CN107832632A - Asset certification authorization query method, system, electronic device and computer readable storage medium - Google Patents
Asset certification authorization query method, system, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN107832632A CN107832632A CN201711121632.3A CN201711121632A CN107832632A CN 107832632 A CN107832632 A CN 107832632A CN 201711121632 A CN201711121632 A CN 201711121632A CN 107832632 A CN107832632 A CN 107832632A
- Authority
- CN
- China
- Prior art keywords
- assets
- data
- prove
- ownership
- person
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 393
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000005540 biological transmission Effects 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 341
- 230000007246 mechanism Effects 0.000 claims description 11
- 230000001360 synchronised effect Effects 0.000 claims description 10
- 238000012790 confirmation Methods 0.000 claims description 9
- 238000009434 installation Methods 0.000 claims description 9
- 238000004519 manufacturing process Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 210000003516 pericardium Anatomy 0.000 claims 2
- 230000006870 function Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an asset certification authorization query method, an asset certification authorization query system, an electronic device and a computer readable storage medium. The asset certification authorization query method and system comprise the following steps: the system comprises a first asset proof generation module, a first authorization proof generation module, a first sending module, a first receiving module, a first authentication module, a first asset proof operation module and a first asset proof query module. Therefore, the automation of data transmission is realized, and the risk of data tampering is effectively reduced.
Description
Technical field
The present invention relates to information transmission field, more particularly to a kind of assets to prove authority inquiry method, system, electronic installation
And computer-readable recording medium.
Background technology
In the prior art, ownership of assets person usually requires data needed for each bank or associated mechanisms inquiry, and
And the data inquired will be supplied to data-requirements side by the ownership of assets person, so, not only ownership of assets person is carried out
It is complicated the step of data collection under line, and because the data inquired is not to be supplied directly to the money by data provider
Expect party in request, the risk that data will be caused to have be tampered, the data-requirements side can not be obtained desired data.
The content of the invention
In view of the foregoing, it is necessary to which providing a kind of assets proves authority inquiry method, system, electronic installation and computer
Readable storage medium storing program for executing, to realize the automation of data transmission, while the risk that effectively reduction data is tampered.
A kind of assets prove authorization query system, applied to data provider, the assets prove authorization query system with
Ownership of assets person and data-requirements side communicate, and the assets prove that authorization query system includes:
First assets prove generation module, for proving that application please in the assets for receiving the ownership of assets person transmission
Ask, and after the identity of the ownership of assets person is by certification, entered according to the ownership of assets person in the data provider
The assets of row management generate the assets comprising the data provider numerical digit voucher stamped signature and proved, and with the ownership of assets person
Identification authorization prove owner public key to the assets prove be encrypted;
First assets prove generation module, are additionally operable to that the assets of encryption are proved to add querying condition;
First authorisation verification generation module, for proving application request according to the assets, generate the first authorisation verification;
First sending module, for the assets of the encryption after first authorisation verification and addition querying condition to be proved into hair
Delivering to the assets of the data provider proves data bank;
First sending module, it is additionally operable to send first authorisation verification to the ownership of assets person so that institute
First authorisation verification is supplied to the data-requirements side by the person that states ownership of assets;
First receiving module, for receiving the warrant of the ownership of assets person and/or data-requirements side offer
Bright and querying condition;
First authentication module, for being demonstrate,proved according to the assets of the encryption after first authorisation verification and addition querying condition
Bright, whether the authorisation verification and querying condition of ownership of assets person described in certification and/or data-requirements side offer are effective;
First assets prove computing module, for when the ownership of assets person and/or the data-requirements side offer
When authorisation verification and effective querying condition, according to the ownership of assets person and/or the warrant of data-requirements side offer
Bright, calculating the ownership of assets person and/or the assets needed for the data-requirements side proves;
First assets prove enquiry module, for from the assets of the data provider prove data bank or with the data
The assets of provider prove that the association assets that data bank communicates prove that obtaining the assets calculated in data bank proves;
First sending module, be additionally operable to by the assets got prove be sent to the ownership of assets person and/or
The data-requirements side so that the ownership of assets person and/or the data-requirements side with the private of the authorisation verification owner
Key proves to be decrypted to the assets got.
According to the preferred embodiment of the present invention, what is be managed according to the ownership of assets person in the data provider
Before assets of the assets generation comprising the data provider numerical digit voucher stamped signature prove, first receiving module is additionally operable to:
The identity for the ownership of assets person that authentication center sends is received by the authentication information of certification, is recognized according to described
Card information determines that the identity of the ownership of assets person passes through certification;
The authentication center it is determined that the ownership of assets person identity by certification after, be the ownership of assets person
The identity of an authorisation verification owner is generated, and one group of public key and private key are generated for the authorisation verification owner, it is described to recognize
Card center includes the combination of following one or more:
The authentication center of the data provider, the authentication center communicated with the data provider.
According to the preferred embodiment of the present invention, the first authorisation verification generation module is specifically used for:
Prove that application request determines the scope of authority according to the assets, and generated in a hashed form according to the scope of authority
First authorisation verification.
According to the preferred embodiment of the present invention, first authentication module is according to first authorisation verification and adds inquiry bar
The assets of encryption after part prove, authorisation verification that ownership of assets person described in certification and/or the data-requirements side provide and
Whether querying condition effectively includes:
The authorisation verification that the ownership of assets person and/or the data-requirements side are provided and first authorisation verification
Matched, and the querying condition that the ownership of assets person and/or the data-requirements side are provided is with being previously added in institute
The querying condition that stating the assets of generation proves is matched;
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
All match, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in described
When the querying condition that the assets of generation prove also all matches, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are effective;Or
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
All match, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in described
When the querying condition that the assets of generation prove not all matches, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are invalid;Or
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
Not all match, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in institute
When the querying condition that stating the assets of generation proves all matches, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are invalid;Or
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
Not all match, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in institute
When the querying condition that stating the assets of generation proves also not all matches, the ownership of assets person and/or the data-requirements are confirmed
The authorisation verification and querying condition just provided is invalid.
According to the preferred embodiment of the present invention:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
According to the preferred embodiment of the present invention, first authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the body of the data provider
Part proof, the title of the data provider, the proof of identification of the data-requirements side, the data-requirements side title, award
Weigh range of condition;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
According to the preferred embodiment of the present invention, the querying condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
According to the preferred embodiment of the present invention, the corresponding assets of the data provider prove data bank, the assets institute
The corresponding assets of the person of having the right prove data bank, and the corresponding assets in the data-requirements side prove data bank, and the data carries
The assets of supplier prove that data bank, the assets of the ownership of assets person prove the assets card of data bank and the data-requirements side
Bright data bank communicates, and the assets of the data provider prove that data bank, the assets of the ownership of assets person prove
Data bank and the assets of the data-requirements side prove that data bank is the synchronous mechanism of distributing, the assets of the data provider
Prove that data bank is used for the assets of encryption after storing first authorisation verification and adding querying condition and proved, and by described the
The assets of encryption after one authorisation verification and addition querying condition prove synchronously to be stored in the assets card of the ownership of assets person
Bright data bank and the assets of the data-requirements side prove data bank.
According to the preferred embodiment of the present invention, the assets prove that the embodiment of authorization query system also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block is the assets
Ownership person, the block address of the block is first authorisation verification.
A kind of assets prove authorization query system, applied to data provider, the assets prove authorization query system with
Data-requirements side communicates, and the data-requirements side communicates with ownership of assets person, and the assets prove authorization query system
Including:
Second receiving module, application request and the second warrant are proved for receiving the assets that the data-requirements side is sent
It is bright;
Second authentication module, whether it is that the ownership of assets person produces for the second authorisation verification described in certification;
Second assets prove generation module, for when second authorisation verification is that the ownership of assets person produces,
The data provider numerical digit is included in the assets generation that the data provider is managed according to the ownership of assets person
The assets of voucher stamped signature are proved, and the assets are proved to be encrypted with the public key of the data-requirements side;
Second assets prove generation module, are additionally operable to that the assets of encryption are proved to add querying condition;
Second authorisation verification generation module, for proving application request according to the assets, generate the 3rd authorisation verification;
Second sending module, for the assets of the encryption after the 3rd authorisation verification and addition querying condition to be proved into hair
Delivering to the assets of the data provider proves data bank;
Second sending module, it is additionally operable to send the 3rd authorisation verification to the data-requirements side;
Second receiving module, it is additionally operable to receive authorisation verification and the querying condition that the data-requirements side provides;
Second authentication module, it is additionally operable to the money according to the encryption after the 3rd authorisation verification and addition querying condition
Production proves whether the authorisation verification and querying condition that data-requirements side described in certification provides are effective;
Second assets proof computing module, the authorisation verification and querying condition for being provided when the data-requirements side are effective
When, according to the authorisation verification of data-requirements side offer, calculating the assets needed for the data-requirements side proves;
Second assets prove enquiry module, for from the assets of the data provider prove data bank or with the data
The assets of provider prove that the association assets that data bank communicates prove that obtaining the assets calculated in data bank proves;
Second sending module, it is additionally operable to prove the assets got to be sent to the data-requirements side so that described
Data-requirements side proves to be decrypted with the private key of the data-requirements side to the assets got.
According to the preferred embodiment of the present invention, the second authorisation verification generation module is specifically used for:
Prove that application request determines the scope of authority according to the assets, and generated in a hashed form according to the scope of authority
3rd authorisation verification.
According to the preferred embodiment of the present invention, second authentication module is according to the 3rd authorisation verification and adds inquiry article
The assets of encryption after part prove whether the authorisation verification and querying condition that data-requirements side described in certification provides effectively include:
The authorisation verification that the data-requirements side provides is matched with the 3rd authorisation verification, and by the data
The querying condition that party in request provides is matched with the querying condition being previously added in the assets proof of the generation;
When the data-requirements side provide authorisation verification all matched with the 3rd authorisation verification, and the data need
The querying condition that the side of asking provides is with being previously added when the querying condition of the assets proof of the generation also all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are effective;Or
When the data-requirements side provide authorisation verification all matched with the 3rd authorisation verification, but the data need
The querying condition that the side of asking provides is with being previously added when the querying condition of the assets proof of the generation not all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, but the data
The querying condition that party in request provides is with being previously added when the querying condition of the assets proof of the generation all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, and the data
The querying condition that party in request provides confirms with being previously added when the querying condition of the assets proof of the generation also not all matches
The authorisation verification and querying condition that the data-requirements side provides are invalid.
According to the preferred embodiment of the present invention:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
According to the preferred embodiment of the present invention, the 3rd authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the body of the data provider
Part proof, the title of the data provider, the proof of identification of the data-requirements side, the data-requirements side title, award
Weigh range of condition;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
According to the preferred embodiment of the present invention, the querying condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
According to the preferred embodiment of the present invention, the corresponding assets of the data provider prove data bank, the assets institute
The corresponding assets of the person of having the right prove data bank, and the corresponding assets in the data-requirements side prove data bank, and the data carries
The assets of supplier prove that data bank, the assets of the ownership of assets person prove the assets card of data bank and the data-requirements side
Bright data bank communicates, and the assets of the data provider prove that data bank, the assets of the ownership of assets person prove
Data bank and the assets of the data-requirements side prove that data bank is the synchronous mechanism of distributing, the assets of the data provider
Prove that data bank is used for the assets of encryption after storing the 3rd authorisation verification and adding querying condition and proved, and by described the
The assets of encryption after three authorisation verifications and addition querying condition prove synchronously to be stored in the assets card of the ownership of assets person
Bright data bank and the assets of the data-requirements side prove data bank.
According to the preferred embodiment of the present invention, the assets prove that the embodiment of authorization query system also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block is the data
Party in request, the block address of the block is the 3rd authorisation verification.
A kind of assets prove authority inquiry method, and the assets prove that authority inquiry method includes:
First assets prove generation step, and application request is proved in the assets for receiving the ownership of assets person transmission, and
After the identity of the ownership of assets person is by certification, it is managed according to the ownership of assets person in the data provider
Assets generation proved comprising the assets of the data provider numerical digit voucher stamped signature, and with the identity of the ownership of assets person
The public key of authorisation verification owner proves to be encrypted to the assets;
First assets prove to produce step, the assets of encryption are proved to add querying condition;
First authorisation verification produces step, proves application request according to the assets, generates the first authorisation verification;
First forwarding step, the assets of the encryption after first authorisation verification and addition querying condition are proved to send extremely
The assets of the data provider prove data bank;
First forwarding step, first authorisation verification is sent to the ownership of assets person so that the assets
First authorisation verification is supplied to the data-requirements side by ownership person;
First receiving step, receive authorisation verification that the ownership of assets person and/or the data-requirements side provide and
Querying condition;
First authenticating step, proved, recognized according to the assets of the encryption after first authorisation verification and addition querying condition
Whether authorisation verification and the querying condition for demonstrate,proving the ownership of assets person and/or data-requirements side offer are effective;
First assets prove calculation step, when the ownership of assets person and/or the mandate of data-requirements side offer
When proof and querying condition are effective, according to the ownership of assets person and/or the authorisation verification of data-requirements side offer, fortune
Calculating the ownership of assets person and/or the assets needed for the data-requirements side proves;
First assets prove query steps, prove data bank from the assets of the data provider or are provided with the data
The assets of side prove that the association assets that data bank communicates prove that obtaining the assets calculated in data bank proves;
First forwarding step, the assets got are proved to be sent to the ownership of assets person and/or the money
Expect party in request so that the ownership of assets person and/or the data-requirements side with the private key of the authorisation verification owner to institute
Stating the assets got proves to be decrypted.
According to the preferred embodiment of the present invention, what is be managed according to the ownership of assets person in the data provider
Before assets of the assets generation comprising the data provider numerical digit voucher stamped signature prove, first receiving step also includes:
The identity for the ownership of assets person that authentication center sends is received by the authentication information of certification, is recognized according to described
Card information determines that the identity of the ownership of assets person passes through certification;
The authentication center it is determined that the ownership of assets person identity by certification after, be the ownership of assets person
The identity of an authorisation verification owner is generated, and one group of public key and private key are generated for the authorisation verification owner, it is described to recognize
Card center includes the combination of following one or more:
The authentication center of the data provider, the authentication center communicated with the data provider.
According to the preferred embodiment of the present invention, first authorisation verification produces step and specifically included:
Prove that application request determines the scope of authority according to the assets, and generated in a hashed form according to the scope of authority
First authorisation verification.
According to the preferred embodiment of the present invention, first authenticating step is according to first authorisation verification and adds inquiry bar
The assets of encryption after part prove, authorisation verification that ownership of assets person described in certification and/or the data-requirements side provide and
Whether querying condition effectively includes:
The authorisation verification that the ownership of assets person and/or the data-requirements side are provided and first authorisation verification
Matched, and the querying condition that the ownership of assets person and/or the data-requirements side are provided is with being previously added in institute
The querying condition that stating the assets of generation proves is matched;
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
All match, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in described
When the querying condition that the assets of generation prove also all matches, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are effective;Or
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
All match, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in described
When the querying condition that the assets of generation prove not all matches, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are invalid;Or
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
Not all match, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in institute
When the querying condition that stating the assets of generation proves all matches, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are invalid;Or
When the authorisation verification and first authorisation verification of the ownership of assets person and/or data-requirements side offer
Not all match, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in institute
When the querying condition that stating the assets of generation proves also not all matches, the ownership of assets person and/or the data-requirements are confirmed
The authorisation verification and querying condition just provided is invalid.
According to the preferred embodiment of the present invention:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
According to the preferred embodiment of the present invention, first authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the body of the data provider
Part proof, the title of the data provider, the proof of identification of the data-requirements side, the data-requirements side title, award
Weigh range of condition;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
According to the preferred embodiment of the present invention, the querying condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
According to the preferred embodiment of the present invention, the corresponding assets of the data provider prove data bank, the assets institute
The corresponding assets of the person of having the right prove data bank, and the corresponding assets in the data-requirements side prove data bank, and the data carries
The assets of supplier prove that data bank, the assets of the ownership of assets person prove the assets card of data bank and the data-requirements side
Bright data bank communicates, and the assets of the data provider prove that data bank, the assets of the ownership of assets person prove
Data bank and the assets of the data-requirements side prove that data bank is the synchronous mechanism of distributing, the assets of the data provider
Prove that data bank is used for the assets of encryption after storing first authorisation verification and adding querying condition and proved, and by described the
The assets of encryption after one authorisation verification and addition querying condition prove synchronously to be stored in the assets card of the ownership of assets person
Bright data bank and the assets of the data-requirements side prove data bank.
According to the preferred embodiment of the present invention, the assets prove that the embodiment of authority inquiry method also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block is the assets
Ownership person, the block address of the block is first authorisation verification.
A kind of assets prove authority inquiry method, and the assets prove that authority inquiry method includes:
Second receiving step, receiving the assets that the data-requirements side is sent proves application request and the second authorisation verification;
Whether the second authenticating step, the second authorisation verification described in certification are that the ownership of assets person produces;
Second assets prove to produce step, when second authorisation verification is that the ownership of assets person produces, according to
The ownership of assets person includes the data provider numerical digit voucher in the assets generation that the data provider is managed
The assets of stamped signature are proved, and the assets are proved to be encrypted with the public key of the data-requirements side;
Second assets prove to produce step, the assets of encryption are proved to add querying condition;
Second authorisation verification produces step, proves application request according to the assets, generates the 3rd authorisation verification;
Second forwarding step, the assets of the encryption after the 3rd authorisation verification and addition querying condition are proved to send extremely
The assets of the data provider prove data bank;
Second forwarding step, the 3rd authorisation verification is sent to the data-requirements side;
Second receiving step, receive authorisation verification and querying condition that the data-requirements side provides;
Second authenticating step, demonstrate,proved according to the assets of the encryption after the 3rd authorisation verification and addition querying condition
Bright, whether the authorisation verification and querying condition that data-requirements side described in certification provides are effective;
Second assets prove calculation step, when the authorisation verification and effective querying condition of data-requirements side offer,
The authorisation verification provided according to the data-requirements side, calculating the assets needed for the data-requirements side proves;
Second assets prove query steps, prove data bank from the assets of the data provider or are provided with the data
The assets of side prove that the association assets that data bank communicates prove that obtaining the assets calculated in data bank proves;
Second forwarding step, the assets got are proved to be sent to the data-requirements side so that the data needs
The side of asking proves to be decrypted with the private key of the data-requirements side to the assets got.
According to the preferred embodiment of the present invention, second authorisation verification produces step and specifically included:
Prove that application request determines the scope of authority according to the assets, and generated in a hashed form according to the scope of authority
3rd authorisation verification.
According to the preferred embodiment of the present invention, second authenticating step is according to the 3rd authorisation verification and adds inquiry article
The assets of encryption after part prove whether the authorisation verification and querying condition that data-requirements side described in certification provides effectively include:
The authorisation verification that the data-requirements side provides is matched with the 3rd authorisation verification, and by the data
The querying condition that party in request provides is matched with the querying condition being previously added in the assets proof of the generation;
When the data-requirements side provide authorisation verification all matched with the 3rd authorisation verification, and the data need
The querying condition that the side of asking provides is with being previously added when the querying condition of the assets proof of the generation also all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are effective;Or
When the data-requirements side provide authorisation verification all matched with the 3rd authorisation verification, but the data need
The querying condition that the side of asking provides is with being previously added when the querying condition of the assets proof of the generation not all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, but the data
The querying condition that party in request provides is with being previously added when the querying condition of the assets proof of the generation all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, and the data
The querying condition that party in request provides confirms with being previously added when the querying condition of the assets proof of the generation also not all matches
The authorisation verification and querying condition that the data-requirements side provides are invalid.
According to the preferred embodiment of the present invention:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
According to the preferred embodiment of the present invention, the 3rd authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the body of the data provider
Part proof, the title of the data provider, the proof of identification of the data-requirements side, the data-requirements side title, award
Weigh range of condition;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
According to the preferred embodiment of the present invention, the querying condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
According to the preferred embodiment of the present invention, the corresponding assets of the data provider prove data bank, the assets institute
The corresponding assets of the person of having the right prove data bank, and the corresponding assets in the data-requirements side prove data bank, and the data carries
The assets of supplier prove that data bank, the assets of the ownership of assets person prove the assets card of data bank and the data-requirements side
Bright data bank communicates, and the assets of the data provider prove that data bank, the assets of the ownership of assets person prove
Data bank and the assets of the data-requirements side prove that data bank is the synchronous mechanism of distributing, the assets of the data provider
Prove that data bank is used for the assets of encryption after storing the 3rd authorisation verification and adding querying condition and proved, and by described the
The assets of encryption after three authorisation verifications and addition querying condition prove synchronously to be stored in the assets card of the ownership of assets person
Bright data bank and the assets of the data-requirements side prove data bank.
According to the preferred embodiment of the present invention, the assets prove that the embodiment of authority inquiry method also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block is the data
Party in request, the block address of the block is the 3rd authorisation verification.
A kind of electronic installation, the electronic installation include memory and processor, and the memory is used to store at least one
Individual instruction, the processor are used to perform the computer program that stores in the memory to realize that the assets prove that mandate is looked into
Inquiry method.
A kind of computer-readable recording medium, the computer-readable recording medium storage has at least one instruction, described
At least one instruction realizes that the assets prove authority inquiry method when being executed by processor.
As can be seen from the above technical solutions, the automation of data transmission can be realized using the present invention, while is effectively reduced
The risk that data is tampered.
Brief description of the drawings
Fig. 1 is the application environment schematic diagram for the better embodiment that assets of the present invention prove authority inquiry method.
Fig. 2 is the functional block diagram for the first better embodiment that assets of the present invention prove authorization query system.
Fig. 3 is the flow chart for the first better embodiment that assets of the present invention prove authority inquiry method.
Fig. 4 is the functional block diagram for the second better embodiment that assets of the present invention prove authorization query system.
Fig. 5 is the flow chart for the second better embodiment that assets of the present invention prove authority inquiry method.
Embodiment
As shown in fig.1, it is the application environment signal for the better embodiment that assets of the present invention prove authority inquiry method
Figure.In the present embodiment, the assets prove that authorization query system 10 is applied to data provider 11, the data provider 11
Communicated respectively with ownership of assets person 2 and data-requirements side 3.
In the present embodiment, the data provider 11 is used for the assets for managing the ownership of assets person 2, and the present invention is right
The identity of the data provider 11 is not limited.
In the present embodiment, the ownership of assets person 2 is the side for possessing assets, and the ownership of assets person 2 also may be used
Proved with queries asset.
In the present embodiment, the data-requirements side 3 is the side for needing queries asset to prove.
In the present embodiment, the data provider 11 is used to be provided in the data according to the ownership of assets person 2
The assets generation assets that side 11 is managed prove, so that the ownership of assets person 2 and/or the data-requirements side 3 are carried out
Inquiry.
In the present embodiment, the corresponding assets of the data provider 11 prove data bank 13, the ownership of assets
The corresponding assets of person 2 prove data bank 23, and the corresponding assets in the data-requirements side 3 prove data bank 33, the data
The assets of provider 11 prove that data bank 13, the assets of the ownership of assets person 2 prove data bank 23 and the data-requirements
The assets of side 3 prove that data bank 33 communicates, and the assets of the data provider 11 prove data bank 13, assets institute
The assets of the person of having the right 2 prove that the assets of data bank 23 and the data-requirements side 3 prove that data bank 33 is the synchronous machine of distributing
System, the assets of the data provider 11 prove that data bank 13 is used for after storing first authorisation verification and adding querying condition
The assets of encryption prove, and the assets of first authorisation verification and the encryption added after querying condition are proved into synchronous storage
The assets for proving data bank 23 and the data-requirements side 3 in the assets of the ownership of assets person 2 prove data bank 33.
In the present embodiment, the assets prove that authorization query system 10 can be run in computer installation, the calculating
Machine device be it is a kind of can be automatic to carry out numerical computations and/or the equipment of information processing according to the instruction for being previously set or storing,
Its hardware includes but is not limited to microprocessor, application specific integrated circuit (Application Specific Integrated
Circuit, ASIC), programmable gate array (Field-Programmable Gate Array, FPGA), digital processing unit
(Digital Signal Processor, DSP), embedded device etc..The computer installation includes but is not limited to single net
Network server, multiple webservers composition server group or based on cloud computing (Cloud Computing) by largely leading
The cloud that machine or the webserver are formed.
As shown in fig.2, it is the functional module for the first better embodiment that assets of the present invention prove authorization query system
Figure.In the present embodiment, the assets prove that authorization query system 10 can be divided into one or more modules.For example,
The assets prove that authorization query system 10 is divided into the first assets and proves that generation module 101, the first authorisation verification produce mould
Block 102, the first sending module 103, the first receiving module 104, the first authentication module 105, the first assets prove computing module 106
And first assets prove enquiry module 107.Detailed functions on each module will be described specifically in Fig. 3 later.
As shown in fig.3, it is the flow chart for the first better embodiment that assets of the present invention prove authority inquiry method.Root
According to different demands, the order of step can change in the flow chart, and some steps can be omitted or merged.
Step S10, the first assets prove that generation module 101 proves in the assets for receiving the transmission of ownership of assets person 2
After application is asked, and the identity of the ownership of assets person 2 is by certification, according to the ownership of assets person 2 in the data
The assets that provider 11 is managed generate the assets comprising the numerical digit voucher stamped signature of data provider 11 and proved, and with described
The identification authorization of ownership of assets person 2 proves that the public key of owner proves to be encrypted to the assets.
In the present embodiment, prove generation module 101 according to the ownership of assets person 2 described in first assets
Before assets of the assets generation comprising the numerical digit voucher stamped signature of data provider 11 that data provider 11 is managed prove,
First receiving module 104, which receives the assets that the ownership of assets person 2 sends, proves application request.
In the present embodiment, the assets prove that application request includes, but are not limited to following one or more kinds of combination:
The proof of identification of the ownership of assets person 2, the title of the ownership of assets person 2, the data-requirements side 3
Proof of identification, the title of the data-requirements side 3, scope of authority condition etc..
In the present embodiment, prove generation module 101 according to the ownership of assets person 2 described in first assets
Before assets of the assets generation comprising the numerical digit voucher stamped signature of data provider 11 that data provider 11 is managed prove,
First receiving module 104 is additionally operable to:Receive the certification that the identity for the ownership of assets person 2 that authentication center sends passes through certification
Information, the identity for determining the ownership of assets person 2 according to the authentication information pass through certification.
In the present embodiment, the authentication center it is determined that the ownership of assets person 2 identity by certification after, for institute
Stating ownership of assets, person 2 generates the identity of an authorisation verification owner, and generates one group of public affairs for the authorisation verification owner
Key and private key, for subsequently proving to be encrypted to the assets of generation and decryption oprerations.
In the present embodiment, the ownership of assets person 2 is by the public key of the authorisation verification owner and the warrant
The private key of bright owner is supplied to the data-requirements side 3.
In the present embodiment, the authentication center is the machine that a kind of identity to the ownership of assets person 2 provides certification
System, the authentication center include, but are not limited to the combination of following one or more:
The authentication center of the data provider 11, the authentication center communicated with the data provider 11 etc..
In the present embodiment, the type of the assets includes, but are not limited to the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund etc..
In the present embodiment, the assets prove to include, but are not limited to the combination of following one or more:
Trade date, transaction details, total transaction amount, account balance and currency etc..
In the present embodiment, the assets of the generation prove to be signed with the numerical digit voucher stamped signature of the data provider 11
Chapter, produced with proving that the assets of the generation are proved to be by the data provider 11.
Step S11, first assets prove that generation module 101 proves to add querying condition to the assets of encryption.
In the present embodiment, the querying condition includes, but are not limited to the combination of following one or more:
Password for inquiry, proof of identification, can query time, content etc. can be inquired about.
Step S12, the first authorisation verification generation module 102 prove application request according to the assets, and generation first authorizes
Prove.
In the present embodiment, the first authorisation verification generation module 102 proves that application request determines according to the assets
The scope of authority, and first authorisation verification is generated according to the scope of authority in a hashed form.
It should be noted that the hash mode is a kind of one-way cipher system, that is to say, that passes through the hash mode
Encryption be it is a kind of from plaintext to ciphertext can not inverse mapping, only include ciphering process, without decrypting process.So, institute is passed through
State hash mode and generate first authorisation verification, it will it is more safe and reliable, effectively reduce the risk being tampered.
In the present embodiment, first authorisation verification includes, but are not limited to the combination of following one or more:
The proof of identification of the data ownership person 2, the title of the data ownership person 2, the data provider 11
Proof of identification, the title of the data provider 11, the proof of identification of the data-requirements side 3, the data-requirements side 3
Title, scope of authority condition etc..
In the present embodiment, the scope of authority condition includes, but are not limited to following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject etc..
Step S13, the first sending module 103 by first authorisation verification and add querying condition after encryption assets
Prove to send to the assets of the data provider 11 and prove data bank 13.
In the present embodiment, the assets prove that the memory mechanism of data bank 13 looks into first authorisation verification and addition
The assets of encryption after inquiry condition prove that the assets for being synchronously stored in the ownership of assets person 2 prove data bank 23 and the money
Expecting the assets of party in request 3 proves in data bank 33 that so, the ownership of assets person 2 or the data-requirements side 3 can arrive
Any one assets communicated proves to carry out the inquiry of assets proof in data bank.
Step S14, first sending module 103 send first authorisation verification to the ownership of assets person 2
So that first authorisation verification is supplied to the data-requirements side 3 by the ownership of assets person 2.
In the present embodiment, first authorisation verification is sent to the assets institute in first sending module 103
After the person of having the right 2, first authorisation verification is supplied to the data-requirements side 3 by the ownership of assets person 2, so, described
First authorisation verification can be inquired about the generation as voucher by ownership of assets person 2 and the data-requirements side 3
Assets prove.
In the present embodiment, it is supplied to the data to need first authorisation verification for the ownership of assets person 2
The mode of the side of asking 3 is not limited.Such as:The ownership of assets person 2 can use the side such as mail, social software, e-file
First authorisation verification is supplied to the data-requirements side 3 by formula.
Step S15, the first receiving module 104 receives the ownership of assets person 2 and/or the data-requirements side 3 provides
Authorisation verification and querying condition.
Step S16, the first authentication module 105 according to first authorisation verification and add querying condition after encryption money
Production proves that whether are the authorisation verification and querying condition of ownership of assets person 2 described in certification and/or the offer of the data-requirements side 3
Effectively.
In the present embodiment, after first authentication module 105 is according to first authorisation verification and addition querying condition
The assets of encryption prove, the authorisation verification and look into that ownership of assets person 2 described in certification and/or the data-requirements side 3 provide
Whether inquiry condition effectively includes:First authentication module 105 is by the ownership of assets person 2 and/or the data-requirements side 3
The authorisation verification of offer is matched with first authorisation verification, and the ownership of assets person 2 and/or the data are needed
The querying condition that the side of asking 3 provides is matched with the querying condition being previously added in the assets proof of the generation.
In the present embodiment, the result of certification includes:
(1) when the authorisation verification that the ownership of assets person 2 and/or the data-requirements side 3 provide is awarded with described first
Warrant is bright all to be matched, and the querying condition that the ownership of assets person 2 and/or the data-requirements side 3 provide with adding in advance
When the querying condition that entering the assets of the generation proves also all matches, first authentication module 105 confirms the assets institute
The authorisation verification and querying condition that the person of having the right 2 and/or the data-requirements side 3 provide are effective.
(2) when the authorisation verification that the ownership of assets person 2 and/or the data-requirements side 3 provide is awarded with described first
Warrant is bright all to be matched, but the querying condition that the ownership of assets person 2 and/or the data-requirements side 3 provide with adding in advance
When the querying condition that entering the assets of the generation proves not all matches, first authentication module 105 confirms the assets institute
The authorisation verification and querying condition that the person of having the right 2 and/or the data-requirements side 3 provide are invalid.
(3) when the authorisation verification that the ownership of assets person 2 and/or the data-requirements side 3 provide is awarded with described first
Warrant is bright not all to be matched, but the querying condition that provides of the ownership of assets person 2 and/or the data-requirements side 3 with advance
When the querying condition that being incorporated in the assets of the generation proves all matches, first authentication module 105 confirms the assets institute
The authorisation verification and querying condition that the person of having the right 2 and/or the data-requirements side 3 provide are invalid.
(4) when the authorisation verification that the ownership of assets person 2 and/or the data-requirements side 3 provide is awarded with described first
Warrant is bright not all to be matched, and the querying condition that provides of the ownership of assets person 2 and/or the data-requirements side 3 with advance
When the querying condition that being incorporated in the assets of the generation proves also not all matches, first authentication module 105 confirms the money
Authorisation verification and the querying condition for producing ownership person 2 and/or the offer of the data-requirements side 3 are invalid.
Step S17, when the ownership of assets person 2 and/or the authorisation verification and inquiry bar of the offer of the data-requirements side 3
When part is effective, the first assets prove that computing module 106 provides according to the ownership of assets person 2 and/or the data-requirements side 3
Authorisation verification, calculating the ownership of assets person 2 and/or the assets needed for the data-requirements side 3 proves.
In the present embodiment, the assets calculated prove that the assets for being just stored in the data provider 11 prove data
Storehouse 13 or with the assets of the data provider 11 prove that data bank 13 communicates associate in assets proof data bank described in
The assets of the encryption added after querying condition prove.
Step S18, the first assets prove enquiry module 107 from the assets of the data provider 11 prove data bank 13 or
Prove that the assets that associate that data bank 13 communicates prove to obtain what is calculated in data bank with the assets of the data provider 11
Assets prove.
In the present embodiment, the ownership of assets person 2 and the data-requirements side 3 can be member or be non-meeting
Member.
Specifically, when the ownership of assets person 2 and the data-requirements side 3 are members, the ownership of assets person 2
And the data-requirements side 3 can the data provider 11 assets prove data bank 13 or with the data provider 11
Assets prove that any association assets that communicate of data bank 13 prove that obtaining the assets calculated in data bank proves.But
When the ownership of assets person 2 and the data-requirements side 3 are non-members, the ownership of assets person 2 and the data need
The side of asking 3 can be by belonging to the node of member (such as:First assets of the data provider 11 prove enquiry module 107)
Assets corresponding to being connected to prove that obtaining the assets calculated in data bank proves.
In the present embodiment, the association assets prove that data bank includes, but are not limited to following one or more kinds of group
Close:The assets of the ownership of assets person 2 prove that data bank 23, the assets of the data-requirements side 3 prove data bank 33 etc..
Step S19, first sending module 103 prove the assets got to be sent to the ownership of assets person 2
And/or the data-requirements side 3 is so that the ownership of assets person 2 and/or the data-requirements side 3 are gathered around with the authorisation verification
The private key for the person of having proves to be decrypted to the assets got.
In the present embodiment, the assets got proof is sent to the assets institute in first sending module 103
Behind the person of having the right 2 and/or the data-requirements side 3, the ownership of assets person 2 and/or the data-requirements side 3 are with the mandate
Prove the private key of owner proves to be decrypted to the assets got, and with the numerical digit voucher of the data provider 11
Stamped signature verifies that the assets got described in confirmation prove whether to provide for the data to the assets proof got
Produced by side 11.
In the present embodiment, the assets prove that the embodiment of authorization query system 10 also includes:With the side of block chain
Formula is implemented, and the assets prove that authorization query system 10 produces a block on block chain, and the owner of the block is institute
The person 2 that states ownership of assets, the block address of the block is first authorisation verification.
As shown in fig.4, it is the functional module for the second better embodiment that assets of the present invention prove authorization query system
Figure.In the present embodiment, the assets prove that authorization query system 10 can be divided into one or more modules.For example,
The assets prove that authorization query system 10 is divided into the second receiving module 201, the second authentication module 202, the second assets card
Bright generation module 203, the second authorisation verification generation module 204, the second sending module 205, the second assets prove computing module 206
And second assets prove enquiry module 207.Detailed functions on each module will be described specifically in Fig. 5 later.
As shown in fig.5, it is the flow chart for the second better embodiment that assets of the present invention prove authority inquiry method.Root
According to different demands, the order of step can change in the flow chart, and some steps can be omitted or merged.
Step S200, the second receiving module 201, which receives the assets that the data-requirements side 3 is sent, proves application request and the
Two authorisation verifications.
In the present embodiment, second authorisation verification is produced by the ownership of assets person 2, second authorisation verification
Numerical digit voucher stamped signature comprising the ownership of assets person 2, to prove second authorisation verification by the ownership of assets person 2
Produce.
In the present embodiment, the assets prove that application request includes, but are not limited to following one or more kinds of combination:
The proof of identification of the ownership of assets person 2, the title of the ownership of assets person 2, the data-requirements side 3
Proof of identification, the title of the data-requirements side 3, scope of authority condition etc..
Whether step S201, the second authorisation verification described in the certification of the second authentication module 202 are that the ownership of assets person 2 produces
It is raw.
In the present embodiment, second authentication module 202 can pass through the numerical digit voucher label of the ownership of assets person 2
Chapter proves whether second authorisation verification is produced by the ownership of assets person 2.
Step S202, when second authorisation verification is that the ownership of assets person 2 produces, the second assets prove to produce
Module 203 includes the data according to the ownership of assets person 2 in the assets generation that the data provider 11 is managed
The assets of the numerical digit voucher stamped signature of provider 11 are proved, and the assets are proved to add with the public key of the data-requirements side 3
It is close.
In the present embodiment, prove to use the data-requirements different from first preferred embodiment, the assets of generation
The public key of side 3 is encrypted, and subsequently will be also decrypted using the private key of the data-requirements side 3, so, the data-requirements
It just 3 can directly be communicated with the data provider 11, and inquire about the assets to prove, without passing through the assets
Ownership person 2, make the inquiry of the data-requirements side 3 more convenient.
In the present embodiment, the type of the assets includes, but are not limited to the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund etc..
In the present embodiment, the assets prove to include, but are not limited to the combination of following one or more:
Trade date, transaction details, total transaction amount, account balance and currency etc..
In the present embodiment, the assets of the generation prove to be signed with the numerical digit voucher stamped signature of the data provider 11
Chapter, produced with proving that the assets of the generation are proved to be by the data provider 11.
Step S203, second assets prove that generation module 203 proves to add querying condition to the assets of encryption.
In the present embodiment, the querying condition includes, but are not limited to the combination of following one or more:
Password for inquiry, proof of identification, can query time, content etc. can be inquired about.
Step S204, the second authorisation verification generation module 204 prove application request according to the assets, and generation the 3rd authorizes
Prove.
In the present embodiment, the second authorisation verification generation module 204 proves that application request determines according to the assets
The scope of authority, and first authorisation verification is generated according to the scope of authority in a hashed form.
In the present embodiment, the 3rd authorisation verification includes, but are not limited to the combination of following one or more:
The proof of identification of the data ownership person 2, the title of the data ownership person 2, the data provider 11
Proof of identification, the title of the data provider 11, the proof of identification of the data-requirements side 3, the data-requirements side 3
Title, scope of authority condition etc..
In the present embodiment, the scope of authority condition includes, but are not limited to following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject etc..
Step S205, the second sending module 205 by the 3rd authorisation verification and add querying condition after encryption money
Production, which proves to send to the assets of the data provider 11, proves data bank 13.
In the present embodiment, the assets prove that the memory mechanism of data bank 13 looks into the 3rd authorisation verification and addition
The assets of encryption after inquiry condition prove that the assets for being synchronously stored in the ownership of assets person 2 prove data bank 23 and the money
Expecting the assets of party in request 3 proves in data bank 33 that so, the ownership of assets person 2 or the data-requirements side 3 can arrive
Any one assets communicated proves to carry out the inquiry of assets proof in data bank.
Step S206, second sending module 205 send the 3rd authorisation verification to the data-requirements side 3.
Step S207, second receiving module 201 receive authorisation verification and the inquiry bar that the data-requirements side 3 provides
Part.
Step S208, second authentication module 202 is according to adding after the 3rd authorisation verification and addition querying condition
Close assets prove whether the authorisation verification and querying condition that data-requirements side 3 described in certification provides are effective.
In the present embodiment, after second authentication module 202 is according to the 3rd authorisation verification and addition querying condition
The assets of encryption prove whether the authorisation verification and querying condition that data-requirements side 3 described in certification provides effectively include:It is described
Second authentication module 202 is matched the authorisation verification that the data-requirements side 3 provides with the 3rd authorisation verification, and will
The querying condition and be previously added in the querying condition progress of the assets proof of the generation that the data-requirements side 3 provides
Match somebody with somebody.
In the present embodiment, the result of certification includes:
(1) when the authorisation verification that the data-requirements side 3 provides all matches with the 3rd authorisation verification, and the money
The querying condition that material party in request 3 provides is with being previously added when the querying condition of the assets proof of the generation also all matches, institute
State the second authentication module 202 and confirm that the authorisation verification of the offer of data-requirements side 3 and querying condition are effective.
(2) when the authorisation verification that the data-requirements side 3 provides all matches with the 3rd authorisation verification, but the money
The querying condition that material party in request 3 provides is with being previously added when the querying condition of the assets proof of the generation not all matches, institute
State the second authentication module 202 and confirm that the authorisation verification of the offer of data-requirements side 3 and querying condition are invalid.
(3) it is but described when the authorisation verification that the data-requirements side 3 provides not all matches with the 3rd authorisation verification
The querying condition that data-requirements side 3 provides is with being previously added when the querying condition of the assets proof of the generation all matches, institute
State the second authentication module 202 and confirm that the authorisation verification of the offer of data-requirements side 3 and querying condition are invalid.
(4) it is and described when the authorisation verification that the data-requirements side 3 provides not all matches with the 3rd authorisation verification
The querying condition that data-requirements side 3 provides also not all matches with the querying condition being previously added in the assets proof of the generation
When, second authentication module 202 confirms that the authorisation verification of the offer of data-requirements side 3 and querying condition are invalid.
Step S209, when the authorisation verification and effective querying condition of the data-requirements side 3 offer, the second assets prove
The authorisation verification that computing module 206 provides according to the data-requirements side 3, calculate the assets needed for the data-requirements side 3
Prove.
In the present embodiment, the assets calculated prove that the assets for being just stored in the data provider 11 prove data
Storehouse 13 or with the assets of the data provider 11 prove that data bank 13 communicates associate in assets proof data bank described in
The assets of the encryption added after querying condition prove.
Step S210, the second assets prove that enquiry module 207 proves data bank 13 from the assets of the data provider 11
Or prove to obtain in data bank and calculate with the assets that associate that the assets of the data provider 11 prove that data bank 13 communicates
Assets prove.
In the present embodiment, the data-requirements side 3 can be member either non-member.
Specifically, when the data-requirements side 3 is member, the data-requirements side 3 can be in the data provider
11 assets prove data bank 13 or prove that any association that data bank 13 communicates provides with the assets of the data provider 11
Production proves that obtaining the assets calculated in data bank proves.But when the data-requirements side 3 is non-member, the data
Party in request 3 can be by belonging to the node of member (such as:Second assets of the data provider 11 prove enquiry module
207) assets corresponding to being connected to prove that obtaining the assets calculated in data bank proves.
In the present embodiment, the association assets prove that data bank includes, but are not limited to following one or more kinds of group
Close:The assets of the ownership of assets person 2 prove that data bank 23, the assets of the data-requirements side 3 prove data bank 33 etc..
Step S211, second sending module 205 by the assets got prove be sent to the data-requirements side 3 with
The data-requirements side 3 is set to prove to be decrypted to the assets got with the private key of the data-requirements side 3.
In the present embodiment, the assets got are proved that being sent to the data needs in second sending module 205
Behind the side of asking 3, the data-requirements side 3 proves to be decrypted with the private key of the data-requirements side 3 to the assets got,
And the assets got are proved to verify with the numerical digit voucher stamped signature of the data provider 11, confirm the acquisition
To assets prove whether as produced by the data provider 11.
In the present embodiment, the assets prove that the embodiment of authorization query system 10 also includes:With the side of block chain
Formula is implemented, and the assets prove that authorization query system 10 produces a block on block chain, and the owner of the block is institute
Data-requirements side 3 is stated, the block address of the block is the 3rd authorisation verification.
The above embodiments are merely illustrative of the technical solutions of the present invention and it is unrestricted, although with reference to above preferred embodiment pair
The present invention is described in detail, it will be understood by those within the art that, technical scheme can be carried out
Modification or equivalent substitution should not all depart from the spirit and scope of technical solution of the present invention.
In several embodiments provided by the present invention, it should be understood that disclosed system, apparatus and method can be with
Realized through other modes.For example, device embodiment described above is only schematical, for example, the module
Division, only a kind of division of logic function, can there is other dividing mode when actually realizing.
The module illustrated as separating component can be or may not be physically separate, show as module
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of module therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional module in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of hardware adds software function module.
The above-mentioned integrated unit realized in the form of software function module, can be stored in a computer-readable storage
Deposit in medium.Above-mentioned software function module is stored in a storage medium, including some instructions are causing a computer
It is each that equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the present invention
The part steps of embodiment methods described.
Some computer product claims in subsequent application the scope of the claims all using computer program flow as foundation, with
Computer program flow content in foregoing flow chart corresponds to consistent.Therefore, these computer product claims, it should be understood that
The functional module framework of foregoing solutions is realized for the main computer program recorded through specification, and is not construed as
The entity apparatus of the solution is mainly realized by hardware mode.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended Shen
Please the scope of the claims rather than described above limit, it is intended that implication and scope in the equivalency of claim will be fallen
Interior all changes are included in the present invention.Any attached associated diagram mark in claim should not be considered as involved by limitation
And claim.Furthermore, it is to be understood that the word of " comprising " one is not excluded for other units or step, odd number is not excluded for plural number.System
The multiple units or device stated in claim can also pass through software or hardware Lai real by a unit or device
It is existing.The word such as " first ", " second " (if present) is used for representing title, and is not offered as any specific order.
Finally it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention and it is unrestricted, although reference
The present invention is described in detail for preferred embodiment, it will be understood by those within the art that, can be to the present invention's
Technical scheme is modified or equivalent substitution, without departing from the spirit and scope of technical solution of the present invention.
Claims (36)
1. a kind of assets prove authorization query system, applied to data provider, the assets prove authorization query system and money
Production ownership person and data-requirements side communicate, it is characterised in that the assets prove that authorization query system includes:
First assets prove generation module, for proving application request in the assets for receiving the ownership of assets person transmission, and
After the identity of the ownership of assets person is by certification, it is managed according to the ownership of assets person in the data provider
Assets generation proved comprising the assets of the data provider numerical digit voucher stamped signature, and with the identity of the ownership of assets person
The public key of authorisation verification owner proves to be encrypted to the assets;
First assets prove generation module, are additionally operable to that the assets of encryption are proved to add querying condition;
First authorisation verification generation module, for proving application request according to the assets, generate the first authorisation verification;
First sending module, for proving to send extremely by the assets of the encryption after first authorisation verification and addition querying condition
The assets of the data provider prove data bank;
First sending module, it is additionally operable to send first authorisation verification to the ownership of assets person so that the money
First authorisation verification is supplied to the data-requirements side by production ownership person;
First receiving module, for receive authorisation verification that the ownership of assets person and/or the data-requirements side provide and
Querying condition;
First authentication module, for being proved according to the assets of the encryption after first authorisation verification and addition querying condition, recognize
Whether authorisation verification and the querying condition for demonstrate,proving the ownership of assets person and/or data-requirements side offer are effective;
First assets prove computing module, for when the mandate of the ownership of assets person and/or data-requirements side offer
When proof and querying condition are effective, according to the ownership of assets person and/or the authorisation verification of data-requirements side offer, fortune
Calculating the ownership of assets person and/or the assets needed for the data-requirements side proves;
First assets prove enquiry module, for proving data bank from the assets of the data provider or being provided with the data
The assets of side prove that the association assets that data bank communicates prove that obtaining the assets calculated in data bank proves;
First sending module, it is additionally operable to prove the assets got to be sent to the ownership of assets person and/or described
Data-requirements side so that the ownership of assets person and/or the data-requirements side with the private key pair of the authorisation verification owner
The assets got prove to be decrypted.
2. assets as claimed in claim 1 prove authorization query system, it is characterised in that according to the ownership of assets person
It is proved in assets of the assets generation comprising the data provider numerical digit voucher stamped signature that the data provider is managed
Before, first receiving module is additionally operable to:
The identity for the ownership of assets person that authentication center sends is received by the authentication information of certification, is believed according to the certification
Breath determines that the identity of the ownership of assets person passes through certification;
The authentication center it is determined that the ownership of assets person identity by certification after, for the ownership of assets person generate
The identity of one authorisation verification owner, and one group of public key and private key are generated for the authorisation verification owner, in the certification
Pericardium includes the combination of following one or more:
The authentication center of the data provider, the authentication center communicated with the data provider.
3. assets as claimed in claim 1 prove authorization query system, it is characterised in that first authorisation verification produces mould
Block is specifically used for:
Prove that application request determines the scope of authority according to the assets, and according to the scope of authority generates in a hashed form
First authorisation verification.
4. assets as claimed in claim 1 prove authorization query system, it is characterised in that first authentication module is according to institute
The assets of encryption stated the first authorisation verification and added after querying condition prove, ownership of assets person described in certification and/or described
Whether the authorisation verification and querying condition that data-requirements side provides effectively include:
The authorisation verification that the ownership of assets person and/or the data-requirements side are provided is carried out with first authorisation verification
Matching, and the querying condition that the ownership of assets person and/or the data-requirements side are provided is with being previously added in the life
Into assets prove querying condition matched;
The authorisation verification and first authorisation verification provided when the ownership of assets person and/or the data-requirements side is all
Match somebody with somebody, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the generation
The querying condition that proves of assets when also all matching, confirm the ownership of assets person and/or the data-requirements side provide
Authorisation verification and querying condition are effective;Or
The authorisation verification and first authorisation verification provided when the ownership of assets person and/or the data-requirements side is all
Match somebody with somebody, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the generation
The querying condition that proves of assets when not all matching, confirm the ownership of assets person and/or the data-requirements side provide
Authorisation verification and querying condition are invalid;Or
When the authorisation verification that the ownership of assets person and/or the data-requirements side provide with first authorisation verification not all
Matching, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the life
Into the querying condition that proves of assets all match when, confirm what the ownership of assets person and/or the data-requirements side provided
Authorisation verification and querying condition are invalid;Or
When the authorisation verification that the ownership of assets person and/or the data-requirements side provide with first authorisation verification not all
Matching, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the life
Into assets prove querying condition also not all match when, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are invalid.
5. the assets as any one of Claims 1-4 prove authorization query system, it is characterised in that:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
6. the assets as any one of Claims 1-4 prove authorization query system, it is characterised in that described first awards
The bright combination for including following one or more of warrant:
The proof of identification of the data ownership person, the title of the data ownership person, the identity card of the data provider
The title of bright, described data provider, the proof of identification of the data-requirements side, the title of the data-requirements side, mandate model
Foxing part;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
7. the assets as any one of Claims 1-4 prove authorization query system, it is characterised in that the inquiry bar
Part includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
8. the assets as any one of Claims 1-4 prove authorization query system, it is characterised in that the data carries
The corresponding assets of supplier prove data bank, and the corresponding assets of the ownership of assets person prove data bank, and the data needs
The corresponding assets in the side of asking prove data bank, and the assets of the data provider prove data bank, the ownership of assets person
Assets prove that the assets of data bank and the data-requirements side prove that data bank communicates, and the assets of the data provider
Prove that data bank, the assets of the ownership of assets person prove that the assets of data bank and the data-requirements side prove that data bank is
The synchronous mechanism of distributing, the assets of the data provider prove that data bank is used to store first authorisation verification and addition
The assets of encryption after querying condition are proved, and the assets of the encryption after first authorisation verification and addition querying condition are demonstrate,proved
The bright assets for being synchronously stored in the ownership of assets person prove that the assets of data bank and the data-requirements side prove data bank.
9. the assets as any one of Claims 1-4 prove authorization query system, it is characterised in that the assets card
The embodiment of bright authorization query system also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block owns for the assets
Quan Zhe, the block address of the block is first authorisation verification.
10. a kind of assets prove authorization query system, applied to data provider, the assets prove authorization query system and money
Material party in request communicates, and the data-requirements side communicates with ownership of assets person, it is characterised in that the assets prove to authorize
Inquiry system includes:
Second receiving module, application request and the second authorisation verification are proved for receiving the assets that the data-requirements side is sent;
Second authentication module, whether it is that the ownership of assets person produces for the second authorisation verification described in certification;
Second assets prove generation module, for when second authorisation verification is that the ownership of assets person produces, according to
The ownership of assets person includes the data provider numerical digit voucher in the assets generation that the data provider is managed
The assets of stamped signature are proved, and the assets are proved to be encrypted with the public key of the data-requirements side;
Second assets prove generation module, are additionally operable to that the assets of encryption are proved to add querying condition;
Second authorisation verification generation module, for proving application request according to the assets, generate the 3rd authorisation verification;
Second sending module, for proving to send extremely by the assets of the encryption after the 3rd authorisation verification and addition querying condition
The assets of the data provider prove data bank;
Second sending module, it is additionally operable to send the 3rd authorisation verification to the data-requirements side;
Second receiving module, it is additionally operable to receive authorisation verification and the querying condition that the data-requirements side provides;
Second authentication module, it is additionally operable to be demonstrate,proved according to the assets of the encryption after the 3rd authorisation verification and addition querying condition
Bright, whether the authorisation verification and querying condition that data-requirements side described in certification provides are effective;
Second assets prove computing module, for provided when the data-requirements side authorisation verification and effective querying condition when,
The authorisation verification provided according to the data-requirements side, calculating the assets needed for the data-requirements side proves;
Second assets prove enquiry module, for proving data bank from the assets of the data provider or being provided with the data
The assets of side prove that the association assets that data bank communicates prove that obtaining the assets calculated in data bank proves;
Second sending module, it is additionally operable to prove the assets got to be sent to the data-requirements side so that the data
Party in request proves to be decrypted with the private key of the data-requirements side to the assets got.
11. assets as claimed in claim 10 prove authorization query system, it is characterised in that second authorisation verification produces
Module is specifically used for:
Prove that application request determines the scope of authority according to the assets, and according to the scope of authority generates in a hashed form
3rd authorisation verification.
12. assets as claimed in claim 10 prove authorization query system, it is characterised in that second authentication module according to
3rd authorisation verification and the assets of encryption added after querying condition prove, the mandate that data-requirements side described in certification provides
Prove and whether querying condition effectively includes:
The authorisation verification that the data-requirements side provides is matched with the 3rd authorisation verification, and by the data-requirements
The querying condition just provided is matched with the querying condition being previously added in the assets proof of the generation;
When the authorisation verification that the data-requirements side provides all matches with the 3rd authorisation verification, and the data-requirements side
The querying condition of offer confirms the data with being previously added when the querying condition of the assets proof of the generation also all matches
The authorisation verification and querying condition that party in request provides are effective;Or
When the authorisation verification that the data-requirements side provides all matches with the 3rd authorisation verification, but the data-requirements side
The querying condition of offer confirms the data with being previously added when the querying condition of the assets proof of the generation not all matches
The authorisation verification and querying condition that party in request provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, but data-requirements
The querying condition just provided confirms the data with being previously added when the querying condition of the assets proof of the generation all matches
The authorisation verification and querying condition that party in request provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, and data-requirements
The querying condition just provided is with being previously added when the querying condition of the assets proof of the generation also not all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are invalid.
13. the assets as any one of claim 10 to 12 prove authorization query system, it is characterised in that:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
14. the assets as any one of claim 10 to 12 prove authorization query system, it is characterised in that the described 3rd
Authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the identity card of the data provider
The title of bright, described data provider, the proof of identification of the data-requirements side, the title of the data-requirements side, mandate model
Foxing part;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
15. the assets as any one of claim 10 to 12 prove authorization query system, it is characterised in that the inquiry
Condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
16. the assets as any one of claim 10 to 12 prove authorization query system, it is characterised in that the data
The corresponding assets of provider prove data bank, and the corresponding assets of the ownership of assets person prove data bank, the data
The corresponding assets of party in request prove data bank, and the assets of the data provider prove data bank, the ownership of assets person
Assets prove that the assets of data bank and the data-requirements side prove that data bank communicates, and the money of the data provider
Production proves that data bank, the assets of the ownership of assets person prove that the assets of data bank and the data-requirements side prove data bank
It is the synchronous mechanism of distributing, the assets of the data provider prove that data bank is used to store the 3rd authorisation verification and added
Entering the assets of the encryption after querying condition proves, and by the 3rd authorisation verification and add querying condition after encryption assets
Prove that the assets for being synchronously stored in the ownership of assets person prove that the assets of data bank and the data-requirements side prove data
Storehouse.
17. the assets as any one of claim 10 to 12 prove authorization query system, it is characterised in that the assets
Proving the embodiment of authorization query system also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block is the data-requirements
Side, the block address of the block is the 3rd authorisation verification.
18. a kind of assets prove authority inquiry method, it is characterised in that the assets prove that authority inquiry method includes:
Application request is proved in the assets for receiving the ownership of assets person transmission, and the identity of the ownership of assets person passes through
After certification, provided according to the ownership of assets person in the assets generation that the data provider is managed comprising the data
The assets of number formulary position voucher stamped signature prove, and prove the public key of owner to described with the identification authorization of the ownership of assets person
Assets prove to be encrypted;
The assets of encryption are proved to add querying condition;
Application request is proved according to the assets, generates the first authorisation verification;
The assets of encryption after first authorisation verification and addition querying condition are proved to send to the data provider's
Assets prove data bank;
First authorisation verification is sent to the ownership of assets person so that the ownership of assets person awards described first
Warrant is bright to be supplied to the data-requirements side;
The authorisation verification and querying condition of the ownership of assets person and/or data-requirements side offer are provided;
Proved according to the assets of the encryption after first authorisation verification and addition querying condition, ownership of assets person described in certification
And/or whether the authorisation verification and querying condition of data-requirements side's offer are effective;
When the authorisation verification and effective querying condition of the ownership of assets person and/or data-requirements side offer, according to
The authorisation verification that the ownership of assets person and/or the data-requirements side provide, calculate the ownership of assets person and/or
Assets needed for the data-requirements side prove;
Data bank is proved from the assets of the data provider or proves that data bank communicates with the assets of the data provider
Association assets prove to obtain the assets calculated in data bank and prove;
The assets got are proved to be sent to the ownership of assets person and/or the data-requirements side so that assets institute
The person of having the right and/or the data-requirements side prove to carry out with the private key of the authorisation verification owner to the assets got
Decryption.
19. assets as claimed in claim 18 prove authority inquiry method, it is characterised in that according to the ownership of assets
Person proves in assets of the assets generation comprising the data provider numerical digit voucher stamped signature that the data provider is managed
Before, methods described also includes:
The identity for the ownership of assets person that authentication center sends is received by the authentication information of certification, is believed according to the certification
Breath determines that the identity of the ownership of assets person passes through certification;
The authentication center it is determined that the ownership of assets person identity by certification after, for the ownership of assets person generate
The identity of one authorisation verification owner, and one group of public key and private key are generated for the authorisation verification owner, in the certification
Pericardium includes the combination of following one or more:
The authentication center of the data provider, the authentication center communicated with the data provider.
20. assets as claimed in claim 18 prove authority inquiry method, it is characterised in that described to be proved according to the assets
Application request, the first authorisation verification of generation include:
Prove that application request determines the scope of authority according to the assets, and according to the scope of authority generates in a hashed form
First authorisation verification.
21. assets as claimed in claim 18 prove authority inquiry method, it is characterised in that described to be authorized according to described first
The assets of encryption for proving and adding after querying condition prove, ownership of assets person described in certification and/or the data-requirements side
Whether the authorisation verification and querying condition of offer effectively include:
The authorisation verification that the ownership of assets person and/or the data-requirements side are provided is carried out with first authorisation verification
Matching, and the querying condition that the ownership of assets person and/or the data-requirements side are provided is with being previously added in the life
Into assets prove querying condition matched;
The authorisation verification and first authorisation verification provided when the ownership of assets person and/or the data-requirements side is all
Match somebody with somebody, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the generation
The querying condition that proves of assets when also all matching, confirm the ownership of assets person and/or the data-requirements side provide
Authorisation verification and querying condition are effective;Or
The authorisation verification and first authorisation verification provided when the ownership of assets person and/or the data-requirements side is all
Match somebody with somebody, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the generation
The querying condition that proves of assets when not all matching, confirm the ownership of assets person and/or the data-requirements side provide
Authorisation verification and querying condition are invalid;Or
When the authorisation verification that the ownership of assets person and/or the data-requirements side provide with first authorisation verification not all
Matching, but the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the life
Into the querying condition that proves of assets all match when, confirm what the ownership of assets person and/or the data-requirements side provided
Authorisation verification and querying condition are invalid;Or
When the authorisation verification that the ownership of assets person and/or the data-requirements side provide with first authorisation verification not all
Matching, and the querying condition that the ownership of assets person and/or the data-requirements side provide is with being previously added in the life
Into assets prove querying condition also not all match when, confirm that the ownership of assets person and/or the data-requirements side carry
The authorisation verification and querying condition of confession are invalid.
22. the assets as any one of claim 18 to 21 prove authority inquiry method, it is characterised in that:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
23. the assets as any one of claim 18 to 21 prove authority inquiry method, it is characterised in that described first
Authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the identity card of the data provider
The title of bright, described data provider, the proof of identification of the data-requirements side, the title of the data-requirements side, mandate model
Foxing part;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
24. the assets as any one of claim 18 to 21 prove authority inquiry method, it is characterised in that the inquiry
Condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
25. the assets as any one of claim 18 to 21 prove authority inquiry method, it is characterised in that the data
The corresponding assets of provider prove data bank, and the corresponding assets of the ownership of assets person prove data bank, the data
The corresponding assets of party in request prove data bank, and the assets of the data provider prove data bank, the ownership of assets person
Assets prove that the assets of data bank and the data-requirements side prove that data bank communicates, and the money of the data provider
Production proves that data bank, the assets of the ownership of assets person prove that the assets of data bank and the data-requirements side prove data bank
It is the synchronous mechanism of distributing, the assets of the data provider prove that data bank is used to store first authorisation verification and added
Entering the assets of the encryption after querying condition proves, and by first authorisation verification and add querying condition after encryption assets
Prove that the assets for being synchronously stored in the ownership of assets person prove that the assets of data bank and the data-requirements side prove data
Storehouse.
26. the assets as any one of claim 18 to 21 prove authority inquiry method, it is characterised in that the assets
Proving the embodiment of authority inquiry method also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block owns for the assets
Quan Zhe, the block address of the block is first authorisation verification.
27. a kind of assets prove authority inquiry method, it is characterised in that the assets prove that authority inquiry method includes:
Receiving the assets that the data-requirements side is sent proves application request and the second authorisation verification;
Whether the second authorisation verification described in certification is that the ownership of assets person produces;
When second authorisation verification is that the ownership of assets person produces, according to the ownership of assets person in the data
The assets that provider is managed generate the assets comprising the data provider numerical digit voucher stamped signature and proved, and with the data
The public key of party in request proves to be encrypted to the assets;
The assets of encryption are proved to add querying condition;
Application request is proved according to the assets, generates the 3rd authorisation verification;
The assets of encryption after 3rd authorisation verification and addition querying condition are proved to send to the data provider's
Assets prove data bank;
3rd authorisation verification is sent to the data-requirements side;
Receive authorisation verification and the querying condition that the data-requirements side provides;
Prove that data-requirements side carries described in certification according to the assets of the encryption after the 3rd authorisation verification and addition querying condition
Whether the authorisation verification and querying condition of confession are effective;
When the authorisation verification and effective querying condition of data-requirements side offer, awarded according to what the data-requirements side provided
Warrant is bright, and calculating the assets needed for the data-requirements side proves;
Data bank is proved from the assets of the data provider or proves that data bank communicates with the assets of the data provider
Association assets prove to obtain the assets calculated in data bank and prove;
The assets got are proved to be sent to the data-requirements side so that the data-requirements side is with the data-requirements side
Private key the assets that get are proved to be decrypted.
28. assets as claimed in claim 27 prove authority inquiry method, it is characterised in that described to be proved according to the assets
Application request, the 3rd authorisation verification of generation include:
Prove that application request determines the scope of authority according to the assets, and according to the scope of authority generates in a hashed form
3rd authorisation verification.
29. assets as claimed in claim 27 prove authority inquiry method, it is characterised in that described to be authorized according to the described 3rd
The assets of encryption for proving and adding after querying condition prove, the authorisation verification and inquiry bar that data-requirements side described in certification provides
Whether part effectively includes:
The authorisation verification that the data-requirements side provides is matched with the 3rd authorisation verification, and by the data-requirements
The querying condition just provided is matched with the querying condition being previously added in the assets proof of the generation;
When the authorisation verification that the data-requirements side provides all matches with the 3rd authorisation verification, and the data-requirements side
The querying condition of offer confirms the data with being previously added when the querying condition of the assets proof of the generation also all matches
The authorisation verification and querying condition that party in request provides are effective;Or
When the authorisation verification that the data-requirements side provides all matches with the 3rd authorisation verification, but the data-requirements side
The querying condition of offer confirms the data with being previously added when the querying condition of the assets proof of the generation not all matches
The authorisation verification and querying condition that party in request provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, but data-requirements
The querying condition just provided confirms the data with being previously added when the querying condition of the assets proof of the generation all matches
The authorisation verification and querying condition that party in request provides are invalid;Or
When the authorisation verification that the data-requirements side provides not all matches with the 3rd authorisation verification, and data-requirements
The querying condition just provided is with being previously added when the querying condition of the assets proof of the generation also not all matches, described in confirmation
The authorisation verification and querying condition that data-requirements side provides are invalid.
30. the assets as any one of claim 27 to 29 prove authority inquiry method, it is characterised in that:
The type of the assets includes the combination of following one or more:
Cash in banks, foreign currency, stock, bond, fund;
The assets prove the combination for including following one or more:
Trade date, transaction details, total transaction amount, account balance and currency.
31. the assets as any one of claim 27 to 29 prove authority inquiry method, it is characterised in that the described 3rd
Authorisation verification includes the combination of following one or more:
The proof of identification of the data ownership person, the title of the data ownership person, the identity card of the data provider
The title of bright, described data provider, the proof of identification of the data-requirements side, the title of the data-requirements side, mandate model
Foxing part;
Wherein, the scope of authority condition includes following one or more kinds of combination:
Valid period, the maximum times of inquiry, inquiry section purpose time point, inquiry subject.
32. the assets as any one of claim 27 to 29 prove authority inquiry method, it is characterised in that the inquiry
Condition includes the combination of following one or more:
Password for inquiry, proof of identification, can query time, content can be inquired about.
33. the assets as any one of claim 27 to 29 prove authority inquiry method, it is characterised in that the data
The corresponding assets of provider prove data bank, and the corresponding assets of the ownership of assets person prove data bank, the data
The corresponding assets of party in request prove data bank, and the assets of the data provider prove data bank, the ownership of assets person
Assets prove that the assets of data bank and the data-requirements side prove that data bank communicates, and the money of the data provider
Production proves that data bank, the assets of the ownership of assets person prove that the assets of data bank and the data-requirements side prove data bank
It is the synchronous mechanism of distributing, the assets of the data provider prove that data bank is used to store the 3rd authorisation verification and added
Entering the assets of the encryption after querying condition proves, and by the 3rd authorisation verification and add querying condition after encryption assets
Prove that the assets for being synchronously stored in the ownership of assets person prove that the assets of data bank and the data-requirements side prove data
Storehouse.
34. the assets as any one of claim 27 to 29 prove authority inquiry method, it is characterised in that the assets
Proving the embodiment of authority inquiry method also includes:
Implemented in a manner of block chain, produce a block on block chain, the owner of the block is the data-requirements
Side, the block address of the block is the 3rd authorisation verification.
35. a kind of electronic installation, it is characterised in that the electronic installation includes memory and processor, and the memory is used for
At least one instruction is stored, such as right will to realize for performing the computer program stored in the memory for the processor
The assets any one of 18 to 26 are asked to prove authority inquiry method, and/or as any one of claim 27 to 34
Assets prove authority inquiry method.
36. a kind of computer-readable recording medium, it is characterised in that the computer-readable recording medium storage has at least one
Instruction, at least one instruction realize that the assets as any one of claim 18 to 26 prove when being executed by processor
Authority inquiry method, and/or the assets proof authority inquiry method as any one of claim 27 to 34.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW106137280A TWI650723B (en) | 2017-10-30 | 2017-10-30 | Asset certificate authorization query method and system |
TW106137280 | 2017-10-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107832632A true CN107832632A (en) | 2018-03-23 |
CN107832632B CN107832632B (en) | 2020-07-03 |
Family
ID=61654321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711121632.3A Active CN107832632B (en) | 2017-10-30 | 2017-11-14 | Asset certification authorization query method, system, electronic device and computer readable storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107832632B (en) |
TW (1) | TWI650723B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361688A (en) * | 2018-11-16 | 2019-02-19 | 大唐高鸿信息通信研究院(义乌)有限公司 | It is a kind of that card method and system are deposited based on 5G framework and block chain |
CN109669955A (en) * | 2018-12-20 | 2019-04-23 | 姚前 | A kind of digital asset inquiry system and method based on block chain |
CN110245472A (en) * | 2019-01-16 | 2019-09-17 | 腾讯科技(深圳)有限公司 | Identity identifying method, personal security's core nodes and medium |
CN111932261A (en) * | 2020-09-22 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Asset data management method and device based on verifiable statement |
CN112231744A (en) * | 2019-07-15 | 2021-01-15 | 天逸财金科技服务股份有限公司 | Method and system for limiting reading of open files |
TWI759090B (en) * | 2021-01-29 | 2022-03-21 | 國立中興大學 | Platform login method |
CN114465734A (en) * | 2022-04-11 | 2022-05-10 | 成方金融科技有限公司 | Investor authentication method, authentication mechanism, authentication system, and storage medium |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3673617B1 (en) * | 2019-03-27 | 2021-11-17 | Advanced New Technologies Co., Ltd. | Retrieving public data for blockchain networks using trusted execution environments |
CN111066286B (en) | 2019-03-27 | 2023-02-28 | 创新先进技术有限公司 | Retrieving common data for blockchain networks using high availability trusted execution environments |
KR102274294B1 (en) | 2019-03-29 | 2021-07-08 | 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. | How to retrieve access data to a blockchain network using a highly available trusted execution environment |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040205011A1 (en) * | 1997-10-27 | 2004-10-14 | Bank Of America Corporation | Open-architecture system for real-time consolidation of information from multiple financial systems |
TW200424866A (en) * | 2002-12-19 | 2004-11-16 | Ibm | Method and system for peer-to-peer authorization |
CN1667630A (en) * | 2005-04-08 | 2005-09-14 | 王志坚 | Finance and taxation monitoring method and system based on transaction original certificate data |
CN1991854A (en) * | 2005-12-27 | 2007-07-04 | 台湾积体电路制造股份有限公司 | Data archiving and accessing methods and systems |
CN103295126A (en) * | 2012-03-02 | 2013-09-11 | 刘家焜 | Transaction document method capable of being trusted |
CN103391196A (en) * | 2013-07-04 | 2013-11-13 | 黄铁军 | Asset digital authentication method and device |
TW201407521A (en) * | 2012-08-10 | 2014-02-16 | Yan-Ru Zhou | Transaction certificate management system and its method |
CN104125063A (en) * | 2013-04-28 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Authentication method, equipment and system |
CN105095693A (en) * | 2015-07-13 | 2015-11-25 | 江苏简果科技发展有限公司 | Method and system for safely sharing digital asset based on Internet |
CN105956923A (en) * | 2016-04-20 | 2016-09-21 | 上海如鸽投资有限公司 | Asset transaction platform and digital certification and transaction method for assets |
US20160277412A1 (en) * | 2010-11-17 | 2016-09-22 | Invysta Technology Group | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
CN106611372A (en) * | 2016-12-27 | 2017-05-03 | 深圳微众税银信息服务有限公司 | Credit investigation data query method and credit investigation data query system |
TWM545952U (en) * | 2017-05-09 | 2017-07-21 | 兆豐國際商業銀行股份有限公司 | System for account authority and verification process management |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104966194A (en) * | 2015-07-21 | 2015-10-07 | 深圳市淘淘谷信息技术有限公司 | Composite cash register method and intelligent cash register system therefor |
TWM539666U (en) * | 2016-12-15 | 2017-04-11 | 彰化商業銀行股份有限公司 | Integrated account system |
-
2017
- 2017-10-30 TW TW106137280A patent/TWI650723B/en active
- 2017-11-14 CN CN201711121632.3A patent/CN107832632B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040205011A1 (en) * | 1997-10-27 | 2004-10-14 | Bank Of America Corporation | Open-architecture system for real-time consolidation of information from multiple financial systems |
TW200424866A (en) * | 2002-12-19 | 2004-11-16 | Ibm | Method and system for peer-to-peer authorization |
CN1667630A (en) * | 2005-04-08 | 2005-09-14 | 王志坚 | Finance and taxation monitoring method and system based on transaction original certificate data |
CN1991854A (en) * | 2005-12-27 | 2007-07-04 | 台湾积体电路制造股份有限公司 | Data archiving and accessing methods and systems |
US20160277412A1 (en) * | 2010-11-17 | 2016-09-22 | Invysta Technology Group | Methodology for identifying local/mobile client computing devices using a network based database containing records of hashed distinctive hardware, software, and user provided biometric makers for authorization of electronic transactions and right of entry to secure locations |
CN103295126A (en) * | 2012-03-02 | 2013-09-11 | 刘家焜 | Transaction document method capable of being trusted |
TW201407521A (en) * | 2012-08-10 | 2014-02-16 | Yan-Ru Zhou | Transaction certificate management system and its method |
CN104125063A (en) * | 2013-04-28 | 2014-10-29 | 腾讯科技(深圳)有限公司 | Authentication method, equipment and system |
CN103391196A (en) * | 2013-07-04 | 2013-11-13 | 黄铁军 | Asset digital authentication method and device |
CN105095693A (en) * | 2015-07-13 | 2015-11-25 | 江苏简果科技发展有限公司 | Method and system for safely sharing digital asset based on Internet |
CN105956923A (en) * | 2016-04-20 | 2016-09-21 | 上海如鸽投资有限公司 | Asset transaction platform and digital certification and transaction method for assets |
CN106611372A (en) * | 2016-12-27 | 2017-05-03 | 深圳微众税银信息服务有限公司 | Credit investigation data query method and credit investigation data query system |
TWM545952U (en) * | 2017-05-09 | 2017-07-21 | 兆豐國際商業銀行股份有限公司 | System for account authority and verification process management |
Non-Patent Citations (1)
Title |
---|
姜文广等: "面向第三方服务平台的隐私保护", 《兰州大学学报(自然科学版)》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361688A (en) * | 2018-11-16 | 2019-02-19 | 大唐高鸿信息通信研究院(义乌)有限公司 | It is a kind of that card method and system are deposited based on 5G framework and block chain |
CN109361688B (en) * | 2018-11-16 | 2021-01-22 | 大唐高鸿信息通信(义乌)有限公司 | Evidence storing method and system based on 5G architecture and block chain |
CN109669955A (en) * | 2018-12-20 | 2019-04-23 | 姚前 | A kind of digital asset inquiry system and method based on block chain |
CN110245472A (en) * | 2019-01-16 | 2019-09-17 | 腾讯科技(深圳)有限公司 | Identity identifying method, personal security's core nodes and medium |
CN110245472B (en) * | 2019-01-16 | 2021-05-11 | 腾讯科技(深圳)有限公司 | Identity authentication method, personal security kernel node, and medium |
CN112231744A (en) * | 2019-07-15 | 2021-01-15 | 天逸财金科技服务股份有限公司 | Method and system for limiting reading of open files |
CN112231744B (en) * | 2019-07-15 | 2024-02-02 | 天逸财金科技服务股份有限公司 | Method and system for limiting and reading public file |
CN111932261A (en) * | 2020-09-22 | 2020-11-13 | 支付宝(杭州)信息技术有限公司 | Asset data management method and device based on verifiable statement |
TWI759090B (en) * | 2021-01-29 | 2022-03-21 | 國立中興大學 | Platform login method |
CN114465734A (en) * | 2022-04-11 | 2022-05-10 | 成方金融科技有限公司 | Investor authentication method, authentication mechanism, authentication system, and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN107832632B (en) | 2020-07-03 |
TWI650723B (en) | 2019-02-11 |
TW201812673A (en) | 2018-04-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107832632A (en) | Asset certification authorization query method, system, electronic device and computer readable storage medium | |
KR102636102B1 (en) | Computer-implemented methods and systems for validating tokens for blockchain-based cryptocurrencies | |
CN108848063B (en) | Block chain-based data processing method, system and computer-readable storage medium | |
CN109242675B (en) | Asset publishing method and device based on block chain and electronic equipment | |
CN108292401B (en) | Secure digital data manipulation | |
CN107274139B (en) | Bill data management method and computer-readable medium | |
US20200127813A1 (en) | Method and system for creating a user identity | |
US20190149328A1 (en) | System for digital identity authentication and methods of use | |
US11715099B2 (en) | Method and system for trust-based payments via blockchain | |
US20200193432A1 (en) | Method and system for settling a blockchain transaction | |
CN110383757A (en) | System and method for safe handling electronic identity | |
CN109118217A (en) | The method and system indexed is registered to consumer using block chain | |
US20150356523A1 (en) | Decentralized identity verification systems and methods | |
CN106790431A (en) | Cloud manufacturing service Transaction Information record system and method based on block chain | |
CN109544331A (en) | Supply chain financial application method, apparatus and terminal device based on block chain | |
JP3228339U (en) | Personal authentication and verification system and method | |
CN111369730B (en) | Voting processing method and device based on block chain | |
JPH09500977A (en) | Restricted blind signature | |
EP3837828A1 (en) | Secure data transfer system and method | |
CN107622210A (en) | Authentication and the data query method and system of authorisation verification | |
CN110599332A (en) | Block chain-based user intention determination method, device, equipment and storage medium | |
CN114418570A (en) | Block chain-based non-homogeneous evidence-based processing method and device | |
WO2019191579A1 (en) | System and methods for recording codes in a distributed environment | |
CN112259190B (en) | Medical information trusted circulation method, device and system based on block chain | |
CN115170132B (en) | Payment method suitable for high-speed post network member system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |