WO2020062667A1 - Data asset management method, data asset management device and computer readable medium - Google Patents

Data asset management method, data asset management device and computer readable medium Download PDF

Info

Publication number
WO2020062667A1
WO2020062667A1 PCT/CN2018/123516 CN2018123516W WO2020062667A1 WO 2020062667 A1 WO2020062667 A1 WO 2020062667A1 CN 2018123516 W CN2018123516 W CN 2018123516W WO 2020062667 A1 WO2020062667 A1 WO 2020062667A1
Authority
WO
WIPO (PCT)
Prior art keywords
data asset
identity
user
encrypted
information
Prior art date
Application number
PCT/CN2018/123516
Other languages
French (fr)
Chinese (zh)
Inventor
褚秋实
左龙龙
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020062667A1 publication Critical patent/WO2020062667A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Definitions

  • the present application relates to the field of blockchain technology, and in particular, to a data asset management method, a data asset management device, and a computer-readable medium.
  • the embodiments of the present application provide a data asset management method, which can quickly collect private data assets scattered in various systems and enable users to effectively control and manage their own private data assets.
  • an embodiment of the present application provides a data asset management method.
  • the method includes:
  • the system node receives a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
  • the system node obtains first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, and the first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint. ;
  • the system node After the system node authenticates the first user using the first identity fingerprint and the first encrypted identity information, the system node uses the first public key to encrypt data corresponding to the first identity in the system node Information to obtain the first encrypted data asset;
  • the system node adds the first encrypted data asset to a data asset account of a first user in the alliance chain.
  • an embodiment of the present application further provides a data asset management method, which includes:
  • the first user node sends a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
  • the first user node adds the third encrypted data asset to a data asset account of the first user in the alliance chain.
  • an embodiment of the present application provides a data asset management device.
  • the data asset management device applied to a system node includes:
  • a first receiving unit configured to receive a data asset extraction request by a system node, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
  • the first obtaining unit is configured to obtain first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, where the first identity mapping information includes the first user address identifier, the first public key, and the first An identity fingerprint;
  • a first verification unit configured to use the first identity fingerprint and the first encrypted identity information to authenticate a first user
  • a first encryption unit configured to use the first public key to encrypt data information corresponding to the first identity in a system node after the verification unit passes the authentication to obtain a first encrypted data asset;
  • a first adding unit is configured to add the first encrypted data asset to a data asset account of a first user in the alliance chain.
  • an embodiment of the present application provides a data asset management apparatus.
  • the data asset management apparatus applied to the first user node includes:
  • a second sending unit configured to send a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier
  • a second receiving unit is configured to receive a third encrypted data asset, where the third encrypted data asset is obtained after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information. Using the public key corresponding to the first user address identifier to encrypt the encrypted data asset generated by the first user's data information in the system;
  • a second adding unit is configured to add the third encrypted data asset to a data asset account of the first user in the alliance chain.
  • an embodiment of the present application provides a data asset management apparatus, including a processor, a memory, and a communication module, wherein the memory is used to store program code, and the processor is used to call the program code to execute the first Aspect and the method of the second aspect and the method of any of its alternatives.
  • an embodiment of the present application provides a computer-readable storage medium.
  • the computer storage medium stores a computer program, where the computer program includes program instructions, and the program instructions cause the processing when executed by a processor.
  • the processor performs the method of the first aspect and the second aspect.
  • the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain. Therefore, the public key and identity fingerprint recorded in the ledger of the alliance chain can be used for identity verification.
  • the above identity fingerprint is generated by the user's real identity information through a one-way encryption algorithm, in the alliance chain, when there is no information disclosed to other nodes, there is a good privacy between nodes. .
  • users in the alliance chain can extract private data from various systems in the alliance chain into personal data asset accounts, and can authorize the use of their own data assets according to the authorization conditions. Therefore, according to the embodiments of the present application, the private data scattered in various systems can be effectively collected, and the private data assets can be effectively managed effectively.
  • FIG. 1 is a schematic flowchart of a data asset management method according to an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a data asset management method according to an embodiment of the present application.
  • FIG. 3 is a functional unit composition diagram of a data asset management device according to an embodiment of the present application.
  • FIG. 4 is a functional unit composition diagram of another data asset management device according to an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a data asset management device according to an embodiment of the present application.
  • FIG. 1 is a schematic flowchart of a data asset management method according to an embodiment of the present application. As shown in the figure, the method may include:
  • a system node in the alliance chain receives a data asset extraction request.
  • the data asset extraction request includes first encrypted identity information and a first user address identifier.
  • the first encrypted identity information is information obtained by encrypting the first identity information using a public key of the system node, and the identity information is identity information of a user corresponding to initiating the data asset extraction request.
  • the first user address identifier is a user address identifier of a user corresponding to the data asset extraction request.
  • the above-mentioned alliance chain may be created by a master account operation node, and then various systems (application systems, APPs, websites, etc.) in the real Internet world are invited to access as nodes.
  • each node (including the system and the user) in the alliance chain After the key creation of the alliance chain is successful, each node (including the system and the user) in the alliance chain generates its own private and public keys and the corresponding address identifier through the alliance chain, and verifies the alliance chain through the verification node in the alliance chain.
  • Each other node (system or user) in the network performs identity verification, and then records the public key, address identification, and identity fingerprint of each node in the alliance chain to the alliance chain's ledger. After the consensus mechanism, the block ledger Access to the alliance chain.
  • the above-mentioned identity fingerprint is generated by the identity identification (for example, information such as the user's name, ID card number, or the name of an enterprise, an organization, or an organization code) after being encrypted by a one-way encryption algorithm.
  • the identity identification for example, information such as the user's name, ID card number, or the name of an enterprise, an organization, or an organization code
  • the real identity information of the user who holds the private key corresponding to the above identity fingerprint and public key For example, the real identity is hashed to obtain a hash value, and the hash value is used as the identity fingerprint.
  • the verification node is not limited.
  • the verification node may be the main account operation node or a third-party trust organization.
  • the third-party information organization may be a public security system for user identification
  • the enterprise or unit may be a business management system. .
  • the one-way encryption algorithm is an algorithm that can only encrypt data to obtain encrypted data, but cannot have encrypted data to obtain data. That is, a one-way encryption algorithm can be used to encrypt the identity to obtain the identity fingerprint, but there is no corresponding decryption algorithm to decrypt the identity fingerprint to obtain the identity.
  • the above one-way encryption algorithm may include Message-Digest Algorithm (MD), Algorithm and Secure Hash Algorithm 1 (SHA-1), Hash Message Authentication Code (HMAC) Wait.
  • MD Message-Digest Algorithm
  • SHA-1 Secure Hash Algorithm 1
  • HMAC Hash Message Authentication Code
  • the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain. Therefore, the public key and identity fingerprint recorded in the ledger of the alliance chain can be used for identity verification. (Between users, between users and systems, between systems and systems); In addition, because the identity fingerprint is generated by the user ’s real identity information through a one-way encryption algorithm, in the alliance chain, there is no When publishing their information to other nodes, there is good privacy between nodes.
  • the first user may be registered in one or more systems of the alliance chain, so the digital assets of the user (including the user's personal information, and the user is using These systems generate various personal data).
  • the first user wants to extract his own digital assets in each system of the alliance chain into his own data asset account in the alliance chain, so that he can effectively grasp his own digital assets.
  • the above-mentioned first user may initiate a personal data asset extraction request to the first system in the alliance chain through his own user terminal. After receiving the request for extracting the personal data assets, the first system verifies the personal data assets. After the verification is passed, the data assets of the first user in the first system are encrypted with the public key of the first user, and then added to the system. To the digital asset account of the first user.
  • the system node obtains first identity mapping information corresponding to the first user address identifier from the alliance chain.
  • the first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint.
  • the system node after the system node receives the data asset extraction request, the system node obtains the first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, so that the system node uses the first The first public key and the first identity information included in the identity mapping information authenticate the first user who initiated the data asset extraction request.
  • the first identity fingerprint mentioned above is a one-way encryption algorithm for the identity provided by the first user (for example, the user's name and ID number) after the verification node in the alliance chain verifies the identity information of the first user. Generated after encryption. For example, the real identity information is hashed to obtain a hash value, and the hash value is used as the identity fingerprint.
  • the system node After the system node authenticates the first user by using the first identity fingerprint and the first encrypted identity information, the first public key is used to encrypt the data information corresponding to the first identity in the system node to obtain First encrypted data asset.
  • the system node after the system node obtains the first identity mapping information from the alliance chain, the system node performs identity verification on the first user according to the first identity fingerprint and the first encrypted identity information. . After the identity verification of the first user is passed, the system node uses the first public key to encrypt data information corresponding to the first identity in the system node to obtain a first encrypted data asset.
  • the system node uses the private key of the system node to decrypt the first encrypted identity information in order to obtain a first identity identifier.
  • the system node then encrypts the first identity using the first one-way encryption algorithm to obtain a second identity fingerprint.
  • the system node determines whether the first identity fingerprint and the second identity fingerprint are equal. If the first identity fingerprint and the second identity fingerprint are equal, the identity verification of the first user is passed.
  • the system node obtains data information related to the first identity from a database of the system node according to the first identity information, and uses the first public key to encrypt the data information to obtain the first encrypted data. assets.
  • the system node adds the above-mentioned first encrypted data asset to the data asset account of the first user in the alliance chain.
  • the system node after the system node obtains the first encrypted data asset, the system node adds the first encrypted data asset to a data asset account of the first user locally; and the first encryption Data assets are broadcast across the network in the alliance chain, in order to trigger the first smart contract to cause other nodes in the alliance chain to add the first encrypted data asset to the user's data asset account.
  • the above system node may also initiate a data asset use request to a user in the alliance chain in order to obtain the data asset that the system node wants to obtain.
  • the system node sends a data asset use request to a user node in the alliance chain, and the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node.
  • the second encrypted identity information is information obtained by the system node using the first public key to encrypt its own identity (that is, the identity of the requester).
  • the user node When the user node receives the data asset use request, it obtains the identity mapping information corresponding to the system node from the alliance chain according to the address identifier of the system node included in the data asset use request, and then the user node uses its own private information. Key to decrypt the second encrypted identity information to obtain a second identity, and use the first one-way encryption algorithm to encrypt the second identity to obtain a second identity fingerprint, and then use the address identifier of the system node to obtain the second identity fingerprint To obtain the corresponding third identity mapping information, and compare the second identity fingerprint with the third identity fingerprint in the third identity mapping information. If they are equal or match, it means that the second identity is indeed the address identifier of the system. Corresponding identity.
  • the user judges whether to authorize the system corresponding to the data asset extraction request according to the second identity. If yes, the data assets in the user ’s data asset account or the corresponding data assets in the data asset list are encrypted according to the data asset list. Because the data assets in the user ’s data asset account are encrypted, the data assets are obtained. After listing the corresponding data assets, the user's private key is first used to decrypt them to obtain the confidential data assets, and then the public keys of the system nodes are used to encrypt the decrypted data assets to obtain the second encrypted data assets. Then, the user node receives the authorization condition input by the user through the input device.
  • the user node generates data asset authorization information, and the feedback information includes the authorization conditions and the second encrypted data asset, and broadcasts the data asset authorization information on the entire network, that is, sends the data asset authorization information to the system node.
  • the above authorization conditions include at least one of an authorization period, the number of authorizations, and an authorization range.
  • the system node After the system node receives the data asset authorization information, the system node automatically triggers a second smart contract to provide the system node with the encrypted data asset information according to the authorization conditions. Finally, the system node uses the private key of the system node to decrypt the second encrypted data asset to obtain a data asset corresponding to the data asset list.
  • the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain, so the public key and identity fingerprint recorded in the ledger of the alliance chain can be obtained through the above.
  • the identity fingerprint is generated by the user ’s real identity information through a one-way encryption algorithm, in the alliance chain, when no information is disclosed to other nodes, there is a very strong relationship between nodes. Good privacy.
  • users in the alliance chain can extract private data from various systems in the alliance chain into personal data asset accounts, and can authorize the use of their own data assets according to the authorization conditions. Therefore, according to the embodiments of the present application, the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
  • FIG. 2 a schematic flowchart of another data asset management method is also provided in an embodiment of the present application. As shown in the figure, the method may include:
  • the first user node sends a data asset extraction request.
  • the data asset extraction request includes first encrypted identity information and a first user address identifier.
  • the first encrypted identity information is information obtained by encrypting the first identity information using a public key of the system node, and the identity information is identity information of a user corresponding to initiating the data asset extraction request.
  • the first user address identifier is a user address identifier of a user corresponding to the data asset extraction request.
  • the above-mentioned alliance chain may be created by a master account operation node, and then various systems (application systems, APPs, websites, etc.) in the real Internet world are invited to access as nodes.
  • each node (including the system and the user) in the alliance chain After the key creation of the alliance chain is successful, each node (including the system and the user) in the alliance chain generates its own private and public keys and the corresponding address identifier through the alliance chain, and verifies the alliance chain through the verification node in the alliance chain.
  • Each other node (system or user) in the network performs identity verification, and then records the public key, address identification, and identity fingerprint of each node in the alliance chain to the alliance chain's ledger. After the consensus mechanism, the block ledger Access to the alliance chain.
  • the above-mentioned identity fingerprint is generated by the identity identification (for example, information such as the user's name, ID card number, or the name of an enterprise, an organization, or an organization code) after being encrypted by a one-way encryption algorithm.
  • the identity identification for example, information such as the user's name, ID card number, or the name of an enterprise, an organization, or an organization code
  • the real identity information of the user who holds the private key corresponding to the above identity fingerprint and public key For example, the real identity is hashed to obtain a hash value, and the hash value is used as the identity fingerprint.
  • the verification node is not limited.
  • the verification node may be the main account operation node or a third-party trust organization.
  • the third-party information organization may be a public security system for user identification
  • the enterprise or unit may be a business management system. .
  • the one-way encryption algorithm is an algorithm that can only encrypt data to obtain encrypted data, but cannot have encrypted data to obtain data. That is, a one-way encryption algorithm can be used to encrypt the identity to obtain the identity fingerprint, but there is no corresponding decryption algorithm to decrypt the identity fingerprint to obtain the identity.
  • the above one-way encryption algorithm may include Message-Digest Algorithm (MD), Algorithm and Secure Hash Algorithm 1 (SHA-1), Hash Message Authentication Code (HMAC) Wait.
  • MD Message-Digest Algorithm
  • SHA-1 Secure Hash Algorithm 1
  • HMAC Hash Message Authentication Code
  • the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain. Therefore, the public key and identity fingerprint recorded in the ledger of the alliance chain can be used for identity verification. (Between users, between users and systems, between systems and systems); In addition, because the above-mentioned identity fingerprint is generated by the user's real identity information through a one-way encryption algorithm, in the alliance chain, there is no When publishing their information to other nodes, there is good privacy between nodes.
  • the first user may be registered in one or more systems of the alliance chain, so the digital assets of the user (including the user's personal information, and the user is using These systems generate various personal data).
  • the first user wants to extract his own digital assets in each system of the alliance chain into his own data asset account in the alliance chain, so that he can effectively grasp his own digital assets.
  • the above-mentioned first user may initiate a personal data asset extraction request to the first system in the alliance chain through his own user terminal. After receiving the request for extracting the personal data assets, the first system verifies the personal data assets. After the verification is passed, the data assets of the first user in the first system are encrypted with the public key of the first user, and then added to the system. To the digital asset account of the first user.
  • the first individual user wants to extract his own digital assets in each system of the alliance chain to his personal account in the alliance chain, so that he can effectively grasp his own digital assets
  • the first system can include one or more systems; the personal data asset extraction request includes the first personal user's The public key and the first identity verification information, the first identity verification information is generated by encrypting the personal identity information of the user by the public key of the first system, wherein the personal identity information is the same as the identity information generating the user identity fingerprint.
  • the personal data asset extraction request is broadcasted on the entire network, so that other nodes in the alliance chain receive the personal data asset extraction request.
  • the first user node receives a third encrypted data asset.
  • the third encrypted data asset is obtained after the identity verification of the first user node according to the first user address identifier and the first encrypted identity information is passed.
  • a public key corresponding to a user address identifier encrypts the encrypted data asset generated by the data information of the first user in the system.
  • the first system after the first system receives the personal data asset extraction request, it obtains the corresponding identity fingerprint from the alliance chain according to the public key in the personal data asset extraction request, and then uses the first The system's private key decrypts the first identity verification information in the personal data asset extraction request to obtain the personal identity information of the first user, then generates the identity fingerprint of the first user according to the obtained personal identity information of the first user, and finally A user's identity fingerprint is compared with the identity fingerprint obtained from the alliance chain according to the public key in the above-mentioned personal data asset extraction request.
  • the personal identity information of a user extracts the data assets of the first user from the database in the first system, and encrypts the data assets of the first user with the public key of the first user to obtain the third encrypted data asset, and Three encrypted data assets broadcast across the network, that is, the third encrypted data asset is sent to the first use Node.
  • the first user node adds the third encrypted data asset to the data asset account of the first user in the alliance chain.
  • the first user node after the first user node receives the third encrypted data asset data, the first user node adds the third encrypted data asset to the data asset account of the first user in the alliance chain. .
  • the first user node receives a data asset use request, wherein the data asset use
  • the request includes a list of data assets, second encrypted identity information, and a third address identifier.
  • the second encrypted identity information is information obtained by using the first public key to encrypt the identity of the requester (that is, the identity of the requester) that initiated the data asset use;
  • the third address identifier is the address identifier of the requester.
  • the first user node obtains third identity mapping information corresponding to the third address identifier from the alliance chain ledger, and the third identity mapping information includes a third address identifier, a third public key, and a third identity fingerprint. Then, the first user node uses the third identity fingerprint and the second encrypted identity information to verify the identity of the requester. After the verification is passed, the first user node uses the third public key to encrypt a data asset corresponding to the data asset list to obtain a third encrypted data asset. Then, the first user node receives an authorization condition input by the first user through an input device, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range. Finally, the first user node generates feedback information according to the feedback information including the authorization conditions and the third encrypted data asset, and broadcasts the feedback information throughout the network.
  • the first user node uses the third identity fingerprint and the second encrypted identity information to verify the identity of the requester. Specifically, the first user node uses the private key of the first user node to decrypt the second encrypted identity information to obtain a second identity, and then the first user node uses a one-way encryption algorithm to encrypt the second identity to obtain a second identity. The fingerprint is compared with the second identity fingerprint and the third identity fingerprint. If the two identity fingerprints match, the verification is passed.
  • the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
  • FIG. 3 is a block diagram of a possible functional unit of a data asset management apparatus 300 provided by an embodiment of the present application.
  • the data asset management apparatus includes a first receiving unit 310, a first obtaining unit 320, The first verification unit 330, the first encryption unit 340, and the first adding unit 350.
  • a first receiving unit 310 configured to receive a data asset extraction request by a system node, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
  • the first obtaining unit 320 is configured to obtain first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, where the first identity mapping information includes a first user address identifier, a first public key, and First identity fingerprint
  • a first obtaining unit 320 configured to use the first identity fingerprint and the first encrypted identity information to authenticate a first user
  • a first encryption unit 340 configured to use the first public key to encrypt data information corresponding to the first identity in a system node after the verification unit passes the verification to obtain a first encrypted data asset;
  • a first adding unit 350 is configured to add the first encrypted data asset to a data asset account of a first user in the alliance chain.
  • the first identity mapping information is that the verification node in the alliance chain uses the first one-way encryption algorithm to encrypt the first identity of the first user to generate the first identity fingerprint, and then according to the first user, The mapping relationship information generated by the address identifier, the first public key, and the first identity fingerprint.
  • the verification unit includes:
  • the first decryption unit uses the private key of the system node to decrypt the first encrypted identity information to obtain a first identity identifier
  • a second encryption unit further configured to encrypt the first identity using the first one-way encryption algorithm to obtain a second identity fingerprint
  • the first determining unit is configured to determine whether the first identity fingerprint is equal to the second identity fingerprint, and if they are equal, the verification is passed.
  • the first adding unit 350 is configured to add the first encrypted data asset to a data asset account of the first user locally; and perform the first encrypted data asset in an alliance chain.
  • the whole network broadcasts in order to trigger the first smart contract to cause other nodes in the alliance chain to add the first encrypted data asset to the user's data asset account.
  • the data asset management device further includes:
  • a first sending unit configured to send a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node;
  • the first receiving unit 310 is configured to receive data asset authorization information, where the authorization information is obtained by using the system node ’s address identifier and the second encrypted identity information to authenticate the system node, and using the A second encrypted data asset generated by encrypting a data asset corresponding to the data asset list with a system public key corresponding to an address identifier of the system node, and information generated according to the second encrypted data asset and authorization conditions;
  • a first providing unit that triggers a second smart contract and provides the second encrypted data asset information to the system node according to the authorization condition, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
  • a first decryption unit is configured to decrypt the second encrypted data asset using the private key of the system node to obtain a data asset corresponding to the data asset list.
  • the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain, so the public key and identity fingerprint recorded in the ledger of the alliance chain can be obtained through the above.
  • the identity fingerprint is generated by the user ’s real identity information through a one-way encryption algorithm, in the alliance chain, when no information is disclosed to other nodes, there is a very strong relationship between nodes. Good privacy.
  • users in the alliance chain can extract private data from various systems in the alliance chain into personal data asset accounts, and can authorize the use of their own data assets according to the authorization conditions. Therefore, according to the embodiments of the present application, the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
  • FIG. 4 is a block diagram of a possible functional unit of a data asset management apparatus 400 provided by an embodiment of the present application.
  • the data asset management apparatus includes a second sending unit 410, a second receiving unit 420, and The second adding unit 430.
  • a second sending unit 410 configured to send a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
  • the second receiving unit 420 is configured to receive a third encrypted data asset, where the third encrypted data asset passes the identity verification of the first user node according to the first user address identifier and the first encrypted identity information. And then encrypting the encrypted data asset generated by the data information of the first user in the system with a public key corresponding to the first user address identifier;
  • a second adding unit 430 is configured to add the third encrypted data asset to a data asset account of the first user in the alliance chain.
  • the second receiving unit 420 is configured to receive a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and a third address identifier;
  • the data asset management device further includes:
  • a second obtaining unit obtaining third identity mapping information corresponding to the third address identifier from the alliance chain ledger, where the third identity mapping information includes a third address identifier, a third public key, and a third identity fingerprint;
  • a second verification unit configured to use the third public key to encrypt data corresponding to the data asset list after the identity verification of the requester is passed using the third identity fingerprint and the second encrypted identity information
  • the asset gets a third encrypted data asset
  • the second receiving unit is configured to receive an authorization condition input by an input device, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
  • a second generating unit is configured to generate feedback information, where the feedback information includes the authorization condition and the third encrypted data asset, and broadcast the feedback information throughout the network.
  • the second verification unit includes:
  • a second decryption unit configured to decrypt the second encrypted identity information by using the private key of the first user node to obtain a second identity identifier
  • a third encryption unit configured to encrypt the second identity using a first one-way encryption algorithm to obtain a second identity fingerprint
  • the comparing unit is configured to compare the second identity fingerprint and the third identity fingerprint. If the two identity fingerprints match, the identity verification of the requester is passed.
  • the third identity mapping information is that the verification node in the alliance chain uses the first one-way encryption algorithm to encrypt the third identity of the requester to generate the third identity fingerprint, and then the third identity fingerprint is generated according to the third identity fingerprint.
  • the mapping relationship information generated by the address identifier, the third public key, and the third identity fingerprint.
  • the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
  • FIG. 5 is a schematic structural diagram of a data asset management apparatus 500 according to an embodiment of the present application.
  • the apparatus 500 includes a processor, a memory, a communication interface, and one or more programs.
  • the one or more programs are different from the one or more application programs, and the one or more programs are stored in the memory and configured to be executed by the processor.
  • the above program includes instructions for performing the following steps: receiving a data asset extraction request, the data asset extraction request including first encrypted identity information and a first user address identifier; and obtaining from the alliance chain ledger
  • the first identity mapping information corresponding to the first user address identifier, and the first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint; using the first identity fingerprint and the first encryption
  • the first public key is used to encrypt the data information corresponding to the first identity in the system node to obtain a first encrypted data asset; adding the first encrypted data asset to the alliance The data asset account of the first user in the chain.
  • the above program includes instructions for performing the following steps: sending a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier; and receiving a third encrypted data asset
  • the third encrypted data asset is encrypted in the system by using a public key corresponding to the first user address identifier after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information.
  • the encrypted data asset generated by the data information of the first user; adding the third encrypted data asset to the data asset account of the first user in the alliance chain.
  • the processor may be a central processing unit (CPU), and the processor may also be another general-purpose processor, a digital signal processor (DSP), Application-specific integrated circuits (Application Specific Integrated Circuits, ASICs), ready-made programmable gate arrays (Field-Programmable Gate Arrays, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • DSP digital signal processor
  • ASICs Application Specific Integrated Circuits
  • FPGAs ready-made programmable gate arrays
  • a general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • a computer-readable storage medium stores a computer program.
  • the computer program When the computer program is executed by a processor, the computer program is implemented to receive a data asset extraction request and the data asset extraction request.
  • the first encrypted identity information and the first user address identifier are included; the first identity mapping information corresponding to the first user address identifier is obtained from the alliance chain ledger, and the first identity mapping information includes the first user address identifier, the first The public key and the first identity fingerprint; after the first user is authenticated using the first identity fingerprint and the first encrypted identity information, the first public key encryption system node is used to correspond to the first identity identifier
  • To obtain the first encrypted data asset add the above-mentioned first encrypted data asset to the data asset account of the first user in the alliance chain.
  • the data asset extraction request is sent, and the data asset extraction request includes first encrypted identity information and a first user address identifier; a third encrypted data asset is received, and the third encrypted data asset is After the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information, the public key corresponding to the first user address identifier is used to encrypt data information generated by the first user in the system.
  • the encrypted data asset of the above; the third encrypted data asset is added to the data asset account of the first user in the alliance chain.
  • the computer-readable storage medium may be an internal storage unit of the terminal described in any one of the foregoing embodiments, such as a hard disk or a memory of the terminal.
  • the computer-readable storage medium may also be an external storage device of the terminal, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, and a flash memory card provided on the terminal. (Flash Card), etc.
  • the computer-readable storage medium may further include both an internal storage unit of the terminal and an external storage device.
  • the computer-readable storage medium is used to store the computer program and other programs and data required by the terminal.
  • the computer-readable storage medium described above may also be used to temporarily store data that has been or will be output.
  • the disclosed systems, servers, and methods may be implemented in other ways.
  • the device embodiments described above are merely schematic.
  • the division of the above units is only a logical function division.
  • multiple units or components may be combined or may be combined. Integration into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
  • the units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, which may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions in the embodiments of the present application.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit.
  • the above integrated unit may be implemented in the form of hardware or in the form of software functional unit.
  • the technical solution of this application is essentially a part that contributes to the existing technology, or all or part of the technical solution may be embodied in the form of a software product, which is stored in a storage medium
  • a computer device which may be a personal computer, a server, or a network device, etc.
  • the foregoing storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a data asset management method, a data asset management device and a computer readable medium. The method comprises: a system node receiving a request for data asset extraction; acquiring from a consortium chain ledger first identity mapping information corresponding to a first user address identifier, the first identity mapping information including the first user address identifier, a first public key, and a first identity fingerprint; after using the first identity fingerprint and first encrypted identity information to authenticate a first user, using data information corresponding to a first identity identifier in a first public key encryption system node to obtain a first encrypted data asset; adding the first encrypted data asset to a data asset account of the first user in the consortium chain. The method can effectively collect private data scattered in various systems, and can also effectively manage private data assets.

Description

数据资产管理方法、数据资产管理装置及计算机可读介质Data asset management method, data asset management device and computer-readable medium
本申请要求于2018年9月29日提交中国专利局、申请号为2018111530809、申请名称为“数据资产管理方法、数据资产管理装置及计算机可读介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed on September 29, 2018 with the Chinese Patent Office, application number 2018111530809, and application name "Data Asset Management Method, Data Asset Management Device, and Computer-readable Media", its entire content Incorporated by reference in this application.
技术领域Technical field
本申请涉及区块链技术领域,尤其涉及一种数据资产管理方法、数据资产管理装置及计算机可读介质。The present application relates to the field of blockchain technology, and in particular, to a data asset management method, a data asset management device, and a computer-readable medium.
背景技术Background technique
随着互联网应用的日益普及,提供各种服务的应用***或平台数以千计。这些应用***或平台形式多种多样,有门户网站、社区、论坛、博客、网游、资源下载(分享)、音视频、电子商务(网络购物、网店)、网络招聘、即时通信等。然而想要使用这些应用***或平台则需要在相应的应用***或平台进行注册,注册后才能提供相应的服务。另外,这些应用***或平台时在给用户提供服务的同时会记录用户的活动数据以及一些用户的个人隐私信息等,产生的这些活动数据或个人隐私信息都属于用户的个人数据资产。With the increasing popularity of Internet applications, there are thousands of application systems or platforms that provide various services. These application systems or platforms come in a variety of forms, including portal sites, communities, forums, blogs, online games, resource downloads (shares), audio and video, e-commerce (online shopping, online stores), online recruitment, and instant messaging. However, if you want to use these application systems or platforms, you need to register with the corresponding application systems or platforms, and then you can provide the corresponding services. In addition, when these application systems or platforms provide services to users, they will record the user's activity data and some users' personal privacy information, etc. These activity data or personal privacy information generated belong to the user's personal data assets.
然而,由于这些应用***或平台之间是相互独立的,相互之间的资源不能共享或交互,导致用于的这些数据资产成为孤岛信息,用户只能在各个应用***或平台内部对这些数据资产信息进行管理或作相应的操作,而不能对在各个应用***或平台中的个人数据资产信息进行统一的管理或使用,无法切实对自己的数据资的权属、利益分配、隐私保护进行有效的处理。However, because these application systems or platforms are independent of each other, resources cannot be shared or interacted with each other, resulting in the use of these data assets as island information. Users can only use these data assets within each application system or platform. Information management or corresponding operations, but cannot manage or use the personal data asset information in each application system or platform in a unified manner, and cannot effectively carry out effective ownership, benefit distribution, and privacy protection of its own data assets deal with.
发明内容Summary of the Invention
本申请实施例提供一种数据资产管理方法,可快速的搜集散落在各个***中的私人数据资产以及使用户有效的掌握和管理自己的私人数据资产。The embodiments of the present application provide a data asset management method, which can quickly collect private data assets scattered in various systems and enable users to effectively control and manage their own private data assets.
第一方面,本申请实施例提供了一种数据资产管理方法,该方法包括:In a first aspect, an embodiment of the present application provides a data asset management method. The method includes:
***节点接收数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;The system node receives a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
所述***节点从联盟链账本中获取与所述第一用户地址标识对应的第一身份映射信息,所述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹;The system node obtains first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, and the first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint. ;
所述***节点使用所述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证通过后,使用所述第一公钥加密***节点中与所述第一身份标识 对应的数据信息,得到第一加密数据资产;After the system node authenticates the first user using the first identity fingerprint and the first encrypted identity information, the system node uses the first public key to encrypt data corresponding to the first identity in the system node Information to obtain the first encrypted data asset;
所述***节点将所述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。The system node adds the first encrypted data asset to a data asset account of a first user in the alliance chain.
第二方面,本申请实施例还提供了一种数据资产管理方法,该方法包括:In a second aspect, an embodiment of the present application further provides a data asset management method, which includes:
第一用户节点发送数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;The first user node sends a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
所述第一用户节点接收第三加密数据资产,所述第三加密数据资产为根据所述第一用户地址标识和所述第一加密身份信息对所述第一用户节点的身份验证通过后,使用与所述第一用户地址标识对应的公钥加密所述***中所述第一用户的数据信息生成的加密数据资产;Receiving, by the first user node, a third encrypted data asset, where the third encrypted data asset is obtained after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information, Encrypting an encrypted data asset generated by data information of the first user in the system with a public key corresponding to the first user address identifier;
所述第一用户节点将所述第三加密数据资产添加到联盟链中所述第一用户的数据资产账户中。The first user node adds the third encrypted data asset to a data asset account of the first user in the alliance chain.
第三方面,本申请实施例提供了一种数据资产管理装置,该数据资产管理装置应用于***节点包括:In a third aspect, an embodiment of the present application provides a data asset management device. The data asset management device applied to a system node includes:
第一接收单元,用于***节点接收数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;A first receiving unit, configured to receive a data asset extraction request by a system node, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
第一获取单元,用于从联盟链账本中获取与所述第一用户地址标识对应的第一身份映射信息,所述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹;The first obtaining unit is configured to obtain first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, where the first identity mapping information includes the first user address identifier, the first public key, and the first An identity fingerprint;
第一验证单元,用于使用所述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证;A first verification unit, configured to use the first identity fingerprint and the first encrypted identity information to authenticate a first user;
第一加密单元,用于在所述验证单元验证通过后使用所述第一公钥加密***节点中与所述第一身份标识对应的数据信息,得到第一加密数据资产;A first encryption unit, configured to use the first public key to encrypt data information corresponding to the first identity in a system node after the verification unit passes the authentication to obtain a first encrypted data asset;
第一添加单元,用于将所述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。A first adding unit is configured to add the first encrypted data asset to a data asset account of a first user in the alliance chain.
第四方面,本申请实施例提供了一种数据资产管理装置,该数据资产管理装置应用于所述第一用户节点包括:In a fourth aspect, an embodiment of the present application provides a data asset management apparatus. The data asset management apparatus applied to the first user node includes:
第二发送单元,用于发送数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;A second sending unit, configured to send a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
第二接收单元,用于接收第三加密数据资产,所述第三加密数据资产为根据所述第一用户地址标识和所述第一加密身份信息对所述第一用户节点的身份验证通过后,使用与所述第一用户地址标识对应的公钥加密所述***中所述第一用户的数据信息生成的加密数据资产;A second receiving unit is configured to receive a third encrypted data asset, where the third encrypted data asset is obtained after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information. Using the public key corresponding to the first user address identifier to encrypt the encrypted data asset generated by the first user's data information in the system;
第二添加单元,用于将所述第三加密数据资产添加到联盟链中所述第一用 户的数据资产账户中。A second adding unit is configured to add the third encrypted data asset to a data asset account of the first user in the alliance chain.
第五方面,本申请实施例提供了数据资产管理装置,包括处理器、存储器和通信模块,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码来执行上述第一方面和第二方面中的方法及其任一种可选方式的方法。In a fifth aspect, an embodiment of the present application provides a data asset management apparatus, including a processor, a memory, and a communication module, wherein the memory is used to store program code, and the processor is used to call the program code to execute the first Aspect and the method of the second aspect and the method of any of its alternatives.
第六方面,本申请实施例提供了一种计算机可读存储介质,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行上述第一方面的方法和第二方面。According to a sixth aspect, an embodiment of the present application provides a computer-readable storage medium. The computer storage medium stores a computer program, where the computer program includes program instructions, and the program instructions cause the processing when executed by a processor. The processor performs the method of the first aspect and the second aspect.
在本申请实施例中,联盟链中的各个节点的公钥、地址标识以及身份指纹记录在联盟链的账本中,因此可以通过上述记录在联盟链账本中的公钥和身份指纹来进行身份验证;另外由于且上述身份指纹是由用户的真实身份信息进过单向加密算法生成的,所以在联盟链中,在没有对其他节点公布自己信息时,节点与节点之间具有很好的隐私性。此外,联盟链中的用户通过将联盟链中各个***中的私人数据提取到个人的数据资产账户中,并可以按照授权条件对自己的数据资产进行授权使用。因此,通过本申请实施例,可以有效的将散落在各个***中的私人数据进行收集,还可以有效对对自己的私人数据资产进行有效的管理。In the embodiment of the present application, the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain. Therefore, the public key and identity fingerprint recorded in the ledger of the alliance chain can be used for identity verification. In addition, because the above identity fingerprint is generated by the user's real identity information through a one-way encryption algorithm, in the alliance chain, when there is no information disclosed to other nodes, there is a good privacy between nodes. . In addition, users in the alliance chain can extract private data from various systems in the alliance chain into personal data asset accounts, and can authorize the use of their own data assets according to the authorization conditions. Therefore, according to the embodiments of the present application, the private data scattered in various systems can be effectively collected, and the private data assets can be effectively managed effectively.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是本申请实施例提供一种数据资产管理方法的示意流程图;FIG. 1 is a schematic flowchart of a data asset management method according to an embodiment of the present application;
图2是本申请实施例还提供了一种数据资产管理方法的示意流程图;2 is a schematic flowchart of a data asset management method according to an embodiment of the present application;
图3是本申请实施例提供的一种数据资产管理装置的功能单元组成图;FIG. 3 is a functional unit composition diagram of a data asset management device according to an embodiment of the present application; FIG.
图4是本申请实施例提供的另一种数据资产管理装置的功能单元组成图;4 is a functional unit composition diagram of another data asset management device according to an embodiment of the present application;
图5是本申请实施例提供的一种数据资产管理装置的结构示意图。FIG. 5 is a schematic structural diagram of a data asset management device according to an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。In the following, the technical solutions in the embodiments of the present application will be clearly and completely described with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Reference to "an embodiment" herein means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of this phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are they independent or alternative embodiments that are mutually exclusive with other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.
为了能够更好地理解本申请实施例,下面将对应用本申请实施例的方法进 行介绍。In order to better understand the embodiments of the present application, the method for applying the embodiments of the present application will be described below.
参见图1,是本申请实施例提供一种数据资产管理方法的示意流程图,如图所示该方法可包括:1 is a schematic flowchart of a data asset management method according to an embodiment of the present application. As shown in the figure, the method may include:
101:联盟链中的***节点接收数据资产提取请求,上述数据资产提取请求中包括第一加密身份信息、第一用户地址标识。101: A system node in the alliance chain receives a data asset extraction request. The data asset extraction request includes first encrypted identity information and a first user address identifier.
其中,上述第一加密身份信息为使用上述***节点的公钥对第一身份标识信息经过加密得到的信息,上述身份标识信息为发起上述数据资产提取请求对应的用户的身份标识信息。上述第一用户地址标识为发起上述数据资产提取请求对应用户的用户地址标识。The first encrypted identity information is information obtained by encrypting the first identity information using a public key of the system node, and the identity information is identity information of a user corresponding to initiating the data asset extraction request. The first user address identifier is a user address identifier of a user corresponding to the data asset extraction request.
在本申请实施例中,上述联盟链可以由主账户运营节点来创建,然后邀请现实互联网世界的各个***(应用***、APP、网站等)作为节点接入。当上述联盟链创键成功之后,联盟链中的各个节点(包括***以及用户)通过上述联盟链生成自己的私钥和公钥以及对应的地址标识,并通过联盟链中的验证节点对联盟链中的其他各个节点(***或用户)进行身份验证,然后将联盟链中的各个节点的公钥、地址标识、以及身份指纹记录到联盟链的账本中,经过共识机制后,将该区块账本接入到联盟链链中。In the embodiment of the present application, the above-mentioned alliance chain may be created by a master account operation node, and then various systems (application systems, APPs, websites, etc.) in the real Internet world are invited to access as nodes. After the key creation of the alliance chain is successful, each node (including the system and the user) in the alliance chain generates its own private and public keys and the corresponding address identifier through the alliance chain, and verifies the alliance chain through the verification node in the alliance chain. Each other node (system or user) in the network performs identity verification, and then records the public key, address identification, and identity fingerprint of each node in the alliance chain to the alliance chain's ledger. After the consensus mechanism, the block ledger Access to the alliance chain.
其中,上述身份指纹是由的身份标识(例如,用户的姓名、身份证号等信息,或企业、单位等的名称、组织机构代码等信息)经过单向加密算法加密后生成的,上述身份标识是指持有与上述身份指纹和公钥对应的私钥的用户的真实身份信息。例如,对上述真实身份标识进行哈希得到其哈希值,将其哈希值作为上述身份指纹。可以理解的是,在本申请实施例中,不对上述验证节点作限制。上述验证节点可以是上述主账户运营节点,也可以是第三方信任机构,例如,对于用户的身份验证上述第三方信息机构可以是公安***,对于企业或单位上述第三方信任机构可以是工商管理***。The above-mentioned identity fingerprint is generated by the identity identification (for example, information such as the user's name, ID card number, or the name of an enterprise, an organization, or an organization code) after being encrypted by a one-way encryption algorithm. Refers to the real identity information of the user who holds the private key corresponding to the above identity fingerprint and public key. For example, the real identity is hashed to obtain a hash value, and the hash value is used as the identity fingerprint. It can be understood that, in the embodiment of the present application, the verification node is not limited. The verification node may be the main account operation node or a third-party trust organization. For example, the third-party information organization may be a public security system for user identification, and the enterprise or unit may be a business management system. .
其中,上述单向加密算法为只能够对数据进行加密得到加密数据,但不能有加密数据得到数据的算法。即可以使用单向加密算法对身份标识进行加密得到身份指纹,然而不存在相应的解密算法来对上述身份指纹解密得到身份标识。上述单向加密算法可以包括信息-摘要算法(Message-Digest algorithm,MD)、算法和安全散列算法1(Secure Hash Algorithm,SHA-1)、散列消息鉴别码(Hash Message Authentication Code,HMAC)等。例如,上述单向加密算法为MD算法时,则对上述身份标识进行哈希运算,得到的哈希值便为上述身份指纹。The one-way encryption algorithm is an algorithm that can only encrypt data to obtain encrypted data, but cannot have encrypted data to obtain data. That is, a one-way encryption algorithm can be used to encrypt the identity to obtain the identity fingerprint, but there is no corresponding decryption algorithm to decrypt the identity fingerprint to obtain the identity. The above one-way encryption algorithm may include Message-Digest Algorithm (MD), Algorithm and Secure Hash Algorithm 1 (SHA-1), Hash Message Authentication Code (HMAC) Wait. For example, when the one-way encryption algorithm is the MD algorithm, the identity is hashed, and the obtained hash value is the identity fingerprint.
在本申请实施例中,联盟链中的各个节点的公钥、地址标识以及身份指纹记录在联盟链的账本中,因此可以通过上述记录在联盟链账本中的公钥和身份指纹来进行身份验证(用户于用户之间、用户与***之间、***与***之间); 另外由于且上述身份指纹是由用户的真实身份信息进过单向加密算法生成的,所以在联盟链中,在没有对其他节点公布自己信息时,节点与节点之间具有很好的隐私性。In the embodiment of the present application, the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain. Therefore, the public key and identity fingerprint recorded in the ledger of the alliance chain can be used for identity verification. (Between users, between users and systems, between systems and systems); In addition, because the identity fingerprint is generated by the user ’s real identity information through a one-way encryption algorithm, in the alliance chain, there is no When publishing their information to other nodes, there is good privacy between nodes.
在联盟链中,第一用户可能在联盟链的一个或多个***中都有进行注册,因此在这些***中都存在有该用户的数字资产(包括该用户的个人信息,以及该用户在使用这些***时产生的各种个人数据)。当该第一用户想要将联盟链的各个***中自己的数字资产提取到自己在该联盟链的数据资产账户中,以便自己能够切实的掌握自己的数字资产。当第一用户想要从***节点中提取自己的数据资产时,上述第一用户可以通过自己的用户终端向联盟链中的第一***发起个人数据资产提取请求。然后第一***接收到上述个人数据资产提取请求之后,对其进行验证,当验证通过后,将第一***中上述第一用户的数据资产用上述第一用户的公钥加密后,将其加入到上述第一用户的数字资产账户中。In the alliance chain, the first user may be registered in one or more systems of the alliance chain, so the digital assets of the user (including the user's personal information, and the user is using These systems generate various personal data). When the first user wants to extract his own digital assets in each system of the alliance chain into his own data asset account in the alliance chain, so that he can effectively grasp his own digital assets. When a first user wants to extract his own data assets from a system node, the above-mentioned first user may initiate a personal data asset extraction request to the first system in the alliance chain through his own user terminal. After receiving the request for extracting the personal data assets, the first system verifies the personal data assets. After the verification is passed, the data assets of the first user in the first system are encrypted with the public key of the first user, and then added to the system. To the digital asset account of the first user.
102:***节点从联盟链中获取与上述第一用户地址标识对应的第一身份映射信息,上述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹。102: The system node obtains first identity mapping information corresponding to the first user address identifier from the alliance chain. The first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint.
在本申请实施例中,当上述***节点接收到上述数据资产提取请求后,上述***节点从联盟链账本中获取与上述第一用户地址标识对应的第一身份映射信息,以便***节点使用上述第一身份映射信息中包括的第一公钥和第一身份信息对发起上述数据资产提取请求的第一用户进行身份验证。In the embodiment of the present application, after the system node receives the data asset extraction request, the system node obtains the first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, so that the system node uses the first The first public key and the first identity information included in the identity mapping information authenticate the first user who initiated the data asset extraction request.
其中,上述第一身份指纹为联盟链中的验证节点在核实第一用户的身份信息后,对第一用户提供的身份标识(例如,用户的姓名、身份证号等信息)经过单向加密算法加密后生成的。例如,对上述真实身份信息进行哈希得到其哈希值,将其哈希值作为上述身份指纹。The first identity fingerprint mentioned above is a one-way encryption algorithm for the identity provided by the first user (for example, the user's name and ID number) after the verification node in the alliance chain verifies the identity information of the first user. Generated after encryption. For example, the real identity information is hashed to obtain a hash value, and the hash value is used as the identity fingerprint.
103:***节点使用上述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证通过后,使用上述第一公钥加密***节点中与上述第一身份标识对应的数据信息,得到第一加密数据资产。103: After the system node authenticates the first user by using the first identity fingerprint and the first encrypted identity information, the first public key is used to encrypt the data information corresponding to the first identity in the system node to obtain First encrypted data asset.
在本申请实施例中,当上述***节点从联盟链中获取到上述第一身份映射信息后,上述***节点便根据上述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证。当对上述第一用户的身份验证通过后,上述***节点使用上述第一公钥加密***节点中与上述第一身份标识对应的数据信息,得到第一加密数据资产。In the embodiment of the present application, after the system node obtains the first identity mapping information from the alliance chain, the system node performs identity verification on the first user according to the first identity fingerprint and the first encrypted identity information. . After the identity verification of the first user is passed, the system node uses the first public key to encrypt data information corresponding to the first identity in the system node to obtain a first encrypted data asset.
具体的,当上述***节点从联盟链中获取到上述第一身份映射信息后,上述***节点使用上述***节点的私钥解密上述第一加密身份信息,以便得到第一身份标识。然后上述***节点使用上述第一单向加密算法加密上述第一身份 标识得到第二身份指纹。接着,上述***节点判断上述第一身份指纹与第二身份指纹是否相等,若上述第一身份指纹与所述第二身份指纹相等,则对上述第一用户的身份验证通过。最后,上述***节点根据上述第一身份标识信息从上述***节点的数据库中获取与上述第一身份标识相关的数据信息,并使用上述第一公钥对上述数据信息进行加密得到上述第一加密数据资产。Specifically, after the system node obtains the first identity mapping information from the alliance chain, the system node uses the private key of the system node to decrypt the first encrypted identity information in order to obtain a first identity identifier. The system node then encrypts the first identity using the first one-way encryption algorithm to obtain a second identity fingerprint. Then, the system node determines whether the first identity fingerprint and the second identity fingerprint are equal. If the first identity fingerprint and the second identity fingerprint are equal, the identity verification of the first user is passed. Finally, the system node obtains data information related to the first identity from a database of the system node according to the first identity information, and uses the first public key to encrypt the data information to obtain the first encrypted data. assets.
104:***节点将上述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。104: The system node adds the above-mentioned first encrypted data asset to the data asset account of the first user in the alliance chain.
在本申请实施例中,当上述***节点得到上述第一加密数据资产后,上述***节点将上述第一加密数据资产添加到本地的上述第一用户的数据资产账户中;并将上述第一加密数据资产在联盟链中进行全网广播,以便触发第一智能合约使联盟链中的其他节点将上述第一加密数据资产添加到上述以用户的数据资产账户中。In the embodiment of the present application, after the system node obtains the first encrypted data asset, the system node adds the first encrypted data asset to a data asset account of the first user locally; and the first encryption Data assets are broadcast across the network in the alliance chain, in order to trigger the first smart contract to cause other nodes in the alliance chain to add the first encrypted data asset to the user's data asset account.
作为一种可选的实施方式,上述***节点还可以向联盟链中的用户发起数据资产的使用请求,以便获取***节点想要获取的数据资产。具体的,上述***节点向联盟链中的用户节点发送数据资产使用请求,上述数据资产使用请求中包括数据资产清单、第二加密身份信息和上述***节点的地址标识。其中,上述第二加密身份信息为***节点使用第一公钥对自己的身份标识(即请求方的身份标识)加密得到的信息。As an optional implementation manner, the above system node may also initiate a data asset use request to a user in the alliance chain in order to obtain the data asset that the system node wants to obtain. Specifically, the system node sends a data asset use request to a user node in the alliance chain, and the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node. The second encrypted identity information is information obtained by the system node using the first public key to encrypt its own identity (that is, the identity of the requester).
当用户节点接收到上述数据资产使用请求后,便根据上述数据资产使用请求中包括的***节点的地址标识从联盟链中获取与上述***节点对应的身份映射信息,然后上述用户节点使用自己的私钥对上述第二加密身份信息进行解密得到第二身份标识,并使用上述第一单向加密算法对第二身份标识加密得到第二身份指纹,然后使用通过上述***节点的地址标识从联盟链账本中获取与之对应的第三身份映射信息,并对比第二身份指纹和第三身份映射信息中的第三身份指纹,若相等或匹配,则说明上述第二身份标识的确为上述***的地址标识对应的身份标识。然后用户根据上述第二身份标识判断是否要对上述数据资产提取请求对应的***授权。若是,则根据上述数据资产清单从该用户的数据资产账户中或上述数据资产清单中对应的数据资产,由于上述用户的数据资产账户中的数据资产是被加密的,因此在获取到上述数据资产清单对应的数据资产后,要先使用该用户的私钥对其进行解密,得到机密后的数据资产,然后使用上述***节点的公钥对解密后的数据资产加密得到上述第二加密数据资产。接着,上述该用户节点接收该用户通过输入设备输入的授权条件。最后该用户节点生成数据资产授权信息,该反馈信息中包括上述授权条件和上述第二加密数据资产,并将该数据资产授权信息全网广播,即将该数据资产授权信息发送 给上述***节点。其中,上述授权条件包括授权期限、授权次数、授权范围中的至少一项。When the user node receives the data asset use request, it obtains the identity mapping information corresponding to the system node from the alliance chain according to the address identifier of the system node included in the data asset use request, and then the user node uses its own private information. Key to decrypt the second encrypted identity information to obtain a second identity, and use the first one-way encryption algorithm to encrypt the second identity to obtain a second identity fingerprint, and then use the address identifier of the system node to obtain the second identity fingerprint To obtain the corresponding third identity mapping information, and compare the second identity fingerprint with the third identity fingerprint in the third identity mapping information. If they are equal or match, it means that the second identity is indeed the address identifier of the system. Corresponding identity. Then, the user judges whether to authorize the system corresponding to the data asset extraction request according to the second identity. If yes, the data assets in the user ’s data asset account or the corresponding data assets in the data asset list are encrypted according to the data asset list. Because the data assets in the user ’s data asset account are encrypted, the data assets are obtained. After listing the corresponding data assets, the user's private key is first used to decrypt them to obtain the confidential data assets, and then the public keys of the system nodes are used to encrypt the decrypted data assets to obtain the second encrypted data assets. Then, the user node receives the authorization condition input by the user through the input device. Finally, the user node generates data asset authorization information, and the feedback information includes the authorization conditions and the second encrypted data asset, and broadcasts the data asset authorization information on the entire network, that is, sends the data asset authorization information to the system node. The above authorization conditions include at least one of an authorization period, the number of authorizations, and an authorization range.
当上述***节点接收到上述数据资产授权信息后,***节点自动触发第二智能合约,按照上述授权条件向上述***节点提供上述加密数据资产信息。最后,上述***节点使用上述***节点的私钥解密上述第二加密数据资产得到上述数据资产清单对应的数据资产。After the system node receives the data asset authorization information, the system node automatically triggers a second smart contract to provide the system node with the encrypted data asset information according to the authorization conditions. Finally, the system node uses the private key of the system node to decrypt the second encrypted data asset to obtain a data asset corresponding to the data asset list.
可以看出,在本申请实施例中,联盟链中的各个节点的公钥、地址标识以及身份指纹记录在联盟链的账本中,因此可以通过上述记录在联盟链账本中的公钥和身份指纹来进行身份验证;另外由于且上述身份指纹是由用户的真实身份信息进过单向加密算法生成的,所以在联盟链中,在没有对其他节点公布自己信息时,节点与节点之间具有很好的隐私性。此外,联盟链中的用户通过将联盟链中各个***中的私人数据提取到个人的数据资产账户中,并可以按照授权条件对自己的数据资产进行授权使用。因此,通过本申请实施例,可以有效的将散落在各个***中的私人数据收进行收集,还可以有效对对自己的私人数据资产进行有效的管理。It can be seen that, in the embodiment of the present application, the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain, so the public key and identity fingerprint recorded in the ledger of the alliance chain can be obtained through the above. In addition, because the identity fingerprint is generated by the user ’s real identity information through a one-way encryption algorithm, in the alliance chain, when no information is disclosed to other nodes, there is a very strong relationship between nodes. Good privacy. In addition, users in the alliance chain can extract private data from various systems in the alliance chain into personal data asset accounts, and can authorize the use of their own data assets according to the authorization conditions. Therefore, according to the embodiments of the present application, the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
参见图2,是本申请实施例还提供了另一种数据资产管理方法的示意流程图,如图所示该方法可包括:Referring to FIG. 2, a schematic flowchart of another data asset management method is also provided in an embodiment of the present application. As shown in the figure, the method may include:
201:第一用户节点发送数据资产提取请求,上述数据资产提取请求中包括第一加密身份信息、第一用户地址标识。201: The first user node sends a data asset extraction request. The data asset extraction request includes first encrypted identity information and a first user address identifier.
其中,上述第一加密身份信息为使用上述***节点的公钥对第一身份标识信息经过加密得到的信息,上述身份标识信息为发起上述数据资产提取请求对应的用户的身份标识信息。上述第一用户地址标识为发起上述数据资产提取请求对应用户的用户地址标识。The first encrypted identity information is information obtained by encrypting the first identity information using a public key of the system node, and the identity information is identity information of a user corresponding to initiating the data asset extraction request. The first user address identifier is a user address identifier of a user corresponding to the data asset extraction request.
在本申请实施例中,上述联盟链可以由主账户运营节点来创建,然后邀请现实互联网世界的各个***(应用***、APP、网站等)作为节点接入。当上述联盟链创键成功之后,联盟链中的各个节点(包括***以及用户)通过上述联盟链生成自己的私钥和公钥以及对应的地址标识,并通过联盟链中的验证节点对联盟链中的其他各个节点(***或用户)进行身份验证,然后将联盟链中的各个节点的公钥、地址标识、以及身份指纹记录到联盟链的账本中,经过共识机制后,将该区块账本接入到联盟链链中。In the embodiment of the present application, the above-mentioned alliance chain may be created by a master account operation node, and then various systems (application systems, APPs, websites, etc.) in the real Internet world are invited to access as nodes. After the key creation of the alliance chain is successful, each node (including the system and the user) in the alliance chain generates its own private and public keys and the corresponding address identifier through the alliance chain, and verifies the alliance chain through the verification node in the alliance chain. Each other node (system or user) in the network performs identity verification, and then records the public key, address identification, and identity fingerprint of each node in the alliance chain to the alliance chain's ledger. After the consensus mechanism, the block ledger Access to the alliance chain.
其中,上述身份指纹是由的身份标识(例如,用户的姓名、身份证号等信息,或企业、单位等的名称、组织机构代码等信息)经过单向加密算法加密后生成的,上述身份标识是指持有与上述身份指纹和公钥对应的私钥的用户的真实身份信息。例如,对上述真实身份标识进行哈希得到其哈希值,将其哈希值 作为上述身份指纹。可以理解的是,在本申请实施例中,不对上述验证节点作限制。上述验证节点可以是上述主账户运营节点,也可以是第三方信任机构,例如,对于用户的身份验证上述第三方信息机构可以是公安***,对于企业或单位上述第三方信任机构可以是工商管理***。The above-mentioned identity fingerprint is generated by the identity identification (for example, information such as the user's name, ID card number, or the name of an enterprise, an organization, or an organization code) after being encrypted by a one-way encryption algorithm. Refers to the real identity information of the user who holds the private key corresponding to the above identity fingerprint and public key. For example, the real identity is hashed to obtain a hash value, and the hash value is used as the identity fingerprint. It can be understood that, in the embodiment of the present application, the verification node is not limited. The verification node may be the main account operation node or a third-party trust organization. For example, the third-party information organization may be a public security system for user identification, and the enterprise or unit may be a business management system. .
其中,上述单向加密算法为只能够对数据进行加密得到加密数据,但不能有加密数据得到数据的算法。即可以使用单向加密算法对身份标识进行加密得到身份指纹,然而不存在相应的解密算法来对上述身份指纹解密得到身份标识。上述单向加密算法可以包括信息-摘要算法(Message-Digest algorithm,MD)、算法和安全散列算法1(Secure Hash Algorithm,SHA-1)、散列消息鉴别码(Hash Message Authentication Code,HMAC)等。例如,上述单向加密算法为MD算法时,则对上述身份标识进行哈希运算,得到的哈希值便为上述身份指纹。The one-way encryption algorithm is an algorithm that can only encrypt data to obtain encrypted data, but cannot have encrypted data to obtain data. That is, a one-way encryption algorithm can be used to encrypt the identity to obtain the identity fingerprint, but there is no corresponding decryption algorithm to decrypt the identity fingerprint to obtain the identity. The above one-way encryption algorithm may include Message-Digest Algorithm (MD), Algorithm and Secure Hash Algorithm 1 (SHA-1), Hash Message Authentication Code (HMAC) Wait. For example, when the one-way encryption algorithm is the MD algorithm, the identity is hashed, and the obtained hash value is the identity fingerprint.
在本申请实施例中,联盟链中的各个节点的公钥、地址标识以及身份指纹记录在联盟链的账本中,因此可以通过上述记录在联盟链账本中的公钥和身份指纹来进行身份验证(用户于用户之间、用户与***之间、***与***之间);另外由于且上述身份指纹是由用户的真实身份信息进过单向加密算法生成的,所以在联盟链中,在没有对其他节点公布自己信息时,节点与节点之间具有很好的隐私性。In the embodiment of the present application, the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain. Therefore, the public key and identity fingerprint recorded in the ledger of the alliance chain can be used for identity verification. (Between users, between users and systems, between systems and systems); In addition, because the above-mentioned identity fingerprint is generated by the user's real identity information through a one-way encryption algorithm, in the alliance chain, there is no When publishing their information to other nodes, there is good privacy between nodes.
在联盟链中,第一用户可能在联盟链的一个或多个***中都有进行注册,因此在这些***中都存在有该用户的数字资产(包括该用户的个人信息,以及该用户在使用这些***时产生的各种个人数据)。当该第一用户想要将联盟链的各个***中自己的数字资产提取到自己在该联盟链的数据资产账户中,以便自己能够切实的掌握自己的数字资产。当第一用户想要从***节点中提取自己的数据资产时,上述第一用户可以通过自己的用户终端向联盟链中的第一***发起个人数据资产提取请求。然后第一***接收到上述个人数据资产提取请求之后,对其进行验证,当验证通过后,将第一***中上述第一用户的数据资产用上述第一用户的公钥加密后,将其加入到上述第一用户的数字资产账户中。In the alliance chain, the first user may be registered in one or more systems of the alliance chain, so the digital assets of the user (including the user's personal information, and the user is using These systems generate various personal data). When the first user wants to extract his own digital assets in each system of the alliance chain into his own data asset account in the alliance chain, so that he can effectively grasp his own digital assets. When a first user wants to extract his own data assets from a system node, the above-mentioned first user may initiate a personal data asset extraction request to the first system in the alliance chain through his own user terminal. After receiving the request for extracting the personal data assets, the first system verifies the personal data assets. After the verification is passed, the data assets of the first user in the first system are encrypted with the public key of the first user, and then added to the system. To the digital asset account of the first user.
具体的,当该第一个人用户想要将联盟链的各个***中自己的数字资产提取到自己在该联盟链的个人账户,以便自己能够切实的掌握自己的数字资产时,上述第一个人用户可以通过自己的用户终端向联盟链中的第一***发起个人数据资产提取请求,该第一***可以包括一个或多个***;该个人数据资产提取请求中包括该第一个人用户的公钥以及第一身份验证信息,该第一身份验证信息是通过第一***的公钥加密该用户的个人身份信息生成的,其中该个人身份信息与生成该用户身份指纹的身份信息相同。当上述个人用户的用户终端生成上述个人数据资产提取请求之后,将上述个人数据资产提取请求进行全网广播, 以便联盟链中的其他节点接收当上述个人数据资产提取请求。Specifically, when the first individual user wants to extract his own digital assets in each system of the alliance chain to his personal account in the alliance chain, so that he can effectively grasp his own digital assets, the first one described above A human user can initiate a personal data asset extraction request to the first system in the alliance chain through his user terminal. The first system can include one or more systems; the personal data asset extraction request includes the first personal user's The public key and the first identity verification information, the first identity verification information is generated by encrypting the personal identity information of the user by the public key of the first system, wherein the personal identity information is the same as the identity information generating the user identity fingerprint. After the user terminal of the personal user generates the personal data asset extraction request, the personal data asset extraction request is broadcasted on the entire network, so that other nodes in the alliance chain receive the personal data asset extraction request.
202:第一用户节点接收第三加密数据资产,上述第三加密数据资产为根据上述第一用户地址标识和上述第一加密身份信息对上述第一用户节点的身份验证通过后,使用与上述第一用户地址标识对应的公钥加密上述***中上述第一用户的数据信息生成的加密数据资产。202: The first user node receives a third encrypted data asset. The third encrypted data asset is obtained after the identity verification of the first user node according to the first user address identifier and the first encrypted identity information is passed. A public key corresponding to a user address identifier encrypts the encrypted data asset generated by the data information of the first user in the system.
在本申请实施例中,当上述第一***接收当上述个人数据资产提取请求之后,根据上述个人数据资产提取请求中的公钥获从联盟链中获取到与其对应的身份指纹,然后用第一***的私钥解密上述个人数据资产提取请求中的第一身份验证信息得到第一用户的个人身份信息,接着根据得到的第一用户的个人身份信息生成第一用户的身份指纹,最后将该第一用户的身份指纹与根据上述个人数据资产提取请求中的公钥从联盟链中获取到的身份指纹相比较,若两个身份指纹相同,则对第一用户的身份验证通过,然后根据上述第一用户的个人身份信息从第一***中的数据库中提取第一用户的数据资产,并将第一用户的数据资产用第一用户的公钥加密得到上述第三加密数据资产,并将上述第三加密数据资产全网广播,即将上述第三加密数据资产发送给上述第一用户节点。In the embodiment of the present application, after the first system receives the personal data asset extraction request, it obtains the corresponding identity fingerprint from the alliance chain according to the public key in the personal data asset extraction request, and then uses the first The system's private key decrypts the first identity verification information in the personal data asset extraction request to obtain the personal identity information of the first user, then generates the identity fingerprint of the first user according to the obtained personal identity information of the first user, and finally A user's identity fingerprint is compared with the identity fingerprint obtained from the alliance chain according to the public key in the above-mentioned personal data asset extraction request. If the two identity fingerprints are the same, the identity verification of the first user is passed, and then according to the above-mentioned The personal identity information of a user extracts the data assets of the first user from the database in the first system, and encrypts the data assets of the first user with the public key of the first user to obtain the third encrypted data asset, and Three encrypted data assets broadcast across the network, that is, the third encrypted data asset is sent to the first use Node.
203:第一用户节点将上述第三加密数据资产添加到联盟链中上述第一用户的数据资产账户中。203: The first user node adds the third encrypted data asset to the data asset account of the first user in the alliance chain.
在本申请实施例中,当上述第一用户节点接收当上述第三加密数据资产数据后,上述第一用户节点将上述第三加密数据资产添加到联盟链中上述第一用户的数据资产账户中。In the embodiment of the present application, after the first user node receives the third encrypted data asset data, the first user node adds the third encrypted data asset to the data asset account of the first user in the alliance chain. .
作为一种可选的实施方式,在将上述第三加密数据资产添加到联盟链中上述第一用户的数据资产账户中之后,上述第一用户节点接收数据资产使用请求,其中,上述数据资产使用请求中包括数据资产清单、第二加密身份信息和第三地址标识。上述第二加密身份信息为发起上述数据资产使用请求方使用第一公钥对自己的身份标识(即请求方的身份标识)加密得到的信息;上述第三地址标识为请求方的地址标识。As an optional implementation manner, after the third encrypted data asset is added to the data asset account of the first user in the alliance chain, the first user node receives a data asset use request, wherein the data asset use The request includes a list of data assets, second encrypted identity information, and a third address identifier. The second encrypted identity information is information obtained by using the first public key to encrypt the identity of the requester (that is, the identity of the requester) that initiated the data asset use; the third address identifier is the address identifier of the requester.
然后上述第一用户节点从联盟链账本中获取与上述第三地址标识对应的第三身份映射信息,上述第三身份映射信息包括第三地址标识、第三公钥和第三身份指纹。接着上述第一用户节点使用上述第三身份指纹和上述第二加密身份信息对上述请求方的身份验证。当验证通过后,上述第一用户节点使用上述第三公钥加密与上述数据资产清单对应的数据资产得到第三加密数据资产。接着,上述第一用户节点接收第一用户通过输入设备输入的授权条件,其中,上述授权条件包括授权期限、授权次数、授权范围中的至少一项。最后上述第一用户节点根据上述反馈信息中包括上述授权条件和上述第三加密数据资产生成反馈 信息,并将上述反馈信息全网广播。Then, the first user node obtains third identity mapping information corresponding to the third address identifier from the alliance chain ledger, and the third identity mapping information includes a third address identifier, a third public key, and a third identity fingerprint. Then, the first user node uses the third identity fingerprint and the second encrypted identity information to verify the identity of the requester. After the verification is passed, the first user node uses the third public key to encrypt a data asset corresponding to the data asset list to obtain a third encrypted data asset. Then, the first user node receives an authorization condition input by the first user through an input device, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range. Finally, the first user node generates feedback information according to the feedback information including the authorization conditions and the third encrypted data asset, and broadcasts the feedback information throughout the network.
其中,上述第一用户节点使用上述第三身份指纹和上述第二加密身份信息对上述请求方的身份验证。具体包括:上述第一用户节点使用第一用户节点的私钥解密上述第二加密身份信息得到第二身份标识,然后上述第一用户节点使用单向加密算法加密上述第二身份标识得到第二身份指纹,比较上述第二身份指纹和上述第三身份指纹,若两个身份指纹匹配,则验证通过。The first user node uses the third identity fingerprint and the second encrypted identity information to verify the identity of the requester. Specifically, the first user node uses the private key of the first user node to decrypt the second encrypted identity information to obtain a second identity, and then the first user node uses a one-way encryption algorithm to encrypt the second identity to obtain a second identity. The fingerprint is compared with the second identity fingerprint and the third identity fingerprint. If the two identity fingerprints match, the verification is passed.
可以看出,通过本申请实施例,可以有效的将散落在各个***中的私人数据收进行收集,还可以有效对对自己的私人数据资产进行有效的管理。It can be seen that, through the embodiments of the present application, the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
请参阅图3,图3是本申请实施例提供的一种数据资产管理装置300的一种可能的功能单元组成框图,该数据资产管理装置包括:第一接收单元310、第一获取单元320、第一验证单元330、第一加密单元340以及第一添加单元350。Please refer to FIG. 3. FIG. 3 is a block diagram of a possible functional unit of a data asset management apparatus 300 provided by an embodiment of the present application. The data asset management apparatus includes a first receiving unit 310, a first obtaining unit 320, The first verification unit 330, the first encryption unit 340, and the first adding unit 350.
第一接收单元310,用于***节点接收数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;A first receiving unit 310, configured to receive a data asset extraction request by a system node, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
第一获取单元320,用于从联盟链账本中获取与所述第一用户地址标识对应的第一身份映射信息,所述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹;The first obtaining unit 320 is configured to obtain first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, where the first identity mapping information includes a first user address identifier, a first public key, and First identity fingerprint
第一获取单元320,用于使用所述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证;A first obtaining unit 320, configured to use the first identity fingerprint and the first encrypted identity information to authenticate a first user;
第一加密单元340,用于在所述验证单元验证通过后使用所述第一公钥加密***节点中与所述第一身份标识对应的数据信息,得到第一加密数据资产;A first encryption unit 340, configured to use the first public key to encrypt data information corresponding to the first identity in a system node after the verification unit passes the verification to obtain a first encrypted data asset;
第一添加单元350,用于将所述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。A first adding unit 350 is configured to add the first encrypted data asset to a data asset account of a first user in the alliance chain.
可选的,所述第一身份映射信息为联盟链中的验证节点使用第一单向加密算法对第一用户的第一身份标识加密生成所述第一身份指纹后,根据所述第一用户地址标识、所述第一公钥和所述第一身份指纹生成的映射关系信息。Optionally, the first identity mapping information is that the verification node in the alliance chain uses the first one-way encryption algorithm to encrypt the first identity of the first user to generate the first identity fingerprint, and then according to the first user, The mapping relationship information generated by the address identifier, the first public key, and the first identity fingerprint.
可选的,所述验证单元包括:Optionally, the verification unit includes:
第一解密单元使用所述***节点的私钥解密所述第一加密身份信息,得到第一身份标识;The first decryption unit uses the private key of the system node to decrypt the first encrypted identity information to obtain a first identity identifier;
第二加密单元,还用于使用所述第一单向加密算法加密所述第一身份标识得到第二身份指纹;A second encryption unit, further configured to encrypt the first identity using the first one-way encryption algorithm to obtain a second identity fingerprint;
第一判断单元,用于判断所述第一身份指纹是否与所述第二身份指纹相等,若相等,则验证通过。The first determining unit is configured to determine whether the first identity fingerprint is equal to the second identity fingerprint, and if they are equal, the verification is passed.
可选的,所述第一添加单元350,用于将所述第一加密数据资产添加到本地的所述第一用户的数据资产账户中;将所述第一加密数据资产在联盟链中进行 全网广播,以便触发第一智能合约使联盟链中的其他节点将所述第一加密数据资产添加到所述以用户的数据资产账户中。Optionally, the first adding unit 350 is configured to add the first encrypted data asset to a data asset account of the first user locally; and perform the first encrypted data asset in an alliance chain. The whole network broadcasts in order to trigger the first smart contract to cause other nodes in the alliance chain to add the first encrypted data asset to the user's data asset account.
可选的,所述数据资产管理装置还包括:Optionally, the data asset management device further includes:
第一发送单元,用于发送数据资产使用请求,所述数据资产使用请求中包括数据资产清单、第二加密身份信息和所述***节点的地址标识;A first sending unit, configured to send a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node;
所述第一接收单元310,用于接收数据资产授权信息,所述授权信息为根据所述***节点的地址标识和所述第二加密身份信息对所述***节点的身份验证通过后,使用与所述***节点的地址标识对应的***公钥加密所述数据资产清单对应的数据资产生成的第二加密数据资产,根据所述第二加密数据资产和授权条件生成的信息;The first receiving unit 310 is configured to receive data asset authorization information, where the authorization information is obtained by using the system node ’s address identifier and the second encrypted identity information to authenticate the system node, and using the A second encrypted data asset generated by encrypting a data asset corresponding to the data asset list with a system public key corresponding to an address identifier of the system node, and information generated according to the second encrypted data asset and authorization conditions;
第一提供单元,触发第二智能合约,按照所述授权条件向所述***节点提供所述第二加密数据资产信息,所述授权条件包括授权期限、授权次数、授权范围中的至少一项;A first providing unit that triggers a second smart contract and provides the second encrypted data asset information to the system node according to the authorization condition, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
第一解密单元,用于使用所述***节点的私钥解密所述第二加密数据资产得到所述数据资产清单对应的数据资产。A first decryption unit is configured to decrypt the second encrypted data asset using the private key of the system node to obtain a data asset corresponding to the data asset list.
可以看出,在本申请实施例中,联盟链中的各个节点的公钥、地址标识以及身份指纹记录在联盟链的账本中,因此可以通过上述记录在联盟链账本中的公钥和身份指纹来进行身份验证;另外由于且上述身份指纹是由用户的真实身份信息进过单向加密算法生成的,所以在联盟链中,在没有对其他节点公布自己信息时,节点与节点之间具有很好的隐私性。此外,联盟链中的用户通过将联盟链中各个***中的私人数据提取到个人的数据资产账户中,并可以按照授权条件对自己的数据资产进行授权使用。因此,通过本申请实施例,可以有效的将散落在各个***中的私人数据收进行收集,还可以有效对对自己的私人数据资产进行有效的管理。It can be seen that, in the embodiment of the present application, the public key, address identifier, and identity fingerprint of each node in the alliance chain are recorded in the ledger of the alliance chain, so the public key and identity fingerprint recorded in the ledger of the alliance chain can be obtained through the above. In addition, because the identity fingerprint is generated by the user ’s real identity information through a one-way encryption algorithm, in the alliance chain, when no information is disclosed to other nodes, there is a very strong relationship between nodes. Good privacy. In addition, users in the alliance chain can extract private data from various systems in the alliance chain into personal data asset accounts, and can authorize the use of their own data assets according to the authorization conditions. Therefore, according to the embodiments of the present application, the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
请参阅图4,图4是本申请实施例提供的一种数据资产管理装置400的一种可能的功能单元组成框图,该数据资产管理装置包括:第二发送单元410、第二接收单元420以及第二添加单元430。Please refer to FIG. 4. FIG. 4 is a block diagram of a possible functional unit of a data asset management apparatus 400 provided by an embodiment of the present application. The data asset management apparatus includes a second sending unit 410, a second receiving unit 420, and The second adding unit 430.
第二发送单元410,用于发送数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;A second sending unit 410, configured to send a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
第二接收单元420,用于接收第三加密数据资产,所述第三加密数据资产为根据所述第一用户地址标识和所述第一加密身份信息对所述第一用户节点的身份验证通过后,使用与所述第一用户地址标识对应的公钥加密所述***中所述第一用户的数据信息生成的加密数据资产;The second receiving unit 420 is configured to receive a third encrypted data asset, where the third encrypted data asset passes the identity verification of the first user node according to the first user address identifier and the first encrypted identity information. And then encrypting the encrypted data asset generated by the data information of the first user in the system with a public key corresponding to the first user address identifier;
第二添加单元430,用于将所述第三加密数据资产添加到联盟链中所述第一 用户的数据资产账户中。A second adding unit 430 is configured to add the third encrypted data asset to a data asset account of the first user in the alliance chain.
可选的,所述第二接收单元420,用于接收数据资产使用请求,所述数据资产使用请求中包括数据资产清单、第二加密身份信息和第三地址标识;Optionally, the second receiving unit 420 is configured to receive a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and a third address identifier;
所述数据资产管理装置还包括:The data asset management device further includes:
第二获取单元,从联盟链账本中获取与所述第三地址标识对应的第三身份映射信息,所述第三身份映射信息包括第三地址标识、第三公钥和第三身份指纹;A second obtaining unit obtaining third identity mapping information corresponding to the third address identifier from the alliance chain ledger, where the third identity mapping information includes a third address identifier, a third public key, and a third identity fingerprint;
第二验证单元,用于使用所述第三身份指纹和所述第二加密身份信息对所述请求方的身份验证通过后,使用所述第三公钥加密与所述数据资产清单对应的数据资产得到第三加密数据资产;A second verification unit, configured to use the third public key to encrypt data corresponding to the data asset list after the identity verification of the requester is passed using the third identity fingerprint and the second encrypted identity information The asset gets a third encrypted data asset;
所述第二接收单元,用于接收输入设备输入的授权条件,所述授权条件包括授权期限、授权次数、授权范围中的至少一项;The second receiving unit is configured to receive an authorization condition input by an input device, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
第二生成单元,用于生成反馈信息,所述反馈信息中包括所述授权条件和所述第三加密数据资产,将上述反馈信息全网广播。A second generating unit is configured to generate feedback information, where the feedback information includes the authorization condition and the third encrypted data asset, and broadcast the feedback information throughout the network.
可选的,所述第二验证单元包括:Optionally, the second verification unit includes:
第二解密单元,用于使用第一用户节点的私钥解密所述第二加密身份信息得到第二身份标识;A second decryption unit, configured to decrypt the second encrypted identity information by using the private key of the first user node to obtain a second identity identifier;
第三加密单元,用于使用第一单向加密算法加密所述第二身份标识得到第二身份指纹;A third encryption unit, configured to encrypt the second identity using a first one-way encryption algorithm to obtain a second identity fingerprint;
比较单元,用于比较所述第二身份指纹和所述第三身份指纹,若两个身份指纹匹配,则对所述请求方的身份验证通过。The comparing unit is configured to compare the second identity fingerprint and the third identity fingerprint. If the two identity fingerprints match, the identity verification of the requester is passed.
可选的,所述第三身份映射信息为联盟链中的验证节点使用第一单向加密算法对所述请求方的第三身份标识加密生成所述第三身份指纹后,根据所述第三地址标识、所述第三公钥和所述第三身份指纹生成的映射关系信息。Optionally, the third identity mapping information is that the verification node in the alliance chain uses the first one-way encryption algorithm to encrypt the third identity of the requester to generate the third identity fingerprint, and then the third identity fingerprint is generated according to the third identity fingerprint. The mapping relationship information generated by the address identifier, the third public key, and the third identity fingerprint.
可以看出,通过本申请实施例,可以有效的将散落在各个***中的私人数据收进行收集,还可以有效对对自己的私人数据资产进行有效的管理。It can be seen that, through the embodiments of the present application, the private data scattered in various systems can be collected effectively, and the private data assets can be effectively managed effectively.
请参阅图5,图5是本申请实施例提供的一种数据资产管理装置500的结构示意图,如图5所示,装置500包括处理器、存储器、通信接口以及一个或多个程序,其中,上述一个或多个程序不同于上述一个或多个应用程序,且上述一个或多个程序被存储在上述存储器中,并且被配置由上述处理器执行。Please refer to FIG. 5. FIG. 5 is a schematic structural diagram of a data asset management apparatus 500 according to an embodiment of the present application. As shown in FIG. 5, the apparatus 500 includes a processor, a memory, a communication interface, and one or more programs. The one or more programs are different from the one or more application programs, and the one or more programs are stored in the memory and configured to be executed by the processor.
在装置500为服务器时,上述程序包括用于执行以下步骤的指令:接收数据资产提取请求,上述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;从联盟链账本中获取与上述第一用户地址标识对应的第一身份映射信息,上述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份 指纹;使用上述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证通过后,使用上述第一公钥加密***节点中与上述第一身份标识对应的数据信息,得到第一加密数据资产;将上述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。When the device 500 is a server, the above program includes instructions for performing the following steps: receiving a data asset extraction request, the data asset extraction request including first encrypted identity information and a first user address identifier; and obtaining from the alliance chain ledger The first identity mapping information corresponding to the first user address identifier, and the first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint; using the first identity fingerprint and the first encryption After the identity information is used to authenticate the first user, the first public key is used to encrypt the data information corresponding to the first identity in the system node to obtain a first encrypted data asset; adding the first encrypted data asset to the alliance The data asset account of the first user in the chain.
在装置500为电子设备时,上述程序包括用于执行以下步骤的指令:发送数据资产提取请求,上述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;接收第三加密数据资产,上述第三加密数据资产为根据上述第一用户地址标识和上述第一加密身份信息对上述第一用户节点的身份验证通过后,使用与上述第一用户地址标识对应的公钥加密上述***中上述第一用户的数据信息生成的加密数据资产;将上述第三加密数据资产添加到联盟链中上述第一用户的数据资产账户中。When the apparatus 500 is an electronic device, the above program includes instructions for performing the following steps: sending a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier; and receiving a third encrypted data asset The third encrypted data asset is encrypted in the system by using a public key corresponding to the first user address identifier after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information. The encrypted data asset generated by the data information of the first user; adding the third encrypted data asset to the data asset account of the first user in the alliance chain.
应当理解,在本申请实施例中,所称处理器可以是中央处理单元(Central Processing Unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that, in the embodiment of the present application, the processor may be a central processing unit (CPU), and the processor may also be another general-purpose processor, a digital signal processor (DSP), Application-specific integrated circuits (Application Specific Integrated Circuits, ASICs), ready-made programmable gate arrays (Field-Programmable Gate Arrays, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
在本申请的另一实施例中提供一种计算机可读存储介质,上述计算机可读存储介质存储有计算机程序,上述计算机程序被处理器执行时实现:接收数据资产提取请求,上述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;从联盟链账本中获取与上述第一用户地址标识对应的第一身份映射信息,上述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹;使用上述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证通过后,使用上述第一公钥加密***节点中与上述第一身份标识对应的数据信息,得到第一加密数据资产;将上述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。In another embodiment of the present application, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program. When the computer program is executed by a processor, the computer program is implemented to receive a data asset extraction request and the data asset extraction request. The first encrypted identity information and the first user address identifier are included; the first identity mapping information corresponding to the first user address identifier is obtained from the alliance chain ledger, and the first identity mapping information includes the first user address identifier, the first The public key and the first identity fingerprint; after the first user is authenticated using the first identity fingerprint and the first encrypted identity information, the first public key encryption system node is used to correspond to the first identity identifier To obtain the first encrypted data asset; add the above-mentioned first encrypted data asset to the data asset account of the first user in the alliance chain.
或者上述计算机程序被处理器执行时实现:发送数据资产提取请求,上述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;接收第三加密数据资产,上述第三加密数据资产为根据上述第一用户地址标识和上述第一加密身份信息对上述第一用户节点的身份验证通过后,使用与上述第一用户地址标识对应的公钥加密上述***中上述第一用户的数据信息生成的加密数据资产;将上述第三加密数据资产添加到联盟链中上述第一用户的数据资产账户中。Or when the computer program is executed by a processor, the data asset extraction request is sent, and the data asset extraction request includes first encrypted identity information and a first user address identifier; a third encrypted data asset is received, and the third encrypted data asset is After the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information, the public key corresponding to the first user address identifier is used to encrypt data information generated by the first user in the system. The encrypted data asset of the above; the third encrypted data asset is added to the data asset account of the first user in the alliance chain.
上述计算机可读存储介质可以是前述任一实施例上述的终端的内部存储单元,例如终端的硬盘或内存。上述计算机可读存储介质也可以是上述终端的外 部存储设备,例如上述终端上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,上述计算机可读存储介质还可以既包括上述终端的内部存储单元也包括外部存储设备。上述计算机可读存储介质用于存储上述计算机程序以及上述终端所需的其他程序和数据。上述计算机可读存储介质还可以用于暂时地存储已经输出或者将要输出的数据。The computer-readable storage medium may be an internal storage unit of the terminal described in any one of the foregoing embodiments, such as a hard disk or a memory of the terminal. The computer-readable storage medium may also be an external storage device of the terminal, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, and a flash memory card provided on the terminal. (Flash Card), etc. Further, the computer-readable storage medium may further include both an internal storage unit of the terminal and an external storage device. The computer-readable storage medium is used to store the computer program and other programs and data required by the terminal. The computer-readable storage medium described above may also be used to temporarily store data that has been or will be output.
在本申请所提供的几个实施例中,应该理解到,所揭露的***、服务器和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个***,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided in this application, it should be understood that the disclosed systems, servers, and methods may be implemented in other ways. For example, the device embodiments described above are merely schematic. For example, the division of the above units is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or may be combined. Integration into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
上述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本申请实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, which may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions in the embodiments of the present application.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware or in the form of software functional unit.
上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例上述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。When the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application is essentially a part that contributes to the existing technology, or all or part of the technical solution may be embodied in the form of a software product, which is stored in a storage medium Included are several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the above method in each embodiment of the present application. The foregoing storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes .
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above is only a specific implementation of this application, but the scope of protection of this application is not limited to this. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed in this application. Modifications or replacements, and these modifications or replacements should be covered by the protection scope of this application. Therefore, the protection scope of this application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种数据资产管理方法,其特征在于,应用于***节点,包括:A data asset management method, which is characterized in that it is applied to a system node and includes:
    ***节点接收数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;The system node receives a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
    所述***节点从联盟链账本中获取与所述第一用户地址标识对应的第一身份映射信息,所述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹;The system node obtains first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, and the first identity mapping information includes a first user address identifier, a first public key, and a first identity fingerprint. ;
    所述***节点使用所述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证通过后,使用所述第一公钥加密***节点中与所述第一身份标识对应的数据信息,得到第一加密数据资产;After the system node authenticates the first user using the first identity fingerprint and the first encrypted identity information, the system node uses the first public key to encrypt data corresponding to the first identity in the system node Information to obtain the first encrypted data asset;
    所述***节点将所述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。The system node adds the first encrypted data asset to a data asset account of a first user in the alliance chain.
  2. 根据权利要求1所述的方法,其特征在于,所述第一身份映射信息为联盟链中的验证节点使用第一单向加密算法对第一用户的第一身份标识加密生成所述第一身份指纹后,所述验证节点根据所述第一用户地址标识、所述第一公钥和所述第一身份指纹生成的映射关系信息。The method according to claim 1, wherein the first identity mapping information is used by a verification node in the alliance chain to encrypt the first identity of the first user using a first one-way encryption algorithm to generate the first identity. After the fingerprint, the verification node generates mapping relationship information based on the first user address identifier, the first public key, and the first identity fingerprint.
  3. 根据权利要求2所述的方法,其特征在于,所述***节点使用所述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证包括:The method according to claim 2, wherein the system node using the first identity fingerprint and the first encrypted identity information to authenticate the first user comprises:
    所述***节点使用所述***节点的私钥解密所述第一加密身份信息,得到第一身份标识;The system node uses the system node's private key to decrypt the first encrypted identity information to obtain a first identity;
    所述***节点使用所述第一单向加密算法加密所述第一身份标识得到第二身份指纹;The system node encrypts the first identity using the first one-way encryption algorithm to obtain a second identity fingerprint;
    若所述***节点确定所述第一身份指纹与所述第二身份指纹相等,则验证通过。If the system node determines that the first identity fingerprint is equal to the second identity fingerprint, the verification is passed.
  4. 根据权利要求1所述的方法,其特征在于,所述***节点将所述第一加密数据资产添加到联盟链中第一用户的数据资产账户中包括:The method according to claim 1, wherein the adding, by the system node, the first encrypted data asset to the data asset account of the first user in the alliance chain comprises:
    所述***节点将所述第一加密数据资产添加到本地的所述第一用户的数据资产账户中;Adding, by the system node, the first encrypted data asset to a data asset account of the first user locally;
    所述***节点将所述第一加密数据资产在联盟链中进行全网广播,以便触发第一智能合约使联盟链中的其他节点将所述第一加密数据资产添加到所述第一用户的数据资产账户中。The system node broadcasts the first encrypted data asset in the alliance chain throughout the network, so as to trigger a first smart contract to cause other nodes in the alliance chain to add the first encrypted data asset to the first user's Data asset account.
  5. 根据权利要求1-4任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-4, further comprising:
    所述***节点发送数据资产使用请求,所述数据资产使用请求中包括数据资产清单、第二加密身份信息和所述***节点的地址标识;The system node sends a data asset use request, and the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node;
    所述***节点接收数据资产授权信息,所述授权信息为根据所述***节点的地址标识和所述第二加密身份信息对所述***节点的身份验证通过后,使用与所述***节点的地址标识对应的***公钥加密所述数据资产清单对应的数据资产生成的第二加密数据资产,根据所述第二加密数据资产和授权条件生成的信息;The system node receives data asset authorization information, where the authorization information is that after the identity verification of the system node is passed according to the address identifier of the system node and the second encrypted identity information, the address of the system node is used Identifying the second encrypted data asset generated by the corresponding system public key to encrypt the data asset corresponding to the data asset list, and generating information according to the second encrypted data asset and authorization conditions;
    所述***节点触发第二智能合约,按照所述授权条件向所述***节点提供所述第二加密数据资产信息,所述授权条件包括授权期限、授权次数、授权范围中的至少一项;The system node triggers a second smart contract and provides the system node with the second encrypted data asset information according to the authorization condition, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
    所述***节点使用所述***节点的私钥解密所述第二加密数据资产得到所述数据资产清单对应的数据资产。The system node uses the private key of the system node to decrypt the second encrypted data asset to obtain a data asset corresponding to the data asset list.
  6. 一种数据资产管理方法,其特征在于,应用于用户节点,包括:A data asset management method, which is characterized in that it is applied to a user node and includes:
    第一用户节点发送数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;The first user node sends a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
    所述第一用户节点接收第三加密数据资产,所述第三加密数据资产为根据所述第一用户地址标识和所述第一加密身份信息对所述第一用户节点的身份验证通过后,使用与所述第一用户地址标识对应的公钥加密所述***中所述第一用户的数据信息生成的加密数据资产;Receiving, by the first user node, a third encrypted data asset, where the third encrypted data asset is obtained after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information, Encrypting an encrypted data asset generated by data information of the first user in the system with a public key corresponding to the first user address identifier;
    所述第一用户节点将所述第三加密数据资产添加到联盟链中所述第一用户的数据资产账户中。The first user node adds the third encrypted data asset to a data asset account of the first user in the alliance chain.
  7. 根据权利要求6所述的方法,其特征在于,在所述第一用户节点将所述第三加密数据资产添加到联盟链中所述第一用户的数据资产账户中之后,所述方法还包括:The method according to claim 6, wherein after the first user node adds the third encrypted data asset to a data asset account of the first user in the alliance chain, the method further comprises :
    所述第一用户节点接收数据资产使用请求,所述数据资产使用请求中包括数据资产清单、第二加密身份信息和第三地址标识;Receiving, by the first user node, a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and a third address identifier;
    所述第一用户节点从联盟链中获取与所述第三地址标识对应的第三身份映射信息,所述第三身份映射信息包括第三地址标识、第三公钥和第三身份指纹;Obtaining, by the first user node, third identity mapping information corresponding to the third address identifier from the alliance chain, where the third identity mapping information includes a third address identifier, a third public key, and a third identity fingerprint;
    所述第一用户节点使用所述第三身份指纹和所述第二加密身份信息对所述请求方的身份验证通过后,使用所述第三公钥加密与所述数据资产清单对应的数据资产得到第三加密数据资产;After the first user node uses the third identity fingerprint and the second encrypted identity information to authenticate the requester, the third user key is used to encrypt the data asset corresponding to the data asset list. Get a third encrypted data asset;
    所述第一用户节点接收输入设备输入的授权条件,所述授权条件包括授权期限、授权次数、授权范围中的至少一项;Receiving, by the first user node, an authorization condition input by an input device, the authorization condition including at least one of an authorization period, the number of authorizations, and an authorization range;
    所述第一用户节点生成反馈信息,所述反馈信息中包括所述授权条件和所 述第三加密数据资产,将所述反馈信息全网广播。The first user node generates feedback information, where the feedback information includes the authorization condition and the third encrypted data asset, and broadcasts the feedback information throughout the network.
  8. 根据权利要求7所述的方法,其特征在于,所述第一用户节点使用所述第三身份指纹和所述第二加密身份信息对所述请求方的身份验证通过,包括:The method according to claim 7, wherein the first user node uses the third identity fingerprint and the second encrypted identity information to pass the identity verification of the requester, comprising:
    所述第一用户节点使用第一用户节点的私钥解密所述第二加密身份信息得到第二身份标识;The first user node uses the private key of the first user node to decrypt the second encrypted identity information to obtain a second identity identifier;
    所述第一用户节点使用第一单向加密算法加密所述第二身份标识得到第二身份指纹;The first user node encrypts the second identity using a first one-way encryption algorithm to obtain a second identity fingerprint;
    所述第一用户节点比较所述第二身份指纹和所述第三身份指纹,若两个身份指纹匹配,则对所述请求方的身份验证通过。The first user node compares the second identity fingerprint with the third identity fingerprint, and if the two identity fingerprints match, the identity verification of the requester passes.
  9. 根据权利要求7或8任一项所述的方法,其特征在于,所述第三身份映射信息为联盟链中的验证节点使用第一单向加密算法对所述请求方的第三身份标识加密生成所述第三身份指纹后,根据所述第三地址标识、所述第三公钥和所述第三身份指纹生成的映射关系信息。The method according to any one of claims 7 or 8, wherein the third identity mapping information is a verification node in the alliance chain using a first unidirectional encryption algorithm to encrypt the third identity of the requester After the third identity fingerprint is generated, mapping relationship information generated according to the third address identifier, the third public key, and the third identity fingerprint.
  10. 一种数据资产管理装置,应用于***节点,其特征在于,包括:A data asset management device applied to a system node is characterized in that it includes:
    第一接收单元,用于***节点接收数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;A first receiving unit, configured to receive a data asset extraction request by a system node, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
    第一获取单元,用于从联盟链账本中获取与所述第一用户地址标识对应的第一身份映射信息,所述第一身份映射信息包括第一用户地址标识、第一公钥、和第一身份指纹;The first obtaining unit is configured to obtain first identity mapping information corresponding to the first user address identifier from the alliance chain ledger, where the first identity mapping information includes the first user address identifier, the first public key, and the first An identity fingerprint;
    第一获取单元,用于使用所述第一身份指纹和所述第一加密身份信息对第一用户进行身份验证;A first obtaining unit, configured to use the first identity fingerprint and the first encrypted identity information to authenticate a first user;
    第一加密单元,用于在所述验证单元验证通过后使用所述第一公钥加密***节点中与所述第一身份标识对应的数据信息,得到第一加密数据资产;A first encryption unit, configured to use the first public key to encrypt data information corresponding to the first identity in a system node after the verification unit passes the authentication to obtain a first encrypted data asset;
    第一添加单元,用于将所述第一加密数据资产添加到联盟链中第一用户的数据资产账户中。A first adding unit is configured to add the first encrypted data asset to a data asset account of a first user in the alliance chain.
  11. 根据权利要求10所述的数据资产管理装置,其特征在于,所述第一身份映射信息为联盟链中的验证节点使用第一单向加密算法对第一用户的第一身份标识加密生成所述第一身份指纹后,根据所述第一用户地址标识、所述第一公钥和所述第一身份指纹生成的映射关系信息。The data asset management device according to claim 10, wherein the first identity mapping information is generated by the verification node in the alliance chain using a first one-way encryption algorithm to encrypt the first identity of the first user. After the first identity fingerprint, the mapping relationship information generated according to the first user address identifier, the first public key, and the first identity fingerprint.
  12. 根据权利要求11所述的数据资产管理装置,其特征在于,所述验证单元包括:The data asset management device according to claim 11, wherein the verification unit comprises:
    第一解密单元,使用所述***节点的私钥解密所述第一加密身份信息,得到第一身份标识;A first decryption unit, using the private key of the system node to decrypt the first encrypted identity information to obtain a first identity identifier;
    第二加密单元,还用于使用所述第一单向加密算法加密所述第一身份标识 得到第二身份指纹;A second encryption unit, further configured to encrypt the first identity using the first one-way encryption algorithm to obtain a second identity fingerprint;
    第一判断单元,用于判断所述第一身份指纹是否与所述第二身份指纹相等,若相等,则验证通过。The first determining unit is configured to determine whether the first identity fingerprint is equal to the second identity fingerprint, and if they are equal, the verification is passed.
  13. 根据权利要求10所述的数据资产管理装置,其特征在于,所述第一添加单元,用于将所述第一加密数据资产添加到本地的所述第一用户的数据资产账户中;将所述第一加密数据资产在联盟链中进行全网广播,以便触发第一智能合约使联盟链中的其他节点将所述第一加密数据资产添加到所述以用户的数据资产账户中。The data asset management device according to claim 10, wherein the first adding unit is configured to add the first encrypted data asset to a data asset account of the first user locally; The first encrypted data asset is broadcast across the network in the alliance chain, so as to trigger the first smart contract to cause other nodes in the alliance chain to add the first encrypted data asset to the user's data asset account.
  14. 根据权利要求10-13任一项所述的数据资产管理装置,其特征在于,所述数据资产管理装置还包括:The data asset management device according to any one of claims 10-13, wherein the data asset management device further comprises:
    第一发送单元,用于发送数据资产使用请求,所述数据资产使用请求中包括数据资产清单、第二加密身份信息和所述***节点的地址标识;A first sending unit, configured to send a data asset use request, where the data asset use request includes a data asset list, second encrypted identity information, and an address identifier of the system node;
    所述第一接收单元,用于接收数据资产授权信息,所述授权信息为根据所述***节点的地址标识和所述第二加密身份信息对所述***节点的身份验证通过后,使用与所述***节点的地址标识对应的***公钥加密所述数据资产清单对应的数据资产生成的第二加密数据资产,根据所述第二加密数据资产和授权条件生成的信息;The first receiving unit is configured to receive data asset authorization information, where the authorization information is obtained after the identity verification of the system node is passed according to the address identifier of the system node and the second encrypted identity information. The second encrypted data asset generated by encrypting the data asset corresponding to the data asset list with the system public key corresponding to the address identifier of the system node, and information generated according to the second encrypted data asset and authorization conditions;
    第一提供单元,触发第二智能合约,按照所述授权条件向所述***节点提供所述第二加密数据资产信息,所述授权条件包括授权期限、授权次数、授权范围中的至少一项;A first providing unit that triggers a second smart contract and provides the second encrypted data asset information to the system node according to the authorization condition, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
    第一解密单元,用于使用所述***节点的私钥解密所述第二加密数据资产得到所述数据资产清单对应的数据资产。A first decryption unit is configured to decrypt the second encrypted data asset using the private key of the system node to obtain a data asset corresponding to the data asset list.
  15. 一种数据资产管理装置,应用于第一用户节点,其特征在于,包括:A data asset management device applied to a first user node is characterized in that it includes:
    第二发送单元,用于发送数据资产提取请求,所述数据资产提取请求中包括第一加密身份信息、第一用户地址标识;A second sending unit, configured to send a data asset extraction request, where the data asset extraction request includes first encrypted identity information and a first user address identifier;
    第二接收单元,用于接收第三加密数据资产,所述第三加密数据资产为根据所述第一用户地址标识和所述第一加密身份信息对所述第一用户节点的身份验证通过后,使用与所述第一用户地址标识对应的公钥加密所述***中所述第一用户的数据信息生成的加密数据资产;A second receiving unit is configured to receive a third encrypted data asset, where the third encrypted data asset is obtained after the identity verification of the first user node is passed according to the first user address identifier and the first encrypted identity information. Using the public key corresponding to the first user address identifier to encrypt the encrypted data asset generated by the first user's data information in the system;
    第二添加单元,用于将所述第三加密数据资产添加到联盟链中所述第一用户的数据资产账户中。A second adding unit is configured to add the third encrypted data asset to a data asset account of the first user in the alliance chain.
  16. 根据权利要求15所述的数据资产管理装置,其特征在于,所述第二接收单元,用于接收数据资产使用请求,所述数据资产使用请求中包括数据资产清单、第二加密身份信息和第三地址标识;The data asset management device according to claim 15, wherein the second receiving unit is configured to receive a data asset use request, and the data asset use request includes a data asset list, second encrypted identity information, and a first Three address identification
    所述数据资产管理装置还包括:The data asset management device further includes:
    第二获取单元,从联盟链账本中获取与所述第三地址标识对应的第三身份映射信息,所述第三身份映射信息包括第三地址标识、第三公钥和第三身份指纹;A second obtaining unit obtaining third identity mapping information corresponding to the third address identifier from the alliance chain ledger, where the third identity mapping information includes a third address identifier, a third public key, and a third identity fingerprint;
    第二验证单元,用于使用所述第三身份指纹和所述第二加密身份信息对所述请求方的身份验证通过后,使用所述第三公钥加密与所述数据资产清单对应的数据资产得到第三加密数据资产;A second verification unit, configured to use the third public key to encrypt data corresponding to the data asset list after the identity verification of the requester is passed using the third identity fingerprint and the second encrypted identity information The asset gets a third encrypted data asset;
    所述第二接收单元,用于接收输入设备输入的授权条件,所述授权条件包括授权期限、授权次数、授权范围中的至少一项;The second receiving unit is configured to receive an authorization condition input by an input device, where the authorization condition includes at least one of an authorization period, the number of authorizations, and an authorization range;
    第二生成单元,用于生成反馈信息,所述反馈信息中包括所述授权条件和所述第三加密数据资产,将所述反馈信息全网广播。A second generating unit is configured to generate feedback information, where the feedback information includes the authorization condition and the third encrypted data asset, and broadcast the feedback information throughout the network.
  17. 根据权利要求16所述的数据资产管理装置,其特征在于,所述第二验证单元包括:The data asset management device according to claim 16, wherein the second verification unit comprises:
    第二解密单元,用于使用第一用户节点的私钥解密所述第二加密身份信息得到第二身份标识;A second decryption unit, configured to decrypt the second encrypted identity information by using the private key of the first user node to obtain a second identity identifier;
    第三加密单元,用于使用第一单向加密算法加密所述第二身份标识得到第二身份指纹;A third encryption unit, configured to encrypt the second identity using a first one-way encryption algorithm to obtain a second identity fingerprint;
    比较单元,用于比较所述第二身份指纹和所述第三身份指纹,若两个身份指纹匹配,则对所述请求方的身份验证通过。The comparing unit is configured to compare the second identity fingerprint and the third identity fingerprint. If the two identity fingerprints match, the identity verification of the requester is passed.
  18. 根据权利要求17所述的数据资产管理装置,其特征在于,所述第三身份映射信息为联盟链中的验证节点使用第一单向加密算法对所述请求方的第三身份标识加密生成所述第三身份指纹后,根据所述第三地址标识、所述第三公钥和所述第三身份指纹生成的映射关系信息。The data asset management device according to claim 17, wherein the third identity mapping information is generated by a verification node in the alliance chain using a first one-way encryption algorithm to encrypt the third identity of the requester. After the third identity fingerprint is described, mapping relationship information generated according to the third address identifier, the third public key, and the third identity fingerprint.
  19. 一种数据资产管理装置,其特征在于,所述数据资产管理装置包括处理器、存储器和通信模块,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码来执行如权利要求1-5任一项所述的方法或权利要求6-9任一项所述的方法。A data asset management device is characterized in that the data asset management device includes a processor, a memory, and a communication module, wherein the memory is used to store program code, and the processor is used to call the program code to execute a program such as The method according to any one of claims 1-5 or the method according to any one of claims 6-9.
  20. 一种计算机可读存储介质,其特征在于,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如权利要求1-5任一项所述的方法或权利要求6-9任一项所述的方法。A computer-readable storage medium, characterized in that the computer storage medium stores a computer program, wherein the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processor to execute the program according to claim 1 The method according to any one of -5 or the method according to any one of claims 6-9.
PCT/CN2018/123516 2018-09-29 2018-12-25 Data asset management method, data asset management device and computer readable medium WO2020062667A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811153080.9A CN109492424B (en) 2018-09-29 2018-09-29 Data asset management method, data asset management device, and computer-readable medium
CN201811153080.9 2018-09-29

Publications (1)

Publication Number Publication Date
WO2020062667A1 true WO2020062667A1 (en) 2020-04-02

Family

ID=65689398

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/123516 WO2020062667A1 (en) 2018-09-29 2018-12-25 Data asset management method, data asset management device and computer readable medium

Country Status (2)

Country Link
CN (1) CN109492424B (en)
WO (1) WO2020062667A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112669141A (en) * 2020-12-31 2021-04-16 深圳市辰宝信息服务有限公司 Block chain intelligent contract mechanism-based warehouse receipt pledge method for bulk commodities
CN113779605A (en) * 2021-09-14 2021-12-10 码客工场工业科技(北京)有限公司 Industrial internet Handle identification system analysis authentication method based on alliance chain

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443077A (en) * 2019-08-09 2019-11-12 北京阿尔山区块链联盟科技有限公司 Processing method, device and the electronic equipment of digital asset
US11876890B2 (en) * 2019-12-10 2024-01-16 International Business Machines Corporation Anonymization of partners
CN111324666B (en) * 2020-02-14 2024-06-18 腾讯科技(深圳)有限公司 Data processing method and device based on block chain
CN113806788A (en) * 2020-06-11 2021-12-17 中国标准化研究院 Data asset management device and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150244690A1 (en) * 2012-11-09 2015-08-27 Ent Technologies, Inc. Generalized entity network translation (gent)
WO2016179334A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. Identity management service using a block chain
CN107066893A (en) * 2017-02-28 2017-08-18 腾讯科技(深圳)有限公司 The treating method and apparatus of accounts information in block chain
CN108492180A (en) * 2018-02-14 2018-09-04 阿里巴巴集团控股有限公司 Assets management method and device, electronic equipment
CN108537047A (en) * 2018-02-09 2018-09-14 北京京东尚科信息技术有限公司 The method and device of information is generated based on block chain

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10013573B2 (en) * 2015-12-16 2018-07-03 International Business Machines Corporation Personal ledger blockchain
CN106779716B (en) * 2016-11-21 2021-06-04 江苏通付盾区块链科技有限公司 Authentication method, device and system based on block chain account address
CN106686008B (en) * 2017-03-03 2019-01-11 腾讯科技(深圳)有限公司 Information storage means and device
CN107391944A (en) * 2017-07-27 2017-11-24 北京太云科技有限公司 A kind of electronic health record shared system based on block chain
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107862215B (en) * 2017-09-29 2020-10-16 创新先进技术有限公司 Data storage method, data query method and device
CN108055274B (en) * 2017-12-22 2020-09-11 广东工业大学 Encryption and sharing method and system based on alliance chain storage data
CN108429732B (en) * 2018-01-23 2021-01-08 平安普惠企业管理有限公司 Method and system for acquiring resources

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150244690A1 (en) * 2012-11-09 2015-08-27 Ent Technologies, Inc. Generalized entity network translation (gent)
WO2016179334A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. Identity management service using a block chain
CN107066893A (en) * 2017-02-28 2017-08-18 腾讯科技(深圳)有限公司 The treating method and apparatus of accounts information in block chain
CN108537047A (en) * 2018-02-09 2018-09-14 北京京东尚科信息技术有限公司 The method and device of information is generated based on block chain
CN108492180A (en) * 2018-02-14 2018-09-04 阿里巴巴集团控股有限公司 Assets management method and device, electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112669141A (en) * 2020-12-31 2021-04-16 深圳市辰宝信息服务有限公司 Block chain intelligent contract mechanism-based warehouse receipt pledge method for bulk commodities
CN113779605A (en) * 2021-09-14 2021-12-10 码客工场工业科技(北京)有限公司 Industrial internet Handle identification system analysis authentication method based on alliance chain

Also Published As

Publication number Publication date
CN109492424A (en) 2019-03-19
CN109492424B (en) 2023-05-26

Similar Documents

Publication Publication Date Title
JP7181539B2 (en) METHOD AND APPARATUS FOR MANAGING USER IDENTIFICATION AND AUTHENTICATION DATA
JP6941146B2 (en) Data security service
JP7121459B2 (en) Blockchain authentication via hard/soft token verification
US10554420B2 (en) Wireless connections to a wireless access point
WO2020062668A1 (en) Identity authentication method, identity authentication device, and computer readable medium
US10541806B2 (en) Authorizing account access via blinded identifiers
US10671733B2 (en) Policy enforcement via peer devices using a blockchain
WO2022262078A1 (en) Access control method based on zero-trust security, and device and storage medium
US8196186B2 (en) Security architecture for peer-to-peer storage system
WO2020062667A1 (en) Data asset management method, data asset management device and computer readable medium
WO2018099285A1 (en) Internet of things device burning verification method and apparatus, and identity authentication method and apparatus
CN109274652B (en) Identity information verification system, method and device and computer storage medium
US8819444B2 (en) Methods for single signon (SSO) using decentralized password and credential management
WO2021184755A1 (en) Application access method and apparatus, and electronic device and storage medium
JP2023502346A (en) Quantum secure networking
US20200412554A1 (en) Id as service based on blockchain
CN108234442B (en) Method, system and readable storage medium for acquiring contract
WO2016155281A1 (en) Application identifier management method and device
US9356924B1 (en) Systems, methods, and computer readable media for single sign-on (SSO) using optical codes
US10439809B2 (en) Method and apparatus for managing application identifier
US10063655B2 (en) Information processing method, trusted server, and cloud server
US10740478B2 (en) Performing an operation on a data storage
JP5485452B1 (en) Key management system, key management method, user terminal, key generation management device, and program
JP7079528B2 (en) Service provision system and service provision method
CN115242471A (en) Information transmission method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18935675

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 08/07/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18935675

Country of ref document: EP

Kind code of ref document: A1