KR1020197034696A patent/KR102219008B1/ko active IP Right Grant
-
2019
- 2019-11-14 US US16/683,597 patent/US11223477B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106612275A (zh) * | 2015-10-27 | 2017-05-03 | 连株式会社 | 用于传送和接收消息的用户终端和方法 |
US20170177898A1 (en) * | 2015-12-16 | 2017-06-22 | International Business Machines Corporation | Personal ledger blockchain |
CN107196900A (zh) * | 2017-03-24 | 2017-09-22 | 阿里巴巴集团控股有限公司 | 一种共识校验的方法及装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3618394A4 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11194918B2 (en) * | 2019-07-10 | 2021-12-07 | International Business Machines Corporation | Data transmission based on verification codes |
US11088833B1 (en) | 2020-01-26 | 2021-08-10 | International Business Machines Corporation | Decentralized secure data sharing |
US11271742B2 (en) | 2020-01-26 | 2022-03-08 | International Business Machines Corporation | Decentralized secure data sharing |
US11356260B2 (en) | 2020-01-26 | 2022-06-07 | International Business Machines Corporation | Decentralized secure data sharing |
JP2021136694A (ja) * | 2020-02-26 | 2021-09-13 | バイドゥ オンライン ネットワーク テクノロジー (ベイジン) カンパニー リミテッド | ブロックチェーンネットワークに基づくデータ共有方法、装置、機器及び媒体 |
JP7096920B2 (ja) | 2020-02-26 | 2022-07-06 | バイドゥ オンライン ネットワーク テクノロジー(ペキン) カンパニー リミテッド | ブロックチェーンネットワークに基づくデータ共有方法、装置、機器及び媒体 |
CN112333199A (zh) * | 2020-11-17 | 2021-02-05 | 珠海大横琴科技发展有限公司 | 一种数据处理的方法和装置 |
CN112333199B (zh) * | 2020-11-17 | 2023-04-21 | 珠海大横琴科技发展有限公司 | 一种数据处理的方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
JP2021502023A (ja) | 2021-01-21 |
CN107979590B (zh) | 2020-01-17 |
JP6961818B2 (ja) | 2021-11-05 |
US20200084037A1 (en) | 2020-03-12 |
US11223477B2 (en) | 2022-01-11 |
EP3618394A4 (en) | 2020-07-01 |
KR102219008B1 (ko) | 2021-02-22 |
EP3618394A1 (en) | 2020-03-04 |
CN107979590A (zh) | 2018-05-01 |
KR20200002985A (ko) | 2020-01-08 |
EP3618394B1 (en) | 2022-03-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019085699A1 (zh) | 数据共享方法、客户端、服务器、计算设备及存储介质 | |
TWI725793B (zh) | 用於將分散識別符映射到真實世界實體的系統及方法 | |
US20200084045A1 (en) | Establishing provenance of digital assets using blockchain system | |
WO2021003980A1 (zh) | 黑名单共享方法、装置、计算机设备和存储介质 | |
US20170346802A1 (en) | Out of box experience application api integration | |
EP3537684B1 (en) | Apparatus, method, and program for managing data | |
US11917088B2 (en) | Integrating device identity into a permissioning framework of a blockchain | |
US20230108366A1 (en) | Systems for encryption using blockchain distributed ledgers | |
TW201729121A (zh) | 雲端服務伺服器及用來管理一雲端服務伺服器之方法 | |
US11314885B2 (en) | Cryptographic data entry blockchain data structure | |
KR102125042B1 (ko) | 블록체인 네트워크를 구성하는 노드 장치 및 그 노드 장치의 동작 방법 | |
WO2023207086A1 (zh) | 一种基于区块链的用户数据流转方法、装置及设备 | |
US11604784B2 (en) | Establishing decentralized identifiers for algorithms, data schemas, data sets, and algorithm execution requests | |
WO2023244993A1 (en) | Systems and methods for mitigating network congestion on blockchain networks by supporting blockchain operations through off-chain interactions | |
US20220309463A1 (en) | Systems and methods for trade partner information sharing | |
US20170373842A1 (en) | System and Method for Authenticating Public Artworks and Providing Associated Information | |
CN112766755A (zh) | 一种业务处理方法、装置、设备及介质 | |
WO2024109575A1 (en) | Method to validate ownership and authentication of a digital asset | |
WO2024021785A1 (zh) | 一种数字实体的处理方法、装置、设备、介质及程序产品 | |
US20240089105A1 (en) | Systems and methods for user control and exclusion of cryptographic tokenized data | |
US20240086549A1 (en) | Systems and methods for user characteristic determination through cryptographic tokenized data | |
KR20230118304A (ko) | 웹 토큰이 포함된 온라인 저작물 발급 및 인증 시스템 및 방법 | |
JP2020201660A (ja) | 情報処理システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18872127 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20197034696 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2018872127 Country of ref document: EP Effective date: 20191126 |
|
ENP | Entry into the national phase |
Ref document number: 2020524318 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |