CN109492424B - Data asset management method, data asset management device, and computer-readable medium - Google Patents

Data asset management method, data asset management device, and computer-readable medium Download PDF

Info

Publication number
CN109492424B
CN109492424B CN201811153080.9A CN201811153080A CN109492424B CN 109492424 B CN109492424 B CN 109492424B CN 201811153080 A CN201811153080 A CN 201811153080A CN 109492424 B CN109492424 B CN 109492424B
Authority
CN
China
Prior art keywords
data asset
identity
user
node
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811153080.9A
Other languages
Chinese (zh)
Other versions
CN109492424A (en
Inventor
褚秋实
左龙龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811153080.9A priority Critical patent/CN109492424B/en
Priority to PCT/CN2018/123516 priority patent/WO2020062667A1/en
Publication of CN109492424A publication Critical patent/CN109492424A/en
Application granted granted Critical
Publication of CN109492424B publication Critical patent/CN109492424B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Abstract

The embodiment of the invention discloses a data asset management method, a data asset management device and a computer readable medium, wherein the method comprises the following steps: the system node receives a data asset extraction request; acquiring first identity mapping information corresponding to the first user address identifier from a federation chain account book, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint; after the identity of the first user passes through the authentication by using the first public key and the private key of the system node, encrypting data information corresponding to the first identity in the system node by using the first public key to obtain a first encrypted data asset; the first encrypted data asset is added to a data asset account of a first user in a federation chain. By the embodiment of the application, private data scattered in each system can be effectively collected, and data assets of the user can be effectively managed.

Description

Data asset management method, data asset management device, and computer-readable medium
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a data asset management method, a data asset management device, and a computer readable medium.
Background
With the increasing popularity of internet applications, there are thousands of application systems or platforms that provide various services. The application systems or platforms are various in forms, such as web portals, communities, forums, blogs, online games, resource downloading (sharing), audios and videos, electronic commerce (online shopping and online shops), network recruitment, instant messaging and the like. However, to use these application systems or platforms requires registration with the corresponding application system or platform, and the corresponding service can be provided after registration. In addition, when the application systems or the platforms provide services for users, activity data of the users, personal privacy information of some users and the like are recorded, and the generated activity data or personal privacy information belongs to personal data assets of the users.
However, because the application systems or platforms are independent, the resources of the application systems or platforms cannot be shared or interacted with each other, so that the data assets used for the application systems or platforms become island information, users can only manage or operate the data asset information inside each application system or platform, and cannot uniformly manage or use the personal data asset information in each application system or platform, and the rights, benefit distribution and privacy protection of the data assets cannot be effectively processed.
Disclosure of Invention
The embodiment of the invention provides a data asset management method which can quickly collect private data assets scattered in each system and enable a user to effectively master and manage own private data assets.
In a first aspect, an embodiment of the present invention provides a data asset management method, including:
the method comprises the steps that a system node receives a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier;
the system node obtains first identity mapping information corresponding to the first user address identifier from a alliance chain account book, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint;
after the identity of a first user is verified by the system node through the first public key and the private key of the system node, data information corresponding to the first identity in the system node is encrypted through the first public key, and a first encrypted data asset is obtained;
the system node adds the first encrypted data asset to a data asset account of a first user in a federation chain.
In a second aspect, an embodiment of the present invention further provides a data asset management method, where the method includes:
The method comprises the steps that a first user node sends a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier;
the first user node receives a third encrypted data asset, wherein the third encrypted data asset is generated by encrypting the data information of the first user in the system by using a public key corresponding to the first user address identifier after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information;
the first user node adds the third encrypted data asset to a data asset account of the first user in a coalition chain.
In a third aspect, an embodiment of the present invention provides a data asset management device, where the data asset management device is applied to a system node and includes:
the system comprises a first receiving unit, a second receiving unit and a first receiving unit, wherein the first receiving unit is used for receiving a data asset extraction request by a system node, and the data asset extraction request comprises first encryption identity information and a first user address identifier;
the first acquisition unit is used for acquiring first identity mapping information corresponding to the first user address identifier from a alliance chain account book, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint;
A first verification unit, configured to perform identity verification on a first user using the first public key and a private key of the system node;
the first encryption unit is used for encrypting data information corresponding to the first identity in the system node by using the first public key after the verification unit passes the verification, so as to obtain a first encrypted data asset;
and the first adding unit is used for adding the first encrypted data asset to the data asset account of the first user in the alliance chain.
In a fourth aspect, an embodiment of the present invention provides a data asset management device, where the data asset management device is applied to the first user node and includes:
the second sending unit is used for sending a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier;
a second receiving unit, configured to receive a third encrypted data asset, where the third encrypted data asset is an encrypted data asset generated by encrypting, according to the first user address identifier and the first encrypted identity information, data information of the first user in the system by using a public key corresponding to the first user address identifier after the authentication of the first user node is passed;
A second adding unit for adding the third encrypted data asset to the data asset account of the first user in the coalition chain.
In a fifth aspect, embodiments of the present application provide a data asset management device, including a processor, a memory, and a communication module, where the memory is configured to store program code, and the processor is configured to invoke the program code to perform the method of any of the first aspect and the second aspect and the method of any of its alternatives.
In a sixth aspect, embodiments of the present invention provide a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of the first aspect and the second aspect described above.
In the embodiment of the application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the account book of the federation chain, so that the identity verification can be performed through the public key and the identity fingerprint recorded in the account book of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes. In addition, users in the coalition chain can authorize own data assets to use according to authorization conditions by extracting private data in each system in the coalition chain into an individual's data asset account. Therefore, through the embodiment of the application, the private data scattered in each system can be effectively collected, and the private data assets of the user can be effectively managed.
Drawings
In order to more clearly illustrate the technical solution of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described.
FIG. 1 is a schematic flow chart diagram of a method for data asset management according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart diagram of a method of data asset management according to an embodiment of the present invention;
FIG. 3 is a functional unit composition diagram of a data asset management device provided by an embodiment of the present application;
FIG. 4 is a functional unit diagram of another data asset management device provided by an embodiment of the present application;
fig. 5 is a schematic structural diagram of a data asset management device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Referring to FIG. 1, a schematic flow chart of a method for managing data assets according to an embodiment of the invention is shown, the method may include:
101: a system node in a coalition chain receives a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier.
The first encrypted identity information is obtained by encrypting the first identity information by using a public key of the system node, and the identity information is the identity information of the user corresponding to the data asset extraction request. The first user address identifier is a user address identifier of a user corresponding to the data asset extraction request.
In the embodiment of the application, the alliance chain can be created by a main account operation node, and then various systems (application systems, APP, websites and the like) in the real internet world are invited to be accessed as the node. After the creation of the key by the alliance chain is successful, each node (including the system and the user) in the alliance chain generates a private key and a public key of the node and a corresponding address identification by the alliance chain, performs identity verification on other nodes (systems or users) in the alliance chain by a verification node in the alliance chain, records the public key, the address identification and the identity fingerprint of each node in the alliance chain into an account book of the alliance chain, and accesses the block account book into the alliance chain after a consensus mechanism.
The identity fingerprint is generated by encrypting an identity mark (such as a user name, an identity card number and other information, or an enterprise name, an organization code and other information) through a one-way encryption algorithm, and the identity mark refers to the real identity information of the user with a private key corresponding to the identity fingerprint and the public key. For example, the hash value of the true identity is obtained by hashing the true identity, and the hash value is used as the identity fingerprint. It will be appreciated that in the embodiments of the present application, the authentication node is not limited. The verification node may be the primary account operation node, or may be a third party trust authority, for example, the third party information authority may be a public security system for user authentication, and the third party trust authority may be an industrial and commercial management system for an enterprise or an organization.
The one-way encryption algorithm is an algorithm which can only encrypt data to obtain encrypted data, but cannot encrypt data to obtain data. The identity can be encrypted by using a one-way encryption algorithm to obtain an identity fingerprint, and a corresponding decryption algorithm does not exist to decrypt the identity fingerprint to obtain the identity. The one-way encryption algorithm may include Message-Digest algorithm (MD), algorithm and secure hash algorithm 1 (Secure Hash Algorithm, SHA-1), hashed Message authentication code (Hash Message Authentication Code, HMAC), and the like. For example, when the one-way encryption algorithm is an MD algorithm, a hash operation is performed on the identity, and the obtained hash value is the identity fingerprint.
In the embodiment of the application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the account book of the federation chain, so that the identity verification (between users, between users and systems and between systems) can be performed through the public key and the identity fingerprint recorded in the account book of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes.
In a federated chain, a first user may have registered with one or more systems of the federated chain, and thus the user's digital assets (including the user's personal information, as well as various personal data that the user generates while using the systems) are present in the systems. When the first user wants to extract own digital assets in each system of the alliance chain into own data asset accounts of the alliance chain, the first user can actually master own digital assets. When a first user wants to extract his own data asset from a system node, the first user may initiate a personal data asset extraction request to a first system in the federation chain via his own user terminal. And then the first system receives the personal data asset extraction request, verifies the personal data asset extraction request, encrypts the data asset of the first user in the first system by using the public key of the first user after the personal data asset extraction request passes the verification, and adds the data asset to the digital asset account of the first user.
102: the system node obtains first identity mapping information corresponding to the first user address identifier from a alliance chain, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint.
In this embodiment of the present application, after the system node receives the data asset extraction request, the system node obtains first identity mapping information corresponding to the first user address identifier from a federation chain ledger, so that the system node uses a first public key and the first identity information included in the first identity mapping information to perform identity verification on a first user initiating the data asset extraction request.
The first identity fingerprint is generated by encrypting an identity identifier (such as a name, an identity card number and the like of a user) provided by a first user through a one-way encryption algorithm after the authentication node in the alliance chain verifies the identity information of the first user. For example, the hash value of the true identity information is obtained by hashing the true identity information, and the hash value is used as the identity fingerprint.
103: and after the identity of the first user passes through the authentication by using the first public key and the private key of the system node, the system node encrypts data information corresponding to the first identity in the system node by using the first public key to obtain a first encrypted data asset.
In this embodiment of the present application, after the system node obtains the first identity mapping information from the federation chain, the system node performs identity verification on the first user according to the first public key and the private key of the system node. And after the identity of the first user passes the authentication, the system node encrypts data information corresponding to the first identity in the system node by using the first public key to obtain a first encrypted data asset.
Specifically, after the system node obtains the first identity mapping information from the federation chain, the system node decrypts the first encrypted identity information by using the private key of the system node, so as to obtain the first identity identifier. And then the system node encrypts the first identity identifier by using the first one-way encryption algorithm to obtain a second identity fingerprint. And then, the system node judges whether the first identity fingerprint is equal to the second identity fingerprint, and if the first identity fingerprint is equal to the second identity fingerprint, the identity verification of the first user is passed. And finally, the system node acquires data information related to the first identity from a database of the system node according to the first identity information, and encrypts the data information by using the first public key to obtain the first encrypted data asset.
104: the system node adds the first encrypted data asset to a data asset account of the first user in the coalition chain.
In this embodiment of the present application, after the system node obtains the first encrypted data asset, the system node adds the first encrypted data asset to a local data asset account of the first user; and broadcasting the first encrypted data asset in the coalition chain in a full network manner so as to trigger a first intelligent contract to enable other nodes in the coalition chain to add the first encrypted data asset to the data asset account of the user.
As an alternative embodiment, the system node may also initiate a request for use of the data asset to a user in the federation chain to obtain the data asset that the system node wants to obtain. Specifically, the system node sends a data asset use request to a user node in the federation chain, where the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node.
After receiving the data asset use request, the user node obtains identity mapping information corresponding to the system node from the alliance chain according to the address identifier of the system node included in the data asset use request, decrypts the second encrypted identity information according to the public key in the identity mapping information to obtain a second identity identifier, and then the user judges whether to authorize the system corresponding to the data asset extraction request according to the second identity identifier. If so, according to the data asset list from the data asset account of the user or the data asset corresponding to the data asset list, since the data asset in the data asset account of the user is encrypted, after the data asset corresponding to the data asset list is acquired, the private key of the user is used for decrypting the data asset to obtain a confidential data asset, and then the public key of the system node is used for encrypting the decrypted data asset to obtain the second encrypted data asset. The user node then receives an authorization condition entered by the user via an input device. And finally, the user node generates data asset authorization information, the feedback information comprises the authorization condition and the second encrypted data asset, and the data asset authorization information is broadcasted in a whole network, namely, the data asset authorization information is sent to the system node. Wherein, the above-mentioned authorization condition includes at least one in the authorization period, authorization times, authorization scope;
And after the system node receives the data asset authorization information, the system node automatically triggers a second intelligent contract and provides the encrypted data asset information for the system node according to the authorization condition. And finally, the system node decrypts the second encrypted data asset by using the private key of the system node to obtain the data asset corresponding to the data asset list.
It can be seen that, in the embodiment of the present application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the ledger of the federation chain, so that the identity verification can be performed through the public key and the identity fingerprint recorded in the ledger of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes. In addition, users in the coalition chain can authorize own data assets to use according to authorization conditions by extracting private data in each system in the coalition chain into an individual's data asset account. Therefore, through the embodiment of the application, the private data scattered in each system can be effectively collected, and the private data assets of the user can be effectively managed.
Referring to FIG. 2, there is provided a schematic flow chart diagram of another method of data asset management according to an embodiment of the invention, as shown, the method may include:
201: the first user node sends a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier.
The first encrypted identity information is obtained by encrypting the first identity information by using a public key of the system node, and the identity information is the identity information of the user corresponding to the data asset extraction request. The first user address identifier is a user address identifier of a user corresponding to the data asset extraction request.
In the embodiment of the application, the alliance chain can be created by a main account operation node, and then various systems (application systems, APP, websites and the like) in the real internet world are invited to be accessed as the node. After the creation of the key by the alliance chain is successful, each node (including the system and the user) in the alliance chain generates a private key and a public key of the node and a corresponding address identification by the alliance chain, performs identity verification on other nodes (systems or users) in the alliance chain by a verification node in the alliance chain, records the public key, the address identification and the identity fingerprint of each node in the alliance chain into an account book of the alliance chain, and accesses the block account book into the alliance chain after a consensus mechanism.
The identity fingerprint is generated by encrypting an identity mark (such as a user name, an identity card number and other information, or an enterprise name, an organization code and other information) through a one-way encryption algorithm, and the identity mark refers to the real identity information of the user with a private key corresponding to the identity fingerprint and the public key. For example, the hash value of the true identity is obtained by hashing the true identity, and the hash value is used as the identity fingerprint. It will be appreciated that in the embodiments of the present application, the authentication node is not limited. The verification node may be the primary account operation node, or may be a third party trust authority, for example, the third party information authority may be a public security system for user authentication, and the third party trust authority may be an industrial and commercial management system for an enterprise or an organization.
The one-way encryption algorithm is an algorithm which can only encrypt data to obtain encrypted data, but cannot encrypt data to obtain data. The identity can be encrypted by using a one-way encryption algorithm to obtain an identity fingerprint, and a corresponding decryption algorithm does not exist to decrypt the identity fingerprint to obtain the identity. The one-way encryption algorithm may include Message-Digest algorithm (MD), algorithm and secure hash algorithm 1 (Secure Hash Algorithm, SHA-1), hashed Message authentication code (Hash Message Authentication Code, HMAC), and the like. For example, when the one-way encryption algorithm is an MD algorithm, a hash operation is performed on the identity, and the obtained hash value is the identity fingerprint.
In the embodiment of the application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the account book of the federation chain, so that the identity verification (between users, between users and systems and between systems) can be performed through the public key and the identity fingerprint recorded in the account book of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes.
In a federated chain, a first user may have registered with one or more systems of the federated chain, and thus the user's digital assets (including the user's personal information, as well as various personal data that the user generates while using the systems) are present in the systems. When the first user wants to extract own digital assets in each system of the alliance chain into own data asset accounts of the alliance chain, the first user can actually master own digital assets. When a first user wants to extract his own data asset from a system node, the first user may initiate a personal data asset extraction request to a first system in the federation chain via his own user terminal. And then the first system receives the personal data asset extraction request, verifies the personal data asset extraction request, encrypts the data asset of the first user in the first system by using the public key of the first user after the personal data asset extraction request passes the verification, and adds the data asset to the digital asset account of the first user.
Specifically, when the first individual user wants to extract own digital assets from each system of the coalition chain to the personal account of the user in the coalition chain so that the user can actually master own digital assets, the first individual user can initiate a personal data asset extraction request to the first system in the coalition chain through the user terminal of the user, and the first system can comprise one or more systems; the personal data asset extraction request includes a public key of the first personal user and first authentication information generated by encrypting personal identity information of the user with a public key of a first system, wherein the personal identity information is identical to the identity information from which the user identity fingerprint was generated. After the personal data asset extraction request is generated by the user terminal of the personal user, the personal data asset extraction request is broadcast over the internet so that other nodes in the federation chain receive the personal data asset extraction request.
202: the first user node receives a third encrypted data asset, wherein the third encrypted data asset is generated by encrypting the data information of the first user in the system by using a public key corresponding to the first user address identifier after the authentication of the first user node is passed according to the first user address identifier and the first encrypted identity information.
In this embodiment of the present application, after the first system receives the request for extracting the personal data asset, the identity fingerprint corresponding to the request for extracting the personal data asset is obtained from the federation chain according to the public key in the request for extracting the personal data asset, then the first identity information in the request for extracting the personal data asset is decrypted by using the private key of the first system to obtain the personal identity information of the first user, then the identity fingerprint of the first user is generated according to the obtained personal identity information of the first user, finally the identity fingerprint of the first user is compared with the identity fingerprint obtained from the federation chain according to the public key in the request for extracting the personal data asset, if the two identity fingerprints are identical, the identity of the first user is verified, then the data asset of the first user is extracted from the database in the first system according to the personal identity information of the first user, the data asset of the first user is encrypted by using the public key of the first user to obtain the third encrypted data asset, and the third encrypted data asset is broadcast in a whole network, namely the third encrypted data asset is sent to the first user node.
203: the first user node adds the third encrypted data asset to the first user's data asset account in the coalition chain.
In this embodiment, after the first user node receives the data of the third encrypted data asset, the first user node adds the third encrypted data asset to the data asset account of the first user in the federation chain.
As an optional implementation manner, after adding the third encrypted data asset to the data asset account of the first user in the federation chain, the first user node receives a data asset use request, where the data asset use request includes a data asset manifest, second encrypted identity information, and a third address identifier. And then the first user node acquires third identity mapping information corresponding to the third address identifier from the alliance chain account book, wherein the third identity mapping information comprises the third address identifier, a third public key and a third identity fingerprint. The first user node then uses the third public key and the private key of the first user to authenticate the requestor. And after the verification is passed, the first user node encrypts the data asset corresponding to the data asset list by using the third public key to obtain a third encrypted data asset. Then, the first user node receives an authorization condition input by the first user through the input device, wherein the authorization condition comprises at least one of an authorization period, an authorization number and an authorization range. And finally, the first user node generates feedback information according to the authorization condition and the third encrypted data asset included in the feedback information, and broadcasts the feedback information in a whole network.
It can be seen that, in the embodiment of the present application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the ledger of the federation chain, so that the identity verification can be performed through the public key and the identity fingerprint recorded in the ledger of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes. In addition, users in the coalition chain can authorize own data assets to use according to authorization conditions by extracting private data in each system in the coalition chain into an individual's data asset account. Therefore, through the embodiment of the application, the private data scattered in each system can be effectively collected, and the private data assets of the user can be effectively managed.
Referring to fig. 3, fig. 3 is a block diagram illustrating one possible functional unit of a data asset management device 300 according to an embodiment of the present application, where the data asset management device includes: a first receiving unit 310, a first obtaining unit 320, a first verifying unit 330, a first encrypting unit 340, and a first adding unit 350.
A first receiving unit 310, configured to receive a data asset extraction request by a system node, where the data asset extraction request includes first encryption identity information and a first user address identifier;
a first obtaining unit 320, configured to obtain, from a federation chain ledger, first identity mapping information corresponding to the first user address identifier, where the first identity mapping information includes the first user address identifier, a first public key, and a first identity fingerprint;
a first obtaining unit 320, configured to perform identity verification on a first user using the first public key and a private key of the system node;
a first encryption unit 340, configured to encrypt data information corresponding to the first identity in the system node using the first public key after the verification unit verifies that the first public key passes, to obtain a first encrypted data asset;
a first adding unit 350, configured to add the first encrypted data asset to a data asset account of a first user in the federation chain.
Optionally, the first identity mapping information is mapping relation information generated according to the first user address identifier, the first public key and the first identity fingerprint after the authentication node in the federation chain encrypts the first identity identifier of the first user by using a first unidirectional encryption algorithm to generate the first identity fingerprint.
Optionally, the verification unit includes:
the second encryption unit decrypts the first encrypted identity information by using the private key of the system node to obtain a first identity;
the second encryption unit is further configured to encrypt the first identity identifier by using the first one-way encryption algorithm to obtain a second identity fingerprint;
and the first judging unit is used for judging whether the first identity fingerprint is equal to the second identity fingerprint, and if so, the verification is passed.
Optionally, the first adding unit 350 is configured to add the first encrypted data asset to a local data asset account of the first user; the first encrypted data asset is broadcast over the network in the federation chain to trigger a first smart contract to cause other nodes in the federation chain to add the first encrypted data asset to the user's data asset account.
Optionally, the data asset management device further includes:
a first sending unit, configured to send a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node;
the first receiving unit 310 is configured to receive data asset authorization information, where the authorization information is second encrypted data asset generated by encrypting a data asset corresponding to the data asset list with a system public key corresponding to the address identifier of the system node after the identity verification of the system node is passed according to the address identifier of the system node and the second encrypted identity information, and is generated according to the second encrypted data asset and an authorization condition;
The first providing unit triggers a second intelligent contract and provides the second encrypted data asset information to the system node according to the authorization condition, wherein the authorization condition comprises at least one of an authorization period, an authorization frequency and an authorization range;
and the first decryption unit is used for decrypting the second encrypted data asset by using the private key of the system node to obtain the data asset corresponding to the data asset list.
It can be seen that, in the embodiment of the present application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the ledger of the federation chain, so that the identity verification can be performed through the public key and the identity fingerprint recorded in the ledger of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes. In addition, users in the coalition chain can authorize own data assets to use according to authorization conditions by extracting private data in each system in the coalition chain into an individual's data asset account. Therefore, through the embodiment of the application, the private data scattered in each system can be effectively collected, and the private data assets of the user can be effectively managed.
Referring to fig. 4, fig. 4 is a block diagram illustrating one possible functional unit of a data asset management device 400 according to an embodiment of the present application, where the data asset management device includes: a second transmitting unit 410, a second receiving unit 420, and a second adding unit 430.
A second sending unit 410, configured to send a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
a second receiving unit 420, configured to receive a third encrypted data asset, where the third encrypted data asset is an encrypted data asset generated by encrypting, according to the first user address identifier and the first encrypted identity information, the data information of the first user in the system by using a public key corresponding to the first user address identifier after the authentication of the first user node is passed;
a second adding unit 430 for adding the third encrypted data asset to the first user's data asset account in the coalition chain.
Optionally, the second receiving unit 420 is configured to receive a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and a third address identifier;
The data asset management device further comprises:
the second acquisition unit acquires third identity mapping information corresponding to the third address identifier from the alliance chain account book, wherein the third identity mapping information comprises the third address identifier, a third public key and a third identity fingerprint;
a second verification unit, configured to encrypt a data asset corresponding to the data asset list by using the third public key after the identity of the requester is verified by using the third public key and the private key of the first user, to obtain a third encrypted data asset;
the second receiving unit is used for receiving an authorization condition input by the input device, wherein the authorization condition comprises at least one of an authorization period, an authorization number and an authorization range;
and the second generation unit is used for generating feedback information, wherein the feedback information comprises the authorization condition and the third encrypted data asset, and the feedback information is broadcasted in a whole network.
Optionally, the third identity mapping information is mapping relation information generated according to the third address identifier, the third public key and the third identity fingerprint after the authentication node in the federation chain encrypts the third identity identifier of the requester to generate the third identity fingerprint by using a first unidirectional encryption algorithm.
It can be seen that, in the embodiment of the present application, the public key, the address identifier and the identity fingerprint of each node in the federation chain are recorded in the ledger of the federation chain, so that the identity verification can be performed through the public key and the identity fingerprint recorded in the ledger of the federation chain; in addition, because the identity fingerprint is generated by the true identity information of the user through a one-way encryption algorithm, in the alliance chain, when the self information is not published to other nodes, the privacy is good between the nodes. In addition, users in the coalition chain can authorize own data assets to use according to authorization conditions by extracting private data in each system in the coalition chain into an individual's data asset account. Therefore, through the embodiment of the application, the private data scattered in each system can be effectively collected, and the private data assets of the user can be effectively managed.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a data asset management device 500 according to an embodiment of the present application, where, as shown in fig. 5, the device 500 includes a processor, a memory, a communication interface, and one or more programs, where the one or more programs are different from the one or more application programs, and the one or more programs are stored in the memory and configured to be executed by the processor.
When the apparatus 500 is a server, the above-described program includes instructions for performing the steps of: receiving a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier; acquiring first identity mapping information corresponding to the first user address identifier from a federation chain account book, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint; after the identity of the first user passes through the authentication by using the first public key and the private key of the system node, encrypting data information corresponding to the first identity in the system node by using the first public key to obtain a first encrypted data asset; the first encrypted data asset is added to a data asset account of a first user in the coalition chain.
When the apparatus 500 is an electronic device, the above-described program includes instructions for performing the steps of: sending a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier; receiving a third encrypted data asset, wherein the third encrypted data asset is generated by encrypting the data information of the first user in the system by using a public key corresponding to the first user address identifier after the authentication of the first user node is passed according to the first user address identifier and the first encrypted identity information; adding said third encrypted data asset to said first user's data asset account in the coalition chain.
It should be appreciated that in embodiments of the present application, the processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the present application, there is provided a computer-readable storage medium storing a computer program which, when executed by a processor, implements: receiving a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier; acquiring first identity mapping information corresponding to the first user address identifier from a federation chain account book, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint; after the identity of the first user passes through the authentication by using the first public key and the private key of the system node, encrypting data information corresponding to the first identity in the system node by using the first public key to obtain a first encrypted data asset; the first encrypted data asset is added to a data asset account of a first user in the coalition chain.
Or the computer program described above is implemented when executed by a processor: sending a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier; receiving a third encrypted data asset, wherein the third encrypted data asset is generated by encrypting the data information of the first user in the system by using a public key corresponding to the first user address identifier after the authentication of the first user node is passed according to the first user address identifier and the first encrypted identity information; adding said third encrypted data asset to said first user's data asset account in the coalition chain.
The computer readable storage medium may be an internal storage unit of the terminal according to any of the foregoing embodiments, for example, a hard disk or a memory of the terminal. The computer readable storage medium may be an external storage device of the terminal, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like. Further, the computer-readable storage medium may further include both an internal storage unit and an external storage device of the terminal. The computer-readable storage medium is used for storing the computer program and other programs and data required by the terminal. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
In the several embodiments provided in this application, it should be understood that the disclosed systems, servers, and methods may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is merely a logical function division, and there may be another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices, or elements, or may be an electrical, mechanical, or other form of connection.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purposes of the embodiments of the present application.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units described above, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the above-described method of the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method of data asset management, applied to a system node, comprising:
the method comprises the steps that a system node receives a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier;
the system node acquires first identity mapping information corresponding to the first user address identifier from a alliance chain account book, wherein the first identity mapping information comprises the first user address identifier, a first public key and a first identity fingerprint, and the first identity fingerprint is generated by encrypting the first identity identifier of the first user through a one-way encryption algorithm;
after the identity of a first user is verified by the system node through the first public key and the private key of the system node, data information corresponding to the first identity in the system node is encrypted through the first public key, and a first encrypted data asset is obtained;
the system node adds the first encrypted data asset to a data asset account of a first user in a federation chain.
2. The method of claim 1, wherein the first identity mapping information is mapping information generated by a verification node in a federation chain according to the first user address identifier, the first public key, and the first identity fingerprint after the verification node encrypts the first identity identifier of the first user using a first one-way encryption algorithm to generate the first identity fingerprint.
3. The method of claim 2, wherein the system node authenticating the first user using the first public key and the private key of the system node comprises:
the system node decrypts the first encrypted identity information by using a private key of the system node to obtain a first identity;
the system node encrypts the first identity identifier by using the first one-way encryption algorithm to obtain a second identity fingerprint;
and if the system node determines that the first identity fingerprint is equal to the second identity fingerprint, the verification is passed.
4. The method of claim 1, wherein the system node adding the first encrypted data asset to a data asset account of a first user in a federation chain comprises:
the system node adding the first encrypted data asset to a local data asset account of the first user;
the system node broadcast the first encrypted data asset across the network in a federation chain to trigger a first smart contract to cause other nodes in the federation chain to add the first encrypted data asset to the first user's data asset account.
5. The method according to any one of claims 1-4, further comprising:
the system node sends a data asset use request, wherein the data asset use request comprises a data asset list, second encryption identity information and an address identifier of the system node;
the system node receives data asset authorization information, wherein the authorization information is information generated by encrypting a second encrypted data asset generated by a data asset corresponding to the data asset list by using a system public key corresponding to the address identification of the system node after the identity verification of the system node is passed according to the address identification of the system node and the second encrypted identity information, and the second encrypted data asset is generated according to the second encrypted data asset and authorization conditions;
the system node triggers a second intelligent contract, and provides the second encrypted data asset information for the system node according to the authorization condition, wherein the authorization condition comprises at least one of an authorization period, an authorization frequency and an authorization range;
and the system node decrypts the second encrypted data asset by using the private key of the system node to obtain the data asset corresponding to the data asset list.
6. A method of data asset management, applied to a user node, comprising:
the method comprises the steps that a first user node sends a data asset extraction request, wherein the data asset extraction request comprises first encryption identity information and a first user address identifier;
the first user node receives a third encrypted data asset, wherein the third encrypted data asset is generated by encrypting the data information of the first user by using a public key corresponding to the first user address identifier after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information;
the first user node adds the third encrypted data asset to a data asset account of the first user in a coalition chain.
7. The method of claim 6, wherein after the first user node adds the third encrypted data asset to the first user's data asset account in a coalition chain, the method further comprises:
the first user node receives a data asset use request, wherein the data asset use request comprises a data asset list, second encryption identity information and a third address identifier;
The first user node obtains third identity mapping information corresponding to the third address identifier from a alliance chain, wherein the third identity mapping information comprises the third address identifier, a third public key and a third identity fingerprint;
after the first user node uses the third public key and the private key of the first user to verify the identity of the requester, the first user node uses the third public key to encrypt the data asset corresponding to the data asset list to obtain a third encrypted data asset;
the first user node receives an authorization condition input by an input device, wherein the authorization condition comprises at least one of an authorization period, an authorization number and an authorization range;
and the first user node generates feedback information, wherein the feedback information comprises the authorization condition and the third encrypted data asset, and the feedback information is broadcasted in a whole network.
8. The method of claim 7, wherein the third identity mapping information is mapping information generated according to the third address identifier, the third public key, and the third identity fingerprint after the authentication node in the federation chain encrypts the third identity identifier of the requester using a first one-way encryption algorithm to generate the third identity fingerprint.
9. A data asset management device comprising means for performing the method of any one of claims 1 to 5.
10. A data asset management device comprising means for performing the method of any of claims 6 to 8.
11. A data asset management device comprising a processor, a memory and a communication module, wherein the memory is for storing program code, the processor is for invoking the program code to perform the method of any of claims 1-5 or the method of any of claims 6-8.
12. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1-5 or the method of any one of claims 6-8.
CN201811153080.9A 2018-09-29 2018-09-29 Data asset management method, data asset management device, and computer-readable medium Active CN109492424B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811153080.9A CN109492424B (en) 2018-09-29 2018-09-29 Data asset management method, data asset management device, and computer-readable medium
PCT/CN2018/123516 WO2020062667A1 (en) 2018-09-29 2018-12-25 Data asset management method, data asset management device and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811153080.9A CN109492424B (en) 2018-09-29 2018-09-29 Data asset management method, data asset management device, and computer-readable medium

Publications (2)

Publication Number Publication Date
CN109492424A CN109492424A (en) 2019-03-19
CN109492424B true CN109492424B (en) 2023-05-26

Family

ID=65689398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811153080.9A Active CN109492424B (en) 2018-09-29 2018-09-29 Data asset management method, data asset management device, and computer-readable medium

Country Status (2)

Country Link
CN (1) CN109492424B (en)
WO (1) WO2020062667A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443077A (en) * 2019-08-09 2019-11-12 北京阿尔山区块链联盟科技有限公司 Processing method, device and the electronic equipment of digital asset
US11876890B2 (en) * 2019-12-10 2024-01-16 International Business Machines Corporation Anonymization of partners
CN113806788A (en) * 2020-06-11 2021-12-17 中国标准化研究院 Data asset management device and method
CN112669141A (en) * 2020-12-31 2021-04-16 深圳市辰宝信息服务有限公司 Block chain intelligent contract mechanism-based warehouse receipt pledge method for bulk commodities
CN113779605A (en) * 2021-09-14 2021-12-10 码客工场工业科技(北京)有限公司 Industrial internet Handle identification system analysis authentication method based on alliance chain

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106686008A (en) * 2017-03-03 2017-05-17 腾讯科技(深圳)有限公司 Information storage method and information storage device
CN106779716A (en) * 2016-11-21 2017-05-31 江苏通付盾科技有限公司 Authentication method, apparatus and system based on block chain account address
CN107066893A (en) * 2017-02-28 2017-08-18 腾讯科技(深圳)有限公司 The treating method and apparatus of accounts information in block chain
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107862215A (en) * 2017-09-29 2018-03-30 阿里巴巴集团控股有限公司 A kind of date storage method, data query method and device
CN108055274A (en) * 2017-12-22 2018-05-18 广东工业大学 A kind of encryption based on alliance's chain storage data and shared method and system
CN108429732A (en) * 2018-01-23 2018-08-21 平安普惠企业管理有限公司 A kind of method and system obtaining resource
CN108537047A (en) * 2018-02-09 2018-09-14 北京京东尚科信息技术有限公司 The method and device of information is generated based on block chain

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9876775B2 (en) * 2012-11-09 2018-01-23 Ent Technologies, Inc. Generalized entity network translation (GENT)
WO2016179334A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. Identity management service using a block chain
US10013573B2 (en) * 2015-12-16 2018-07-03 International Business Machines Corporation Personal ledger blockchain
CN108492180B (en) * 2018-02-14 2020-11-24 创新先进技术有限公司 Asset management method and device and electronic equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106779716A (en) * 2016-11-21 2017-05-31 江苏通付盾科技有限公司 Authentication method, apparatus and system based on block chain account address
CN107066893A (en) * 2017-02-28 2017-08-18 腾讯科技(深圳)有限公司 The treating method and apparatus of accounts information in block chain
CN106686008A (en) * 2017-03-03 2017-05-17 腾讯科技(深圳)有限公司 Information storage method and information storage device
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107862215A (en) * 2017-09-29 2018-03-30 阿里巴巴集团控股有限公司 A kind of date storage method, data query method and device
CN108055274A (en) * 2017-12-22 2018-05-18 广东工业大学 A kind of encryption based on alliance's chain storage data and shared method and system
CN108429732A (en) * 2018-01-23 2018-08-21 平安普惠企业管理有限公司 A kind of method and system obtaining resource
CN108537047A (en) * 2018-02-09 2018-09-14 北京京东尚科信息技术有限公司 The method and device of information is generated based on block chain

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Yogachandran Rahulamathavan 等.Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption.《 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)》.2017,第1-6页. *
吕坤.基于区块链的数字资产交易***设计与实现.《软件导刊》.2018,第第17卷卷(第第7期期),第209-213页. *

Also Published As

Publication number Publication date
WO2020062667A1 (en) 2020-04-02
CN109492424A (en) 2019-03-19

Similar Documents

Publication Publication Date Title
CN109067801B (en) Identity authentication method, identity authentication device and computer readable medium
CN109492424B (en) Data asset management method, data asset management device, and computer-readable medium
CN109845220B (en) Method and apparatus for providing blockchain participant identity binding
CN107566116B (en) Method and apparatus for digital asset weight registration
KR102255287B1 (en) Physical identity management system using One-time-password on Blockchain
WO2018024061A1 (en) Method, device and system for licensing shared digital content
KR102219277B1 (en) System and method for controlling the delivery of authenticated content
US10630488B2 (en) Method and apparatus for managing application identifier
US20030208681A1 (en) Enforcing file authorization access
US20200412554A1 (en) Id as service based on blockchain
CN108234442B (en) Method, system and readable storage medium for acquiring contract
CN101605137A (en) Safe distribution file system
JP2006523995A (en) Privacy of user identity in authorization certificate
US10063655B2 (en) Information processing method, trusted server, and cloud server
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
US10439809B2 (en) Method and apparatus for managing application identifier
CN110020869B (en) Method, device and system for generating block chain authorization information
Griffin Telebiometric authentication objects
CN111193755B (en) Data access method, data encryption method and data encryption and access system
Guo et al. Using blockchain to control access to cloud data
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
US7739500B2 (en) Method and system for consistent recognition of ongoing digital relationships
Rana et al. Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
US10015143B1 (en) Methods for securing one or more license entitlement grants and devices thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant