CN107622210A

CN107622210A - Authentication and the data query method and system of authorisation verification

Info

Publication number: CN107622210A
Application number: CN201710865868.1A
Authority: CN
Inventors: 温峰泰
Original assignee: Tianyi Science And Technology Financial Services Ltd By Share Ltd
Current assignee: Tianyi Science And Technology Financial Services Ltd By Share Ltd
Priority date: 2017-09-22
Filing date: 2017-09-22
Publication date: 2018-01-23
Anticipated expiration: 2037-09-22
Also published as: CN107622210B

Abstract

The present invention provides the data query method and system of a kind of authentication and authorisation verification.The data query method of the authentication and authorisation verification includes：The authorization requests that reception data owner sends；The identity of the data owner is authenticated；After the identity of the data owner is by certification, according to the authorization requests of the data owner, authorisation verification is generated；The authorisation verification of generation is sent to the data owner so that the authorisation verification of the generation is supplied to data-requirements side by the data owner；Receive the authorisation verification that the data-requirements side provides；Whether the authorisation verification that data-requirements side described in certification provides is effective；When the authorisation verification that the data-requirements side provides is effective, according to the authorisation verification of data-requirements side offer, the data needed for the data-requirements side is calculated；The data is sent to the data-requirements side.The present invention can obtain more real data, make the inquiry of data more efficiently, more intelligent.

Description

Authentication and the data query method and system of authorisation verification

Technical field

The present invention relates to information transmission technique field, more particularly to the data check side of a kind of authentication and authorisation verification Method and system.

Background technology

In prior art, data inquiry with examination ＆ verification majority be by the way of direct audit document original, and Data is directly provided to data-requirements side by data owner.This information transmission means is less efficient, and from authorization query to Transmission file is adopted manually, and it is not convenient enough to operate, also not intelligent enough.In addition, directly carried by data owner The data of confession so, is then brought using puzzlement there is also false situation to data-requirements person.

The content of the invention

In view of the foregoing, it is necessary to which the data query method and system of a kind of authentication and authorisation verification, energy are provided More real data is got, makes the inquiry of data more efficiently, it is also more intelligent.

A kind of authentication and the Information Referral System of authorisation verification, applied to data provider, the authentication and The Information Referral System of authorisation verification communicates with data owner and data-requirements side, the authentication and authorisation verification it Information Referral System includes：

Receiving module, the authorization requests sent for receiving the data owner；

Authentication module, for being authenticated to the identity of the data owner；

Authorisation verification generation module, for after the identity of the data owner is by certification, being gathered around according to the data The authorization requests for the person of having, generate authorisation verification；

Sending module, for the authorisation verification of generation to be sent into the data owner so that the data owner will The authorisation verification of the generation is supplied to the data-requirements side；

The receiving module, it is additionally operable to receive the authorisation verification that the data-requirements side provides；

Whether authorisation verification authentication module, the authorisation verification provided for data-requirements side described in certification are effective；

Authorisation verification computing module, when the authorisation verification for being provided when the data-requirements side is effective, according to the money Expect the authorisation verification that party in request provides, calculate the data needed for the data-requirements side；And

The sending module, it is additionally operable to the data being sent to the data-requirements side.

According to the preferred embodiment of the present invention, the authorisation verification authentication module is specifically used for：

The authorisation verification that the data-requirements side is provided and the mandate for being sent to the data owner prestored Proof is matched；

When the authorisation verification that the data-requirements side provides and the mandate for being sent to the data owner prestored When proving that information matches completely, confirm that the authorisation verification that the data-requirements side provides is effective；Or

When the authorisation verification that the data-requirements side provides and the mandate for being sent to the data owner prestored When proving information Incomplete matching, confirm that the authorisation verification that the data-requirements side provides is invalid.

According to the preferred embodiment of the present invention, the Information Referral System of the authentication and authorisation verification includes data bank, Store the capsule information project related to user in every field in the data bank, the data item include following one kind or The a variety of combination of person：Account book, deposit amount and the proposition amount of money, exchange hour, remaining sum, transaction record, asset data, debt number According to, medical record data, credit data, academic data.

According to the preferred embodiment of the present invention, the authorisation verification generation module is specifically used for：

The scope of authority is determined according to the authorization requests, and archives and one group and the shelves are generated according to the scope of authority Token Token corresponding to case, by the archives storage in the data bank；Or

The scope of authority is determined according to the authorization requests, and a digital publishing rights archives are generated according to the scope of authority.

When the authorisation verification that the data-requirements side provides is Token, in the Token that the data-requirements side is provided Information matched with the information being sent in the Token of the data owner prestored；When the data-requirements Information in the Token just provided matches completely with the information being sent in the Token of the data owner prestored When, determine that the Token that the data-requirements side provides is effective；When the information in the Token that the data-requirements side provides and in advance During the INFORMATION OF INCOMPLETE being sent in the Token of the data owner matching first stored, determine that the data-requirements side carries The Token of confession is invalid；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, decrypts the data-requirements side and provide Digital publishing rights archives, the stamped signature of the digital publishing rights archives after being decrypted, and verify decryption after the digital publishing rights The stamped signature of archives whether be the data provider stamped signature；The stamped signature of the digital publishing rights archives after decryption is institute When stating the stamped signature of data provider, determine that the digital publishing rights archives that the data-requirements side provides are effective；After the decryption When the stamped signature of the digital publishing rights archives is not the stamped signature of the data provider, the numeral that the data-requirements side provides is determined Copyright file is invalid.

According to the preferred embodiment of the present invention, the authorisation verification computing module is specifically used for：

When the data-requirements side provide authorisation verification be Token when, by the data bank with the data-requirements The Token just provided the query context data corresponding with condition is defined as the data needed for the data-requirements side；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, generation corresponds to the data-requirements The query context and condition of the digital publishing rights archives just provided, and looked into according to the query context of the digital publishing rights archives with condition Ask the data needed for the data-requirements side.

According to the preferred embodiment of the present invention, the receiving module is additionally operable to：

Receive the Query Information of the data-requirements side；And

The authorisation verification computing module, it is additionally operable to when the authorisation verification of data-requirements side offer is effective, according to The authorisation verification and the Query Information that the data-requirements side provides, calculate the data needed for the data-requirements side.

When the authorisation verification that the data-requirements side provides is Token, inquiry and the data in the data bank Query context and condition corresponding to the Token that party in request provides, and provided according to the Query Information in the data-requirements side Token corresponding to query context with being retrieved in condition, obtain the document of retrieval；

The sending module, for the document of the retrieval to be sent into the data-requirements side；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, according to the Query Information described Retrieved in the query context and condition of the digital publishing rights archives that data-requirements side provides, obtain the document of retrieval；

The sending module, for the document of the retrieval to be sent into the data-requirements side.

According to the preferred embodiment of the present invention, the authorisation verification includes the combination of following one or more：

The proof of identification of the data owner, the title of the data owner, the identity card of the data provider The title of bright, described data provider, the proof of identification of the data-requirements side, the title of the data-requirements side, mandate model Foxing part, the scope of authority condition include following one or more：Valid period, the maximum times of inquiry, inquiry subject Time point, inquiry subject.

A kind of authentication and the data query method of authorisation verification, methods described include：

Receive the authorization requests that the data owner sends；

The identity of the data owner is authenticated；

After the identity of the data owner is by certification, according to the authorization requests of the data owner, generation is awarded Warrant is bright；

The authorisation verification of generation is sent to the data owner so that data owner the awarding the generation Warrant is bright to be supplied to the data-requirements side；

Receive the authorisation verification that the data-requirements side provides；

Whether the authorisation verification that data-requirements side described in certification provides is effective；

When the authorisation verification that the data-requirements side provides is effective, according to the warrant of data-requirements side offer It is bright, calculate the data needed for the data-requirements side；And

The data is sent to the data-requirements side.

According to the preferred embodiment of the present invention, whether the authorisation verification that data-requirements side described in the certification provides effectively wraps Include：

It is described after the identity of the data owner is by certification according to the preferred embodiment of the present invention, according to the money Expect the authorization requests of owner, generation authorisation verification includes：

According to the preferred embodiment of the present invention, whether the authorisation verification that data-requirements side described in the certification provides is effectively specific Including：

It is described when the authorisation verification of data-requirements side offer is effective according to the preferred embodiment of the present invention, according to institute The authorisation verification of data-requirements side's offer is stated, calculating the data needed for the data-requirements side includes：

According to the preferred embodiment of the present invention, methods described also includes：

Receive the Query Information of the data-requirements side；And

When the authorisation verification that the data-requirements side provides is effective, according to the authorisation verification of data-requirements side offer And the Query Information, calculate the data needed for the data-requirements side.

When the authorisation verification that the data-requirements side provides is Token, inquiry and the data in the data bank Query context and condition corresponding to the Token that party in request provides, and provided according to the Query Information in the data-requirements side Token corresponding to query context with being retrieved in condition, obtain the document of retrieval, the document of the retrieval be sent to institute State data-requirements side；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, according to the Query Information described Retrieved in the query context and condition of the digital publishing rights archives that data-requirements side provides, obtain the document of retrieval, by described in The document of retrieval is sent to the data-requirements side.

A kind of electronic installation, the electronic installation include memory and processor, and the memory is used to store at least one Individual instruction, the processor are used to perform the computer program that stores in the memory to realize the authentication and mandate The data query method of proof.

A kind of computer-readable recording medium, the computer-readable recording medium storage has at least one instruction, described The data query method of the authentication and authorisation verification is realized at least one instruction when being executed by processor.

As can be seen from the above technical solutions, the authorization requests that reception data owner of the present invention sends；To the data The identity of owner is authenticated；After the identity of the data owner is by certification, according to awarding for the data owner Power request, generates authorisation verification；The authorisation verification of generation is sent to the data owner so that the data owner will The authorisation verification of the generation is supplied to data-requirements side；Receive the authorisation verification that the data-requirements side provides；Described in certification Whether the authorisation verification that data-requirements side provides is effective；When the authorisation verification that the data-requirements side provides is effective, according to institute The authorisation verification of data-requirements side's offer is provided, calculates the data needed for the data-requirements side；The data is sent to institute State data-requirements side.More real data can be obtained using the present invention, makes the inquiry of data more efficiently, it is more intelligent.

Brief description of the drawings

Fig. 1 is that the application environment of the better embodiment of the data query method of authentication of the present invention and authorisation verification is shown It is intended to.

Fig. 2 is the functional module of the better embodiment of the Information Referral System of authentication of the present invention and authorisation verification Figure.

Fig. 3 is the flow chart of the better embodiment of the data query method of authentication of the present invention and authorisation verification.

Fig. 4 is the preferable implementation that the Information Referral System of authentication of the present invention and authorisation verification interacts with data owner The schematic diagram of mode.

Fig. 5 is the preferable implementation that the Information Referral System of authentication of the present invention and authorisation verification interacts with data-requirements side The schematic diagram of mode.

Fig. 6 be the present invention using Token as authorisation verification authentication and authorisation verification data query method it is preferable The flow chart of embodiment.

Fig. 7 is the present invention using Token as the authentication of authorisation verification and the Information Referral System of authorisation verification and data The schematic diagram of the better embodiment of owner's interaction.

Fig. 8 is the present invention using Token as the authentication of authorisation verification and the Information Referral System of authorisation verification and data The schematic diagram of the better embodiment of party in request's interaction.

Fig. 9 is the present invention using digital publishing rights archives as the authentication of authorisation verification and the data query method of authorisation verification Better embodiment flow chart.

Figure 10 is the present invention using digital publishing rights archives as the authentication of authorisation verification and the data check system of authorisation verification The schematic diagram for the better embodiment interacted with data owner of uniting.

Figure 11 is the present invention using digital publishing rights archives as the authentication of authorisation verification and the data check system of authorisation verification The schematic diagram for the better embodiment interacted with data-requirements side of uniting.

Figure 12 is the present invention using Token as authorisation verification and receives the authentication of Query Information and the data of authorisation verification The flow chart of the better embodiment of querying method.

Figure 13 is the present invention using Token as authorisation verification and receives the authentication of Query Information and the data of authorisation verification The schematic diagram for the better embodiment that inquiry system interacts with data owner.

Figure 14 is the present invention using Token as authorisation verification and receives the authentication of Query Information and the data of authorisation verification The schematic diagram for the better embodiment that inquiry system interacts with data-requirements side.

Figure 15 is the present invention using digital publishing rights archives as authorisation verification and receives authentication and the warrant of Query Information The flow chart of the better embodiment of bright data query method.

Figure 16 is the present invention using digital publishing rights archives as authorisation verification and receives authentication and the warrant of Query Information The schematic diagram for the better embodiment that bright Information Referral System interacts with data owner.

Figure 17 is the present invention using digital publishing rights archives as authorisation verification and receives authentication and the warrant of Query Information The schematic diagram for the better embodiment that bright Information Referral System interacts with data-requirements side.

Embodiment

As shown in fig.1, it is authentication of the present invention and the data check of the authentication of authorisation verification and authorisation verification The application environment schematic diagram of the better embodiment of method.In at least one embodiment of the present invention, the authentication and The Information Referral System 10 of authorisation verification is applied to data provider 11, the data provider 11 respectively with data owner 2 And data-requirements side 3 communicates.

In at least one embodiment of the present invention, the data provider 11 is used to manage the data owner's 2 Data, the data provider 11 include, but are not limited to：Accounting, bank, financial institution, upstream accounts receivable manufacturer, affairs of household registration's thing Be engaged in institute, hospital, supplier, Xue Yan mechanisms etc., and the present invention is not limited to the identity of the data provider 11.

In at least one embodiment of the present invention, the data owner 2 is used to provide data, the data owner 2 include, but are not limited to：Enterprise, legal person or individual etc..

In at least one embodiment of the present invention, the data-requirements side 3 is the side for needing data, and the data needs The side of asking 3 includes, but are not limited to：Accounting, bank, financial institution, hospital, supplier, Xue Yan mechanisms, regulator etc..

In at least one embodiment of the present invention, the data provider 11 is used for according to the data owner's 2 Authorization requests provide authorisation verification, and according to the authorisation verification of the data-requirements side 3 offer and looking into for the data-requirements side 3 Information is ask to authorize the data-requirements side 3 to carry out the inquiry of data.

The Information Referral System 10 of the data bank 13 and the authentication and authorisation verification is communicatively coupled.It is described Data bank 13 stores capsule information project related to user in each application field.In the present embodiment, the data bank The data item that the 13 storage data owners 2 provide, so that the money is inquired about according to authorisation verification by the data-requirements side 3 Expect the data in storehouse 13.The data item includes：Account book, deposit and the proposition amount of money, exchange hour, remaining sum, other transaction notes Record etc..In different application fields, the data item can also include assets, debt, case history, credit, educational background etc..The money Material storehouse 13 also stores data that the data provider 11 generates etc..

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification can be with Run in computer installation, the computer installation is a kind of can to enter line number automatically according to the instruction for being previously set or storing Value calculates and/or the equipment of information processing, its hardware include but is not limited to microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), digital processing unit (Digital Signal Processor, DSP), embedded device etc..The computer Device includes but is not limited to single network server, the server group of multiple webservers composition or based on cloud computing (Cloud Computing the cloud being made up of a large amount of main frames or the webserver), wherein, cloud computing is one kind of Distributed Calculation, by one One super virtual computer of the computer collection composition of group's loose couplings.

As shown in fig.2, it is the better embodiment of the Information Referral System of authentication of the present invention and authorisation verification Functional block diagram.In the present embodiment, the Information Referral System 10 of the authentication and authorisation verification can be divided into One or more modules.For example, the Information Referral System 10 of the authentication and authorisation verification is divided into receiving module 101st, authorisation verification authentication module 102, authorisation verification generation module 103, sending module 104, authorisation verification computing module 105 and Authentication module 106.Detailed functions on each module Fig. 3 will be described specifically into Figure 17 later.

As shown in fig.3, it is the better embodiment of the data query method of authentication of the present invention and authorisation verification Flow chart.According to different demands, the order of step can change in the flow chart, and some steps can be omitted or merged.

Step S10, receiving module 101 receive the authorization requests that the data owner 2 sends.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data owner 2.

In at least one embodiment of the present invention, the authorization requests include the combination of following one or more： The proof of identification of the data owner 2, the title of the data owner 2, the proof of identification of the data-requirements side 3, institute State title, scope of authority condition of data-requirements side 3 etc..

The scope of authority condition includes following one or more kinds of combination：Inquiry (data-requirements side 3), inquiry have During effect, maximum times, inquiry subject, inquiry section purpose time point etc. can be inquired about.

In at least one embodiment of the present invention, the data-requirements side 3 communicates to connect with the data provider 11.

Step S11, authentication module 106 are authenticated to the identity of the data owner 2.

In at least one embodiment of the present invention, the data owner 2 is sending the authorization requests to the body It is while part authentication module 106, the title one of the proof of identification of the data owner 2 and the data owner 2 is concurrent Give the authentication module 106.

In at least one embodiment of the present invention, the authentication module 106 prestores at least one user's Proof of identification and the title of at least one user, for being authenticated to the identity of different user.

In at least one embodiment of the present invention, the authentication module 106 is obtaining the data owner 2 Proof of identification and the data owner 2 title after, the proof of identification of the data owner 2 and the data are possessed The title progress of the proof of identification and at least one user of the title of person 2 and at least one user prestored Match somebody with somebody.When the proof of identification of the data owner 2 and the title of the data owner 2 are described at least one with prestoring During the success of the name-matches of the proof of identification of user and at least one user, the authentication module 106 confirms described The identity of data owner 2 is effective；When the proof of identification of the data owner 2 and the title of the data owner 2 and in advance When the proof of identification of at least one user first stored and the name-matches of at least one user fail, the identity Authentication module 106 confirms that the identity of the data owner 2 is invalid.

Step S12, after the identity of the data owner 2 is by certification, authorisation verification generation module 103 is according to described The authorization requests of data owner 2, generate authorisation verification.

In at least one embodiment of the present invention, manager of the data provider 11 as data, institute is being confirmed State data owner 2 identity it is effective after, according to the authorization requests of the data owner 2 generate authorisation verification.

In at least one embodiment of the present invention, the mandate clear proof is corresponding with the authorization requests, the mandate Prove that generation module 103 determines the scope of authority according to the content of the authorization requests.

In at least one embodiment of the present invention, the authorisation verification includes the combination of following one or more：

The proof of identification of the data owner 2, the title of the data owner 2, the body of the data provider 11 Part proof, the title of the data provider 11, the proof of identification of the data-requirements side 3, the name of the data-requirements side 3 Title, scope of authority condition etc..

In at least one embodiment of the present invention, the authorisation verification generation module 103 is according to the data owner 2 Authorization requests, generation authorisation verification include following two modes：

(1) the authorisation verification generation module 103 determines the scope of authority according to the authorization requests, and according to the mandate Scope generates archives and one group of token Token corresponding with the archives, by the archives storage in the data bank 13.

(2) the authorisation verification generation module 103 determines the scope of authority according to the authorization requests, and according to the mandate Scope generates digital publishing rights (Digital Rights) archives.

The token Token is a kind of token for being used to carry out authentication.Different Token corresponds to different data Operation.

The processing mode of the digital publishing rights archives includes carrying out data provider's 11 to the data of scope of authority content Stamped signature encryption, and additional usage rule, so, only pre-set user can be according to described using rule, and passes through password The data is unlocked, to use the data.

Certainly, in other embodiments, the authorisation verification generation module 103 is according to the mandate of the data owner 2 Request generation authorisation verification can also take other modes, and the present invention is not limited to the mode for generating the authorisation verification.

The authorisation verification of generation is sent to the data owner 2 so that the data by step S13, sending module 104 The authorisation verification of the generation is supplied to the data-requirements side 3 by owner 2.

In at least one embodiment of the present invention, the authorisation verification of the generation is carried for the data owner 2 The mode for supplying the data-requirements side 3 is not limited.Such as：The data owner 2 can use mail, social software, The authorisation verification of the generation is supplied to the data-requirements side 3 by the modes such as e-file.

Step S14, the receiving module 101 receive the authorisation verification that the data-requirements side 3 provides.

In at least one embodiment of the present invention, the authorisation verification of the generation is sent in the sending module 104 After the data owner 2, the data owner 2 receives the authorisation verification of the generation, and by the mandate of the generation Proof is supplied to the data-requirements side 3.The authorisation verification of the generation is sent to the data and carried by the data-requirements side 3 Donor 11, the data provider 11 receive the authorisation verification of the offer of data-requirements side 3 by the receiving module 101.

In at least one embodiment of the present invention, the receiving module 101 is additionally operable to receive the data-requirements side 3 Query Information.

In at least one embodiment of the present invention, the Query Information, which includes the data-requirements side 3, needs to be looked into Ask the scope authorized and content etc..

Step S15, whether the authorisation verification that data-requirements side 3 described in the certification of authorisation verification authentication module 102 provides Effectively.

In at least one embodiment of the present invention, the authorisation verification authentication module 102 is according to the data-requirements side 3 The validity for the authorisation verification that data-requirements side 3 described in the validation of information provided in the authorisation verification of offer provides.

In at least one embodiment of the present invention, the authorisation verification authentication module 102 carries the data-requirements side 3 The authorisation verification of confession is matched with the authorisation verification for being sent to the data owner 2 prestored.When the data needs When the authorisation verification that the side of asking 3 provides matches completely with the authorisation verification information for being sent to the data owner 2 prestored, The authorisation verification authentication module 102 confirms that the authorisation verification that the data-requirements side 3 provides is effective；When the data-requirements side When 3 authorisation verifications provided match with the authorisation verification INFORMATION OF INCOMPLETE for being sent to the data owner 2 prestored, institute It is invalid to state the authorisation verification that authorisation verification authentication module 102 confirms that the data-requirements side 3 provides.

Specifically, the difference for the authorisation verification that the authorisation verification authentication module 102 provides according to the data-requirements side 3 Form, the validity of the authorisation verification provided with following two concrete mode the data-requirements side 3 are authenticated：

(1) when the authorisation verification that the data-requirements side 3 provides is Token, the authorisation verification authentication module 102 will Information in the Token that the data-requirements side 3 provides is sent in the Token of the data owner 2 with what is prestored Information matched；When the information in the Token that the data-requirements side 3 provides is sent to the data with what is prestored When information in the Token of owner 2 matches completely, the authorisation verification authentication module 102 determines that the data-requirements side 3 carries The Token of confession is effective；When the information in the Token that the data-requirements side 3 provides is sent to the data with what is prestored When INFORMATION OF INCOMPLETE in the Token of owner matches, the authorisation verification authentication module 102 determines the data-requirements side 3 The Token of offer is invalid.

Such as：The authorisation verification authentication module 102 confirms that token Token corresponds in data bank 13, the token Inquiry representated by Token whether be data-requirements side 3, query time whether the inquiry valid period, inquiry times whether Maximum times etc. can be inquired about by exceeding.

(2) when the authorisation verification that the data-requirements side 3 provides is digital publishing rights archives, the authorisation verification certification mould Block 102 decrypts the digital publishing rights archives that the data-requirements side 3 provides, the label of the digital publishing rights archives after being decrypted Chapter, and verify decryption after the digital publishing rights archives stamped signature whether be the data provider 11 stamped signature.When the solution When the stamped signature of the digital publishing rights archives after close is the stamped signature of the data provider 11, the authorisation verification authentication module 102 determine that the digital publishing rights archives that the data-requirements side 3 provides are effective；Digital publishing rights archives after the decryption When stamped signature is not the stamped signature of the data provider 11, the authorisation verification authentication module 102 determines that the data-requirements side 3 carries The digital publishing rights archives of confession are invalid.

Such as：The authorisation verification authentication module 102 confirms in the digital publishing rights archives whether inquiry is data-requirements Side 3, query time whether inquiry the valid period, inquiry times whether exceed can inquire about maximum times etc..

Step S16, when the authorisation verification that the data-requirements side 3 provides is effective, the basis of authorisation verification computing module 105 The authorisation verification that the data-requirements side 3 provides, calculates the data needed for the data-requirements side 3.

In at least one embodiment of the present invention, the authorisation verification computing module 105 is according to the data-requirements side 3 The authorisation verification of offer, calculating the data needed for the data-requirements side 3 includes：

(1) when the authorisation verification that the data-requirements side 3 provides is Token, the authorisation verification computing module 105 According to query context and condition corresponding with the Token that the data-requirements side 3 provides in the data bank 13, inquire about required Data.

(2) when the authorisation verification that the data-requirements side 3 provides is digital publishing rights archives, the authorisation verification computing mould Block 105 produces the query context and condition for corresponding to the digital publishing rights archives that the data-requirements side 3 provides, and according to the number Data needed for the query context and condition query of word copyright file.

Certainly, in other embodiments, the authorisation verification computing module 105 can also take other modes according to The authorisation verification that data-requirements side 3 provides calculates the data needed for the data-requirements side 3, and this is not restricted by the present invention.

The data is sent to the data-requirements side 3 by step S17, the sending module 104.

In at least one embodiment of the present invention, when the receiving module 101 provides in the reception data-requirements side 3 Authorisation verification while, also have received the Query Information of the data-requirements side 3, and the awarding of providing of the data-requirements side 3 When warrant is bright effective, authorisation verification that the authorisation verification computing module 105 provides according to the data-requirements side 3 and described look into Information is ask, calculates the data needed for the data-requirements side 3.

Specifically, the Information Referral System 10 of the authentication and authorisation verification also performs following steps：

(1) when the authorisation verification that the data-requirements side 3 provides be Token, in the described data bank 13 inquiry and Query context and condition corresponding to the Token that the data-requirements side 3 provides, and according to the Query Information in the data need Query context corresponding to the Token that the side of asking 3 provides obtains the document of retrieval, and by the retrieval with being retrieved in condition Document is sent to the data-requirements side 3.

(2) when the authorisation verification that the data-requirements side 3 provides is digital publishing rights archives, existed according to the Query Information The query context for the digital publishing rights archives that the data-requirements side 3 provides is retrieved with condition, obtains the document of retrieval, and will The document of the retrieval is sent to the data-requirements side 3.

As shown in fig.4, it is that the Information Referral System of authentication of the present invention and authorisation verification interacts with data owner Better embodiment schematic diagram.According to different demands, the order of step can change in the flow chart, and some steps can be with Omit or merge.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data owner 2.The authentication and authorisation verification Information Referral System 10 during being interacted with the data owner 2, perform step S10, S11, S12 and S13.Connect Receive module 101 and receive the authorization requests that the data owner 2 sends, authentication module 106 is to the data owner's 2 Identity is authenticated.After the identity of the data owner 2 is by certification, authorisation verification generation module 103 is according to the money Expect the authorization requests of owner 2, generate authorisation verification.The authorisation verification of generation is sent to the data and gathered around by sending module 104 The person of having 2 is so that the authorisation verification of the generation is supplied to the data-requirements side 3 by the data owner 2.

As shown in fig.5, it is that the Information Referral System of authentication of the present invention and authorisation verification interacts with data-requirements side Better embodiment schematic diagram.According to different demands, the order of step can change in the flow chart, and some steps can be with Omit or merge.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data-requirements side 3.The authentication and authorisation verification Information Referral System 10 during being interacted with the data-requirements side 3, perform step S14, S15, S16 and S17.Connect Receive module 101 and receive the authorisation verification that the data-requirements side 3 provides, data needs described in the certification of authorisation verification authentication module 102 Whether the authorisation verification that the side of asking 3 provides is effective, when the authorisation verification that the data-requirements side 3 provides is effective, authorisation verification fortune The authorisation verification that module 105 provides according to the data-requirements side 3 is calculated, calculates the data needed for the data-requirements side 3, is sent out Send module 104 that the data is sent into the data-requirements side.

As shown in fig.6, be the present invention using Token as the authentication of authorisation verification and the data check side of authorisation verification The flow chart of the better embodiment of method.According to different demands, the order of step can change in the flow chart, and some steps can To omit or merge.

Step S20, the receiving module 101 receive the authorization requests that the data owner 2 sends.

Step S21, the authentication module 106 are authenticated to the identity of the data owner 2.

Step S22, after the identity of the data owner 2 is by certification, the basis of authorisation verification generation module 103 The authorization requests determine the scope of authority, and generate archives and one group of token corresponding with the archives according to the scope of authority Token, by the archives storage in the data bank 13.

In at least one embodiment of the present invention, the archives include the authentication and the data of authorisation verification is looked into Inquiry system 10 is available for institute according to what the application range of the authorisation verification and querying condition etc. obtained at the data owner 2 State the data that data-requirements side 3 is inquired about.

In at least one embodiment of the present invention, the data bank 13 stores the query context of the data owner 2 With condition, and mandate data of the generation of the data provider 11 etc..

In at least one embodiment of the present invention, the Token of generation is unique, that is to say, that in a sub-authorization mistake Cheng Zhong, produce one group of unique Token.

The Token of generation is sent to the data owner 2 so that the data by step S23, the sending module 104 The Token of the generation is supplied to the data-requirements side 3 by owner 2.

Step S24, the receiving module 101 receive the Token that the data-requirements side 3 provides.

Whether step S25, the Token that data-requirements side 3 described in the certification of authorisation verification authentication module 102 provides have Effect.

In at least one embodiment of the present invention, the authorisation verification authentication module 102 carries the data-requirements side 3 Information in the Token of confession is matched with the information being sent in the Token of the data owner 2 prestored；When Information in the Token that the data-requirements side 3 provides is sent in the Token of the data owner 2 with what is prestored Information when matching completely, the authorisation verification authentication module 102 determines that the Token that the data-requirements side provides is effective；When Information in the Token that the data-requirements side 3 provides is sent in the Token of the data owner with what is prestored When INFORMATION OF INCOMPLETE matches, the authorisation verification authentication module 102 determines that the Token that the data-requirements side provides is invalid.

In at least one embodiment of the present invention, it is necessary to illustrate, when the authorisation verification authentication module 102 confirms When the Token that the data-requirements side provides is invalid, this inquiry is terminated.

Step S26, when the Token that the data-requirements side 3 provides is effective, the authorisation verification computing module 105 will The data that the Token provided in the data bank 13 with the data-requirements side 3 query context is corresponding with condition is defined as Data needed for the data-requirements side 3.

The data is sent to the data-requirements side 3 by step S27, the sending module 104.

As shown in fig.7, be the present invention using Token as the authentication of authorisation verification and the data check system of authorisation verification The schematic diagram for the better embodiment interacted with data owner of uniting.According to different demands, the order of step can in the flow chart To change, some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data owner 2.The authentication and authorisation verification Information Referral System 10 during being interacted with the data owner 2, perform step S20, S21, S22 and S23.That is institute State receiving module 101 and receive the authorization requests that the data owner 2 sends, the authentication module 106 is to the data The identity of owner 2 is authenticated.After the identity of the data owner 2 is by certification, the authorisation verification generation module 103 determine the scope of authority according to the authorization requests, and generate archives and one group and the archives pair according to the scope of authority The token Token answered, by the archives storage in described data bank 13.The sending module 104 sends out the Token of generation The data owner 2 is given so that the Token of the generation is supplied to the data-requirements side 3 by the data owner 2.

As shown in fig.8, be the present invention using Token as the authentication of authorisation verification and the data check system of authorisation verification The schematic diagram for the better embodiment interacted with data-requirements side of uniting.According to different demands, the order of step can in the flow chart To change, some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data-requirements side 3.The authentication and authorisation verification Information Referral System 10 during being interacted with the data-requirements side 3, perform step S24, S25, S26 and S27.That is institute State receiving module 101 and receive the Token that the data-requirements side 3 provides, money described in the certification of authorisation verification authentication module 102 Expect whether the Token that party in request 3 provides is effective.When the Token that the data-requirements side 3 provides is effective, the authorisation verification It is corresponding with condition with the query context for the Token that the data-requirements side 3 provides in data bank 13 described in computing module 105 Data is defined as the data needed for the data-requirements side 3.The data is sent to the data and needed by the sending module 104 The side of asking 3.

As shown in fig.9, be the present invention using digital publishing rights archives as the authentication of authorisation verification and the money of authorisation verification Expect the flow chart of the better embodiment of querying method.According to different demands, the order of step can change in the flow chart, certain A little steps can be omitted or merged.

Step S30, the receiving module 101 receive the authorization requests that the data owner 2 sends.

Step S31, the authentication module 106 are authenticated to the identity of the data owner 2.

Step S32, after the identity of the data owner 2 is by certification, the basis of authorisation verification generation module 103 The authorization requests determine the scope of authority, and generate a digital publishing rights archives according to the scope of authority.

In at least one embodiment of the present invention, the digital publishing rights archives of generation are the archives of a stamped signature encryption.Institute State the Information Referral System 10 of authentication and authorisation verification and the digital publishing rights archives of the generation can be decrypted and test chapter, To read the content of the digital publishing rights archives of the generation.

Step S33, the sending module 104 the digital publishing rights archives of generation are sent to the data owner 2 so that The digital publishing rights archives of the generation are supplied to the data-requirements side 3 by the data owner 2.

Step S34, the receiving module 101 receive the digital publishing rights archives that the data-requirements side 3 provides.

Step S35, the digital publishing rights archives that data-requirements side 3 described in the certification of authorisation verification authentication module 102 provides It is whether effective.

In at least one embodiment of the present invention, Zhang Suoshu data is tested in the decryption of authorisation verification authentication module 102 needs The digital publishing rights archives that the side of asking 3 provides, and the archives information included tested after chapter will be decrypted and being sent to of prestoring is described The information of the digital publishing rights archives of data owner 2 is matched；The information that includes of archives after chapter is tested in the decryption with it is pre- When the information that what is first stored be sent to the digital publishing rights archives of the data owner 2 matches completely, the authorisation verification certification Module 102 determines that the digital publishing rights archives that the data-requirements side 3 provides are effective；The information that archives after the decryption include When being matched with the INFORMATION OF INCOMPLETE of the digital publishing rights archives for being sent to the data owner 2 prestored, the warrant Bright authentication module 102 determines that the digital publishing rights archives that the data-requirements side 3 provides are invalid.

In at least one embodiment of the present invention, the information that the archives after the decryption include possesses including the data The proof of identification of person 2, the title of the data owner 2, the proof of identification of the data provider 11, the data provider 11 title, the proof of identification of the data-requirements side 3, the title of the data-requirements side 3, scope of authority condition etc..

The scope of authority condition includes following one or more kinds of combination：Valid period, the maximum times inquired about, look into Inquiry section purpose time point, inquiry subject etc..

In at least one embodiment of the present invention, it is necessary to illustrate, when the authorisation verification authentication module 102 confirms When the digital publishing rights archives that the data-requirements side 3 provides are invalid, this inquiry is terminated.

Step S36, when the digital publishing rights archives that the data-requirements side 3 provides are effective, the authorisation verification computing mould Block 105, which produces, corresponds to the encryption that the data-requirements side 3 for the digital publishing rights archives that the data-requirements side 3 provides can be read File, and the encryption file is defined as data needed for the data-requirements side 3.

The data is sent to the data-requirements side 3 by step S37, the sending module 104.

As shown in fig.10, be the present invention using digital publishing rights archives as the authentication of authorisation verification and the money of authorisation verification The schematic diagram for the better embodiment that material inquiry system interacts with data owner.According to different demands, step in the flow chart Order can change, some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data owner 2.The authentication and authorisation verification Information Referral System 10 during being interacted with the data owner 2, perform step S30, S31, S32 and S33.That is institute State receiving module 101 and receive the authorization requests that the data owner 2 sends.The authentication module 106 is to the data The identity of owner 2 is authenticated.After the identity of the data owner 2 is by certification, the authorisation verification generation module 103 determine the scope of authority according to the authorization requests, and generate a digital publishing rights archives according to the scope of authority.The hair Send module 104 that the digital publishing rights archives of generation are sent into the data owner 2 so that the data owner 2 is by the life Into digital publishing rights archives be supplied to the data-requirements side 3.

Refering to shown in Figure 11, be the present invention using digital publishing rights archives as the authentication of authorisation verification and the money of authorisation verification The schematic diagram for the better embodiment that material inquiry system interacts with data-requirements side.According to different demands, step in the flow chart Order can change, some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data-requirements side 3.The authentication and authorisation verification Information Referral System 10 during being interacted with the data-requirements side 3, perform step S34, S35, S36 and S37.That is institute State receiving module 101 and receive the digital publishing rights archives that the data-requirements side 3 provides.The authorisation verification authentication module 102 is recognized Whether effective demonstrate,prove the digital publishing rights archives that the data-requirements side 3 provides.When the digital publishing rights shelves that the data-requirements side 3 provides When case is effective, the authorisation verification computing module 105, which produces, corresponds to the digital publishing rights archives that the data-requirements side 3 provides The encryption file that the data-requirements side 3 can be read, and the encryption file is defined as money needed for the data-requirements side 3 Material.The data is sent to the data-requirements side 3 by the sending module 104.

Refering to shown in Figure 12, being the present invention using Token as authorisation verification and receive the authentication and mandate of Query Information The flow chart of the better embodiment of the data query method of proof.According to different demands, the order of step can in the flow chart To change, some steps can be omitted or merged.

Step S40, the receiving module 101 receive the authorization requests that the data owner 2 sends.

Step S41, the authentication module 106 are authenticated to the identity of the data owner 2.

Step S42, after the identity of the data owner 2 is by certification, the basis of authorisation verification generation module 103 The authorization requests determine the scope of authority, and generate archives and one group of token corresponding with the archives according to the scope of authority Token, by the archives storage in the data bank 13.

The Token of generation is sent to the data owner 2 so that the data by step S43, the sending module 104 The Token of the generation is supplied to the data-requirements side 3 by owner 2.

Step S44, the receiving module 101 receive the Token and Query Information that the data-requirements side 3 provides.

In at least one embodiment of the present invention, the Query Information, which includes the data-requirements side 3, needs to be looked into Scope and content of inquiry etc..

Whether step S45, the Token that data-requirements side 3 described in the certification of authorisation verification authentication module 102 provides have Effect.

In at least one embodiment of the present invention, it is necessary to illustrate, when the authorisation verification authentication module 102 confirms When the Token that the data-requirements side 3 provides is invalid, this inquiry is terminated.

Step S46, when the Token that the data-requirements side 3 provides is effective, the authorisation verification computing module 105 exists The query context data corresponding with condition for the Token that inquiry provides with the data-requirements side 3 in the data bank 13, and root Examined in the Token provided according to the Query Information in the data-requirements side 3 query context data corresponding with condition Rope, obtain the document of retrieval.

The document of the retrieval is sent to the data-requirements side 3 by step S47, the sending module 104.

Refering to shown in Figure 13, being the present invention using Token as authorisation verification and receive the authentication and mandate of Query Information The schematic diagram for the better embodiment that the Information Referral System of proof interacts with data owner.According to different demands, the flow The order of step can change in figure, and some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data owner 2.The authentication and authorisation verification Information Referral System 10 during being interacted with the data owner 2, perform step S40, S41, S42 and S43.That is institute State receiving module 101 and receive the authorization requests that the data owner 2 sends.The authentication module 106 is to the data The identity of owner 2 is authenticated.After the identity of the data owner 2 is by certification, the authorisation verification generation module 103 determine the scope of authority according to the authorization requests, and generate archives and one group and the archives pair according to the scope of authority The token Token answered, by the archives storage in the data bank 13.The sending module 104 sends the Token of generation To the data owner 2 so that the Token of the generation is supplied to the data-requirements side 3 by the data owner 2.

Refering to shown in Figure 14, being the present invention using Token as authorisation verification and receive the authentication and mandate of Query Information The schematic diagram for the better embodiment that the Information Referral System of proof interacts with data-requirements side.According to different demands, the flow The order of step can change in figure, and some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data-requirements side 3.The authentication and authorisation verification Information Referral System 10 during being interacted with the data-requirements side 3, perform step S44, S45, S46 and S47.That is institute State receiving module 101 and receive Token and Query Information that the data-requirements side 3 provides.The authorisation verification authentication module 102 Whether the Token that data-requirements side 3 described in certification provides is effective.When the Token that the data-requirements side 3 provides is effective, institute State the Token that inquiry provides with the data-requirements side 3 in the data bank 13 of authorisation verification computing module 105 inquiry model Enclose data corresponding with condition, and the Token provided according to the Query Information in the data-requirements side 3 query context with Retrieved corresponding to condition in data, obtain the document of retrieval.The document of the retrieval is sent to by the sending module 104 The data-requirements side 3.

Refering to shown in Figure 15, being the present invention using digital publishing rights archives as authorisation verification and receive the authentication of Query Information And the flow chart of the better embodiment of the data query method of authorisation verification.According to different demands, step in the flow chart Order can change, and some steps can be omitted or merged.

Step S50, the receiving module 101 receive the authorization requests that the data owner 2 sends.

Step S51, the authentication module 106 are authenticated to the identity of the data owner 2.

Step S52, after the identity of the data owner 2 is by certification, the basis of authorisation verification generation module 103 The authorization requests determine the scope of authority, and generate a digital publishing rights archives according to the scope of authority.

Step S53, the sending module 104 the digital publishing rights archives of generation are sent to the data owner 2 so that The digital publishing rights archives of the generation are supplied to the data-requirements side 3 by the data owner 2.

Step S54, the receiving module 101 receive the digital publishing rights archives and inquiry letter that the data-requirements side 3 provides Breath.

Step S55, the authorisation verification authentication module 102 decrypt the digital publishing rights for testing the offer of Zhang Suoshu data-requirements sides 3 Archives, whether the digital publishing rights archives that data-requirements side 3 described in the authentification of message included according to the archives that decryption is tested after chapter provides Effectively.

Step S56, when the digital publishing rights archives that the data-requirements side 3 provides are effective, the authorisation verification computing mould Block 105 is tested in the archives after chapter in the decryption according to the Query Information and retrieved, and obtains the document of retrieval, while by institute State the file encryption of retrieval.

The document of retrieval after encryption is sent to the data-requirements side 3 by step S57, the sending module 104.

In at least one embodiment of the present invention, the document of the retrieval after the encryption only has the data-requirements side 3 It can be read.

Refering to shown in Figure 16, being the present invention using digital publishing rights archives as authorisation verification and receive the authentication of Query Information And the schematic diagram of better embodiment that the Information Referral System of authorisation verification interacts with data owner.According to different demands, The order of step can change in the flow chart, and some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data owner 2.The authentication and authorisation verification Information Referral System 10 during being interacted with the data owner 2, perform step S50, S51, S52 and S53.That is institute State receiving module 101 and receive the authorization requests that the data owner 2 sends.The authentication module 106 is to the data The identity of owner 2 is authenticated.After the identity of the data owner 2 is by certification, the authorisation verification generation module 103 determine the scope of authority according to the authorization requests, and generate a digital publishing rights archives according to the scope of authority.The hair Send module 104 that the digital publishing rights archives of generation are sent into the data owner 2 so that the data owner 2 is by the life Into digital publishing rights archives be supplied to the data-requirements side 3.

Refering to shown in Figure 17, being the present invention using digital publishing rights archives as authorisation verification and receive the authentication of Query Information And the schematic diagram of better embodiment that the Information Referral System of authorisation verification interacts with data-requirements side.According to different demands, The order of step can change in the flow chart, and some steps can be omitted or merged.

In at least one embodiment of the present invention, the Information Referral System 10 of the authentication and authorisation verification is applied In data provider 11, the data provider 11 communicates with the data-requirements side 3.The authentication and authorisation verification Information Referral System 10 during being interacted with the data-requirements side 3, perform step S54, S55, S56 and S57.That is institute State receiving module 101 and receive digital publishing rights archives and Query Information that the data-requirements side 3 provides.The authorisation verification certification Module 102 decrypts the digital publishing rights archives for testing the offer of Zhang Suoshu data-requirements sides, and the archives tested according to the decryption after chapter include Authentification of message described in data-requirements side 3 provide digital publishing rights archives it is whether effective.When the number that the data-requirements side 3 provides When word copyright file is effective, shelves of the authorisation verification computing module 105 according to the Query Information after chapter is tested in the decryption Retrieved in case, obtain the document of retrieval, while by the file encryption of the retrieval.After the sending module 104 will be encrypted The document of retrieval be sent to the data-requirements side 3.

The above embodiments are merely illustrative of the technical solutions of the present invention and it is unrestricted, although with reference to above preferred embodiment pair The present invention is described in detail, it will be understood by those within the art that, technical scheme can be carried out Modification or equivalent substitution should not all depart from the spirit and scope of technical solution of the present invention.

In several embodiments provided by the present invention, it should be understood that disclosed system, apparatus and method can be with Realized through other modes.For example, device embodiment described above is only schematical, for example, the module Division, only a kind of division of logic function, can there is other dividing mode when actually realizing.

The module illustrated as separating component can be or may not be physically separate, show as module The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple In network unit.Some or all of module therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.

In addition, each functional module in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of hardware adds software functional module.

The above-mentioned integrated unit realized in the form of software functional module, can be stored in a computer-readable storage Deposit in medium.Above-mentioned software functional module is stored in a storage medium, including some instructions are causing a computer It is each that equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the present invention The part steps of embodiment methods described.

Some computer program product claims in subsequent application the scope of the claims all using computer program flow as foundation, with Computer program flow content in foregoing flow chart corresponds to consistent.Therefore, these computer program product claims, it should be understood that The functional module framework of foregoing solutions is realized for the main computer program recorded through specification, and is not construed as leading The entity apparatus of the solution is realized by hardware mode.

It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended Shen Please the scope of the claims rather than described above limit, it is intended that implication and scope in the equivalency of claim will be fallen Interior all changes are included in the present invention.Any attached associated diagram mark in claim should not be considered as involved by limitation And claim.Furthermore, it is to be understood that the word of " comprising " one is not excluded for other units or step, odd number is not excluded for plural number.System The multiple units or device stated in claim can also pass through software or hardware Lai real by a unit or device It is existing.The word such as " first ", " second " (if present) is used for representing title, and is not offered as any specific order.

Finally it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention and it is unrestricted, although reference The present invention is described in detail for preferred embodiment, it will be understood by those within the art that, can be to the present invention's Technical scheme is modified or equivalent substitution, without departing from the spirit and scope of technical solution of the present invention.

Claims

1. a kind of authentication and the Information Referral System of authorisation verification, applied to data provider, the authentication and award The bright Information Referral System of warrant communicates with data owner and data-requirements side, it is characterised in that the authentication and The Information Referral System of authorisation verification includes：

Authorisation verification generation module, for after the identity of the data owner is by certification, according to the data owner Authorization requests, generate authorisation verification；

Sending module, for the authorisation verification of generation to be sent into the data owner so that the data owner is by described in The authorisation verification of generation is supplied to the data-requirements side；

Authorisation verification computing module, when the authorisation verification for being provided when the data-requirements side is effective, according to the data need The authorisation verification that the side of asking provides, calculate the data needed for the data-requirements side；And

2. authentication as claimed in claim 1 and the Information Referral System of authorisation verification, it is characterised in that the warrant Bright authentication module is specifically used for：

The authorisation verification that the data-requirements side is provided and the authorisation verification for being sent to the data owner prestored Matched；

When the authorisation verification that the data-requirements side provides and the authorisation verification for being sent to the data owner prestored When information matches completely, confirm that the authorisation verification that the data-requirements side provides is effective；Or

When the authorisation verification that the data-requirements side provides and the authorisation verification for being sent to the data owner prestored When INFORMATION OF INCOMPLETE matches, confirm that the authorisation verification that the data-requirements side provides is invalid.

3. authentication as claimed in claim 1 and the Information Referral System of authorisation verification, it is characterised in that the identity is recognized The Information Referral System of card and authorisation verification includes data bank, and weight related to user in every field is stored in the data bank Data item is wanted, the data item includes following one or more kinds of combination：Account book, deposit amount and the proposition amount of money, hand over Easy time, remaining sum, transaction record, asset data, liability data, medical record data, credit data, academic data.

4. authentication as claimed in claim 1 and the Information Referral System of authorisation verification, it is characterised in that the warrant Bright generation module is specifically used for：

The scope of authority is determined according to the authorization requests, and archives and one group and the archives pair are generated according to the scope of authority The token Token answered, by the archives storage in the data bank；Or

5. authentication as claimed in claim 4 and the Information Referral System of authorisation verification, it is characterised in that the warrant Bright authentication module is specifically used for：

When the authorisation verification that the data-requirements side provides is Token, the letter in the Token that the data-requirements side is provided Cease and matched with the information being sent in the Token of the data owner prestored；When the data-requirements side carries When information in the Token of confession matches completely with the information being sent in the Token of the data owner prestored, really The Token that the fixed data-requirements side provides is effective；When the information in the Token that the data-requirements side provides is with prestoring The INFORMATION OF INCOMPLETE being sent in the Token of the data owner matching when, determine what the data-requirements side provided Token is invalid；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, the number that the data-requirements side provides is decrypted Word copyright file, the stamped signature of the digital publishing rights archives after being decrypted, and verify the digital publishing rights archives after decryption Stamped signature whether be the data provider stamped signature；The stamped signature of the digital publishing rights archives after decryption is the money When expecting the stamped signature of supplier, determine that the digital publishing rights archives that the data-requirements side provides are effective；Described in after the decryption When the stamped signature of digital publishing rights archives is not the stamped signature of the data provider, the digital publishing rights that the data-requirements side provides are determined Archives are invalid.

6. authentication as claimed in claim 4 and the Information Referral System of authorisation verification, it is characterised in that the warrant Bright computing module is specifically used for：

When the authorisation verification that the data-requirements side provides is Token, will be carried in the data bank with the data-requirements side The Token of the confession query context data corresponding with condition is defined as the data needed for the data-requirements side；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, generation carries corresponding to the data-requirements side The query context and condition of the digital publishing rights archives of confession, and the query context according to the digital publishing rights archives and condition query institute State the data needed for data-requirements side.

7. authentication as claimed in claim 4 and the Information Referral System of authorisation verification, it is characterised in that the reception mould Block is additionally operable to：

Receive the Query Information of the data-requirements side；And

The authorisation verification computing module, it is additionally operable to when the authorisation verification of data-requirements side offer is effective, according to described The authorisation verification and the Query Information that data-requirements side provides, calculate the data needed for the data-requirements side.

8. authentication as claimed in claim 7 and the Information Referral System of authorisation verification, it is characterised in that the warrant Bright computing module is specifically used for：

When the authorisation verification that the data-requirements side provides is Token, inquiry and the data-requirements in the data bank Query context and condition corresponding to the Token just provided, and provided according to the Query Information in the data-requirements side Query context corresponding to Token obtains the document of retrieval with being retrieved in condition；

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, according to the Query Information in the data Retrieved in the query context and condition of the digital publishing rights archives that party in request provides, obtain the document of retrieval；

9. the Information Referral System of the authentication and authorisation verification as any one of claim 1 to 8, its feature exist In the authorisation verification includes the combination of following one or more：

The proof of identification of the data owner, the title of the data owner, the proof of identification of the data provider, institute State the title of data provider, the proof of identification of the data-requirements side, the title of the data-requirements side, scope of authority bar Part, the scope of authority condition include following one or more：When valid period, the maximum times of inquiry, inquiry section purpose Between point, inquiry subject.

10. a kind of authentication and the data query method of authorisation verification, it is characterised in that methods described includes：

Receive the authorization requests that the data owner sends；

The identity of the data owner is authenticated；

After the identity of the data owner is by certification, according to the authorization requests of the data owner, warrant is generated It is bright；

The authorisation verification of generation is sent to the data owner so that the data owner is by the warrant of the generation It is bright to be supplied to the data-requirements side；

When the authorisation verification that the data-requirements side provides is effective, according to the authorisation verification of data-requirements side offer, fortune Calculate the data needed for the data-requirements side；And

The data is sent to the data-requirements side.

11. authentication as claimed in claim 10 and the data query method of authorisation verification, it is characterised in that the certification Whether the authorisation verification that the data-requirements side provides effectively includes：

12. authentication as claimed in claim 10 and the data query method of authorisation verification, it is characterised in that the identity The Information Referral System of certification and authorisation verification includes data bank, is stored in the data bank related to user in every field Capsule information project, the data item include following one or more kinds of combination：Account book, deposit amount and the proposition amount of money, Exchange hour, remaining sum, transaction record, asset data, liability data, medical record data, credit data, academic data.

13. authentication as claimed in claim 10 and the data query method of authorisation verification, it is characterised in that described to work as institute After the identity of data owner is stated by certification, according to the authorization requests of the data owner, generation authorisation verification includes：

14. authentication as claimed in claim 13 and the data query method of authorisation verification, it is characterised in that the certification Whether the authorisation verification that the data-requirements side provides effectively specifically includes：

15. authentication as claimed in claim 13 and the data query method of authorisation verification, it is characterised in that described to work as institute State the offer of data-requirements side authorisation verification it is effective when, the authorisation verification that is provided according to the data-requirements side calculates described Data needed for data-requirements side includes：

16. authentication as claimed in claim 13 and the data query method of authorisation verification, it is characterised in that methods described Also include：

Receive the Query Information of the data-requirements side；And

When the authorisation verification that the data-requirements side provides is effective, the authorisation verification provided according to the data-requirements side and institute Query Information is stated, calculates the data needed for the data-requirements side.

17. authentication as claimed in claim 16 and the data query method of authorisation verification, it is characterised in that methods described Also include：

When the authorisation verification that the data-requirements side provides is Token, inquiry and the data-requirements in the data bank Query context and condition corresponding to the Token just provided, and provided according to the Query Information in the data-requirements side Query context corresponding to Token obtains the document of retrieval, the document of the retrieval is sent to described with being retrieved in condition Data-requirements side；Or

When the authorisation verification that the data-requirements side provides is digital publishing rights archives, according to the Query Information in the data Retrieved in the query context and condition of the digital publishing rights archives that party in request provides, the document of retrieval is obtained, by the retrieval Document be sent to the data-requirements side.

18. the data query method of the authentication and authorisation verification as any one of claim 10 to 17, its feature It is, the authorisation verification includes the combination of following one or more：

19. a kind of electronic installation, it is characterised in that the electronic installation includes memory and processor, and the memory is used for At least one instruction is stored, such as right will to realize for performing the computer program stored in the memory for the processor Ask the authentication any one of 10 to 18 and the data query method of authorisation verification.

20. a kind of computer-readable recording medium, it is characterised in that the computer-readable recording medium storage has at least one The authentication as described in claim 10 to 18 any one is realized in instruction, at least one instruction when being executed by processor And the data query method of authorisation verification.