CN113489669A - User data protection method and device - Google Patents

User data protection method and device Download PDF

Info

Publication number
CN113489669A
CN113489669A CN202011010601.2A CN202011010601A CN113489669A CN 113489669 A CN113489669 A CN 113489669A CN 202011010601 A CN202011010601 A CN 202011010601A CN 113489669 A CN113489669 A CN 113489669A
Authority
CN
China
Prior art keywords
user
data
address
authorization
acquisition request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011010601.2A
Other languages
Chinese (zh)
Other versions
CN113489669B (en
Inventor
孟卫明
孙宗臣
高雪松
王昕�
陈维强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Group Holding Co Ltd
Original Assignee
Qingdao Hisense Electronic Industry Holdings Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Hisense Electronic Industry Holdings Co Ltd filed Critical Qingdao Hisense Electronic Industry Holdings Co Ltd
Priority to CN202011010601.2A priority Critical patent/CN113489669B/en
Publication of CN113489669A publication Critical patent/CN113489669A/en
Application granted granted Critical
Publication of CN113489669B publication Critical patent/CN113489669B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a method and a device for protecting user data, wherein the method comprises the following steps: the method comprises the steps that a block chain node receives a first data acquisition request of a first mechanism, wherein the first data acquisition request is used for acquiring first user data of a first user; the blockchain node verifies first authorization information in the first data acquisition request, wherein the first authorization information is provided for the first mechanism by a verification server side according to the authorization of the first user; and after the first authorization information is verified, the blockchain node extracts user authorization data from the first user address of the first user according to the first authorization information and provides the user authorization data to the first mechanism. According to the method, on the premise that the private data of the user are protected from being disclosed, the data are opened for a third-party organization to carry out statistics and analysis on the data.

Description

User data protection method and device
Technical Field
The present application relates to the field of network technologies, and in particular, to a method and an apparatus for protecting user data.
Background
The block chain (Blockchain) is a novel application mode capable of realizing computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. The system is a shared database, and the data or information stored in the shared database has the characteristics of ' unforgeability ', ' full-course trace ', traceability ', ' public transparency ', ' collective maintenance ', and the like. Moreover, the blockchain has characteristics of decentralization, openness, independence, safety and anonymity.
The openness of the blockchain means that the technical basis of the blockchain is open, except that private information of transaction parties is encrypted, data of the blockchain is open to all people, and anyone can inquire the blockchain data and develop related applications through a public interface, so that the information of the whole system is highly transparent. Therefore, in one case, when a third-party organization obtains user data of a specified user from a blockchain, all the data of the user is exposed to the third-party organization, and privacy data of the user is leaked. In another case, the blockchain may provide a large amount of data to a government, bank, or other trusted third party authority to enable the third party authority to perform statistical analysis on the data. Correspondingly, however, because the existing data statistical analysis method only supports plaintext data calculation, a large amount of data acquired by a third-party organization are all plaintext data of a user, and the leakage of user privacy data is also easily caused.
Therefore, there is a need for a user data protection method and device for opening data for a third-party organization to perform statistics and analysis of the data on the premise of protecting user privacy data from being leaked.
Disclosure of Invention
The embodiment of the invention provides a user data protection method and device, which are used for opening data for a third-party organization to perform statistics and analysis on the data on the premise of protecting user privacy data from being leaked.
In a first aspect, an embodiment of the present invention provides a user data protection method, where the method includes:
the method comprises the steps that a block chain node receives a first data acquisition request of a first mechanism, wherein the first data acquisition request is used for acquiring first user data of a first user;
the blockchain node verifies first authorization information in the first data acquisition request, wherein the first authorization information is provided for the first mechanism by a verification server side according to the authorization of the first user;
and after the first authorization information is verified, the blockchain node extracts user authorization data from the first user address of the first user according to the first authorization information and provides the user authorization data to the first mechanism.
In the method, before the block link point receives a first data acquisition request of a first mechanism, the first mechanism needs to acquire first user data of a first user; the information such as the authorization range of the first user to the first mechanism, that is, the first authorization information, may be obtained through the authentication server according to the information such as the first user identifier provided by the first user. Enabling the first mechanism to generate a first data acquisition request according to the unique user identifier and the first authorization information, sending the first data acquisition request to the block chain node, and further enabling the block chain node to authenticate the first mechanism according to the first authorization information; after the authentication is passed, the first user address is found according to the unique user identifier, and user authorization data is obtained from the user address according to the authorization range and provided to the first mechanism. Therefore, the user authorization data can be opened for the first mechanism under the authorization range of the user; the method and the device prevent the first mechanism from acquiring part or all of the user data of the first user under the condition that the user is not authorized, so that the first user does not want the acquired user data to be leaked, and the security problem of user privacy data leakage is avoided.
Optionally, the verifying, by the blockchain node, the first authorization information in the first data acquisition request includes: and the block link node verifies the user signature in the first authorization information and the verification server signature in the first authorization information, and determines the use permission of the first mechanism on the user authorization data after the verification is passed.
In the method, the block link point verifies through the signature of the verification server in the first authorization information, verifies the user signature in the first authorization information, and determines that the first data acquisition request is a legal data acquisition request. And determining the number of user data which can be opened by the block link point to the first mechanism and the user authorization range such as the type of the user data according to the first authorization information. Therefore, the validity of the first data acquisition request of the first mechanism is ensured, data leakage in the block chain node is prevented, and the safety of the block node is improved; namely, the user authorization data is opened for the first mechanism according to the user authorization range, so that the privacy data of the user is prevented from being leaked, and the safety of the user data is guaranteed.
Optionally, the signature of the verification server is generated by the verification server according to a first authorization request of the first organization; the user signature is generated by the user terminal aiming at a second authorization request sent by the verification server terminal; the user signature is obtained by signing the authorization range of the user data and the signature of the verification server.
In the method, after receiving a first authorization request sent by a first mechanism, a verification server generates a second authorization request according to request authorization information aiming at first user data, a first mechanism type, a first mechanism name and other information in the request and sends the second authorization request to a user side. The user side can display information such as a first mechanism name and a first mechanism type for initiating a first authorization request, request authorization information of first user data and the like for the user, the user correspondingly sets an authorization range for generating the user data, the authorization range of the user data is returned to the verification server side, and the verification server side generates a corresponding user signature according to the generated signature of the verification server side and the authorization range of the user data. Therefore, when the block link point analyzes and verifies one user signature, the validity verification of the first mechanism and the user authorization range of the first data acquisition request of the first mechanism can be obtained. The method and the device improve the guarantee of the user data under the conditions that the verification result of the block link node is accurate, and the verification process is simple and quick.
Optionally, the method further includes: the block chain node receives a second data acquisition request of a second mechanism; the second data acquisition request is used for acquiring user data of a specified user type; after the block link point passes the verification of the second mechanism, determining a second user according with the user type; the block chain node extracts second user data according to a second user address of the second user; the block link point encrypts a second user identifier of the second user, and sends the second user data and the encrypted second user identifier to the second mechanism; wherein each encryption result of the second user identifier is different and is not associated with each other.
In the method, a second mechanism needs to acquire one type or multiple types of user data, a second data acquisition request containing the user type is generated, the block link point verifies the second data acquisition request after receiving the second data acquisition request, after the verification is confirmed, a matched second user is found according to the user type, and the second user data is extracted according to a second user address of the second user. The second data acquisition request can be verified according to the communication protocol between the second mechanism and the block link point or the information such as the authorization authority number issued by the second mechanism, the authentication key and the like of the auditing department, so that the security of the block link node and the security of the user data are ensured. And encrypting the second user identification, and sending the encrypted second user identification and the corresponding second user data to the second mechanism. Therefore, the second mechanism can not determine the real identity information of the second user on the premise of determining the second user data corresponding to the second user, and the user data privacy of the second user is ensured. Because the encryption results of the second user identifications are different and not associated with each other every time, even if the second user identifications encrypted every time are subjected to indexing and association analysis, the second user identifications corresponding to the second user data acquired for many times cannot be determined; that is, it cannot be determined that the second user data acquired multiple times belong to the same second user, which improves the security of the user data.
Optionally, the method further includes: the block link node receives a third data acquisition request sent by the user side; the block link point checks third authorization information in the third data acquisition request; the third authorization information is sent after the authentication server side authenticates that the access request of the user side is legal; after the block chain node verifies that the third authorization information passes, executing the third data acquisition request according to the first user address in the third data acquisition request; the first user address in the third data acquisition request is obtained by the user terminal decrypting the encrypted first user address acquired from the verification server terminal.
In the method, a user side sends an access request to a verification server side, the verification server side sends an encrypted first user address stored in the verification server side to the user side after determining that the access request is legal, the user side decrypts the encrypted second user address, and sends a third data acquisition request containing the decrypted second user address and third authorization information to a block chain node, so that the block chain node executes the third data acquisition request on the first user address in the third data acquisition request after receiving the third data acquisition request and verifying that the third authorization information passes. Therefore, the encrypted first user address is stored in the verification server, and even if information of the first user is leaked due to attack of an attacker received by the verification server, the attacker cannot acquire the first user address in a plaintext, and further cannot acquire the first user data from the block chain node according to the first user address, so that the security of the first user data is improved.
Optionally, before the block link point receives the first data acquisition request of the first mechanism, the method further includes: the block chain node receives a registration request of a user terminal; the registration request is used for registering a first user in a blockchain; after the block chain link point verifies that the registration request passes, allocating a first user address for the first user, and recording a first user identifier and the first user address in the registration request in a user basic information record; and the block link node sends the first user address to the user side so that the user side encrypts the first user address and stores the encrypted first user address in the verification server side.
In the method, after the user side sends the registration request to the blockchain node, the blockchain node allocates the first user address to the first user, and stores the first user identifier and the first user address of the first user in the user basic information record. Therefore, the user basic information record in the block chain node is only opened to the block chain node, and other mechanisms or users cannot acquire the basic information of the first user, so that the first user identifier corresponding to the first user data cannot be determined; that is, even if user data is acquired, it is not possible to determine to which user the user data belongs, so that the basic information of the user and the user data are decoupled. In addition, under the condition that the basic information of the user is leaked, an illegal user cannot access the user data in the user address according to the basic information of the first user, so that the safety of the user data is improved, and the leakage of the user privacy data can be effectively prevented. When the user side receives the first user address distributed by the block chain link points, the first user address is encrypted and then stored in the verification server side, and the user side only reserves a decryption method. Therefore, on the premise of only acquiring the user account, the user password or the decryption method or the encrypted first user address of the first user, the first user data cannot be acquired, and the security of the first user data is improved.
Optionally, the method further includes: the block chain node receives an address binding request sent by the user side; the address binding request comprises a device address obtained by the user side through scanning device information of the device side; the device address is an address of the user data of the storage device end distributed by the block chain node for the device end; and the blockchain node performs address binding on the equipment address and the first user address of the user side according to the address binding request, so that the equipment side reads the user data of the equipment side from the blockchain node through the user side.
In the method, the address binding request can couple the user data generated by one or more device ends scanned by the user with the user address, so that the user data in the device address is subordinate to the authorization range of the user data corresponding to the user address and the user basic information such as the user type. When other mechanisms or other users acquire the user data of the device side, the authorization range, the user type and other information of the user data need to be met, and the security of the terminal data is improved.
In a second aspect, an embodiment of the present invention provides a user data protection device, where the device includes:
the system comprises a receiving and sending module, a sending and receiving module and a sending and receiving module, wherein the receiving and sending module is used for receiving a first data acquisition request of a first mechanism, and the first data acquisition request is used for acquiring first user data of a first user;
the processing module is used for verifying first authorization information in the first data acquisition request, wherein the first authorization information is provided for the first mechanism by the verification server side according to the authorization of the first user;
the processing module is further configured to, after the first authorization information is verified, extract user authorization data from a first user address of the first user according to the first authorization information, and provide the user authorization data to the first mechanism.
In a third aspect, an embodiment of the present application further provides a computing device, including: a memory for storing a program; a processor for calling the program stored in said memory and executing the method as described in the various possible designs of the first aspect according to the obtained program.
In a fourth aspect, embodiments of the present application further provide a computer-readable non-transitory storage medium including a computer-readable program which, when read and executed by a computer, causes the computer to perform the method as described in the various possible designs of the first aspect.
These and other implementations of the present application will be more readily understood from the following description of the embodiments.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an architecture for protecting user data according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a user data protection method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a user data protection method according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of another user data protection method according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of another user data protection method according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating a method for user registration and user data access in a block link point according to an embodiment of the present invention;
fig. 7 is a schematic flowchart of a method for device registration at a device end and address binding between a device address and a user address according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a user data protection apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a system architecture for protecting user data according to an embodiment of the present invention, in which a first user scans a two-dimensional code and the like of a first organization 106 through a user terminal 101, so that a device related to the first organization 106 obtains a first user identifier of the first user. Or the first user may be notified directly to the staff member of the first organization 106, and the staff member of the first organization 106 may record the first user identifier directly to the relevant device of the first organization 106; the specific manner in which the first mechanism 106 obtains the first subscriber identity is not limited herein. The first mechanism 106 sends a first authorization request to the authentication server 103 in the authentication server cluster 102 according to the first user identifier. The authentication server 103 generates a second authorization request according to the first authorization request and sends the second authorization request to the user 101. The first user sets information such as the authorization range of the user data in the user terminal 101, and returns the information such as the authorization range of the user data to the authentication server terminal 103. The verification server 103 generates a verification server signature according to the first authorization request, generates a user signature according to the verification server signature and information such as the authorization range of the user data, and returns the user signature to the first organization 106 by the verification server 103. The first mechanism 106 generates a first data acquisition request comprising the user signature and a first user identification and sends the first data acquisition request to the block link points 105 in the block chain node cluster 104. The blockchain node 105 verifies the user signature in the first data acquisition request, and acquires first authorization information after the verification is passed; searching a user basic information record according to the first user identification in the first data acquisition request, and acquiring a first user address corresponding to the first user identification; extracting user authorization data from the first user address of the first user according to the first authorization information; the last blockchain node 105 sends the acquired user authorization data to the first mechanism 106.
Based on this, an embodiment of the present application provides a user data protection method, as shown in fig. 2, including:
step 201, a block link node receives a first data acquisition request of a first mechanism, wherein the first data acquisition request is used for acquiring first user data of a first user;
here, the first institution may be a hospital, a school, or the like, and accordingly, the first user may be a patient, a student, or the like, and the first user data acquired by the first data acquisition request of the hospital institution may be diagnosis data, physical examination data, or the like of the patient. The first user data acquired by the first data acquisition request of the school education institution may be the student's performance over the years, course information, etc.
Step 202, the blockchain node verifies first authorization information in the first data acquisition request, where the first authorization information is provided to the first organization by a verification server according to the authorization of the first user;
here, the first authorization information may be information including an authorization range of the first user, user data, and the like; for example, in the above example, a hospital patient has opened the right to read physical examination data to the hospital, but has not opened the right to modify physical examination data to the hospital. An authorization end time may also be included; for example, in the above example, the hospital patient has opened the right to read the physical examination data for the hospital within 24 hours, and once the time from the hospital to the authentication server for the current reading of the physical examination data by the hospital exceeds 24 hours, the block chain node considers that the user signature authentication of the first request fails, and no first user data is opened to the hospital. The first authorization information includes, but is not limited to, information such as an authorization scope of user data of the first user and an authorization end time, and may further include a first organization type, a first organization name, a first authorization request time, a first user type, and the like.
Step 203, after the first authorization information is verified, the blockchain node extracts user authorization data from the first user address of the first user according to the first authorization information, and provides the user authorization data to the first mechanism.
Here, the first user address is a unique user address assigned by the blockchain node to the first user.
In the method, before the block link point receives a first data acquisition request of a first mechanism, the first mechanism acquires first user data of a first user if the first mechanism needs to acquire the first user data; the information, that is, the first authorization information, including the authorization range of the user data opened by the first user to the first mechanism, may be obtained through the authentication server according to the information, such as the first user identifier, provided by the first user. Enabling the first mechanism to generate a first data acquisition request according to the first user identifier and the first authorization information, sending the first data acquisition request to the block chain node, and further enabling the block chain node to authenticate the first mechanism according to the first authorization information; after the authentication is passed, the first user address is found according to the first user identification, and user authorization data is obtained from the first user address according to the first authorization information and is provided for the first mechanism. Therefore, the user authorization data can be opened for the first mechanism under the first authorization information; the security problem that the privacy data of the user is revealed because the first mechanism obtains all the user data of the first user without limit under the condition that the user is not authorized is prevented.
The embodiment of the present application provides a method for verifying first authorization information, where the verifying, by a blockchain node, the first authorization information in the first data acquisition request includes: and the block link node verifies the user signature in the first authorization information and the verification server signature in the first authorization information, and determines the use permission of the first mechanism on the user authorization data after the verification is passed. That is to say, the first authorization information included in the first data acquisition request may include a user signature and a signature of the verification server, and after the block node receives the first data acquisition request, the user signature and the signature of the verification server in the first data acquisition request are verified, and it is determined that the user signature and the signature of the verification server are legal, information such as an authorization range of the user data of the first user is extracted from the first data acquisition request, and it is determined that the first mechanism may use all or part of the data used by the first user data, that is, the user authorization data. Therefore, whether the first mechanism is legal or not is confirmed, and user authorization data are provided for the first mechanism according to the first authorization information, so that the safety of the user data is improved.
Optionally, the signature of the verification server is generated by the verification server according to a first authorization request of the first organization; the user signature is generated by the user terminal aiming at a second authorization request sent by the verification server terminal; the user signature is obtained by signing the authorization range of the user data and the signature of the verification server.
For example, the data structure of the signature of the verification server is shown in table 1:
Figure BDA0002697434580000101
TABLE 1
The verification server can obtain the time when the first mechanism sends the first authorization request, the time when the verification server receives the first authorization request, the type of the first mechanism, the type of equipment of the first mechanism, the identification of the first user, the type of the first user, the classification number of the operation data requiring authorization, the time period when the first mechanism requests authorization and other information, and the fields are used and spliced into character strings to serve as the signature of the verification server. Therefore, the intelligent contract of the verification server and the intelligent contract in the block chain node are matched to obtain the matched intelligent contract, and after the block chain node obtains the signature of the verification server, the validity of the signature of the verification server can be verified according to the matching rule of the intelligent contract of the verification server and the intelligent contract of the block chain node; and obtains the information in the signature of the authentication server. The signature of the verification server is transmitted between the verification server and the block link point, so that the verification of the validity and the acquisition of corresponding information can be realized, and the flow steps of validity verification and related information acquisition are simplified. The specific signature information for verifying the server signature and the method for generating the verification server signature are only examples, and the specific signature information for verifying the server signature and the method for generating the verification server signature are not limited.
For example, the data structure of the user signature is shown in table 2:
Figure BDA0002697434580000102
TABLE 2
The verification server can obtain information such as the authorization number of the first user to the first mechanism and the authorization ending time according to the signature of the verification server and the second authorization request; and (3) splicing the use & splicing in the table 1 into a signature of the verification server obtained by the character string, and splicing the authorization number and the authorization ending time with the signature of the verification server to obtain a user signature. The authorization number can mark a first user data category opened by the first user to the first mechanism, such as physical examination data, diagnosis data, entertainment data and the like; the authorization completion time may mark the time that the first user opened the user authorization data for the first organization, e.g., the user authorization data for the first user is only open for 48 hours for the first organization. Therefore, the intelligent contract of the service end and the intelligent contract in the block chain node are verified to be matched intelligent contracts, and after the block chain node obtains the user signature, the validity of the user signature can be verified according to the matching rules of the intelligent contract of the service end and the block chain node intelligent contract; and obtains the information in the user's signature. The user signature is transmitted between the verification server and the block link point, so that the verification of the validity and the acquisition of corresponding information can be realized, and the flow steps of the validity verification and the acquisition of related information are simplified. The specific signature information of the user signature and the method for generating the user signature are only an example, and the specific signature information of the user signature and the method for generating the user signature are not limited.
Based on the above method flow, an embodiment of the present application provides a user data protection method, as shown in fig. 3, including:
step 301, a first user at a user side sends a first user identifier to a related device of a first organization. The first user identifier may be an identity card number or a mobile phone number of the first user, or an identifier which can indicate the user identity, such as a number allocated by the authentication server to the first user.
Step 302, after receiving the first user identifier, the first mechanism generates a first authorization request according to the first user identifier and information such as first user data that needs to be acquired. The first authorization request may include a first user identification, first user data information that the first organization needs to obtain, a first organization name, a first organization type, and so on. The specific content of the first authorization request is not limited herein.
Step 303, the first authority sends the first authorization request to the authentication server.
Step 304, after the verification server receives the first authorization request, generating a signature of the verification server and a second authorization request according to the content of the first authorization request. The second authorization request may include the first organization name, the first organization type, the first user identifier, the first user data information that the first organization needs to obtain, and so on. The specific content of the first authorization request is not limited herein. The contents of the first authorization request and the second authorization request may be the same or different, and are not limited specifically herein.
Step 305, the authentication server sends the second authorization request to the user side.
And step 306, after the user side receives the second authorization request, displaying the related information to the first user according to the content of the second authorization request. For example, a first organization type and name, first user data required by the first organization, the type of operation of the first organization, a request authorization period, and so forth are displayed to the first user. The operation type of the first mechanism can be reading, adding, deleting, modifying data and the like; the request authorization period may be for the first organization to request acquisition of the first user data in XX month XX 08:00 to 17:00 in XX year. Correspondingly, the first user can generate information such as the authorization range of the user data in a selected or input mode. For example, the first user may select 02 as physical examination data in the first user data by selecting the number of the first user data; the type of operation of the first institution, e.g., selected a as allowing the first institution to read-02 as physical examination data in the first user data; the first user may set the authorization end time by entering the authorization end time. Here, the generation method of the information such as the authorization range of the user data of the first user and the specific authorization right content are not limited.
Step 307, the user side sends information such as the authorization range of the user data of the first user to the verification server side.
And 308, the verification server generates a user signature according to the information such as the authorization range of the user data of the first user and the signature of the verification server, determines the information such as the block link point address and the intelligent contract address of the first user data according to the first user identifier, and generates response information of the first authorization request according to the information such as the user signature, the block link point address and the intelligent contract address of the first user data.
Step 309, the verification server sends the response message to the first organization.
In step 310, the first mechanism generates a first data obtaining request according to the response information.
Step 311, the first mechanism sends the first data obtaining request to the blockchain node.
And step 312, the block link node verifies according to the user signature in the first data acquisition request and the signature of the verification server, after the verification is passed, searches for a locally maintained user basic information record according to the first user identifier in the first data acquisition request, finds a first user address corresponding to the first user identifier, and extracts user authorization data from the first user address according to the first authorization information in the first data acquisition request.
At step 313, the block link sends the user authorization data to the first mechanism.
Based on the method flows of fig. 2 and fig. 3, the embodiment of the present application provides another user data protection party
The method, as shown in fig. 4, includes:
step 401, the block chain node receives a second data acquisition request of a second organization; the second data acquisition request is used for acquiring user data of a specified user type;
here, the second institution may be an institution such as a government, a hospital, a school, etc., and the second institution may be an institution that needs to perform big data statistics to obtain information such as group characteristics, or group trends. The user type may refer to a male user, a female user, a male user aged 20-30, a female user aged 20-30, a student user, a doctor user, and the like.
Step 402, after the block link point verifies the second mechanism, determining a second user according with the user type;
the second user is a user of a user type that is consistent with the second data acquisition request. For example, if the type of the second user is a student user.
Step 403, the block chain node extracts second user data according to a second user address of the second user;
here, the second user address is a unique user address assigned by the blockchain node to the second user.
Step 404, the block link point encrypts a second user identifier of the second user, and sends the second user data and the encrypted second user identifier to the second mechanism; wherein each encryption result of the second user identifier is different and is not associated with each other.
Here, the second user identifier may be an identity card number or a mobile phone number of the second user, or an identifier that can indicate the user identity, such as a number allocated by the authentication server to the second user. The encryption results of the second user identifications are different and are not associated with each other, so that the second mechanism can distinguish user data of different users according to the encrypted second user identifications, but the second mechanism cannot decrypt, index and associate the encrypted second user identifications obtained when the second user data is obtained for multiple times. Therefore, even if the second organization acquires the second user data of the second user for multiple times, the second organization cannot correlate the encrypted second user identifier obtained when the second user data is acquired for multiple times, and further analyze the privacy information of the second user.
In the method, a second mechanism needs to acquire one type or multiple types of user data, a second data acquisition request containing the user type is generated, the block link point verifies the second data acquisition request after receiving the second data acquisition request, after the verification is confirmed, a matched second user is found according to the user type, and the second user data is extracted according to a second user address of the second user. The second data acquisition request can be verified according to the communication protocol between the second mechanism and the block link point or the information such as the authorization authority number issued by the second mechanism, the authentication key and the like of the auditing department, so that the security of the block link node and the security of the user data are ensured. And encrypting the second user identification, and sending the encrypted second user identification and the corresponding second user data to the second mechanism. Therefore, the second mechanism can not determine the real identity information of the second user on the premise of determining the second user data corresponding to the second user, and the data privacy of the second user is ensured. And because the encryption results of the second user identifications are different and not associated with each other every time, even if the second user identifications encrypted every time are subjected to indexing and association analysis, the indexing relationship and the association relationship existing in the second user identifications encrypted for multiple times cannot be obtained, further, the second user data acquired for multiple times cannot be determined to belong to the same second user, the characteristic and trend analysis aiming at the second user data cannot be carried out, and the safety of the user data is improved.
Based on the method flow of fig. 4, an embodiment of the present application provides yet another user data protection method, as shown in fig. 5, including:
step 501, after determining that the user data of one or more user types needs to be subjected to big data analysis and the like, the second mechanism generates a second data acquisition request according to the user type, the authorization authority number/authentication key/certificate issued by the auditing department acquired before, the block link point address and other information.
Step 502, the second mechanism sends the second data acquisition request to the blockchain node.
Step 503, the block link point verifies the second mechanism according to the information such as the authorization authority number, the authentication key, the certificate and the like issued by the auditing department carried in the second data acquisition request, and after the verification is passed, searches the locally maintained user basic information record according to the user type in the second data acquisition request, acquires the second user corresponding to the user type, and further finds the second user address of the second user. And extracting second user data from the second user address according to information such as the authorization authority number issued by the auditing department to the second organization. Here, the information such as the authorization authority number issued by the auditing department to the second organization may include an acquisition rule for the second user data; for example, if the user data acquired by the second data acquisition request is updated data, the second organization is allowed to acquire only the user data of 70% of the attributes of the user data. If the user data acquired by the second data acquisition request is record-type data, the second entity is only allowed to acquire 60% of the attributes of the user data, and the number of the user data does not exceed a preset number, where the number of the attributes and the number of the user data which are allowed to be acquired by the second entity may be set to be in negative correlation. Therefore, on the premise of ensuring that the user data acquired by the second mechanism conforms to the statistical hierarchical sampling method, basic limitation is performed on the second user data acquired by the second mechanism, the second mechanism is prevented from acquiring all user data of the second user, and the second user data acquired for multiple times is subjected to indexing and correlation analysis, so that the user privacy data is leaked. And when the second user data is obtained, encrypting the second user identification, wherein a second user identification encryption mode is provided, for example, a random number is generated through a Matteset rotation algorithm, then the second user identification is spliced with the random number, and multiple HASH HASH operations are carried out on the second user identification spliced with the random number to obtain the encrypted second user identification, so that the encrypted second user identifications are not associated with each other and cannot be indexed with each other, and the original second user identification cannot be obtained through reverse operations. It should be noted that the above-mentioned acquisition rule of the second user data and the second user id encryption method are only one example, and any method capable of achieving the effect may be used, and the above-mentioned example does not limit the acquisition rule of the second user data and the second user id encryption method.
Step 504, the block link point sends the encrypted second user id and the corresponding second user data to the second mechanism.
It should be noted here that the first user and the second user may be the same user or different users, and the first organization and the second organization may be the same organization or different organizations.
Based on the above flow steps of fig. 2 and fig. 3, fig. 4 and fig. 5, an embodiment of the present application further provides a method for user registration and user data access in a block link point, where as shown in fig. 6, before a first mechanism acquires first user data and a second mechanism acquires second user data, the following flow steps collectively refer to the first user and the second user in the above flow as a first user, and include:
step 601, the first user logs in the authentication server and sends information such as a user account, a user password, a user type, a first user identifier and the like of the first user to the authentication server.
Step 602, the verification server verifies information such as a user account and a user password of a first user, and allocates a block link point address and an intelligent contract address to the first user after the first user is determined to be a legal user; and determining the access right of the block chain node of the first user according to the user type of the first user, namely whether the first user can modify the first user data in the block chain node or not. And generating a temporary signature, such as token, according to the information such as the access authority of the block chain node.
And step 603, sending information such as block link point addresses, intelligent contract addresses, temporary signatures and the like to the user side.
And step 604, the user side generates a registration request according to the information such as the block link point address, the intelligent contract address, the temporary signature and the like.
Step 605, the user side sends the registration request to the blockchain node.
Step 606, the block chain node receives a registration request of the user terminal, allocates a first user address to the first user, and records the first user identifier and the first user address in the user basic information record, wherein the registration request is used for registering the first user in the block chain.
Step 607, the block node sends the first user address to the user terminal.
Step 608, after the user side receives the first user address sent by the blockchain node, the first user address is encrypted.
Step 609, the user side stores the encrypted first user address in the authentication server side.
Step 610, the user side sends an access request containing information such as a user account and a user password of the first user to the authentication server side.
Step 611, after the verification server verifies that the information such as the user account and the user password of the first user in the access request is legal, the encrypted first user address, the block link point address, the intelligent contract address and the like corresponding to the first user are obtained, and the temporary signature is generated.
And step 612, the verification server sends the encrypted information such as the first user address, the block link point address, the intelligent contract address, the temporary signature and the like to the user side.
Step 613, the user terminal decrypts the encrypted first user address, and generates a third data acquisition request according to the decrypted first user address and the temporary signature.
And step 614, the user side sends the third data acquisition request to the blockchain node.
Step 615, the block link node receives a third data acquisition request sent by the user side, and verifies third authorization information in the third data acquisition request; the third authorization information includes the temporary signature. And after the block chain node verifies that the third authorization information passes, executing the third data acquisition request according to the first user address in the third data acquisition request.
And step 616, generating a response message according to the execution result of the third data acquisition request, and sending the response message to the user side.
It should be noted that, in the above flow steps, steps 601 to 609 are a method for user registration in a block link point, and steps 610 to 616 are a method for user access to user data, and these two methods can be performed in two flows. The two flows are described together for clarity of explanation of the flow steps, and the description is not intended to limit the execution of the method flow for user registration and the method flow for user access to user data in blockchain nodes. For example, after the user registration method in the block link point is completed, the user access method for the user data is not necessarily executed.
The embodiment of the present application further provides a method for device registration and address binding between a device address and a user address, as shown in fig. 7, including:
step 701, the device side sends information such as device identification, device password, device type and the like to the verification server side.
Step 702, the verification server verifies the information such as the equipment identifier, the equipment password, the equipment type and the like sent by the equipment terminal, records the information such as the equipment identifier, the equipment password, the equipment type and the like after the verification is passed, and allocates a block link point address, an intelligent contract address, a temporary signature and the like for the equipment terminal.
And step 703, the verification server sends information such as the block link point address, the intelligent contract address, the temporary signature and the like allocated to the equipment end.
And 704, the equipment side generates a registration request according to the information such as the block link point address, the intelligent contract address, the temporary signature and the like.
Step 705, the device side sends the registration request to the blockchain node.
In step 706, after receiving the registration request, the block link node allocates an equipment address to the equipment end, where the equipment address is used to store user data generated by the equipment end, such as browsing data of a web page generated by the equipment end, video playing data, and the like.
In step 707, the blockchain node sends the device address to the device side, so that when the device side generates user data, the user data can be stored in the device address in the blockchain node.
Step 708, the user side obtains the device address by scanning the device information of the device side.
Step 709, the user end sends an address acquisition request to the authentication server end.
And 710, the verification server generates an address acquisition request response containing the encrypted user address, the block link point address, the intelligent contract address and the temporary signature, and sends the address acquisition request response to the user side.
Step 711, the user decrypts the encrypted user address to obtain the user address.
And 712, the user side generates an address binding request according to the equipment address, the user address, the block link point address, the intelligent contract address and the temporary signature, and sends the address binding request to the block link node.
And 713, verifying the address binding request by the block link point according to the temporary signature, and binding the equipment address and the user address after the verification is passed. After the block link point binds the device address with the user address, the user data in the device address can be stored in the user address, and the device address can also be recorded in a record corresponding to the user in a user basic information record, that is, the user basic information contains a user identifier, the user address and the device address; thus, the user data in the device address is affiliated with the user.
In step 714, the block link node sends the address binding result to the user side.
Step 715, the user side sends the address binding result to the verification server side, so that the verification server side couples the information such as the device address of the device side with the information such as the user address of the user side.
Step 716, when the device generates user data to be stored or needs to access the user data in the device address, sending an authorization result obtaining request to the verification server.
Step 717, after the authentication server receives the request for obtaining the authorization result, it is determined that the device address is already bound with the user address, and the device end is informed by the request for obtaining the authorization result.
Step 718, the device side reads the user data of the device side from the blockchain node through the user side, or the device side directly reads the user data of the device side from the user address.
It should be noted that, in the above flow steps, steps 701 to 707 are methods for device side device registration, and steps 708 to 718 are methods for address binding between a device address and a user address, and these two methods may be performed in two flows. The two flows are described together for clarity of explanation of the flow steps, and the explanation does not limit the execution of the method flow of device side device registration and the method flow of address binding of the device address and the user address. For example, after the method flow of device side device registration is completed, the address binding method flow of the device address and the user address is not necessarily executed.
Based on the same concept, an embodiment of the present invention provides a user data protection device, and fig. 8 is a schematic diagram of user data protection provided in an embodiment of the present application, as shown in fig. 8, including:
a transceiver module 801, configured to receive a first data obtaining request of a first organization, where the first data obtaining request is used to obtain first user data of a first user;
a processing module 802, configured to verify first authorization information in the first data obtaining request, where the first authorization information is provided to the first organization by a verification server according to the authorization of the first user;
the processing module 802 is further configured to, after the first authorization information is verified, extract user authorization data from the first user address of the first user according to the first authorization information, and provide the user authorization data to the first mechanism.
Optionally, the processing module 802 is specifically configured to: and the block link node verifies the user signature in the first authorization information and the verification server signature in the first authorization information, and determines the use permission of the first mechanism on the user authorization data after the verification is passed.
Optionally, the processing module 802 is specifically configured to: the signature of the verification server is generated by the verification server according to a first authorization request of the first organization; the user signature is generated by the user terminal aiming at a second authorization request sent by the verification server terminal; the user signature is obtained by signing the authorization range of the user data and the signature of the verification server.
Optionally, the transceiver module 801 is further configured to: receiving a second data acquisition request of a second organization; the second data acquisition request is used for acquiring user data of a specified user type; the processing module 802 is further configured to: after the second organization passes the verification, determining a second user according with the user type; the processing module 802 is further configured to: extracting second user data according to a second user address of the second user; encrypting a second user identifier of the second user, and sending the second user data and the encrypted second user identifier to the second mechanism; wherein each encryption result of the second user identifier is different and is not associated with each other.
Optionally, the transceiver module 801 is further configured to: the block link node receives a third data acquisition request sent by the user side; the processing module 802 is further configured to: checking third authorization information in the third data acquisition request; the third authorization information is sent after the authentication server side authenticates that the access request of the user side is legal; the processing module 802 is further configured to: after the third authorization information is verified, executing the third data acquisition request according to the first user address in the third data acquisition request; the first user address in the third data acquisition request is obtained by the user terminal decrypting the encrypted first user address acquired from the verification server terminal.
Optionally, the transceiver module 801 is further configured to: receiving a registration request of a user side; the registration request is used for registering a first user in a blockchain; the processing module 802 is further configured to: after the registration request is verified, allocating a first user address for the first user, and recording a first user identifier and the first user address in the registration request in a user basic information record; the transceiver module 801 is further configured to: and sending the first user address to the user side so that the user side encrypts the first user address and stores the encrypted first user address in the verification server side.
Optionally, the transceiver module 801 is further configured to: receiving an address binding request sent by the user side; the address binding request comprises a device address obtained by the user side through scanning device information of the device side; the device address is an address of the user data of the storage device end distributed by the block chain node for the device end;
the processing module 802 is further configured to: and performing address binding on the equipment address and the first user address of the user side according to the address binding request, so that the equipment side reads the user data of the equipment side from the block chain node through the user side.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A method of user data protection, the method comprising:
the method comprises the steps that a block chain node receives a first data acquisition request of a first mechanism, wherein the first data acquisition request is used for acquiring first user data of a first user;
the blockchain node verifies first authorization information in the first data acquisition request, wherein the first authorization information is provided for the first mechanism by a verification server side according to the authorization of the first user;
and after the first authorization information is verified, the blockchain node extracts user authorization data from the first user address of the first user according to the first authorization information and provides the user authorization data to the first mechanism.
2. The method of claim 1, wherein the blockchain node verifying the first authorization information in the first data acquisition request comprises:
and the block link node verifies the user signature in the first authorization information and the verification server signature in the first authorization information, and determines the use permission of the first mechanism on the user authorization data after the verification is passed.
3. The method of claim 2, wherein the authentication server signature is generated by the authentication server from a first authorization request by the first authority;
the user signature is generated by the user terminal aiming at a second authorization request sent by the verification server terminal; the user signature is obtained by signing the authorization range of the user data and the signature of the verification server.
4. The method of any of claims 1-3, wherein the method further comprises:
the block chain node receives a second data acquisition request of a second mechanism; the second data acquisition request is used for acquiring user data of a specified user type;
after the block link point passes the verification of the second mechanism, determining a second user according with the user type;
the block chain node extracts second user data according to a second user address of the second user;
the block link point encrypts a second user identifier of the second user, and sends the second user data and the encrypted second user identifier to the second mechanism; wherein each encryption result of the second user identifier is different and is not associated with each other.
5. The method of any of claims 1-3, further comprising: the block link node receives a third data acquisition request sent by the user side;
the block link point checks third authorization information in the third data acquisition request; the third authorization information is sent after the authentication server side authenticates that the access request of the user side is legal;
after the block chain node verifies that the third authorization information passes, executing the third data acquisition request according to the first user address in the third data acquisition request; the first user address in the third data acquisition request is obtained by the user terminal decrypting the encrypted first user address acquired from the verification server terminal.
6. The method of any of claims 1-3, wherein prior to the block link point receiving the first data acquisition request by the first mechanism, the method further comprises:
the block chain node receives a registration request of a user terminal; the registration request is used for registering a first user in a blockchain;
after the block chain link point verifies that the registration request passes, allocating a first user address for the first user, and recording a first user identifier and the first user address in the registration request in a user basic information record;
and the block link node sends the first user address to the user side so that the user side encrypts the first user address and stores the encrypted first user address in the verification server side.
7. The method of claim 6, further comprising:
the block chain node receives an address binding request sent by the user side; the address binding request comprises a device address obtained by the user side through scanning device information of the device side; the device address is an address of the user data of the storage device end distributed by the block chain node for the device end;
and the blockchain node performs address binding on the equipment address and the first user address of the user side according to the address binding request, so that the equipment side reads the user data of the equipment side from the blockchain node through the user side.
8. An apparatus for user data protection, the apparatus comprising:
the system comprises a receiving and sending module, a sending and receiving module and a sending and receiving module, wherein the receiving and sending module is used for receiving a first data acquisition request of a first mechanism, and the first data acquisition request is used for acquiring first user data of a first user;
the processing module is used for verifying first authorization information in the first data acquisition request, wherein the first authorization information is provided for the first mechanism by the verification server side according to the authorization of the first user;
the processing module is further configured to, after the first authorization information is verified, extract user authorization data from a first user address of the first user according to the first authorization information, and provide the user authorization data to the first mechanism.
9. A computer-readable storage medium, characterized in that the storage medium stores a program which, when run on a computer, causes the computer to carry out the method of any one of claims 1 to 7.
10. A computer device, comprising:
a memory for storing a computer program;
a processor for calling a computer program stored in said memory to execute the method of any of claims 1 to 7 in accordance with the obtained program.
CN202011010601.2A 2020-09-23 2020-09-23 User data protection method and device Active CN113489669B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011010601.2A CN113489669B (en) 2020-09-23 2020-09-23 User data protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011010601.2A CN113489669B (en) 2020-09-23 2020-09-23 User data protection method and device

Publications (2)

Publication Number Publication Date
CN113489669A true CN113489669A (en) 2021-10-08
CN113489669B CN113489669B (en) 2023-04-18

Family

ID=77932625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011010601.2A Active CN113489669B (en) 2020-09-23 2020-09-23 User data protection method and device

Country Status (1)

Country Link
CN (1) CN113489669B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001801A (en) * 2022-05-30 2022-09-02 北京沸铜科技有限公司 Block chain-based digital content heterogeneous chain cross-chain authorization method

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418795A (en) * 2018-01-30 2018-08-17 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
JP2018160179A (en) * 2017-03-23 2018-10-11 学校法人近畿大学 Virtual currency management program and method
CN109587146A (en) * 2018-12-11 2019-04-05 北京奇虎科技有限公司 Method for managing object and system based on block chain
US20190147431A1 (en) * 2017-11-16 2019-05-16 Blockmason Inc. Credit Protocol
US20190294822A1 (en) * 2018-03-26 2019-09-26 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and system for accessing anonymized data
US20190294817A1 (en) * 2018-03-26 2019-09-26 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and system for managing access to personal data by means of a smart contract
CN110910978A (en) * 2019-11-21 2020-03-24 腾讯科技(深圳)有限公司 Information processing method applied to block chain network and related device
CN111539813A (en) * 2020-07-10 2020-08-14 支付宝(杭州)信息技术有限公司 Method, device, equipment and system for backtracking processing of business behaviors
CN111552935A (en) * 2020-04-22 2020-08-18 ***股份有限公司 Block chain data authorization access method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018160179A (en) * 2017-03-23 2018-10-11 学校法人近畿大学 Virtual currency management program and method
US20190147431A1 (en) * 2017-11-16 2019-05-16 Blockmason Inc. Credit Protocol
CN108418795A (en) * 2018-01-30 2018-08-17 百度在线网络技术(北京)有限公司 Data access method, device, system and the computer-readable medium of transregional piece of chain
US20190238327A1 (en) * 2018-01-30 2019-08-01 Baidu Online Network Technology (Beijing) Co., Ltd. Cross-blockchain data access method, apparatus and system, and computer readable medium
US20190294822A1 (en) * 2018-03-26 2019-09-26 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and system for accessing anonymized data
US20190294817A1 (en) * 2018-03-26 2019-09-26 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and system for managing access to personal data by means of a smart contract
CN109587146A (en) * 2018-12-11 2019-04-05 北京奇虎科技有限公司 Method for managing object and system based on block chain
CN110910978A (en) * 2019-11-21 2020-03-24 腾讯科技(深圳)有限公司 Information processing method applied to block chain network and related device
CN111552935A (en) * 2020-04-22 2020-08-18 ***股份有限公司 Block chain data authorization access method and device
CN111539813A (en) * 2020-07-10 2020-08-14 支付宝(杭州)信息技术有限公司 Method, device, equipment and system for backtracking processing of business behaviors

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
冯涛,焦滢,方君丽,田野: "基于联盟区块链的医疗健康数据安全模型", 《计算机科学》 *
房卫东等: "区块链的网络安全:威胁与对策", 《信息安全学报》 *
焦滢: "基于区块链和隐私保护的医疗健康数据安全模型研究", 《中国优秀硕士论文全文数据库(电子期刊)信息科技辑》 *
程序猿DA哥: "浅谈华为如何实现区块链的安全隐私保护", 《博客园 HTTPS://WWW.CNBLOGS.COM/CHENGXUYUANBROTHER/P/9407548.HTML》 *
纪露生,张桂玲,杨佳润: "基于区块链的链下个人数据保护方案", 《计算机工程》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115001801A (en) * 2022-05-30 2022-09-02 北京沸铜科技有限公司 Block chain-based digital content heterogeneous chain cross-chain authorization method
CN115001801B (en) * 2022-05-30 2023-05-30 北京沸铜科技有限公司 Digital content heterogeneous chain cross-chain authorization method based on blockchain

Also Published As

Publication number Publication date
CN113489669B (en) 2023-04-18

Similar Documents

Publication Publication Date Title
US11777726B2 (en) Methods and systems for recovering data using dynamic passwords
US11818265B2 (en) Methods and systems for creating and recovering accounts using dynamic passwords
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN112487778B (en) Multi-user online signing system and method
US20210409221A1 (en) Portable Biometric Identity on a Distributed Data Storage Layer
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN107181765A (en) Network digital identity identifying method based on block chain technology
KR102088218B1 (en) Online examination management system and method thereof
US20090271635A1 (en) Methods and systems for authentication
US8995655B2 (en) Method for creating asymmetrical cryptographic key pairs
CN109829333B (en) OpenID-based key information protection method and system
CN109067702B (en) Method for generating and protecting real-name system network identity
CN113489669B (en) User data protection method and device
CN113849797A (en) Method, device, equipment and storage medium for repairing data security vulnerability
KR102211033B1 (en) Agency service system for accredited certification procedures
Verma et al. Applications of Data Security and Blockchain in Smart City Identity Management
CN116830181A (en) Service providing system
Wang et al. Linking Souls to Humans with ZKBID: Accountable Anonymous Blockchain Accounts for Web 3.0 Decentralized Identity
CN117097562B (en) Safe centralized signature method and system
Judy Flava Survey of Triangle Security in Cloud
CN112182628B (en) Privacy information security access method and device
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
RU2795371C1 (en) Method and system of depersonalized assessment of clients of organizations for carrying out operations between organizations
US20230289423A1 (en) System and method for providing secure, verified, and authenticated identification for an individual
Raposo Streamlining the Usage of Authorization or Digital Signature in Digital Processes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 266555, No. 218, Bay Road, Qingdao economic and Technological Development Zone, Shandong

Patentee after: Hisense Group Holding Co.,Ltd.

Address before: 266555, No. 218, Bay Road, Qingdao economic and Technological Development Zone, Shandong

Patentee before: QINGDAO HISENSE ELECTRONIC INDUSTRY HOLDING Co.,Ltd.

CP01 Change in the name or title of a patent holder