CN111510421B - Data processing method and device, electronic equipment and computer readable storage medium - Google Patents
Data processing method and device, electronic equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN111510421B CN111510421B CN201910101352.9A CN201910101352A CN111510421B CN 111510421 B CN111510421 B CN 111510421B CN 201910101352 A CN201910101352 A CN 201910101352A CN 111510421 B CN111510421 B CN 111510421B
- Authority
- CN
- China
- Prior art keywords
- data
- identifier
- identification
- demander
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment can realize the directional transmission of the data and effectively prevent the data demander from reselling or illegally transmitting the data to a third party.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a data processing method, a data processing device, electronic equipment and a computer readable storage medium.
Background
The existing data circulation process is as follows: the data resource side inquires data according to the data inquiry request. And after the query is finished, the data is encrypted, then the encrypted data is returned to the data requiring party, and the data requiring party decrypts according to the key negotiated by the two parties to obtain the data. The data resource side of the data circulation method can only send the encrypted data to the data demand side, and the data demand side can store the encrypted data or illegally resale the encrypted data after decryption, so that data leakage is easily caused. Meanwhile, after data is leaked, the identity of the leaking party cannot be determined according to the data tracking.
Disclosure of Invention
In view of this, embodiments of the present invention provide a data processing method, an apparatus, an electronic device, and a computer-readable storage medium, which can improve data flow compliance and prevent information leakage.
In a first aspect, an embodiment of the present invention provides a data processing method, where the method includes:
receiving a data request, wherein the data request comprises a user identifier, a data demander identifier and a data demander public key;
responding to the data request for passing authentication, and inquiring and acquiring required data according to the user identification and the data identification;
responding to the acquired required data, and sending the user identification and the data demander identification;
receiving a first identifier generated by calculation according to the user identifier and the data demander identifier;
packaging the first identification and the inquired required data into a data packet, and carrying out encryption signature on the data packet to generate a data packet ciphertext and an electronic signature;
and sending the electronic signature, the data packet ciphertext and the data resource party public key.
Preferably, the generating a data packet ciphertext and an electronic signature by performing an encrypted signature on the data packet includes:
encrypting the data packet according to the public key of the data demander to generate a data packet ciphertext;
and signing the data packet ciphertext according to the data resource side private key to generate an electronic signature.
Preferably, the data request authentication includes:
and inquiring and comparing all the data demander identifications stored in advance according to the data demander identification.
In a second aspect, an embodiment of the present invention further provides a data processing method, where the method includes:
receiving a first information request, wherein the first information request comprises a user identifier and a data identifier;
sending a data request, wherein the data request comprises a user identifier, a data demander identifier and a data demander public key;
receiving a public key of a data resource party and a data packet ciphertext and an electronic signature which are obtained according to the data request;
and in response to the verification of the electronic signature passing, decrypting the data packet ciphertext.
Preferably, the electronic signature verification comprises:
and verifying the electronic signature according to the public key of the data resource party.
Preferably, the decrypting the data packet ciphertext comprises:
and decrypting the data packet ciphertext according to the private key of the data demand side.
Preferably, the data processing method further includes:
acquiring an authorization protocol;
and responding to the passing of the authorization protocol, and sending a data request.
In a third aspect, an embodiment of the present invention further provides a data processing apparatus, where the apparatus includes:
the data request receiving unit is used for receiving a data request, wherein the data request comprises a user identifier, a data demander identifier and a data demander public key;
the data query unit is used for responding to the data request authentication and obtaining the required data according to the user identification and the data identification;
the first sending unit is used for responding to the acquired required data and sending the user identification and the data demander identification;
the calculation unit is used for receiving a first identifier which is generated by calculation according to the user identifier and the data demander identifier;
the data packaging unit is used for packaging the first identifier and the inquired required data into a data packet and carrying out encryption signature on the data packet to generate a data packet ciphertext and an electronic signature;
and the second sending unit is used for sending the electronic signature, the data packet ciphertext and the data resource party public key.
In a fourth aspect, the present invention also provides an electronic device, including a memory and a processor, wherein the memory is configured to store one or more computer program instructions, and wherein the one or more computer program instructions are executed by the processor to implement the method according to the first aspect or the second aspect.
In a fifth aspect, the present invention also provides a computer-readable storage medium on which computer program instructions are stored, wherein the computer program instructions, when executed by a processor, implement the method according to the first aspect or the second aspect.
The data resource side of the embodiment of the invention can realize the directional sending of the data by receiving the data request, inquiring to obtain the required data according to the user identification and the data identification when the data request is authenticated, sending the user identification and the data demand side identification, receiving the first identification generated by calculation according to the user identification and the data demand side identification, packaging the first identification and the inquired required data into a data packet, carrying out encryption signature on the data packet and then sending the data packet to the data demand side, thereby effectively preventing the data demand side from reselling or illegally sending the data to a third party.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the following description of the embodiments of the present invention with reference to the accompanying drawings, in which:
FIG. 1 is a flow chart of a data processing method of a first embodiment of the present invention;
FIG. 2 is a flow chart of a data processing method of a second embodiment of the present invention;
FIG. 3 is a flow chart of a data processing method of a third embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a data processing apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic view of an electronic device according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details. Well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
Further, those of ordinary skill in the art will appreciate that the drawings provided herein are for illustrative purposes and are not necessarily drawn to scale.
Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including, but not limited to".
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.
Fig. 1 is a flowchart of a data processing method according to a first embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
and step S110, receiving a data request.
When the data demander needs to acquire data, the data demander sends a data request to the data resource demander. The data request comprises a user identifier, a data demander identifier and a data demander public key. The user identification is obtained by user input. In this embodiment, the user identifier may be a unique identifier for an identity card number, a mobile phone number, and the like of the user, so as to determine the identity of the user. The data identifier is used to identify the data needed for query acquisition.
In another alternative implementation, the data demander needs to authorize the user before sending the data request to the data resource. Specifically, the data demander may receive an authorization protocol sent by the user, and then perform authorization processing according to the authorization protocol, that is, the data demander performs audit processing on the content in the authorization protocol. The authorization protocol may include specific authorization time, user identifier, authorization data, data identifier, and the like. And after the authorization of the data demand party is passed, sending a data request to the data resource party.
And step S120, responding to the data request for passing authentication, and inquiring and acquiring the required data according to the user identification and the data identification.
And after receiving the data request, the data resource side authenticates the data demander to determine the request qualification of the data demander sending the data request. Specifically, the data resource side prestores identifiers of all data demand sides capable of calling data in the data resource side. When the data resource side receives the data request, the received data demand side identification is inquired and compared with all the data demand side identifications stored in the data resource side. And if the data demander identification received by the data resource side is matched with any one of the stored data demander identifications, the data request received by the data resource side passes the authentication. At this time, the data resource side inquires and acquires the required data according to the user identifier and the data identifier in the received data request. In this embodiment, the data stored in the data resource side includes a data identifier and a user identifier. The user identification is used to identify the identity of the data provider.
And S130, responding to the acquired required data, and sending the user identification and the data demander identification.
And when the data resource side acquires the required data according to the user identification and the data identification, the user identification and the data demand side identification are sent to the data processor. And the data processor calculates and generates a first identifier according to the received user identifier and the data demander identifier, wherein the first identifier is used for representing the identity of the data demander and the identity of the user. When the data is illegally resold or used by a data demand side, the identity of the leakage person can be searched and tracked according to the first identification. In this embodiment, when any one of the user identifier and the data demander identifier received by the data processor is different, the first identifier calculated and generated by the data processor is different.
Step S140, receiving a first identifier generated by calculation according to the user identifier and the data demander identifier.
And the data resource side receives a first identifier which is generated by the data processor according to the user identifier and the data demander identifier, wherein the first identifier is used for identifying the identity of the data demander and the identity of the data provider which currently request the data so as to be used for positioning the data subsequently.
And S150, packaging the first identifier and the inquired required data into a data packet, and carrying out encryption signature on the data packet to generate a data packet ciphertext and an electronic signature.
And after receiving the first identifier, the data resource side encapsulates the first identifier and the inquired required data into a data packet. And then encrypting the data packet according to the received public key of the data demand party to generate a data packet ciphertext so as to prevent a subsequent data resource party from directly acquiring data content after being intercepted by a third party when sending data to the data demand party. And after the data packet is encrypted, the data resource party signs the data packet ciphertext according to a data resource party private key to generate an electronic signature so as to prove that the data packet ciphertext is sent from the data resource party with authority. Meanwhile, when the data resource side sends the data packet ciphertext and the electronic signature to the designated data demand side, the data demand side can verify the electronic signature to determine whether the received data packet is acquired from the data resource side with authority.
And step S160, sending the electronic signature, the data packet ciphertext and the data resource party public key.
And the data resource party sends the data packet ciphertext, the electronic signature and the data resource party public key to the appointed data demand party according to the received data demand party identifier. And the data requiring party verifies the electronic signature according to the received public key of the data resource party to determine that the received data packet ciphertext is sent by the data resource party with authority.
And when the data demand party verifies that the data packet ciphertext is sent by an authoritative data resource party, the data demand party continuously decrypts the data packet ciphertext according to a private key of the data demand party so as to display the content of the data packet and a first identifier issued by the data resource party to the user. The first identification is different according to different data demanders used by users. When the data demand party forwards the data content returned by the data resource party to the third party, the third party cannot obtain the corresponding first identifier issued by the authoritative data resource party and the electronic signature of the data resource party, so that the third party cannot prove the validity and the authoritativeness of the data. Therefore, the data processing method of the embodiment can effectively prevent the data demand party from reselling the data or illegally sending the data to the third party. Meanwhile, the data packet contains the first identifier, and if the data demand party forwards the data packet to the third party, the user and the data resource party can trace back according to the first identifier, so that the revealing party is positioned, and effective evidence is provided for the right maintenance.
Fig. 2 is a flowchart of a data processing method according to a second embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
step S210, receiving a first information request.
The data demand side receives a first information request sent by a user. Wherein the first information request comprises a user identification and a data identification. In this embodiment, the user identifier is used to identify a provider identity of data, and the data identifier is used to identify the required data content.
In another optional implementation, the first information request further includes an authorization agreement of the user. And the data demander authorizes the user according to the received user authorization protocol, namely, the data demander audits the content in the authorization protocol. The authorization protocol may include specific authorization time, user information, authorization data, and the like. When the data requirement party passes the authorization, the following steps are carried out.
And step S220, sending a data request.
And after receiving the first information request or passing the authorization, the data demand side sends the data request to the data resource side. The data request comprises a user identifier, a data demander identifier and a data demander public key.
And after receiving the data request, the data resource side authenticates the data demand side to determine the request qualification of the data demand side sending the data request. Specifically, the data resource side prestores identifiers of all data demand sides capable of calling data in the data resource side. When the data resource side receives the data request, the received data demand side identification is inquired and compared with all the data demand side identifications stored in the data resource side. And if the data demander identification received by the data resource side is matched with any one of the stored data demander identifications, the data request received by the data resource side passes the authentication. At this time, the data resource side inquires and acquires the required data according to the user identifier and the data identifier in the received data request.
And when the data resource side acquires the required data according to the user identification and the data identification, the user identification and the data demand side identification are sent to the data processor. And the data processor calculates and generates a first identifier according to the received user identifier and the data demand party identifier and returns the first identifier to the data resource party.
And after receiving the first identifier, the data resource side encapsulates the first identifier and the inquired required data into a data packet. And then encrypting the data packet according to the received public key of the data demand party to generate a data packet ciphertext, and signing the data packet ciphertext according to the private key of the data resource party to generate an electronic signature. The first identification is used for representing the identity of the data demander and the identity of the user. When the data is illegally resold or used by a data demand side, the identity of the divulger can be inquired and tracked according to the first identification. In this embodiment, when any one of the user identifier and the data demander identifier received by the data processor is different, the first identifier calculated and generated by the data processor is different.
And step S230, receiving the public key of the data resource party, and obtaining a data packet ciphertext and an electronic signature according to the data request.
And the data resource party sends the data packet ciphertext, the electronic signature and the data resource party public key to the appointed data demand party according to the received data demand party identification.
And S240, responding to the verification of the electronic signature, and decrypting the data packet ciphertext.
And the data demand party verifies the electronic signature according to the received public key of the data resource party to determine that the received data packet ciphertext is sent by the data resource party with authority. And when the data demand party verifies that the data packet ciphertext is sent by an authoritative data resource party, the data demand party continuously decrypts the data packet ciphertext according to a private key of the data demand party so as to display the content of the data packet and a first identifier issued by the data resource party to the user. The first identification is different according to different data demanders used by users.
When the data demand party forwards the data packet returned by the data resource party to the third party, the third party cannot obtain the first identifier issued by the authority data resource party and the electronic signature of the data resource party, so that the third party cannot prove the validity and authority of the data. Therefore, the data processing method of the embodiment can effectively prevent the data demand party from reselling the data or illegally sending the data to the third party. Meanwhile, the data packet contains the first identifier, and if the data demand party forwards the data packet to the third party, the user and the data resource party can trace back according to the first identifier, so that the revealing party is positioned, and effective evidence is provided for the right maintenance.
Fig. 3 is a flowchart of a data processing method according to a third embodiment of the present invention. As shown in fig. 3, the method comprises the steps of:
step S1, the data demander receives the first information request.
The data demand side receives a first information request sent by a user. Wherein the first information request comprises a user identification and a data identification. In this embodiment, the user identifier is used to identify a provider identity of data, and the data identifier is used to identify the required data content.
In another optional implementation, the first information request further includes an authorization agreement of the user. And the data demander authorizes the user according to the received user authorization protocol, namely, the data demander audits the content in the authorization protocol. The authorization protocol may include specific authorization time, user information, authorization data, and the like. When the data requirement party passes the authorization, the following steps are carried out.
Step S2, the data requester sends a data request to the data resource.
And after receiving the first information request or passing the authorization, the data demand party sends the data request to the data resource party. The data request comprises a user identifier, a data demander identifier and a data demander public key.
And step S3, the data resource side inquires and acquires the required data according to the user identification and the data identification.
After receiving the data request, the data resource side authenticates the data request to determine the request qualification of the data demand side sending the data request. Specifically, the data resource side prestores identifiers of all data demand sides capable of calling data in the data resource side. When the data resource side receives the data request, the received data demand side identification is inquired and compared with all the data demand side identifications stored in the data resource side. And if the data requiring party identification received by the data resource party is matched with any one of the stored data requiring party identifications, the data request received by the data resource party passes the authentication. At this time, the data resource side inquires and acquires the required data according to the user identifier and the data identifier in the received data request.
And step S4, the data resource side sends the user identification and the data demand side identification to a data processor.
When the data resource side obtains the needed data according to the user identification and the data identification, the user identification and the data demand side identification are sent to the data processor, so that the data processor can calculate and generate a first identification according to the received user identification and the received data demand side identification, and the first identification is used for tracking the data subsequently.
And step S5, the data processor generates a first identifier according to the user identifier and the data demander identifier.
Step S6, the data resource side receives the first identifier.
And step S7, the data resource side encapsulates the first identifier and the inquired required data into a data packet.
And after receiving the first identifier, the data resource side encapsulates the first identifier and the inquired required data into a data packet. The first identification is used for representing the identity of the data demander and the identity of the user. When the data packet is illegally resold or used by a data demand party, the identity of the leakage person can be searched and tracked according to the first identifier. In this embodiment, when any one of the user identifier and the data demander identifier received by the data processor is different, the first identifier calculated and generated by the data processor is different.
And step S8, the data resource side encrypts and signs the data packet to generate a data packet ciphertext and an electronic signature.
And the data resource party encrypts the data packet according to the received public key of the data demand party to generate a data packet ciphertext, and signs the data packet ciphertext according to the private key of the data resource party to generate an electronic signature. The data packet ciphertext can prevent a subsequent data resource party from directly acquiring data contents after being intercepted by a third party when sending data to a data demand party. The electronic signature may prove that the data packet ciphertext was sent from an authoritative data resource.
And step S9, the data resource side sends the data packet ciphertext, the electronic signature and the data resource side public key to the data demand side.
And step S10, the data demand side verifies the electronic signature.
And the data demand party verifies the electronic signature according to the received public key of the data resource party to determine that the received data packet ciphertext is sent by the data resource party with authority.
And step S11, responding to the passing of the verification of the electronic signature, and decrypting the data packet ciphertext by the data demand party.
And when the data demand party verifies that the data packet ciphertext is sent by an authoritative data resource party, the data demand party continuously decrypts the data packet ciphertext according to a private key of the data demand party so as to display the content of the data packet and a first identifier issued by the data resource party to a user. The first identification is different according to different data demanders used by users.
The data resource side of the embodiment of the invention can realize the directional transmission of data, improve the compliance of data circulation and prevent data leakage by receiving the data request, inquiring to obtain the required data according to the user identification and the data identification when the data request is authenticated, sending the user identification and the data demand side identification, receiving the first identification generated by calculation according to the user identification and the data demand side identification, packaging the first identification and the inquired required data into a data packet, carrying out encryption signature on the data packet and then sending the data packet to the data demand side.
Fig. 4 is a schematic structural diagram of a data processing apparatus according to a fourth embodiment of the present invention. As shown in fig. 4, the data processing apparatus 4 includes a data request receiving unit 41, a query data unit 42, a first transmitting unit 43, a calculating unit 44, a data encapsulating unit 45, and a second transmitting unit 46. The data request receiving unit 41 is configured to receive a data request, where the data request includes a user identifier, a data demander identifier, and a data demander public key. The query data unit 42 is configured to query for the required data according to the user identifier and the data identifier in response to the data request passing the authentication. The first sending unit 43 is configured to send the user identifier and the data demander identifier in response to acquiring the required data. The calculating unit 44 is configured to receive a first identifier generated by calculation according to the user identifier and the data demander identifier. The data encapsulation unit 45 is configured to encapsulate the first identifier and the queried required data into a data packet, and encrypt and sign the data packet to generate a data packet ciphertext and an electronic signature. The second sending unit 46 is configured to send the electronic signature, the data packet ciphertext, and the data resource side public key.
Fig. 5 is a schematic view of an electronic device according to a fifth embodiment of the present invention. The electronic device shown in fig. 5 is a general-purpose data processing apparatus comprising a general-purpose computer hardware structure including at least a processor 51 and a memory 52. The processor 51 and the memory 52 are connected by a bus 53. The memory 52 is adapted to store instructions or programs executable by the processor 51. The processor 51 may be a stand-alone microprocessor or a collection of one or more microprocessors. Thus, the processor 51 implements the processing of data and the control of other devices by executing instructions stored by the memory 52 to perform the method flows of embodiments of the present invention as described above. The bus 53 connects the above-described components together, and also connects the above-described components to a display controller 54 and a display device and an input/output (I/O) device 55. Input/output (I/O) devices 55 may be a mouse, keyboard, modem, network interface, touch input device, motion sensing input device, printer, and other devices known in the art. Typically, the input/output device 55 is connected to the system through an input/output (I/O) controller 56. Preferably, the electronic device of the present embodiment is a server.
Also, as will be appreciated by one skilled in the art, aspects of embodiments of the present invention may be embodied as a system, method or computer program product. Accordingly, various aspects of embodiments of the invention may take the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," module "or" system. Further, aspects of the invention may take the form of: the computer program product is embodied in one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer-readable media may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to: electromagnetic, optical, or any suitable combination thereof. The computer readable signal medium may be any of the following computer readable media: is not a computer readable storage medium and may communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including: object oriented programming languages such as Java, Smalltalk, C + +, and the like; and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package; executing in part on a user computer and in part on a remote computer; or entirely on a remote computer or server. In the latter scenario, the remote computer may be linked to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention described above illustrate aspects of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made to the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A method of data processing, the method comprising:
receiving a data request, wherein the data request comprises a user identifier, a data demander identifier and a data demander public key, and the user identifier is used for identifying the provider identity of data;
responding to the data request authentication, inquiring and acquiring the required data according to the user identification and the data identification, wherein the data request authentication is realized by inquiring and comparing all data demander identifications which are stored in advance according to the data demander identification;
responding to the acquired required data, and sending the user identification and the data demander identification;
receiving a first identifier generated by calculation according to the user identifier and the data demander identifier;
packaging the first identification and the inquired required data into a data packet, and carrying out encryption signature on the data packet to generate a data packet ciphertext and an electronic signature;
and sending the electronic signature, the data packet ciphertext and the data resource party public key.
2. The data processing method of claim 1, wherein the cryptographically signing the data packet to generate a data packet ciphertext and an electronic signature comprises:
encrypting the data packet according to the public key of the data demander to generate a data packet ciphertext;
and signing the data packet ciphertext according to the data resource side private key to generate an electronic signature.
3. A method of data processing, the method comprising:
receiving a first information request comprising a user identification for identifying a provider identity of data, a data identification, and a user authorization protocol;
authorizing the user according to the user authorization protocol;
responding to the authorization protocol, and sending a data request, wherein the data request comprises a user identifier, a data demander identifier and a data demander public key;
receiving a public key of a data resource party, and a data packet ciphertext and an electronic signature which are obtained according to the data request, wherein the data packet ciphertext is formed by encrypting a data packet which is formed by packaging a first identifier and required data according to the public key of a data demand party, and the first identifier is generated by calculation according to the user identifier and the identifier of the data demand party;
and in response to the verification of the electronic signature passing, decrypting the data packet ciphertext.
4. The data processing method of claim 3, wherein the electronic signature verification comprises:
and verifying the electronic signature according to the public key of the data resource party.
5. The data processing method of claim 3, wherein the decrypting the packet ciphertext comprises:
and decrypting the data packet ciphertext according to the private key of the data demand party.
6. A data processing apparatus, the apparatus comprising:
the data request receiving unit is used for receiving a data request, wherein the data request comprises a user identifier, a data demander identifier and a data demander public key, and the user identifier is used for identifying the identity of a data provider;
the query data unit is used for responding to the data request authentication and obtaining the required data according to the user identification and the data identification query, wherein the data request authentication is realized by comparing all the data demand party identifications which are preset to be stored according to the data demand party identification query;
the first sending unit is used for responding to the acquired required data and sending the user identification and the data demander identification;
the calculation unit is used for receiving a first identifier which is generated by calculation according to the user identifier and the data demander identifier;
the data packaging unit is used for packaging the first identifier and the inquired required data into a data packet and carrying out encryption signature on the data packet to generate a data packet ciphertext and an electronic signature;
and the second sending unit is used for sending the electronic signature, the data packet ciphertext and the data resource party public key.
7. An electronic device comprising a memory and a processor, wherein the memory is configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method of any of claims 1-5.
8. A computer-readable storage medium on which computer program instructions are stored, which computer program instructions, when executed by a processor, implement the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910101352.9A CN111510421B (en) | 2019-01-31 | 2019-01-31 | Data processing method and device, electronic equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910101352.9A CN111510421B (en) | 2019-01-31 | 2019-01-31 | Data processing method and device, electronic equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111510421A CN111510421A (en) | 2020-08-07 |
| CN111510421B true CN111510421B (en) | 2022-09-16 |
Family
ID=71877385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910101352.9A Active CN111510421B (en) | 2019-01-31 | 2019-01-31 | Data processing method and device, electronic equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111510421B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112100689B (en) * | 2020-11-19 | 2021-07-27 | 支付宝(杭州)信息技术有限公司 | Trusted data processing method, device and equipment |
| CN113407969B (en) * | 2021-07-01 | 2023-04-21 | 北京深演智能科技股份有限公司 | Secure data processing method, secure data processing device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104598782A (en) * | 2014-12-04 | 2015-05-06 | 广东欧珀移动通信有限公司 | Data packaging and analysis method and device |
| CN105933734A (en) * | 2016-05-20 | 2016-09-07 | 腾讯科技(深圳)有限公司 | Audio-video file acquisition method and audio-video file acquisition device |
| CN106228083A (en) * | 2016-07-18 | 2016-12-14 | 刘日初 | A kind of document handling method, device, server and terminal |
| CN106803042A (en) * | 2015-11-25 | 2017-06-06 | 中国电信股份有限公司 | Data processing method, device and system that identity-based is identified |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8717593B2 (en) * | 2012-02-27 | 2014-05-06 | Ricoh Company, Ltd. | Maintaining security of scanned documents |
| CN103235908A (en) * | 2013-02-22 | 2013-08-07 | 北京密安网络技术股份有限公司 | Digital safety protection algorithm |
| GB2514716A (en) * | 2013-10-25 | 2014-12-03 | Univ Stellenbosch | System and method for monitoring third party access to a restricted item |
| CN108063742B (en) * | 2016-11-07 | 2021-06-29 | 北京京东尚科信息技术有限公司 | Sensitive information providing and tracking method and device |
| CN107154939B (en) * | 2017-05-10 | 2020-12-01 | 深信服科技股份有限公司 | Method and system for tracking data |
| CN108108632A (en) * | 2017-11-30 | 2018-06-01 | 中车青岛四方机车车辆股份有限公司 | A kind of multifactor file watermark generation extracting method and system |
| CN109120636A (en) * | 2018-09-07 | 2019-01-01 | 众安信息技术服务有限公司 | The method and server device that content access request is authorized |
-
2019
- 2019-01-31 CN CN201910101352.9A patent/CN111510421B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104598782A (en) * | 2014-12-04 | 2015-05-06 | 广东欧珀移动通信有限公司 | Data packaging and analysis method and device |
| CN106803042A (en) * | 2015-11-25 | 2017-06-06 | 中国电信股份有限公司 | Data processing method, device and system that identity-based is identified |
| CN105933734A (en) * | 2016-05-20 | 2016-09-07 | 腾讯科技(深圳)有限公司 | Audio-video file acquisition method and audio-video file acquisition device |
| CN106228083A (en) * | 2016-07-18 | 2016-12-14 | 刘日初 | A kind of document handling method, device, server and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111510421A (en) | 2020-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110086608B (en) | User authentication method, device, computer equipment and computer readable storage medium | |
| CN112202772B (en) | Authorization management method, device, electronic equipment and medium | |
| CN110061846B (en) | Method, device and computer readable storage medium for identity authentication and confirmation of user node in block chain | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| JP2005102163A (en) | Equipment authentication system, server, method and program, terminal and storage medium | |
| CN105577612B (en) | Identity authentication method, third-party server, merchant server and user terminal | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| KR20190028787A (en) | A method and device for providing and obtaining graphics code information, | |
| CN110830471B (en) | OTP (one time password) verification method, server, client and computer-readable storage medium | |
| CN110381075B (en) | Block chain-based equipment identity authentication method and device | |
| US10439809B2 (en) | Method and apparatus for managing application identifier | |
| CN108449322B (en) | Identity registration and authentication method, system and related equipment | |
| CN106850207A (en) | CA-free identity authentication method and system | |
| CN112446050B (en) | Business data processing method and device applied to block chain system | |
| CN111510421B (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN106411501A (en) | Method and system for generating permission token and equipment | |
| CN106789963B (en) | Asymmetric white-box password encryption method, device and equipment | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| WO2018076291A1 (en) | Method and system for generating permission token, and device | |
| CN111080856A (en) | Bluetooth entrance guard unlocking method | |
| CN114944921A (en) | Login authentication method and device, electronic equipment and storage medium | |
| CN114554485B (en) | Asynchronous session key negotiation and application method, system, electronic equipment and medium | |
| CN116709312A (en) | Safety protection method and device and electronic equipment | |
| CN106911625B (en) | Text processing method, device and system for safe input method | |
| CN116033415A (en) | Reference station data transmission method and device, reference station, server and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |