CN116720160A

CN116720160A - Data authorization method, device and system

Info

Publication number: CN116720160A
Application number: CN202310966126.3A
Authority: CN
Inventors: 潘冲; 邱锴; 郭振江; 赵春林; 赵海威; 戴薇; 王海洋
Original assignee: Beijing International Big Data Trading Co ltd
Current assignee: Beijing International Big Data Trading Co ltd
Priority date: 2023-08-02
Filing date: 2023-08-02
Publication date: 2023-09-08

Abstract

The application discloses a data authorization method, a device and a system, wherein the method comprises the following steps: in response to receiving the authorization requirement information of the authorization requirement party, carrying out requirement verification on the authorization requirement information; if the demand verification is passed, the authorization demand information is sent to the data main body party so that the data main body party performs authorization verification on the authorization demand information, and if the data main body party passes the authorization verification on the authorization demand information, authorization response information is generated; generating an authorization file based on the authorization response information; and outputting the authorization file to the authorization demander so that the authorization demander obtains the demand data based on the authorization file. The data authorization method can be executed by the authorization service side, and the authorization requirement information can be sent to the data main side for authorization verification, so that the data main side can participate in the whole authorization process, decoupling of the authorization flow and the data flow is realized, data circulation is promoted, and the data circulation efficiency is improved.

Description

Data authorization method, device and system

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a method, an apparatus, and a system for data authorization.

Background

The current data authorization technology is set based on the income distribution logic of the data demand party and the data supply party, but the main body with the data ownership cannot know the whole data authorization flow, cannot ensure that the data main body participates in the data transaction circulation income through authorization, can not meet the current practical application demands, and influences the data circulation application.

Disclosure of Invention

Aiming at the problems, the application provides a data authorization method, a device and a system, which realize that a data main party can participate in a data authorization process and improve the data circulation efficiency.

In order to achieve the above object, the present application provides the following technical solutions:

a method of data authorization, the method comprising:

responding to receiving authorization requirement information of an authorization requirement party, and carrying out requirement verification on the authorization requirement information;

if the demand verification is passed, the authorization demand information is sent to a data main party so that the data main party performs authorization verification on the authorization demand information, and if the data main party passes the authorization verification on the authorization demand information, authorization response information is generated;

generating an authorization file based on the authorization response information;

and outputting the authorization file to the authorization demander so that the authorization demander obtains the demand data based on the authorization file.

Optionally, the responding to receiving the authorization requirement information of the authorization requirement party, performing requirement verification on the authorization requirement information includes:

in response to receiving authorization requirement information of an authorization requirement party, obtaining a data list by a data provider, wherein the data list characterizes data information which can be provided by the data provider;

performing demand verification on the authorization demand information based on the data list;

and if the data requirement range corresponding to the authorization requirement information is within the data range of the data list, determining that the authorization requirement information requirement verification passes.

Optionally, the sending the authorization requirement information to the data body side includes:

integrating the authorization requirement information of each authorization requirement party to obtain integrated authorization requirement information;

and carrying out semantic field standardization processing on the integrated authorization requirement information, and sending the processed authorization requirement information to a data main party.

Optionally, the method further comprises:

obtaining characteristic information of the authorized demander;

performing attribute grading treatment on the characteristic information to obtain attribute grading description information;

and sending the attribute grading description information to the data main party so that the data main party can conduct authorization verification on the authorization requirement information based on the attribute grading description information.

Optionally, the method further comprises:

and responding to the authorization requirement party to obtain requirement data based on the authorization file, generating benefit feedback information corresponding to the authorization requirement information, and sending the benefit feedback information to an authorization service party and the data main party.

A data authorization device, the device comprising:

the verification unit is used for responding to the received authorization requirement information of the authorization requirement party and carrying out requirement verification on the authorization requirement information;

the sending unit is used for sending the authorization requirement information to the data main body party if the requirement verification passes, so that the data main body party performs authorization verification on the authorization requirement information, and if the data main body party passes the authorization verification on the authorization requirement information, authorization response information is generated;

the generation unit is used for generating an authorization file based on the authorization response information;

and the output unit is used for outputting the authorization file to the authorization demander so that the authorization demander obtains the demand data based on the authorization file.

Optionally, the verification unit includes:

a first obtaining subunit, configured to obtain, by a data provider, a data list in response to receiving authorization requirement information of an authorization requirement party, where the data list characterizes data information that can be provided by the data provider;

the first verification subunit is used for carrying out requirement verification on the authorization requirement information based on the data list;

and the determining subunit is used for determining that the authorization requirement information requirement verification passes if the data requirement range corresponding to the authorization requirement information is in the data range of the data list.

Optionally, the transmitting unit includes:

the integration subunit is used for integrating the authorization requirement information of each authorization requirement party to obtain integrated authorization requirement information;

the processing subunit is used for carrying out semantic field standardization processing on the integrated authorization requirement information and sending the processed authorization requirement information to a data main party;

wherein the transmitting unit further includes:

the second acquisition subunit is used for acquiring the characteristic information of the authorized demander;

the grading processing subunit is used for carrying out attribute grading processing on the characteristic information to obtain attribute grading description information;

and the sending subunit is used for sending the attribute grading description information to the data main body party so that the data main body party can conduct authorization verification on the authorization requirement information based on the attribute grading description information.

Optionally, the apparatus further comprises:

and the profit sending unit is used for responding to the requirement data obtained by the authorization requirement party based on the authorization file, generating profit feedback information corresponding to the authorization requirement information and sending the profit feedback information to the authorization service party and the data main party.

A data authorization system, comprising:

an authorization demander, a data provider, an authorization service, and a data principal, wherein,

the authorization requirement party is used for generating authorization requirement information and sending the authorization requirement information to the authorization service party;

the authorization server is configured to perform the data authorization method according to any one of the above claims;

the data main body side is used for carrying out authorization verification on the authorization requirement information;

the data provider is used for providing a data list, and the data list characterizes data information which can be provided by the data provider.

Compared with the prior art, the application provides a data authorization method, a device and a system, wherein the method comprises the following steps: in response to receiving the authorization requirement information of the authorization requirement party, carrying out requirement verification on the authorization requirement information; if the demand verification is passed, the authorization demand information is sent to the data main body party so that the data main body party performs authorization verification on the authorization demand information, and if the data main body party passes the authorization verification on the authorization demand information, authorization response information is generated; generating an authorization file based on the authorization response information; and outputting the authorization file to the authorization demander so that the authorization demander obtains the demand data based on the authorization file. The data authorization method can be executed by the authorization service side, and the authorization requirement information can be sent to the data main side for authorization verification, so that the data main side can participate in the whole authorization process, decoupling of the authorization flow and the data flow is realized, data circulation is promoted, and the data circulation efficiency is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic flow chart of a data authorization method according to an embodiment of the present application;

FIG. 2 is a timing diagram of data authorization according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of a data authorization device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

The terms first and second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to the listed steps or elements but may include steps or elements not expressly listed.

The embodiment of the application provides a data authorization method which can be applied to an authorization service party capable of providing authorization services, such as an authorization service platform, an authorization server and the like. The method can realize the data authorization of participation of the data main body (such as a person) in the income, realize the integration, circulation and income feedback of the data authorization requirement, effectively solve the problems of the autonomy, the awareness and the income of the data main body of enterprises or natural persons and the like, and promote the data circulation to the greatest extent on the premise of ensuring the compliance.

Referring to fig. 1, a flow chart of a data authorization method according to an embodiment of the present application may include the following steps:

s101, responding to received authorization requirement information of an authorization requirement party, and carrying out requirement verification on the authorization requirement information.

S102, if the demand verification is passed, the authorization demand information is sent to the data main party so that the data main party performs authorization verification on the authorization demand information, and if the data main party passes the authorization verification on the authorization demand information, authorization response information is generated.

Referring to fig. 2, a timing chart of data authorization is provided for an embodiment of the present application, and the method is applied to an authorization server, that is, a platform or a server for providing data authorization. The authorized demand party refers to all subjects with data authorization demands, and can be external demand parties or internal demand parties. The external demander can be a data transaction service provider, and is used as an agent for ginseng and data circulation activities; the method can also be an actual terminal data use requirement client, and solves the difficult problem that the data main body is difficult to contact to obtain authorization.

The authorization requirement party generates the authorization requirement information, wherein the authorization requirement information is used for requesting authorization of data acquisition and also comprises the requested data related information. That is, the authorization requirement method needs to provide certain authorization requirement information, including specific information of a requirement party (namely, an authorization requirement party, also called a data requirement party), related information of a data provider (also called a supplier), a data field name, a data caliber, a rule requirement, a data use period, a benefit and the like. The demand party comprises a demand client of the terminal, the supply party comprises a data acquisition party of the terminal, and the real source and the actual destination of the data can be ensured to be clear in the authorization process; the data field list can determine the data content to be authorized by means of caliber; the rule requirement is that when there is a definite crowd condition scene for marketing, etc., whether the main body to be authorized meets the requirement can be distinguished, and invalid authorization is avoided and reduced.

When the authorization service side receives the authorization requirement information of the authorization requirement side, requirement verification needs to be carried out on the authorization requirement information, and the requirement verification can comprise identity verification of the authorization requirement side and reasonability verification of the requirement.

In one embodiment, the performing, in response to receiving the authorization requirement information of the authorized party, the requirement verification on the authorization requirement information includes:

It should be noted that, after the authorization requirement is met, the authorized requirement party may check the data list corresponding to the data provider to determine whether the necessary authorization requirement is met. The process can be executed by the authorization service side, whether the authorization requirement side meets the verification of the data list of the data provider or not can be verified by the authorization service side, the effectiveness of data authorization can be promoted, the problem that follow-up data cannot be authorized when verification is omitted by the authorization requirement side can be avoided, and the processing efficiency of data authorization can be improved. The data list is a data field catalog acquired and converged by an authorized service party from each data provider under a legal framework, and is essentially data range information related to a data product catalog of the data provider and the like.

If the authorization requirement information of the authorization requirement party meets the data range which can be provided by the data bill, the requirement verification is passed, the authorization requirement information is sent to the data main party, and if the authorization requirement information is not met, a message which is not passed through the verification can be fed back to the authorization requirement party, so that the authorization requirement party can adjust the authorization requirement information based on the feedback information.

When the demand verification is passed, the authorization demand information can be sent to the data main body side, and the data main body side performs authorization verification to generate corresponding authorization response information.

Further, in order to facilitate the authorization verification of the data body, before the authorization requirement information is sent to the data body side, the authorization requirement information can be processed, so that the authorization verification of the data body on the authorization requirement information is facilitated, and specifically, field unified processing, field merging and the like can be performed.

In one embodiment, the sending the authorization requirement information to the data-hosting party includes:

The integration of the authorization requirement information means the integration of the same data authorization requirements of a plurality of data demanders, so that subsequent persons to be authorized can independently select to authorize the plurality of demanders in batches. The semantic field standardization processing refers to processing demand information through semantic mapping, namely, because in a big data background, different demand parties use different systems to cause a large difference in naming modes of data fields, in order to ensure that a data main party can clearly know the meaning of the data fields in authorization demand information, a standard data semantic library can be constructed in an authorization service party, and through daily continuous maintenance of all data fields facing individuals, original field names provided by the demand parties are uniformly maintained by adopting data semantic mapping and adding field aliases in an authorization service process, wherein the aliases are used as standard field names in authorization service.

In addition to processing the authorization requirement information, the feature information of the authorization requirement party can be processed so as to facilitate authorization verification of the data main party, and in the embodiment of the application, the method further comprises the following steps: obtaining characteristic information of an authorized requiring party; performing attribute grading treatment on the characteristic information to obtain attribute grading description information; and transmitting the attribute hierarchy description information to the data main party so that the data main party performs authorization verification on the authorization requirement information based on the attribute hierarchy description information.

In particular, even if the data body side knows the meaning of the field to be authorized, it is difficult to quickly establish deep understanding and extended association knowledge of the field, and authorization may be performed under the condition of insufficient knowledge, which may further lead to future disputes. To provide an understanding of the authorization requirement information by the data-hosting party, the description of the fields to be authorized in the authorization requirement information can be increased by classification hierarchy. The classification is described by multidimensional attributes of a person to be authorized (i.e., an authorized demander), such as dimensions of information such as biometric identification, specific identity, medical health, financial account, track and the like defined in personal information protection law. The classification refers to classifying the privacy degree of personal data, such as distinguishing between extremely sensitive, more sensitive, low sensitive and non-sensitive view angles, so that the authorized person can fully realize the sensitivity of the data to be authorized.

After the authorization requirement information processed and analyzed is sent to the data main party, the data main party can only authorize the requirement with authorization intention for the received requirement list containing each authorization requirement information. For the requirement of authorized intention, the individual (i.e. the data main body party is the individual) needs to check the rule requirement description and check whether the corresponding rule requirement is satisfied. For the scene that the demand party only pays for the data which is effectively authorized and meets the effective rule, the situation that the authorized person cannot obtain the benefit after authorization can be avoided and reduced. That is, the self-checking confirms that the individual does not meet the rule requirement of the requiring party, the authorization can be not performed, and the personal privacy data is protected without the authorization. When the data main body side performs authorization verification, the method can be realized by using a related authentication method, such as personal authentication by using the prior technologies of three elements, face recognition and the like, so that the authenticity and the effectiveness of the authorized personal main body are ensured, and the subsequent benefit feedback to the real authorized personal main body is ensured. On the premise of definitely knowing relevant information such as data sources to be authorized, field names, statistical caliber, types, purposes, sensitivity and the like, the personnel confirms the authorization. The authorizing principal may then generate and send authorization response information to the authorizing service.

S103, generating an authorization file based on the authorization response information;

s104, outputting the authorization file to the authorization requirement party so that the authorization requirement party obtains the requirement data based on the authorization file.

And after receiving the authorization response information sent by the data main body, the authorization server can generate an authorization file. And transmitting the authorization file to the authorization requirement party, wherein the authorization requirement party can apply the authorization file to generate a data call request, and the data call request is sent to a data provider to perform data response. That is, during the data circulation process, the authorized demander is taken as a main body, and the data is acquired by the actual demander of the terminal itself or the back, off-line or the internal system thereof. The link is independent of the authorization system and may not be completed in the authorization system. After the data is acquired by the demander, the data content and the data quality are confirmed, and whether the authorized main body really meets the rules required in advance is checked. And when the rule constraint is not established, directly entering a charging feedback link after the authorization file is acquired. And when the rule constraint exists, the authorized demand party judges whether to give benefit according to the data condition. And transmitting and feeding back the identification result to the authorization server, and feeding back the identification result to the authorization server and the data main body according to the original income.

Correspondingly, the embodiment of the application further comprises: and responding to the authorization requirement party to obtain the requirement data based on the authorization file, generating the benefit feedback information corresponding to the authorization requirement information, and sending the benefit feedback information to an authorization service party and a data main party.

The current authorization technology is based on the results of self service extension, and is used for authorizing the respective company and service field, and lacks a general authorization method and system for leaving the service scene. The application provides a highly independent personal data authorization method and a highly independent personal data authorization system, which are oriented to business requirements of all company main bodies and all fields in the market, and are used for stripping authorization flows from data flows, specializing and finely providing authorization services and more efficiently promoting data element circulation. Meanwhile, in order to improve the usability of the method, the semantic library is built to integrate the multiparty demands and multiparty supplies in the process, and the cognition of a data main body to authorized data is improved by data classification and sensitivity classification, so that the true authorization will expression of the data main body is ensured.

Current authorization techniques are based on designs made by the revenue distribution logic of both the supply and demand parties, and individuals who have ownership of the data cannot participate in the distribution of revenue. The application provides a data authorization method and a data authorization system for personal participation to benefit distribution, which enrich participation subjects of benefit flows, link the benefit flows with the authorization flows, and ensure real authorized individuals and corresponding benefits through strict authentication of the personal subjects. Meanwhile, in order to ensure that the authorized personal main body effectively takes benefits, a rule set is formed based on the actual demand of the acquirer, the authorized personal main body serving as the data main body performs self-checking before authorization, and the autonomous abandoning authorization of the acquirer condition is not met, so that the situation that no benefits exist after the authorization of an invalid client is reduced.

Referring to fig. 3, in an embodiment of the present application, there is further provided a data authorization apparatus, which may be applied to an authorized service party, and may include:

a verification unit 201, configured to perform a requirement verification on authorization requirement information in response to receiving the authorization requirement information of an authorization requirement party;

a sending unit 202, configured to send the authorization requirement information to a data body party if the requirement verification passes, so that the data body party performs authorization verification on the authorization requirement information, and generate authorization response information if the data body party passes the authorization verification on the authorization requirement information;

a generating unit 203, configured to generate an authorization file based on the authorization response information;

and an output unit 204, configured to output the authorization file to the authorized requester, so that the authorized requester obtains the requirement data based on the authorization file.

The embodiment of the application provides a data authorization device, which comprises: the verification unit responds to the received authorization requirement information of the authorization requirement party to perform requirement verification on the authorization requirement information; the transmitting unit transmits the authorization requirement information to the data main party if the requirement verification is passed, so that the data main party performs authorization verification on the authorization requirement information, and generates authorization response information if the data main party performs authorization verification on the authorization requirement; the generation unit generates an authorization file based on the authorization response information; the output unit outputs the authorization file to the authorization demander so that the authorization demander obtains the demand data based on the authorization file. The data authorization method can be executed by the authorization service side, and the authorization requirement information can be sent to the data main side for authorization verification, so that the data main side can participate in the whole authorization process, decoupling of the authorization flow and the data flow is realized, data circulation is promoted, and the data circulation efficiency is improved.

Optionally, the verification unit includes:

Optionally, the transmitting unit includes:

wherein the transmitting unit further includes:

Optionally, the apparatus further comprises:

Correspondingly, the embodiment of the application also provides a data authorization system, which comprises:

Specifically, the data provider is configured to provide a data list (for example, a field directory) for the authorization service, so as to ensure that the authorization content provided by the authorization service can facilitate the data transaction of the authorized demander.

Further, after the authorized demand party obtains the authorization, the realization of the data transaction can be freely docked by the demand party and the data provider, the data request and the response can be freely realized by both parties outside the authorization system, and then the result is recorded on the authorization system so as to realize the distribution of subsequent authorization benefits.

Details regarding the data authorization system may be found in the description of the corresponding embodiment of fig. 1 and 2 of the present application, and will not be described in detail here.

Based on the foregoing embodiments, embodiments of the present application provide a computer-readable storage medium storing one or more programs executable by one or more processors to implement the steps of the data authorization method of any of the above.

The embodiment of the application also provides electronic equipment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the steps of the data authorization method realized by the program.

The processor or CPU may be at least one of an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a digital signal processor (Digital Signal Processor, DSP), a digital signal processing device (Digital Signal Processing Device, DSPD), a programmable logic device (Programmable Logic Device, PLD), a field programmable gate array (Field Programmable Gate Array, FPGA), a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, and a microprocessor. It will be appreciated that the electronic device implementing the above-mentioned processor function may be other, and embodiments of the present application are not limited in detail.

The computer storage medium/Memory may be a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable programmable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable programmable Read Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), a magnetic random access Memory (Ferromagnetic Random Access Memory, FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical disk, or a compact disk Read Only Memory (Compact Disc Read-Only Memory, CD-ROM), or the like; but may also be various terminals such as mobile phones, computers, tablet devices, personal digital assistants, etc., that include one or any combination of the above-mentioned memories.

In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.

The units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing module, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units. Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk or an optical disk, or the like, which can store program codes.

In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A method of data authorization, the method comprising:

2. The method of claim 1, wherein said verifying the authorization requirement information in response to receiving the authorization requirement information of the authorized party comprises:

3. The method of claim 1, wherein the sending the authorization requirement information to the data-hosting party comprises:

4. A method according to claim 3, characterized in that the method further comprises:

obtaining characteristic information of the authorized demander;

5. The method according to claim 1, wherein the method further comprises:

6. A data authorization device, the device comprising:

7. The apparatus of claim 6, wherein the authentication unit comprises:

8. The apparatus of claim 6, wherein the transmitting unit comprises:

wherein the transmitting unit further includes:

9. The apparatus of claim 6, wherein the apparatus further comprises:

10. A data authorization system, comprising:

the authorization server for performing the data authorization method according to any one of claims 1 to 5;