WO2022151925A1 - 数据获取方法、装置、设备及存储介质 - Google Patents
数据获取方法、装置、设备及存储介质 Download PDFInfo
- Publication number
- WO2022151925A1 WO2022151925A1 PCT/CN2021/139722 CN2021139722W WO2022151925A1 WO 2022151925 A1 WO2022151925 A1 WO 2022151925A1 CN 2021139722 W CN2021139722 W CN 2021139722W WO 2022151925 A1 WO2022151925 A1 WO 2022151925A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- authorization
- user
- request
- identity
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000013475 authorization Methods 0.000 claims abstract description 289
- 238000012795 verification Methods 0.000 claims description 88
- 238000004891 communication Methods 0.000 claims description 17
- 238000005516 engineering process Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 10
- 238000013500 data storage Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Definitions
- the present disclosure generally relates to the field of blockchain technology, and more particularly, to a data acquisition method, apparatus, device, and storage medium.
- the present disclosure relates to a data acquisition method, applied to a consortium chain, which includes:
- the data invocation request carries the first distributed identity of the data authorized user and the identity of the data invocation user;
- the request result corresponding to the data calling request is encrypted, and the encrypted request result is sent to the first terminal.
- the method further includes:
- the data authorization credential is distributed to the data authorization user according to the first distributed identity.
- the data invocation request includes: the identity type of the data invocation user;
- performing identity authentication on the data invocation user corresponding to the first terminal including:
- an enterprise authentication technology is used to perform identity authentication on the data calling user.
- the data certification request includes: the identity type of the data authorized user;
- performing identity authentication on the data authorized user including:
- the identity authentication of the data authorized user is performed by using the enterprise authentication technology.
- sending a data authorization request to the second terminal corresponding to the data authorization user according to the data authorization certificate including:
- the data authorization certificate initiate the data authorization request, and use the pre-stored private key to digitally sign the data authorization request, generate authorization request verification information, and send the data authorization request to the second terminal corresponding to the data authorization user.
- the authorization request verification information described above.
- the method further includes:
- the instruction information for performing the data authorization operation is sent to the second terminal.
- the authorization request verification information includes any one of a two-dimensional code, a barcode, and a verification code
- the data invocation request further includes: a data authorization credential type
- querying the data authorization credential of the data authorization user includes:
- the first distributed identification is used to query the data authorization credential corresponding to the data authorization credential type in the data invocation request.
- the data acquisition method applied to the consortium chain also includes:
- the hash value of the identity authentication record corresponding to the identity authentication, the data authorization certificate, the data authorization request, and the data authorization record corresponding to the data authorization request is calculated by using a hash algorithm, and the hash value is calculated.
- the value is stored in the consortium chain.
- the present disclosure relates to a data acquisition method, applied to a second terminal, comprising:
- the data authorization request is: the alliance chain obtains the data call request sent by the first terminal; according to the data call request, performs identity authentication on the data call user corresponding to the first terminal; When the calling user authentication is legal, a second distributed identity identifier is allocated to the data calling user; according to the second distributed identity identifier, the first distributed identity identifier is used to query the data authorization credentials of the data authorization user and then sent, wherein the data invocation request carries the first distributed identity of the data authorized user and the identity of the data invocation user; and
- receiving the data authorization request sent by the consortium chain includes:
- the authorization operation is performed, and a data signature is performed on the authorization operation by using the pre-stored private key.
- the authorization request verification information includes any one of a two-dimensional code, a barcode, and a verification code
- call the verification function verify the verification code
- the present disclosure relates to a data acquisition device comprising:
- an acquisition module configured as a data invocation request sent by the first terminal, wherein the data invocation request carries the first distributed identity of the data authorized user and the identity of the data invocation user;
- an authentication module configured to perform identity authentication on the data invocation user corresponding to the first terminal according to the data invocation request
- an allocation module configured to allocate a second distributed identity identifier to the data invoking user when the data invoking user authentication is legal;
- a query module configured to use the first distributed identity to query the data authorization credentials of the data authorization user according to the second distributed identity
- a first sending module configured to send a data authorization request to the second terminal corresponding to the data authorization user according to the data authorization certificate
- the second sending module is configured to encrypt the request result corresponding to the data calling request after it is determined that the data authorization user determines the authorization, and send the encrypted request result to the first terminal.
- the present disclosure relates to a data acquisition device, comprising:
- the receiving module is configured to receive the data authorization request sent by the alliance chain
- the data authorization request is: the alliance chain obtains the data call request sent by the first terminal; according to the data call request, performs identity authentication on the data call user corresponding to the first terminal; When the calling user authentication is legal, a second distributed identity identifier is allocated to the data calling user; according to the second distributed identity identifier, the first distributed identity identifier is used to query the data authorization credential of the data authorization user and then sent, wherein the data invocation request carries the first distributed identity of the data authorized user and the identity of the data invocation user; and
- An authorization module configured to perform an authorization operation according to the data authorization request.
- the present disclosure relates to an electronic device comprising: a processor, a communication component, a memory and a communication bus, wherein the processor, the communication component and the memory communicate with each other through the communication bus;
- the memory is configured to store a computer program;
- the processor is configured to execute the program stored in the memory to implement the data acquisition method applied to the alliance chain described in the first aspect, or to implement the data acquisition method described in the first aspect.
- the present disclosure relates to a computer-readable storage medium, which stores a computer program, and when the computer program is executed by the processor, realizes the data acquisition method of the present disclosure applied to the alliance chain, or, realizes the application of the present disclosure to the first. Two terminal data acquisition methods.
- the method provided by the present disclosure is applied to the consortium chain, and uses the distributed characteristics of the consortium chain to avoid storing all data in a central platform; the present disclosure obtains the data calling request sent by the first terminal, according to the The data calling request is to perform identity authentication on the data calling user corresponding to the first terminal, which effectively solves the problem of illegal user intrusion.
- the calling user uses the second distributed identity as a unique identifier in the alliance chain; according to the second distributed identity, the first distributed identity carried in the data call request is used to query the data authorization credentials of the data authorization user, and according to the data Authorization certificate, send a data authorization request to the second terminal corresponding to the data authorization user, after confirming that the data authorization user confirms authorization, encrypt the request result corresponding to the data call request, and send the encrypted request result to the first terminal, valid Improved data security.
- FIG. 1 is a schematic flowchart of a data acquisition method applied to a consortium chain in an embodiment of the present disclosure
- FIG. 2 is a schematic flowchart of obtaining a data authorization certificate according to an embodiment of the disclosure
- FIG. 3 is a schematic flowchart of a data acquisition method applied to a second terminal according to an embodiment of the present disclosure
- FIG. 4 is a schematic structural diagram of a first data acquisition device in an embodiment of the disclosure.
- FIG. 5 is a schematic structural diagram of a second data acquisition apparatus according to an embodiment of the disclosure.
- FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
- the present disclosure relates to a data acquisition method, which is applied to a consortium chain.
- the implementation of the method is shown in Figure 1:
- Step 101 obtaining a data calling request sent by a first terminal
- Step 102 Perform identity authentication on the data calling user corresponding to the first terminal according to the data calling request;
- Step 103 when the authentication of the data invoking user is legal, assign a second distributed identity identifier to the data invoking user;
- Step 104 use the first distributed identity identifier to query the data authorization credential of the data authorization user;
- Step 105 sending a data authorization request to the second terminal corresponding to the data authorization user according to the data authorization certificate
- Step 106 after it is determined that the data authorization user determines the authorization, encrypt the request result corresponding to the data invocation request, and send the encrypted request result to the first terminal.
- the data invocation request carries the first distributed identity of the data authorized user and the identity of the data invocation user.
- the consortium chain is only for members of a specific group and limited third parties, and multiple pre-selected nodes are designated as bookkeepers internally, and the generation of each block is jointly determined by all the pre-selected nodes.
- a consortium chain can be established by establishing a data authorization and verification consortium chain and a distributed identity consortium chain.
- the data authorization and verification consortium chain uses For the certificate service, the distributed identity alliance chain is used for the authentication service.
- data authorization verification and distributed identity alliance chain can also be established.
- the data authorization verification and distributed identity alliance chain are used for both the certificate storage service and the identity verification service.
- the participants of the data authorization and verification consortium chain include: courts, notaries, third-party appraisal agencies, regulatory authorities, the Ministry of Education, data custodians, and other enterprises and institutions that participate in the maintenance and operation of consortium chain nodes.
- the data authorization and verification alliance chain aims to provide a decentralized blockchain hash hash evidence storage service to ensure the authorized access records of the entire life cycle of data authorized access, and the corresponding hash information can be realized. On-chain storage and on-chain verification.
- the participants of the distributed identity alliance chain include: Certificate Authority (CA), courts, notaries, third-party identification agencies, regulatory authorities, the Ministry of Education, and other enterprises and institutions that participate in the maintenance and operation of alliance chain nodes.
- CA Certificate Authority
- the distributed identity alliance chain aims to provide a decentralized mobile identity verification service.
- the applet is an application that can be used without downloading and installing, and the user can scan or search to open the application. Users don't need to worry about installing too many applications, the application is always available, but does not need to be installed and uninstalled. It can be seen that the method of using the applet is convenient and quick, and can save the memory space of the terminal for the user.
- the distributed identity consortium chain receives a data call request sent by the applet running on the first terminal.
- the data calling user logs in to the applet on the first terminal according to the identification of the data calling user, searches for the first distributed identity of the data authorized user, and initiates a data calling request.
- the distributed identity alliance chain verifies that the data calling user is legitimate, the second distributed identity on the chain is allocated to the data calling request as the unique identifier of the data calling user on the chain.
- the applet of the present disclosure is a distributed identity-based mobile applet.
- the application can be initiated at any time under the mobile Internet, so that the user is not limited by geographical or time.
- the data invocation request includes: the identity type of the data invocation user.
- the distributed identity alliance chain receives the data calling request sent by the applet running on the first terminal, and obtains the identity type of the data calling user in the data calling request, when the identity type of the data calling user is personal , using face recognition technology to authenticate the identity of the data calling user; when the identity type of the data calling user is an enterprise, the enterprise authentication technology is used to authenticate the identity of the data calling user.
- the distributed identity alliance chain judges whether there is a human face in the input face image, and if there is a human face, further gives each face location, size, and location information of each major facial organ. And based on this information, further extract the identity features contained in each face, and compare the extracted identity features with the pre-saved face features to obtain the first matching degree, when the first matching degree is greater than the first preset value.
- the data calling user authentication succeeds, otherwise, it is determined that the data calling user authentication fails.
- the distributed identity alliance chain compares the input enterprise information with the pre-stored enterprise information to obtain a second matching degree, when the second matching degree is greater than the third matching degree
- the default value is 2
- the private key signed by the data invoking user when performing the data invocation is securely stored through the key escrow service provided by the CA authority.
- the distributed identity consortium chain allocates a second distributed identity to the data invoking user when the data invoking user authentication is legal, and the data invoking user is in the distributed identity consortium chain and the data authorization and verification consortium chain,
- the second distributed identity identifier is used as the unique identifier.
- the data authorization user applies for the first distributed identity through the applet of the mobile terminal based on the distributed identity, and obtains the data authorization credential according to the first distributed identity, as shown in Figure 2:
- Step 201 obtaining the data storage request sent by the second terminal
- the data storage request carries the identifier of the data authorized user
- Step 202 performing identity authentication on the data authorized user according to the data storage certificate request
- Step 203 when the authentication of the data authorization user is legal, assign the first distributed identity identifier to the data authorization user;
- Step 204 Distribute the data authorization certificate to the data authorization user according to the first distributed identity identifier.
- the distributed identity consortium chain obtains the data certification request sent by the applet running on the second terminal.
- the data certification request includes: the identity type of the data authorized user.
- the distributed identity alliance chain obtains the identity type of the data authorized user in the data storage request, and when the identity type of the data authorized user is an individual, the identity authentication of the data authorized user is performed by using face recognition technology; When the identity type of the data authorized user is an enterprise, the enterprise authentication technology is used to authenticate the identity of the data authorized user.
- the private key of the data authorized user when performing the user authorization signature is securely stored through the key escrow service provided by the CA organization.
- the distributed identity consortium chain assigns a first distributed identity identifier to the data authorized user when the data authorization user authentication is legal, and the data authorized user is in the distributed identity consortium chain and the data authorization verification consortium chain,
- the first distributed identity identifier is used as the unique identifier.
- the data custodian in the data authorization verification consortium chain distributes the data authorization certificate to the data authorization user according to the first distributed identity identifier. At this point, the data authorization user can view the data authorization certificate in the applet.
- the data authorization and verification alliance chain respectively passes the identity authentication record and the data authorization certificate through a hash algorithm to obtain a hash value, and hashes the hash value. value storage.
- the identity authentication record is the process from which the data authorization user initiates the data storage request until the data authorization user authenticates the legality.
- the data invocation request further includes: a data authorization credential type.
- a data authorization user has at least one type of data authorization credentials.
- the distributed identity alliance chain uses the first distributed identity identifier to query the data authorization credential type in the data call request and the corresponding data authorization credential according to the second distributed identity identifier.
- taking the data authorization certificate as an academic certificate as an example company A wants to obtain the academic certificate of user B, and company A initiates a data call request in the applet, and the data call request includes: user B's academic certificate.
- Academic certificate when the distributed identity alliance chain certifies that company A is legal, a second distributed identity is assigned to company A. According to the second distributed identity, the distributed identity alliance chain uses the first distributed identity of user B to request the data authorization and verification alliance chain to query the academic certificate of user B.
- user B may only have one type of data authorization certificate, which is an academic certificate, or may have multiple types of data authorization certificates, for example, user B's degree certificate and so on.
- the distributed identity consortium chain sends a query request for querying the data authorization credentials of the data authorization user to the data authorization consortium chain after the data calling user is authenticated.
- the data authorization alliance chain returns the data authorization credentials of the data authorization user to the distributed identity alliance chain according to the query request.
- the distributed identity alliance chain initiates a data authorization request according to the data authorization certificate, and uses the pre-stored private key to digitally sign the data authorization request, generates authorization request verification information, and sends it to the applet on the second terminal corresponding to the data authorization user.
- Authorization request authentication information is a query request for querying the data authorization credentials of the data authorization user to the data authorization consortium chain after the data calling user is authenticated.
- the data authorization alliance chain returns the data authorization credentials of the data authorization user to the distributed identity alliance chain according to the query request.
- the distributed identity alliance chain initiates a data authorization request according to the data authorization certificate, and uses the pre-stored private key to digitally sign the data authorization request, generates authorization request verification information, and sends it to the apple
- the authorization request verification information includes any one of a two-dimensional code, a barcode, and a verification code.
- the distributed identity alliance chain initiates a data authorization request according to the data authorization certificate, and uses the pre-stored private key to digitally sign the data authorization request, generate a QR code, and send it to the applet on the second terminal corresponding to the data authorization user. QR code; or, the distributed identity alliance chain initiates a data authorization request according to the data authorization certificate, and uses the pre-stored private key to digitally sign the data authorization request, generate a barcode, and send it to the second terminal corresponding to the data authorization user.
- the distributed identity alliance chain initiates a data authorization request according to the data authorization certificate, and uses the pre-stored private key to digitally sign the data authorization request, generate a verification code, and send the data authorization user corresponding to the first
- the applet on the second terminal sends the verification code.
- the verification code can be in various forms such as pictures, letters or numbers.
- the present disclosure takes generating a two-dimensional code as an example for description, but is not intended to limit the protection scope of the present disclosure.
- the distributed identity alliance chain after the distributed identity alliance chain sends the authorization request verification information to the second terminal corresponding to the data authorization user, it obtains the indication information of the running verification operation returned by the applet on the second terminal, according to the running verification
- the instruction information of the operation, the first distributed identity of the verification data authorization user, and the data authorization certificate, when the verification is legal, the instruction information for performing the data authorization operation is sent to the applet on the second terminal.
- the request result corresponding to the data call request is encrypted using the public key, and the encrypted request result is sent to the applet corresponding to the first terminal.
- the hash value of the identity authentication record corresponding to the identity authentication, the data authorization credential, the data authorization request, and the data authorization record corresponding to the data authorization request are calculated respectively by using a hash algorithm, and the hash value is stored In the data authorization verification alliance chain.
- the identity authentication record is a process in which the data authorization user initiates a data storage request until the data authorization user authenticates the legality, or, the data invoking user initiates a data invocation request until the data invoking user authenticates the legal process; data authorization Record the process of initiating a data authorization request until the data authorization user determines authorization.
- the method provided by the embodiment of the present disclosure is applied to the consortium chain, and utilizes the distributed characteristics of the consortium chain to avoid storing all data in a central platform; the present disclosure obtains the data call request sent by the first terminal, and according to the data call request, The first terminal performs identity authentication for the data calling user, which effectively solves the problem of illegal user intrusion. When the data calling user authentication is legal, a second distributed identity is allocated to the data calling user, so that the data calling user is in the alliance chain.
- the second distributed identification is used as the unique identification; according to the second distributed identification, the first distributed identification carried in the data call request is used to query the data authorization credential of the data authorization user, and according to the data authorization credential, to the data
- the second terminal corresponding to the authorized user sends a data authorization request, after determining that the data authorization user determines the authorization, encrypts the request result corresponding to the data call request, and sends the encrypted request result to the first terminal, which effectively improves data security. sex.
- the present disclosure relates to a data acquisition method, the method is applied in the second terminal, and the implementation of the method is shown in FIG. 3 :
- Step 301 receiving a data authorization request sent by the alliance chain
- the data authorization request is: the alliance chain obtains the data call request sent by the first terminal; according to the data call request, performs identity authentication on the data call user corresponding to the first terminal; when the data call user authentication is legal, to the data call user Allocate a second distributed identification; according to the second distributed identification, use the first distributed identification to query the data authorization credentials of the data authorization user and send, wherein the data invocation request carries the first distributed identification of the data authorized user Identity, and the identity of the user calling the data; and
- Step 302 perform an authorization operation according to the data authorization request.
- the applet of the second terminal receives the authorization request verification information sent by the distributed identity consortium chain, verifies the authorization request verification information, and returns the indication information that the verification operation is running to the distributed identity consortium chain; Waiting to receive the instruction information for performing the data authorization operation sent by the distributed identity alliance chain, according to the instruction information for performing the data authorization operation, perform the authorization operation, and use the pre-stored private key to sign the data for the authorization operation.
- authorization records can be viewed in the applet.
- the authorization request verification information includes any one of a two-dimensional code, a barcode, and a verification code.
- the applet of the second terminal receives the authorization request sent by the distributed identity alliance chain and the verification information is a two-dimensional code
- the applet invokes the scan code function, scans the two-dimensional code, and returns the indication information of the running verification operation to the distributed identity Identity alliance chain
- the applet of the second terminal receives the authorization request verification information sent by the distributed identity alliance chain as a barcode
- the applet calls the scan code function, scans the barcode, and returns the indication information of the running verification operation to the distributed identity alliance chain.
- Identity alliance chain when the applet of the second terminal receives the authorization request verification information sent by the distributed identity alliance chain as a verification code, it calls the verification function, enters the verification code to verify the verification code, and sends the indication information that the verification operation is running. Return to the consortium chain.
- the verification code can be in various forms such as pictures, letters or numbers.
- the present disclosure relates to the first data acquisition device 4.
- the device reference may be made to the description of the data acquisition method embodiment section, and the repetition will not be repeated, as shown in FIG. 4:
- the obtaining module 401 is configured as a data invocation request sent by a first terminal, wherein the data invocation request carries the first distributed identity of the data authorized user and the identity of the data invocation user;
- the authentication module 401 is configured to perform identity authentication on the data calling user corresponding to the first terminal according to the data calling request;
- the allocation module 403 is configured to allocate a second distributed identity identifier to the data invoking user when the authentication of the data invoking user is legal;
- the query module 404 is configured to use the first distributed identity to query the data authorization credentials of the data authorization user according to the second distributed identity;
- the first sending module 405 is configured to send a data authorization request to the second terminal corresponding to the data authorization user according to the data authorization certificate;
- the second sending module 406 is configured to encrypt the request result corresponding to the data calling request after the data authorization user determines the authorization, and send the encrypted request result to the first terminal.
- the present disclosure relates to a second data acquisition device 5.
- a second data acquisition device 5 For the implementation of the device, reference may be made to the description of the embodiment of the data acquisition method, and the repeated parts will not be repeated, as shown in FIG. 5:
- a receiving module 501 configured to receive a data authorization request sent by the alliance chain
- the data authorization request is: the alliance chain obtains the data call request sent by the first terminal; according to the data call request, performs identity authentication on the data call user corresponding to the first terminal; when the data call user authentication is legal, to the data call user Allocate a second distributed identification; according to the second distributed identification, use the first distributed identification to query the data authorization credentials of the data authorization user and send, wherein the data invocation request carries the first distributed identification of the data authorized user Identity, and the identity of the user calling the data; and
- the authorization module 502 is configured to perform an authorization operation according to the data authorization request.
- the present disclosure also relates to an electronic device 6.
- the electronic device mainly includes: a processor 601, a communication component 602, a memory 603 and a communication bus 604, wherein the processor 601, the communication component 602 and the memory 603 completes the mutual communication through the communication bus 604 .
- the memory 603 stores a program that can be executed by the processor 601, and the processor 601 executes the program stored in the memory 603 to implement the following steps: acquiring a data invocation request sent by the first terminal, wherein the data invocation request carries a data authorization The first distributed identity of the user, and the identity of the data calling user; according to the data calling request, perform identity authentication on the data calling user corresponding to the first terminal; when the data calling user authentication is legal, assign a second distribution to the data calling user According to the second distributed identity, use the first distributed identity to query the data authorization certificate of the data authorization user; according to the data authorization certificate, send a data authorization request to the second terminal corresponding to the data authorization user; After the data authorization user confirms the authorization, encrypts the corresponding request result of the data call request, and sends the encrypted request result to the first terminal, or receives the data authorization request sent by the alliance chain, and performs the authorization operation according to the data authorization request.
- the communication bus 604 mentioned in the above electronic equipment may be a Peripheral Component Interconnect (PCI for short) bus or an Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA for short) bus or the like.
- PCI Peripheral Component Interconnect
- EISA Extended Industry Standard Architecture
- the communication bus 604 can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in FIG. 6, but it does not mean that there is only one bus or one type of bus.
- the communication component 602 is used for communication between the above-mentioned electronic device and other devices.
- the memory 603 may include random access memory (Random Access Memory, RAM for short), or may include non-volatile memory (non-volatile memory), at least one disk storage. In some embodiments, the memory may also be at least one storage device located remotely from the aforementioned processor 601 .
- RAM Random Access Memory
- non-volatile memory non-volatile memory
- the memory may also be at least one storage device located remotely from the aforementioned processor 601 .
- the above-mentioned processor 601 may be a general-purpose processor, including a central processing unit (Central Processing Unit, referred to as CPU), a network processor (Network Processor, referred to as NP), etc., and may also be a digital signal processor (Digital Signal Processing, referred to as DSP) ), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, and discrete hardware components.
- CPU Central Processing Unit
- NP Network Processor
- DSP Digital Signal Processing
- ASIC Application Specific Integrated Circuit
- FPGA Field-Programmable Gate Array
- the present disclosure also relates to a computer-readable storage medium in which a computer program is stored, and when the computer program runs on a computer, causes the computer to execute the data acquisition applied to the alliance chain described in the first embodiment method, or, the data acquisition method described in the second embodiment and applied to the second terminal.
- the computer may be implemented in whole or in part by software, hardware, firmware, or any combination thereof.
- software it can be implemented in whole or in part in the form of a computer program product.
- the computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on a computer, the processes or functions described in accordance with the embodiments of the present disclosure are produced in whole or in part.
- the computer can be a general purpose computer, special purpose computer, computer network, or other programmable device.
- the computer instructions may be stored on or transmitted from one computer-readable storage medium to another computer-readable storage medium, eg, from a website site, computer, server, or data center via wired (eg, Coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg infrared, microwave, etc.) means to transmit to another website site, computer, server or data center.
- the computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media.
- the available media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes, etc.), optical media (eg, DVDs), or semiconductor media (eg, solid state drives), and the like.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Claims (16)
- 数据获取方法,应用于联盟链,所述数据获取方法包括:获取第一终端发送的数据调用请求,其中,所述数据调用请求中携带数据授权用户的第一分布式身份标识,以及数据调用用户的标识;根据所述数据调用请求,对所述第一终端对应的所述数据调用用户进行身份认证;在所述数据调用用户认证合法时,向所述数据调用用户分配第二分布式身份标识;根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询所述数据授权用户的数据授权凭证;根据所述数据授权凭证,向所述数据授权用户对应的第二终端发送数据授权请求;以及在确定所述数据授权用户确定授权后,加密所述数据调用请求对应的请求结果,并将加密后的所述请求结果发送至所述第一终端。
- 如权利要求1所述的数据获取方法,其中,根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询所述数据授权用户的数据授权凭证之前,所述方法还包括:获取所述第二终端发送的数据存证请求,其中,所述数据存证请求中携带所述数据授权用户的标识;根据所述数据存证请求,对所述数据授权用户进行身份认证;在所述数据授权用户认证合法时,向所述数据授权用户分配所述第一分布式身份标识;以及根据所述第一分布式身份标识,向所述数据授权用户分发所述数据授权凭证。
- 如权利要求1或2所述的数据获取方法,其中,所述数据调用请求包括:所述数据调用用户的身份类型;根据所述数据调用请求,对所述第一终端对应的所述数据调用用户进行身份认证,包括:当所述数据调用用户的所述身份类型为个人时,利用人脸识别技术对所述数据调用用户进行身份认证;以及当所述数据调用用户的所述身份类型为企业时,利用企业认证技术对所述数据调用用户进行身份认证。
- 如权利要求2或3所述的数据获取方法,其中,所述数据存证请求中包括:所述数据授权用户的身份类型;根据所述数据存证请求,对所述数据授权用户进行身份认证,包括:当所述数据授权用户的所述身份类型为所述个人时,利用所述人脸识别技术对所述数据授权用户进行身份认证;以及当所述数据授权用户的所述身份类型为所述企业时,利用所述企业认证技术对所述数据授权用户进行身份认证。
- 如权利要求1至4中任一权利要求所述的数据获取方法,其中,根据所述数据授权凭证,向所述数据授权用户对应的第二终端发送数据授权请求,包括:根据所述数据授权凭证,发起所述数据授权请求,并利用预先存储的私钥对所述数据授权请求进行数字签名,生成授权请求验证信息,向所述数据授权用户对应的第二终端发送所述授权请求验证信息。
- 如权利要求5所述的数据获取方法,其中,所述方法还包括:获取所述第二终端返回的正在运行验证操作的指示信息;验证所述数据授权用户的所述第一分布式身份标识,以及所述数据授权凭证;以及在验证合法时,向所述第二终端发送执行数据授权操作的指示信息。
- 如权利要求5或6所述的数据获取方法,其中,所述授权请求验证信息包括二维码、条形码以及验证码中的任意一项;生成授权请求验证信息,向所述数据授权用户对应的第二终端发送所述授权请求验证信息,包括:生成所述二维码,向所述数据授权用户对应的第二终端发送所述二维码;或,生成所述条形码,向所述数据授权用户对应的第二终端发送所述条形码;或,生成所述验证码,向所述数据授权用户对应的第二终端发送所述验证码。
- 如权利要求1至7中任一权利要求所述的数据获取方法,其中, 所述数据调用请求还包括:数据授权凭证类型;以及根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询所述数据授权用户的所述数据授权凭证,包括:根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询与所述数据调用请求中的所述数据授权凭证类型,对应的所述数据授权凭证。
- 如权利要求1至8任一权利要求所述的数据获取方法,其还包括:利用哈希算法分别计算所述身份认证对应的身份认证记录、所述数据授权凭证、所述数据授权请求、以及与所述数据授权请求对应的数据授权记录的哈希值,并将所述哈希值存储在所述联盟链中。
- 数据获取方法,应用于第二终端,所述数据获取方法包括:接收联盟链发送的数据授权请求;其中,所述数据授权请求为:联盟链在获取第一终端发送的数据调用请求;根据所述数据调用请求,对所述第一终端对应的所述数据调用用户进行身份认证;在所述数据调用用户认证合法时,向所述数据调用用户分配第二分布式身份标识;根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询所述数据授权用户的数据授权凭证后发送,其中,所述数据调用请求中携带数据授权用户的第一分布式身份标识,以及数据调用用户的标识;以及根据所述数据授权请求进行授权操作。
- 如权利要求10所述的数据获取方法,其中,接收联盟链发送的数据授权请求,包括:接收所述联盟链发送的授权请求验证信息;根据所述数据授权请求进行授权操作,包括:验证所述授权请求验证信息,并将正在运行验证操作的指示信息返回给所述联盟链;接收所述联盟链发送的执行数据授权操作的指示信息;以及根据所述执行数据授权操作的指示信息,执行授权操作,并利用预先存储的私钥对所述授权操作进行数据签名。
- 如权利要求11所述的数据获取方法,其中,所述授权请求验 证信息包括二维码、条形码以及验证码中的任意一项;验证所述授权请求验证信息,并将正在运行验证操作的指示信息返回给所述联盟链,包括:调用扫码功能,扫描所述二维码,并将正在运行验证操作的指示信息返回给所述联盟链;或,调用扫码功能,扫描所述条形码,并将正在运行验证操作的指示信息返回给所述联盟链;或,调用验证功能,验证所述验证码,并将正在运行验证操作的指示信息返回给所述联盟链。
- 第一数据获取装置,其包括:获取模块,配置为第一终端发送的数据调用请求,其中,所述数据调用请求中携带数据授权用户的第一分布式身份标识,以及数据调用用户的标识;认证模块,配置为根据所述数据调用请求,对所述第一终端对应的所述数据调用用户进行身份认证;分配模块,配置为在所述数据调用用户认证合法时,向所述数据调用用户分配第二分布式身份标识;查询模块,配置为根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询所述数据授权用户的数据授权凭证;第一发送模块,配置为根据所述数据授权凭证,向所述数据授权用户对应的第二终端发送数据授权请求;以及第二发送模块,配置为在确定所述数据授权用户确定授权后,加密所述数据调用请求对应的请求结果,并将加密后的所述请求结果发送至所述第一终端。
- 第二数据获取装置,其包括:接收模块,配置为接收联盟链发送的数据授权请求;其中,所述数据授权请求为:联盟链在获取第一终端发送的数据调用请求;根据所述数据调用请求,对所述第一终端对应的所述数据调用用户进行身份认证;在所述数据调用用户认证合法时,向所述数据调用用户分配第二分布式身份标识;根据所述第二分布式身份标识,利用所述第一分布式身份标识,查询所述数据授权用户的数据授权凭证后发送,其中,所述数据调用请求中携带数据授权用户的第一分布式身份标识,以及数据调用用户的标识;以及授权模块,配置为根据所述数据授权请求进行授权操作。
- 电子设备,包括:处理器、通信组件、存储器和通信总线,其中,所述处理器、所述通信组件和所述存储器通过所述通信总线完成相互间的通信;所述存储器,配置为存储计算机程序;所述处理器,配置为执行所述存储器中所存储的程序,实现权利要求1至9中任一权利要求所述的应用于联盟链的数据获取方法,或,实现权利要求10至12中任一权利要求所述的应用于第二终端的数据获取方法。
- 计算机可读存储介质,存储有计算机程序,其中,所述计算机程序被处理器执行时实现权利要求1至9中任一权利要求所述的应用于联盟链的数据获取方法,或,实现权利要求10至12中任一权利要求所述的应用于第二终端的数据获取方法。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2023542729A JP2024503854A (ja) | 2021-01-13 | 2021-12-20 | データ取得方法、装置、機器及び記憶媒体 |
US18/261,330 US20240070253A1 (en) | 2021-01-13 | 2021-12-20 | Method and apparatus for data acquisition, device and storage medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110041858.2A CN112733121A (zh) | 2021-01-13 | 2021-01-13 | 数据获取方法、装置、设备及存储介质 |
CN202110041858.2 | 2021-01-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022151925A1 true WO2022151925A1 (zh) | 2022-07-21 |
Family
ID=75592781
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/139722 WO2022151925A1 (zh) | 2021-01-13 | 2021-12-20 | 数据获取方法、装置、设备及存储介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20240070253A1 (zh) |
JP (1) | JP2024503854A (zh) |
CN (1) | CN112733121A (zh) |
WO (1) | WO2022151925A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116800887A (zh) * | 2023-07-20 | 2023-09-22 | 咪咕音乐有限公司 | 一种视频彩铃nft播放方法、装置、设备及介质 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112733121A (zh) * | 2021-01-13 | 2021-04-30 | 京东数科海益信息科技有限公司 | 数据获取方法、装置、设备及存储介质 |
CN113271591B (zh) * | 2021-05-25 | 2022-11-22 | 广州瀚信通信科技股份有限公司 | 一种基于5g切片网络的二标四实数据加密交互方法及装置 |
CN113794716B (zh) * | 2021-09-14 | 2023-06-06 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | 一种终端设备入网认证方法、装置、设备及可读存储介质 |
CN115396170B (zh) * | 2022-08-19 | 2023-11-14 | 广东聚健康信息科技有限公司 | 一种个人健康医疗数据授权方法及系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170180128A1 (en) * | 2015-12-22 | 2017-06-22 | Gemalto Inc. | Method for managing a trusted identity |
CN109660346A (zh) * | 2019-01-16 | 2019-04-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | 信息托管方法、装置、设备及计算机存储介质 |
CN110060162A (zh) * | 2019-03-29 | 2019-07-26 | 阿里巴巴集团控股有限公司 | 基于区块链的数据授权、查询方法和装置 |
CN110070926A (zh) * | 2019-03-21 | 2019-07-30 | 深圳壹账通智能科技有限公司 | 基于区块链的数据查询方法、装置、设备及可读存储介质 |
CN111010372A (zh) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | 区块链网络身份认证系统、数据处理方法及网关设备 |
CN112733121A (zh) * | 2021-01-13 | 2021-04-30 | 京东数科海益信息科技有限公司 | 数据获取方法、装置、设备及存储介质 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109815657B (zh) * | 2018-12-14 | 2022-10-28 | 深圳壹账通智能科技有限公司 | 基于联盟链的身份认证方法、装置、计算机可读存储介质及终端设备 |
EP3723017A1 (en) * | 2019-04-08 | 2020-10-14 | Mastercard International Incorporated | Improvements relating to identity authentication and validation |
CN111680274B (zh) * | 2020-03-03 | 2022-11-22 | 支付宝(杭州)信息技术有限公司 | 资源访问方法、装置及设备 |
CN111986764B (zh) * | 2020-09-03 | 2023-08-22 | 深圳平安智慧医健科技有限公司 | 基于区块链的医疗数据分享方法、装置、终端及存储介质 |
CN111970129B (zh) * | 2020-10-21 | 2021-01-01 | 腾讯科技(深圳)有限公司 | 一种基于区块链的数据处理方法、设备以及可读存储介质 |
-
2021
- 2021-01-13 CN CN202110041858.2A patent/CN112733121A/zh active Pending
- 2021-12-20 US US18/261,330 patent/US20240070253A1/en active Pending
- 2021-12-20 JP JP2023542729A patent/JP2024503854A/ja active Pending
- 2021-12-20 WO PCT/CN2021/139722 patent/WO2022151925A1/zh active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170180128A1 (en) * | 2015-12-22 | 2017-06-22 | Gemalto Inc. | Method for managing a trusted identity |
CN109660346A (zh) * | 2019-01-16 | 2019-04-19 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | 信息托管方法、装置、设备及计算机存储介质 |
CN110070926A (zh) * | 2019-03-21 | 2019-07-30 | 深圳壹账通智能科技有限公司 | 基于区块链的数据查询方法、装置、设备及可读存储介质 |
CN110060162A (zh) * | 2019-03-29 | 2019-07-26 | 阿里巴巴集团控股有限公司 | 基于区块链的数据授权、查询方法和装置 |
CN111010372A (zh) * | 2019-11-20 | 2020-04-14 | 国家信息中心 | 区块链网络身份认证系统、数据处理方法及网关设备 |
CN112733121A (zh) * | 2021-01-13 | 2021-04-30 | 京东数科海益信息科技有限公司 | 数据获取方法、装置、设备及存储介质 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116800887A (zh) * | 2023-07-20 | 2023-09-22 | 咪咕音乐有限公司 | 一种视频彩铃nft播放方法、装置、设备及介质 |
Also Published As
Publication number | Publication date |
---|---|
JP2024503854A (ja) | 2024-01-29 |
CN112733121A (zh) | 2021-04-30 |
US20240070253A1 (en) | 2024-02-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022151925A1 (zh) | 数据获取方法、装置、设备及存储介质 | |
JP7181539B2 (ja) | 利用者識別認証データを管理する方法および装置 | |
US10771459B2 (en) | Terminal apparatus, server apparatus, blockchain and method for FIDO universal authentication using the same | |
Almadhoun et al. | A user authentication scheme of IoT devices using blockchain-enabled fog nodes | |
CN108768988B (zh) | 区块链访问控制方法、设备及计算机可读存储介质 | |
EP3550783B1 (en) | Internet of things device burning verification method and apparatus | |
US11770261B2 (en) | Digital credentials for user device authentication | |
WO2022262078A1 (zh) | 基于零信任安全的访问控制方法、设备及存储介质 | |
WO2020062668A1 (zh) | 一种身份认证方法、身份认证装置及计算机可读介质 | |
CN109274652B (zh) | 身份信息验证系统、方法及装置及计算机存储介质 | |
US8438385B2 (en) | Method and apparatus for identity verification | |
WO2016177052A1 (zh) | 一种用户认证方法和装置 | |
WO2018219056A1 (zh) | 鉴权方法、装置、系统和存储介质 | |
US20090290715A1 (en) | Security architecture for peer-to-peer storage system | |
WO2013056674A1 (zh) | 第三方应用的集中式安全管理方法和系统及相应通信系统 | |
KR102189554B1 (ko) | 단말 장치, 서버 장치 및 블록체인을 이용한 fido 범용 인증 방법 | |
WO2020062667A1 (zh) | 数据资产管理方法、数据资产管理装置及计算机可读介质 | |
CN112995144A (zh) | 文件处理方法、系统、可读存储介质及电子设备 | |
US20190311100A1 (en) | System and methods for securing security processes with biometric data | |
JP2020535530A (ja) | リソース処理方法、装置、システムおよびコンピュータ読み取り可能な媒体 | |
JP2015039141A (ja) | 証明書発行要求生成プログラム、証明書発行要求生成装置、証明書発行要求生成システム、証明書発行要求生成方法、証明書発行装置および認証方法 | |
CN108449348A (zh) | 一种支持用户身份隐私保护的在线认证系统及方法 | |
CN113395289A (zh) | 一种认证方法、装置、电子设备及存储介质 | |
CN116506118A (zh) | 一种pki证书透明化服务中身份隐私性保护方法 | |
JP2024501326A (ja) | アクセス制御方法、装置、ネットワーク側機器、端末及びブロックチェーンノード |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21919112 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18261330 Country of ref document: US Ref document number: 2023542729 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11202305377U Country of ref document: SG |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21919112 Country of ref document: EP Kind code of ref document: A1 |