CN112100689B - Trusted data processing method, device and equipment - Google Patents
Trusted data processing method, device and equipment Download PDFInfo
- Publication number
- CN112100689B CN112100689B CN202011303197.8A CN202011303197A CN112100689B CN 112100689 B CN112100689 B CN 112100689B CN 202011303197 A CN202011303197 A CN 202011303197A CN 112100689 B CN112100689 B CN 112100689B
- Authority
- CN
- China
- Prior art keywords
- data
- trusted
- target
- encrypted
- provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 11
- 238000012545 processing Methods 0.000 claims abstract description 140
- 238000000034 method Methods 0.000 claims description 86
- 230000008569 process Effects 0.000 claims description 27
- 238000012795 verification Methods 0.000 claims description 24
- 238000013475 authorization Methods 0.000 claims description 10
- 230000000875 corresponding effect Effects 0.000 description 19
- 238000010586 diagram Methods 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 12
- 238000004590 computer program Methods 0.000 description 9
- 230000006872 improvement Effects 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 230000009286 beneficial effect Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000013480 data collection Methods 0.000 description 5
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000002085 persistent effect Effects 0.000 description 2
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 1
- 239000006227 byproduct Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 229910052710 silicon Inorganic materials 0.000 description 1
- 239000010703 silicon Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
本说明书实施例公开了一种可信数据处理方法、装置及设备。该方案可以包括:利用可信数据处理应用根据数据需求信息,从数据提供方作为用户的目标客户端处采集目标数据,并利用可信数据处理应用针对加密后的目标数据生成可信标识,以得到携带所述可信标识的可信加密数据。
The embodiments of this specification disclose a trusted data processing method, apparatus, and device. The solution may include: using a trusted data processing application to collect target data from a target client where the data provider is a user according to data demand information, and using a trusted data processing application to generate a trusted identifier for the encrypted target data, so as to The trusted encrypted data carrying the trusted identifier is obtained.
Description
技术领域technical field
本申请涉及互联网技术领域,尤其涉及一种可信数据处理方法、装置及设备。The present application relates to the field of Internet technologies, and in particular, to a trusted data processing method, apparatus, and device.
背景技术Background technique
数据提供方通常需要保证自身向数据需求方提供的数据的可信性,而数据需求方也存在对从数据提供方处获取到的数据的可信性进行验证的需求。目前,数据提供方通常需要向权威机构出示其个人身份证明信息,以便于权威机构根据该个人身份证明信息对该数据提供方身份验证通过后,向该数据提供方反馈其所需使用的加盖了该权威机构公章的数据。数据提供方则可以将该加盖了权威机构公章的数据作为可信数据发送至数据需求方。而数据需求方也可以携带其接收到的加盖了权威机构公章的数据去至该权威机构处,以验证该数据需求方接收到的数据的可信性。The data provider usually needs to ensure the credibility of the data it provides to the data demander, and the data demander also needs to verify the credibility of the data obtained from the data provider. At present, data providers usually need to show their personal identification information to the authority, so that after the authority has passed the identity verification of the data provider based on the personal identification information, the authority can feed back to the data provider the stamping that it needs to use. data on the official seal of the authority. The data provider can send the data stamped with the official seal of the authority to the data demander as trusted data. The data demander can also carry the received data stamped with the official seal of the authority to the authority to verify the credibility of the data received by the data demander.
基于此,如何提供一种使用更加便捷的可信数据的处理方法成为了亟需解决的问题。Based on this, how to provide a more convenient processing method for trusted data has become an urgent problem to be solved.
发明内容SUMMARY OF THE INVENTION
本说明书实施例提供了一种可信数据处理方法、装置及设备,以提升用户获取及验证可信数据时的操作便捷性。The embodiments of this specification provide a trusted data processing method, apparatus and device, so as to improve the operational convenience when a user acquires and verifies trusted data.
为解决上述技术问题,本说明书实施例是这样实现的:In order to solve the above-mentioned technical problems, the embodiments of this specification are implemented as follows:
本说明书实施例提供的一种可信数据处理方法,应用于可信数据处理应用,包括:A trusted data processing method provided by the embodiments of this specification, applied to trusted data processing applications, includes:
获取数据需求信息;所述数据需求信息用于请求获取数据提供方的目标数据;Obtaining data requirement information; the data requirement information is used to request to obtain the target data of the data provider;
根据所述数据需求信息,获取所述目标数据;所述目标数据是所述可信数据处理应用从所述数据提供方作为用户的目标客户端处采集的数据;Acquire the target data according to the data requirement information; the target data is the data collected by the trusted data processing application from the target client where the data provider is the user;
对所述目标数据进行加密处理,得到加密目标数据;Encrypting the target data to obtain encrypted target data;
针对所述加密目标数据生成可信标识,得到可信加密数据,所述可信加密数据为携带所述可信标识的所述加密目标数据。A trusted identifier is generated for the encrypted target data to obtain trusted encrypted data, where the trusted encrypted data is the encrypted target data carrying the trusted identifier.
本说明书实施例提供的一种可信数据获取方法,包括:A method for obtaining trusted data provided by the embodiments of this specification includes:
获取数据需求方的操作信息;Obtain the operation information of the data demander;
根据所述操作信息,生成目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据;generating a target data acquisition request according to the operation information, where the target data acquisition request is used for requesting acquisition of the target data of the data provider;
发送所述目标数据获取请求;sending the target data acquisition request;
接收所述数据提供方反馈的可信加密数据;所述可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据;所述加密目标数据是所述可信数据处理应用对从所述数据提供方作为用户的目标客户端处采集的所述目标数据进行加密处理而得到的密文数据。Receive trusted encrypted data fed back by the data provider; the trusted encrypted data is encrypted target data with a trusted identifier generated by a trusted data processing application of the data provider; the encrypted target data is the The ciphertext data obtained by encrypting the target data collected from the target client of which the data provider is the user by the trusted data processing application.
本说明书实施例提供的一种可信数据处理装置,应用于可信数据处理应用,包括:A trusted data processing device provided by the embodiments of this specification, applied to trusted data processing applications, includes:
第一获取模块,用于获取数据需求信息;所述数据需求信息用于请求获取数据提供方的目标数据;a first acquisition module, used for acquiring data requirement information; the data requirement information is used for requesting acquisition of target data of the data provider;
第二获取模块,用于根据所述数据需求信息,获取所述目标数据;所述目标数据是所述可信数据处理应用从所述数据提供方作为用户的目标客户端处采集的数据;a second obtaining module, configured to obtain the target data according to the data requirement information; the target data is the data collected by the trusted data processing application from the target client where the data provider is the user;
加密模块,用于对所述目标数据进行加密处理,得到加密目标数据;an encryption module for performing encryption processing on the target data to obtain encrypted target data;
可信加密数据生成模块,用于针对所述加密目标数据生成可信标识,得到可信加密数据,所述可信加密数据为携带所述可信标识的所述加密目标数据。A trusted encrypted data generation module, configured to generate a trusted identifier for the encrypted target data to obtain trusted encrypted data, where the trusted encrypted data is the encrypted target data carrying the trusted identifier.
本说明书实施例提供的一种可信数据获取装置,包括:A device for obtaining trusted data provided by the embodiments of this specification includes:
获取模块,用于获取数据需求方的操作信息;The acquisition module is used to acquire the operation information of the data demander;
获取请求生成模块,用于根据所述操作信息,生成目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据;an acquisition request generation module, configured to generate a target data acquisition request according to the operation information, and the target data acquisition request is used to request to acquire the target data of the data provider;
发送模块,用于发送所述目标数据获取请求;a sending module, configured to send the target data acquisition request;
接收模块,用于接收所述数据提供方反馈的可信加密数据;所述可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据;所述加密目标数据是所述可信数据处理应用对从所述数据提供方作为用户的目标客户端处采集的所述目标数据进行加密处理而得到的密文数据。a receiving module, configured to receive trusted encrypted data fed back by the data provider; the trusted encrypted data is encrypted target data carrying a trusted identifier generated by a trusted data processing application of the data provider; the encrypted data The target data is ciphertext data obtained by the trusted data processing application performing encryption processing on the target data collected from the target client where the data provider is the user.
本说明书实施例提供的一种可信数据处理设备,包括:A trusted data processing device provided by an embodiment of this specification includes:
至少一个处理器;以及,at least one processor; and,
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令为可信数据处理应用处的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够:The memory stores instructions executable by the at least one processor, the instructions being instructions at a trusted data processing application, the instructions being executed by the at least one processor to cause the at least one processor were able:
获取数据需求信息;所述数据需求信息用于请求获取数据提供方的目标数据;Obtaining data requirement information; the data requirement information is used to request to obtain the target data of the data provider;
根据所述数据需求信息,获取所述目标数据;所述目标数据是所述可信数据处理应用从所述数据提供方作为用户的目标客户端处采集的数据;Acquire the target data according to the data requirement information; the target data is the data collected by the trusted data processing application from the target client where the data provider is the user;
对所述目标数据进行加密处理,得到加密目标数据;Encrypting the target data to obtain encrypted target data;
针对所述加密目标数据生成可信标识,得到可信加密数据,所述可信加密数据为携带所述可信标识的所述加密目标数据。A trusted identifier is generated for the encrypted target data to obtain trusted encrypted data, where the trusted encrypted data is the encrypted target data carrying the trusted identifier.
本说明书实施例提供的一种可信数据获取设备,包括:A trusted data acquisition device provided by the embodiments of this specification includes:
至少一个处理器;以及,at least one processor; and,
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein,
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够:The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to:
获取数据需求方的操作信息;Obtain the operation information of the data demander;
根据所述操作信息,生成目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据;generating a target data acquisition request according to the operation information, where the target data acquisition request is used for requesting acquisition of the target data of the data provider;
发送所述目标数据获取请求;sending the target data acquisition request;
接收所述数据提供方反馈的可信加密数据;所述可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据;所述加密目标数据是所述可信数据处理应用对从所述数据提供方作为用户的目标客户端处采集的所述目标数据进行加密处理而得到的密文数据。Receive trusted encrypted data fed back by the data provider; the trusted encrypted data is encrypted target data with a trusted identifier generated by a trusted data processing application of the data provider; the encrypted target data is the The ciphertext data obtained by encrypting the target data collected from the target client of which the data provider is the user by the trusted data processing application.
本说明书中提供的至少一个实施例能够实现以下有益效果:At least one embodiment provided in this specification can achieve the following beneficial effects:
可信数据处理应用可以根据数据需求信息,从数据提供方作为用户的目标客户端处采集目标数据,以可以保证采集到的目标数据的可信性。可信数据处理应用还可以针对加密后的目标数据生成可信标识,以得到可信的携带所述可信标识的可信加密数据。该方案,令数据提供方可以通过可信数据处理应用便捷地生成可信度高的可信加密数据,以简化数据提供方获取可信加密数据的过程。且由于生成的可信加密数据为密文数据,从而可以避免可信加密数据使用过程中造成的用户原始数据的泄露,有利于提升数据提供方的数据的安全性及隐私性。The trusted data processing application can collect target data from the target client where the data provider is the user according to the data requirement information, so as to ensure the reliability of the collected target data. The trusted data processing application may also generate a trusted identifier for the encrypted target data, so as to obtain trusted encrypted data carrying the trusted identifier. This solution enables the data provider to conveniently generate trusted encrypted data with high reliability through the trusted data processing application, so as to simplify the process for the data provider to obtain the trusted encrypted data. In addition, since the generated trusted encrypted data is ciphertext data, the leakage of the user's original data caused by the use of the trusted encrypted data can be avoided, which is beneficial to improve the data security and privacy of the data provider.
附图说明Description of drawings
为了更清楚地说明本说明书实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present specification or the prior art, the following briefly introduces the accompanying drawings required in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments described in this application. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1为本说明书实施例提供的一种可信数据处理方法的流程示意图;1 is a schematic flowchart of a trusted data processing method provided by an embodiment of the present specification;
图2为本说明书实施例提供的一种可信数据获取方法的流程示意图;2 is a schematic flowchart of a method for obtaining trusted data according to an embodiment of the present specification;
图3为本说明书实施例提供的对应于图1的一种可信数据处理装置的结构示意图;FIG. 3 is a schematic structural diagram of a trusted data processing apparatus corresponding to FIG. 1 provided by an embodiment of the present specification;
图4为本说明书实施例提供的对应于图2的一种可信数据获取装置的结构示意图;FIG. 4 is a schematic structural diagram of an apparatus for obtaining trusted data corresponding to FIG. 2 according to an embodiment of the present specification;
图5为本说明书实施例提供的对应于图1的一种可信数据处理设备的结构示意图;FIG. 5 is a schematic structural diagram of a trusted data processing device corresponding to FIG. 1 provided by an embodiment of the present specification;
图6为本说明书实施例提供的对应于图2的一种可信数据获取设备的结构示意图。FIG. 6 is a schematic structural diagram of a trusted data acquisition device corresponding to FIG. 2 according to an embodiment of the present specification.
具体实施方式Detailed ways
为使本说明书一个或多个实施例的目的、技术方案和优点更加清楚,下面将结合本说明书具体实施例及相应的附图对本说明书一个或多个实施例的技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本说明书的一部分实施例,而不是全部的实施例。基于本说明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本说明书一个或多个实施例保护的范围。In order to make the objectives, technical solutions and advantages of one or more embodiments of this specification clearer, the technical solutions of one or more embodiments of this specification will be clearly and completely described below with reference to the specific embodiments of this specification and the corresponding drawings. . Obviously, the described embodiments are only some of the embodiments of the present specification, but not all of the embodiments. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments in the present specification without creative efforts fall within the protection scope of one or more embodiments of the present specification.
以下结合附图,详细说明本说明书各实施例提供的技术方案。The technical solutions provided by the embodiments of the present specification will be described in detail below with reference to the accompanying drawings.
现有技术中,数据提供方通常需要向数据需求方提供该数据需求方所需的数据,并自证其出示的数据的可信性,以及令数据需求方可以验证该数据提供方所提供的数据的可信性。因此,数据提供方通常会去获取加盖有权威机构公章的数据,并将该加盖有权威机构公章的数据作为可信数据反馈至数据需求方。而数据需求方则需要将获取到的加盖有权威机构公章的数据反馈至权威机构处进行可信性验证。可见,这种可信数据处理方法的使用便捷性较差。In the prior art, the data provider usually needs to provide the data demander with the data required by the data demander, and verify the credibility of the data provided by the data demander, and enable the data demander to verify the data provided by the data provider. reliability of the data. Therefore, the data provider usually obtains the data affixed with the official seal of the authoritative organization, and feeds the data affixed with the official seal of the authoritative organization to the data demander as trusted data. The data demander needs to feed back the obtained data with the official seal of the authority to the authority for credibility verification. It can be seen that this trusted data processing method is less convenient to use.
为了解决现有技术中的缺陷,本方案给出了以下实施例:In order to solve the defects in the prior art, this scheme provides the following examples:
图1为本说明书实施例提供的一种可信数据处理方法的流程示意图。从程序角度而言,该流程的执行主体可以为数据提供方的可信数据处理应用,或者搭载有该可信数据处理应用的设备。FIG. 1 is a schematic flowchart of a trusted data processing method according to an embodiment of the present specification. From a program perspective, the execution subject of the process may be a trusted data processing application of the data provider, or a device equipped with the trusted data processing application.
如图1所示,该流程可以包括以下步骤:As shown in Figure 1, the process can include the following steps:
步骤102:获取数据需求信息;所述数据需求信息用于请求获取数据提供方的目标数据。Step 102: Acquire data requirement information; the data requirement information is used for requesting acquisition of target data of the data provider.
在本说明书实施例中,数据提供方的可信数据处理应用可以获取到针对该数据提供方的目标数据的数据需求信息。在实际应用中,该数据需求信息可以是根据数据需求方的数据获取需求而生成的,也可以是根据数据提供方的数据采集需求而生成的,或者,还可以是可信数据处理应用根据预设数据采集规则而自行生成的,对此不作具体限定。In the embodiment of this specification, the trusted data processing application of the data provider can obtain the data requirement information for the target data of the data provider. In practical applications, the data demand information may be generated according to the data acquisition demand of the data demander, may also be generated according to the data acquisition demand of the data provider, or may be generated by a trusted data processing application according to a predetermined It is self-generated by setting data collection rules, and there is no specific limitation on this.
步骤104:根据所述数据需求信息,获取所述目标数据;所述目标数据是所述可信数据处理应用从所述数据提供方作为用户的目标客户端处采集的数据。Step 104: Acquire the target data according to the data requirement information; the target data is the data collected by the trusted data processing application from the target client of which the data provider is the user.
在本说明书实施例中,数据提供方的设备上通常搭载有可信数据处理应用及目标客户端,由于数据需求信息可以指示出目标数据的信息源为目标客户端,从而令可信数据处理应用可以根据数据需求信息,从数据提供方所使用的目标客户端处获取该目标数据。In the embodiment of this specification, the device of the data provider is usually equipped with a trusted data processing application and a target client. Since the data requirement information can indicate that the information source of the target data is the target client, the trusted data processing application is The target data can be obtained from the target client used by the data provider according to the data requirement information.
具体的,步骤104:所述根据所述数据需求信息,获取所述目标数据,可以包括:所述可信数据处理应用根据所述数据需求信息,从所述数据提供方使用目标客户端的过程中产生的数据中,采集所述目标数据。Specifically, step 104: the acquiring the target data according to the data requirement information may include: the trusted data processing application, according to the data requirement information, from the data provider in the process of using the target client In the generated data, the target data is collected.
在本说明书实施例中,数据提供方使用目标客户端的过程中产生的数据可以包括:数据提供方在目标客户端的应用界面所输入的数据,目标客户端的应用界面所展示的数据,以及数据提供方从目标客户端处下载到本地的数据等,对此不作具体限定。In the embodiment of this specification, the data generated in the process of using the target client by the data provider may include: data input by the data provider on the application interface of the target client, data displayed on the application interface of the target client, and data provided by the data provider The data downloaded from the target client to the local, etc., are not specifically limited.
步骤106:对所述目标数据进行加密处理,得到加密目标数据。Step 106: Encrypt the target data to obtain encrypted target data.
在本说明书实施例中,可以采用现有的加密处理方式对可信数据处理应用采集到的目标数据进行加密处理,以得到加密目标数据,对此不作赘述。In the embodiment of the present specification, the existing encryption processing method may be used to perform encryption processing on the target data collected by the trusted data processing application, so as to obtain the encrypted target data, which will not be repeated.
步骤108:针对所述加密目标数据生成可信标识,得到可信加密数据,所述可信加密数据为携带所述可信标识的所述加密目标数据。Step 108: Generate a trusted identifier for the encrypted target data to obtain trusted encrypted data, where the trusted encrypted data is the encrypted target data carrying the trusted identifier.
在本说明书实施例中,可信数据处理应用还可以针对加密目标数据生成可信标识,以得到携带所述可信标识的所述加密目标数据。其中,所述可信标识可以携带有该加密目标数据的数据源信息以及采集时间信息,所述可信标识还可以表示该加密目标数据为可信数据,即所述可信标识还可以表示该加密目标数据真实完整、未被篡改。从而令数据需求方在接收到携带所述可信标识的所述加密目标数据后,可以知悉该加密目标数据是于x年x日x时从目标客户端处采集的可信数据。In the embodiment of this specification, the trusted data processing application may also generate a trusted identifier for the encrypted target data, so as to obtain the encrypted target data carrying the trusted identifier. The trusted identifier may carry data source information and collection time information of the encrypted target data, and the trusted identifier may also indicate that the encrypted target data is trusted data, that is, the trusted identifier may also indicate that the encrypted target data is trusted data. The encrypted target data is true and complete and has not been tampered with. Therefore, after receiving the encrypted target data carrying the trusted identifier, the data demander can know that the encrypted target data is the trusted data collected from the target client at x, x, x, x, year.
在图1所述的方法中,可信数据处理应用可以基于数据提供方正常使用目标客户端而执行的操作,去自动生成可信度高的可信加密数据,无需数据提供方额外执行可信数据采集操作,可以简化数据提供方获取可信数据的操作过程,有利于提升可信数据采集方案的使用便捷性。且由于可信数据处理应用生成的可信加密数据为密文数据,从而可以避免可信加密数据使用过程中造成的用户原始数据的泄露,以提升数据提供方的数据的安全性及隐私性。且由于数据需求方接收到的是携带可信标识的可信加密数据,从而令数据需求方能够根据所述可信标识便捷地确定所述可信加密数据的可信性。In the method shown in FIG. 1, the trusted data processing application can automatically generate trusted encrypted data with high reliability based on the operations performed by the data provider using the target client normally, without the need for the data provider to perform additional trusted operations. The data collection operation can simplify the operation process for the data provider to obtain trusted data, which is beneficial to improve the convenience of using the trusted data collection scheme. And since the trusted encrypted data generated by the trusted data processing application is ciphertext data, the leakage of the user's original data caused by the use of the trusted encrypted data can be avoided, so as to improve the data security and privacy of the data provider. And because the data demander receives the trusted encrypted data carrying the trusted identifier, the data demander can conveniently determine the credibility of the trusted encrypted data according to the trusted identifier.
基于图1中的方法,本说明书实施例还提供了该方法的一些具体实施方案,下面进行说明。Based on the method in FIG. 1 , the examples of this specification also provide some specific implementations of the method, which will be described below.
步骤102:获取数据需求信息,具体可以包括:Step 102: Acquire data requirement information, which may specifically include:
获取数据需求方通过第一区块链网络发送的目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据。Obtain the target data obtaining request sent by the data demander through the first blockchain network, where the target data obtaining request is used to request to obtain the target data of the data provider.
在本说明书实施例中,数据提供方与数据需求方可以基于区块链技术进行数据流转。区块链(Block chain),可以理解为是多个区块顺序存储构成的数据链,每个区块的区块头都包含有本区块的时间戳、前一个区块信息的哈希值和本区块信息的哈希值,由此实现区块与区块之间的相互验证,构成不可篡改的区块链。每个区块都可以理解为是一个数据块(存储数据的单元)。区块链作为一种去中心化的数据库,是一串使用密码学方法相互关联产生的数据块,每一个数据块中包含了一次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块与区块首尾相连形成的链,即为区块链。若需要修改块内数据,则需要修改此区块之后所有区块的内容,并将区块链网络中所有节点备份的数据进行修改。因此,区块链具有难以篡改、删除的特点,在数据已保存至区块链后,其作为一种保持内容完整性的方法具有可靠性。In the embodiments of this specification, the data provider and the data demander can perform data flow based on the blockchain technology. Block chain can be understood as a data chain composed of sequential storage of multiple blocks. The block header of each block contains the timestamp of this block, the hash value of the previous block information and The hash value of this block information, thereby realizing the mutual verification between blocks and forming an immutable blockchain. Each block can be understood as a data block (unit of storing data). As a decentralized database, blockchain is a series of data blocks that are correlated with each other using cryptographic methods. Each data block contains the information of a network transaction, which is used to verify the validity of its information (anti-counterfeiting). and generate the next block. A chain formed by connecting blocks end-to-end is called a blockchain. If you need to modify the data in the block, you need to modify the content of all blocks after this block, and modify the data backed up by all nodes in the blockchain network. Therefore, the blockchain has the characteristics of being difficult to tamper and delete. After the data has been saved to the blockchain, it is reliable as a method to maintain the integrity of the content.
在本说明书实施例中,可以通过区块链平台提供分布式数字身份服务,以便于数据提供方及数据需求方可以基于各自的分布式数字身份去进行数据流转。在实际应用中,数据提供方及数据需求方均可以请求分布式身份服务器(Decentralized IdentityService,DIS)来创建个人的分布式数字身份标识(Decentralized Identitfiers,DID)。其中,DIS是一种基于区块链的身份管理方案,DIS服务器可以与区块链平台相连,并提供数字身份的创建、验证和管理等功能,从而实现规范化地管理和保护实体数据,同时保证信息流转的真实性和效率,并可以解决跨机构的身份认证和数据合作等难题。In the embodiment of this specification, a distributed digital identity service can be provided through a blockchain platform, so that the data provider and the data demander can transfer data based on their respective distributed digital identities. In practical applications, both the data provider and the data demander can request a distributed identity server (Decentralized Identity Service, DIS) to create personal distributed digital identities (Decentralized Identitfiers, DID). Among them, DIS is a blockchain-based identity management solution. The DIS server can be connected to the blockchain platform and provide functions such as creation, verification and management of digital identities, so as to achieve standardized management and protection of entity data, while ensuring The authenticity and efficiency of information flow, and can solve problems such as cross-organization identity authentication and data cooperation.
在本说明书实施例中,数据需求方与数据提供方均可以预先注册个人DID,以基于个人DID去实现数据流转。具体的,数据需求方可以基于该数据需求方DID去生成目标数据获取请求,该目标数据获取请求可以表示该数据需求方DID对应的用户所请求获取数据提供方DID对应的用户的目标数据。In the embodiment of this specification, both the data demander and the data provider may pre-register a personal DID to realize data flow based on the personal DID. Specifically, the data demander may generate a target data acquisition request based on the data demander DID, and the target data acquisition request may represent the target data of the user corresponding to the data provider DID requested by the user corresponding to the data demander DID.
在本说明书实施例中,数据提供方的可信数据处理应用可以与第一区块链网络通信连接,以令数据提供方可以通过可信数据处理应用接收到数据需求方的针对该数据提供方DID的目标数据获取请求。数据提供方还可以通过可信数据处理应用针对数据需求方发送的目标数据获取请求进行授权管理,例如,数据提供方可以通过操作可信数据处理应用以生成授权指令,从而指示允许数据需求方获取到该目标数据;或者,数据提供方还可以通过操作可信数据处理应用以生成拒绝授权指令,从而指示拒绝数据需求方获取到该目标数据;以令数据提供方可以通过可信数据处理应用对个人数据进行便捷地授权管理。In the embodiment of this specification, the trusted data processing application of the data provider can be connected to the first blockchain network in communication, so that the data provider can receive the data requester's request for the data provider through the trusted data processing application. DID's target data acquisition request. The data provider can also perform authorization management on the target data acquisition request sent by the data demander through the trusted data processing application. For example, the data provider can generate an authorization instruction by operating the trusted data processing application, thereby indicating that the data demander is allowed to obtain it. to the target data; or, the data provider can also generate a refusal authorization instruction by operating a trusted data processing application, thereby instructing the refusal data demander to obtain the target data; so that the data provider can use the trusted data processing application to verify the target data. Convenient authorized management of personal data.
对应的,可信数据处理应用可以在获取到所述数据提供方的针对所述目标数据获取请求的授权指令后,再去根据数据需求信息,获取所述目标数据。而若可信数据处理应用获取到的是所述数据提供方的针对所述目标数据获取请求的拒接授权指令时,可信数据处理应用则可以无需执行获取目标数据的步骤,而跳转至结束步骤。Correspondingly, the trusted data processing application may obtain the target data according to the data requirement information after obtaining the authorization instruction for the target data obtaining request from the data provider. However, if the trusted data processing application obtains the refusal authorization instruction for the target data obtaining request from the data provider, the trusted data processing application may skip to the step of obtaining the target data and jump to End step.
当然,数据提供方也可以通过登录有个人区块链账户的设备,去针对数据需求方发送的目标数据获取请求进行授权管理,可信数据处理应用则可以与该设备通信连接。当可信数据处理应用接收到该设备发送的授权指令后,再去根据数据需求信息,获取所述目标数据。以令数据提供方可以针对个人数据的使用权限进行管控。Of course, the data provider can also log in to the device with a personal blockchain account to perform authorization management on the target data acquisition request sent by the data demander, and the trusted data processing application can communicate with the device. After receiving the authorization instruction sent by the device, the trusted data processing application obtains the target data according to the data requirement information. So that the data provider can control the use rights of personal data.
或者,数据需求方也可以通过链下方式(即未采用区块链技术的方式)发送目标数据获取请求至数据提供方的可信数据处理应用处,对此不作具体限定。Alternatively, the data demander can also send the target data acquisition request to the trusted data processing application of the data provider through an off-chain method (that is, a method that does not use blockchain technology), which is not specifically limited.
在本说明书实施例中,为保证数据传输过程的安全性及可追溯性,可以利用区块链网络将数据提供方的数据传输至数据需求方。In the embodiments of this specification, in order to ensure the security and traceability of the data transmission process, a blockchain network can be used to transmit the data of the data provider to the data demander.
因此,步骤108:针对所述加密目标数据生成可信标识,得到可信加密数据之后,还可以包括:可信数据处理应用通过第二区块链网络发送所述可信加密数据至所述数据需求方。Therefore, step 108: generating a trusted identifier for the encrypted target data, and after obtaining the trusted encrypted data, it may further include: the trusted data processing application sends the trusted encrypted data to the data through the second blockchain network demand side.
在本说明书实施例中,第二区块链网络与前述的第一区块链网络既可以是同一区块链网络,也可以是不同的区块链网络,对此不作具体限定。In the embodiment of this specification, the second blockchain network and the aforementioned first blockchain network may be the same blockchain network or different blockchain networks, which are not specifically limited.
当然,可信数据处理应用也可以通过链下方式发送所述可信加密数据至所述数据需求方,由于可信加密数据为密文数据,因此,在利用各种传输方式对该可信加密数据进行传输时,均可以保护数据提供方的原始数据的安全性及隐私性。Of course, the trusted data processing application can also send the trusted encrypted data to the data demander in an off-chain manner. Since the trusted encrypted data is ciphertext data, the trusted encrypted data is encrypted using various transmission methods. When data is transmitted, the security and privacy of the original data of the data provider can be protected.
在本说明书实施例中,数据需求方可能需要从数据提供方处获取目标数据,以基于获取到的目标数据执行指定业务。例如,当数据提供方需在数据需求方处办理金融业务时,数据需求方可能需要获取数据提供方的银行流水数据。或者,当数据提供方需在数据需求方处获取推广服务时,数据需求方可能需要获取数据提供方在指定商务平台上的客户订单数据。或者,当数据需求方需完成针对商务平台中的客流量数据分析需求时,数据需求方可能需要获取数据提供方在商务平台上的各个时间段的客流数据等。In the embodiment of this specification, the data demander may need to acquire target data from the data provider, so as to execute a specified service based on the acquired target data. For example, when the data provider needs to handle financial services at the data demander, the data demander may need to obtain the bank flow data of the data provider. Or, when the data provider needs to obtain promotion services from the data demander, the data demander may need to obtain the customer order data of the data provider on the designated business platform. Or, when the data demander needs to complete the demand for passenger flow data analysis in the business platform, the data demander may need to obtain the passenger flow data of the data provider in various time periods on the business platform.
可见,针对不同的数据需求,可信数据处理应用所需采集的目标数据的数据源也并不完全一致。基于此,数据需求方发送的目标数据获取请求还可以指示该目标数据的数据源为目标应用客户端,即所述数据需求信息可以指示数据提供方的目标数据的数据源应为目标客户端。It can be seen that for different data requirements, the data sources of the target data collected by the trusted data processing application are not completely consistent. Based on this, the target data acquisition request sent by the data demander may also indicate that the data source of the target data is the target application client, that is, the data demand information may indicate that the data source of the target data of the data provider should be the target client.
在实际应用中,目标客户端的种类可以有多种,例如,商务应用客户端、搜索引擎客户端、即时通讯应用客户端、网络媒体应用客户端等。上述各类目标客户端既可以通过Web技术(WEB Technology)实现,也可以通过应用软件(Application)技术实现。In practical applications, there may be various types of target clients, for example, business application clients, search engine clients, instant messaging application clients, network media application clients, and the like. The above-mentioned various target clients can be realized either through WEB technology (WEB Technology) or through application software (Application) technology.
当目标客户端为基于Web技术实现的目标网页客户端时,所述可信数据处理应用可以为所述目标网页客户端处加载的可用插件(Plug-in,又称add-in、或add-on)。When the target client is a target webpage client implemented based on Web technology, the trusted data processing application may be an available plug-in (Plug-in, also known as add-in, or add-in) loaded at the target webpage client on).
所述从所述数据提供方使用目标客户端的过程中产生的数据中,采集所述目标数据,具体可以包括以下多种实现方式。The collecting of the target data from the data generated in the process of using the target client by the data provider may specifically include the following multiple implementation manners.
实现方式一Implementation method one
可信数据处理应用可以从所述数据提供方在所述目标网页客户端处浏览的网页数据中,采集所述目标数据。The trusted data processing application may collect the target data from the web page data browsed by the data provider at the target web page client.
在本说明书实施例中,数据提供方在启动所述目标网页客户端后,可以自动运行所述目标网页客户端的可用插件(例如,可信数据处理应用)。使得该可信数据处理应用可以在数据提供方正常使用所述目标网页客户端浏览网页数据的过程中,去从该数据提供方所浏览的网页数据中采集所述目标数据。In the embodiment of this specification, after starting the target web client, the data provider may automatically run an available plug-in (for example, a trusted data processing application) of the target web client. This enables the trusted data processing application to collect the target data from the web page data browsed by the data provider during the process that the data provider normally uses the target web client to browse web page data.
具体的,可信数据处理应用与目标网页客户端之间可以预先签订通讯协议,以令该可信数据处理应用可以获取到目标网页客户端的当前页面所展示的全部网页数据,从而可以根据数据需求信息,从目标网页客户端的当前页面所展示的全部网页数据中提取目标数据。Specifically, a communication agreement can be signed in advance between the trusted data processing application and the target webpage client, so that the trusted data processing application can obtain all the webpage data displayed on the current page of the target webpage client, so that the trusted data processing application can obtain all webpage data displayed on the current page of the target webpage client, so that the trusted data processing application can obtain all webpage data displayed on the current page of the target webpage client. information, and extract the target data from all the webpage data displayed on the current page of the target webpage client.
实现方式二Implementation method two
可信数据处理应用可以从所述数据提供方在所述目标网页客户端处下载的网页数据中,采集所述目标数据。The trusted data processing application may collect the target data from the webpage data downloaded by the data provider at the target webpage client.
在本说明书实施例中,基于与实现方式一相同的原理,该可信数据处理应用可以在数据提供方正常使用所述目标网页客户端下载网页数据后,去从该数据提供方下载到本地的网页数据中采集所述目标数据。In the embodiment of this specification, based on the same principle as the first implementation, the trusted data processing application can download the webpage data from the data provider to the local computer after the data provider normally uses the target webpage client to download the webpage data. The target data is collected from webpage data.
在实现方式一及实现方式二中,可信数据处理应用在采集目标数据时,对于数据提供方而言可以是无感知采集,即数据提供方只需根据目标网页客户端现有的操作规定,对目标网页客户端执行浏览、数据下载等操作即可,而无需数据提供方额外执行指定操作去采集可信数据,从而有利于提升数据提供方获取可信数据的操作便捷性。In implementation mode 1 and implementation mode 2, when the trusted data processing application collects target data, it can be non-perceptual collection for the data provider, that is, the data provider only needs to follow the existing operation regulations of the target webpage client. It is sufficient to perform operations such as browsing and data downloading on the target webpage client, without the need for the data provider to perform additional specified operations to collect trusted data, thereby improving the operational convenience for the data provider to obtain trusted data.
且可信数据处理应用可以通过与目标客户端进行数据交互,以取得可信数据,而无需再令该可信数据处理应用去与目标客户端的服务端之间进行数据通讯,不仅可以减少在采集可信数据时所需消耗的设备资源,还可以减少目标客户端的服务端所需执行的步骤,从而可以简化可信数据获取流程。Moreover, the trusted data processing application can obtain trusted data by interacting with the target client, without requiring the trusted data processing application to communicate with the server of the target client, which not only reduces the need for data collection The device resources that need to be consumed when the trusted data is used can also reduce the steps that the server of the target client needs to perform, so that the trusted data acquisition process can be simplified.
在本说明书实施例中,所述目标数据可以是数据提供方的个人业务数据,例如,银行流水数据、商务订单数据等,因此,数据提供方需要在目标网页客户端处登录个人的已注册账户,才能从该目标网页客户端处浏览或下载该目标数据,可见,所述目标数据可以为与所述数据提供方在所述目标客户端处登录的已注册账户具有对应关系的用户业务数据。In the embodiment of this specification, the target data may be personal business data of the data provider, for example, bank flow data, business order data, etc. Therefore, the data provider needs to log in the individual's registered account at the target webpage client Only then can the target data be browsed or downloaded from the target webpage client. It can be seen that the target data may be user service data that has a corresponding relationship with the registered account logged in by the data provider at the target client.
或者,目标数据也可以是数据提供方所具有浏览或下载权限的公开数据,例如,新闻资讯、用户博客等,此时,数据提供方可以在未登录个人的已注册账户的情况下,从该目标网页客户端处浏览或下载该目标数据,可见,所述目标数据也可以为与所述数据提供方在所述目标客户端处登录的已注册账户不具有对应关系的数据。Alternatively, the target data can also be public data that the data provider has the right to browse or download, such as news information, user blogs, etc. In this case, the data provider can access the data from the data provider without logging in to the individual's registered account. When browsing or downloading the target data at the target webpage client, it can be seen that the target data may also be data that does not have a corresponding relationship with the registered account logged in by the data provider at the target client.
在实际应用中,所述目标数据的类型可以有多种,例如,网页数据中的指定字段、网页数据中的指定图片以及网页数据中的指定多媒体文件中的至少一种,对此不作具体限定。In practical applications, the target data may have various types, for example, at least one of a specified field in the web page data, a specified picture in the web page data, and a specified multimedia file in the web page data, which are not specifically limited .
而当目标客户端为基于应用软件(Application)技术实现的目标APP客户端时,所述可信数据处理应用可以为该目标APP客户端处加载的可用软件开发工具包(SoftwareDevelopment Kit,SDK)或者与所述目标APP客户端通信连接的另一APP应用客户端。When the target client is a target APP client implemented based on application software (Application) technology, the trusted data processing application may be an available software development kit (Software Development Kit, SDK) loaded on the target APP client or Another APP application client communicatively connected to the target APP client.
对应的,当数据提供方在启动所述目标APP客户端后,可以自动运行该目标APP客户端处加载的可用软件开发工具包(例如,可信数据处理应用);或者,可信数据处理应用可以监控该目标APP客户端是否处于运行状态;以使得该可信数据处理应用可以在数据提供方正常使用所述目标APP客户端的过程中,去从该目标APP客户端的应用界面所展示的数据,或者,数据提供方从该目标APP客户端处下载的数据中,去采集所述目标数据。Correspondingly, when the data provider starts the target APP client, it can automatically run the available software development kit (for example, a trusted data processing application) loaded at the target APP client; or, a trusted data processing application It can monitor whether the target APP client is in the running state; so that the trusted data processing application can go to the data displayed from the application interface of the target APP client during the normal use of the target APP client by the data provider, Or, the data provider collects the target data from the data downloaded from the target APP client.
在本说明书实施例中,可信数据处理应用在采集目标数据后,还可以根据该目标数据生成可信加密数据。由于不同的数据需求方可能存在针对同一目标数据的获取需求,或者,可信数据处理应用可能需要经过指定时长后,再将目标数据发送至数据需求方。因此,可信数据处理应用可以对生成的可信加密数据进行存储,以便于后续操作的进行。In the embodiment of this specification, after collecting the target data, the trusted data processing application may also generate trusted encrypted data according to the target data. Because different data demanders may have acquisition requirements for the same target data, or the trusted data processing application may need to send the target data to the data demander after a specified period of time. Therefore, the trusted data processing application can store the generated trusted encrypted data to facilitate subsequent operations.
从而步骤108:针对所述加密目标数据生成可信标识,得到可信加密数据之后,还可以包括:存储所述可信加密数据至可信硬件。Therefore, step 108: generating a trusted identifier for the encrypted target data, and after obtaining the trusted encrypted data, the method may further include: storing the trusted encrypted data in trusted hardware.
其中,可信硬件是可信计算的重要基础之一,基于可信硬件可以在硬件设备上构建一个可信执行环境(Trusted Execution Environments),以保护可信硬件中的程序代码和数据免于被披露及被修改,进而可以保护可信硬件中的数据的隐私和安全。可信硬件的类型有多种,例如,英特尔的SGX、ARM Trust Zone等可信芯片。在本说明书实施例中,对于可信硬件所采用的具体型号不作具体限定。Among them, trusted hardware is one of the important foundations of trusted computing. Based on trusted hardware, a trusted execution environment (Trusted Execution Environments) can be built on the hardware device to protect the program code and data in the trusted hardware from being compromised. disclosed and modified, thereby protecting the privacy and security of data in trusted hardware. There are many types of trusted hardware, for example, Intel's SGX, ARM Trust Zone and other trusted chips. In the embodiments of the present specification, the specific model used by the trusted hardware is not specifically limited.
在实际应用中,所述可信硬件可以为与搭载有所述可信数据处理应用的设备连接的可信硬件;即当数据提供方的设备上搭载有可信硬件时,可信数据处理应用可以将可信加密数据存储至该数据提供方的设备处的可信硬件中。In practical applications, the trusted hardware may be trusted hardware connected to a device equipped with the trusted data processing application; that is, when trusted hardware is mounted on the device of the data provider, the trusted data processing application The trusted encrypted data may be stored in trusted hardware at the data provider's device.
或者,所述可信硬件还可以为与目标服务器连接的可信硬件。该目标服务器可以为与所述可信数据处理应用通信连接的云服务器。数据提供方可以预先从该云服务器处请求获取针对所述可信硬件的使用权限,从而令数据提供方可以通过可信数据处理应用将可信加密数据存储至该数据提供方的设备以外的可信硬件中,以便于降低对于数据提供方的设备的配置要求。Alternatively, the trusted hardware may also be trusted hardware connected to the target server. The target server may be a cloud server communicatively connected to the trusted data processing application. The data provider may request permission to use the trusted hardware from the cloud server in advance, so that the data provider can store the trusted encrypted data in a location other than the data provider's device through the trusted data processing application. In the information hardware, in order to reduce the configuration requirements for the data provider's equipment.
在本说明书实施例中,由于可信数据处理应用可以将数据提供方的部分可信数据预先存储至可信硬件中,因此,可信数据处理应用可以根据所述数据需求信息,从可信硬件所存储的数据中去获取所述目标数据,而无需基于数据提供方当前对目标客户端的操作而生成的数据去获取所述目标数据,有利于提升目标数据采集的实时性。In the embodiment of this specification, since the trusted data processing application can pre-store part of the trusted data of the data provider in the trusted hardware, the trusted data processing application The target data is acquired from the stored data without acquiring the target data based on the data generated by the data provider's current operation on the target client, which is beneficial to improve the real-time performance of the target data collection.
在本说明书实施例中,数据需求方在获取到可信加密数据后,可能存在对可信加密数据的可信性进行验证的需求,因此,步骤108:针对所述加密目标数据生成可信标识,得到可信加密数据之后,还可以包括:存储所述可信加密数据至第三区块链网络。In the embodiment of this specification, after obtaining the trusted encrypted data, the data demander may need to verify the credibility of the trusted encrypted data. Therefore, step 108: Generate a trusted identifier for the encrypted target data , and after obtaining the trusted encrypted data, the method may further include: storing the trusted encrypted data in a third blockchain network.
所述第三区块链网络与前述第一区块链网络及第二区块链网络既可以是相同的区块链网络,也可以不同的区块链网络,对此不作具体限定。The third blockchain network, the first blockchain network and the second blockchain network may be the same blockchain network or different blockchain networks, which are not specifically limited.
在本说明书实施例中,后续可以将第三区块链网络中存储的该可信加密数据作为基准数据,对数据需求方获取到的可信加密数据进行一致性比对,以完成对数据需求方获取到的可信加密数据的可信性验证。In the embodiment of this specification, the trusted encrypted data stored in the third blockchain network can be used as the reference data, and the trusted encrypted data obtained by the data demander can be compared for consistency, so as to complete the data demand Credibility verification of trusted encrypted data obtained by the party.
图2为本说明书实施例提供的一种可信数据获取方法的流程示意图。从程序角度而言,该方法的执行主体可以为数据需求方的设备。FIG. 2 is a schematic flowchart of a method for obtaining trusted data according to an embodiment of the present specification. From a program point of view, the execution body of the method can be the device of the data demander.
如图2所示,该流程可以包括以下步骤:As shown in Figure 2, the process can include the following steps:
步骤202:获取数据需求方的操作信息。Step 202: Obtain the operation information of the data demander.
步骤204:根据所述操作信息,生成目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据。Step 204: Generate a target data acquisition request according to the operation information, where the target data acquisition request is used for requesting acquisition of the target data of the data provider.
在本说明书实施例中,数据需求方可以基于区块链技术去请求获取目标数据。则数据需求方可以针对该数据需求方的设备上的区块链应用执行触发操作,以生成用于请于获取数据提供方的目标数据的目标数据获取请求。或者,数据需求方也可以基于区块链以外的技术去请求获取目标数据,则数据需求方可以针对该数据需求方的设备上的非区块链应用去执行触发操作,以生成用于请于获取数据提供方的目标数据的目标数据获取请求,对此不作具体限定。In the embodiment of this specification, the data demander may request to acquire target data based on the blockchain technology. Then the data demander can perform a trigger operation on the blockchain application on the data demander's device to generate a target data acquisition request for obtaining the target data of the data provider. Alternatively, the data demander can also request the acquisition of target data based on technologies other than the blockchain, and the data demander can perform a trigger operation on the non-blockchain application on the data demander's device to generate a request for The target data acquisition request for acquiring the target data of the data provider, which is not specifically limited.
步骤206:发送所述目标数据获取请求。Step 206: Send the target data acquisition request.
在本说明书实施例中,数据需求方既可以通过第一区块链网络发送所述目标数据获取请求至所述数据提供方,也可以通过链下传输方式将目标数据获取请求至所述数据提供方,对此不作具体限定,只需要令数据提供方的可信数据处理应用可以获取到该目标数据获取请求即可。In the embodiment of this specification, the data demander can either send the target data acquisition request to the data provider through the first blockchain network, or send the target data acquisition request to the data provider through off-chain transmission. There is no specific limitation on this, as long as the trusted data processing application of the data provider can obtain the target data acquisition request.
步骤208:接收所述数据提供方反馈的可信加密数据;所述可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据;所述加密目标数据是所述可信数据处理应用对从所述数据提供方作为用户的目标客户端处采集的所述目标数据进行加密处理而得到的密文数据。Step 208: Receive trusted encrypted data fed back by the data provider; the trusted encrypted data is encrypted target data with a trusted identifier generated by a trusted data processing application of the data provider; the encrypted target data It is ciphertext data obtained by the trusted data processing application encrypting the target data collected from the target client where the data provider is the user.
在本说明书实施例中,数据提供方可以采用图1中所示方法去生成反馈至数据需求方的可信加密数据,对于可信加密数据的生成过程不再赘述。In the embodiment of this specification, the data provider may use the method shown in FIG. 1 to generate trusted encrypted data that is fed back to the data demander, and the generation process of the trusted encrypted data will not be repeated.
在实际应用中,为提升数据传输的安全性及可追溯,可以采用链上数据传输方式传递该可信加密数据,从而步骤208具体可以包括:接收所述数据提供方通过第二区块链网络反馈的可信加密数据。当然,数据需求方也可以基于链下数据传输方式接收到数据提供方所反馈的可信加密数据,对此不作具体限定。In practical applications, in order to improve the security and traceability of data transmission, the trusted encrypted data may be transmitted by means of on-chain data transmission, so step 208 may specifically include: receiving the data provider through the second blockchain network Feedback trusted encrypted data. Of course, the data demander can also receive the trusted encrypted data fed back by the data provider based on the off-chain data transmission method, which is not specifically limited.
图2中所述的方法,由于数据提供方反馈的可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据,从而令数据需求方在获取到可信加密数据后,可以基于其携带的可信标识确定该可信加密数据的可信性较高,有利于提升数据需求方对于从数据提供方处获取到的数据的可信性的验证操作的便捷性。In the method described in FIG. 2 , since the trusted encrypted data fed back by the data provider is the encrypted target data with the trusted identifier generated by the trusted data processing application of the data provider, the data demander can obtain the data that can be After the encrypted data is trusted, it can be determined based on the trusted identifier carried by the trusted encrypted data that the reliability of the trusted encrypted data is high, which is beneficial to improve the reliability of the data demander's verification operation on the reliability of the data obtained from the data provider. Convenience.
在本说明书实施例中,数据需求方除了根据可信标识验证获取到的可信加密数据的可信性以外,还可能存在对获取到的可信加密数据的可信性进行进一步验证的需求。In the embodiment of this specification, the data demander may have a requirement to further verify the credibility of the obtained trusted encrypted data in addition to verifying the credibility of the obtained trusted encrypted data according to the trusted identifier.
因此,步骤208:接收所述数据提供方反馈的可信加密数据之后,还可以包括:利用所述数据需求方的可信数据处理应用,对所述可信加密数据进行可信验证,得到验证结果。Therefore, step 208: after receiving the trusted encrypted data fed back by the data provider, it may further include: using the trusted data processing application of the data demander to perform trusted verification on the trusted encrypted data, and obtain the verification result.
具体的,数据需求方可以利用所述数据需求方的可信数据处理应用,从第三区块链网络处获取基准数据;所述基准数据为所述数据提供方的可信数据处理应用发送至所述第三区块链网络处进行存储的携带所述可信标识的密文数据。Specifically, the data demander can use the trusted data processing application of the data demander to obtain benchmark data from the third blockchain network; the benchmark data is sent by the trusted data processing application of the data provider to The ciphertext data carrying the trusted identifier stored in the third blockchain network.
对所述基准数据与所述可信加密数据进行一致性验证,若所述基准数据与所述可信加密数据一致,则可以生成表示数据需求方接收到的可信加密数据可信、未被篡改的验证结果;而若所述基准数据与所述可信加密数据不一致,则可以生成表示数据需求方接收到的可信加密数据不可信、存在被篡改风险的验证结果。Consistency verification is performed on the reference data and the trusted encrypted data. If the reference data is consistent with the trusted encrypted data, the trusted encrypted data received by the data demander can be generated to indicate that the trusted encrypted data is trusted and not If the reference data is inconsistent with the trusted encrypted data, a verification result indicating that the trusted encrypted data received by the data demander is untrustworthy and has a risk of being tampered can be generated.
在本说明书实施例中,由于第三区块链网络处存储的携带所述可信标识的密文数据是数据提供方的可信数据处理应用生成并存储至该第三区块链网络处的,因此,第三区块链网络处存储的携带所述可信标识的数据为可信数据,可以作为基准数据使用。且由于第三区块链网络处存储的携带所述可信标识的数据为密文数据,从而可以保证数据提供方的原始数据的安全性及隐私性。In the embodiment of this specification, since the ciphertext data carrying the trusted identifier stored in the third blockchain network is generated by the trusted data processing application of the data provider and stored in the third blockchain network , therefore, the data carrying the trusted identifier stored in the third blockchain network is trusted data and can be used as reference data. And because the data carrying the trusted identifier stored in the third blockchain network is ciphertext data, the security and privacy of the original data of the data provider can be guaranteed.
基于同样的思路,本说明书实施例还提供了图1中方法对应的装置。图3为本说明书实施例提供的对应于图1中方法的一种可信数据处理装置的结构示意图,该装置可以应用于可信数据处理应用。Based on the same idea, the embodiments of the present specification also provide a device corresponding to the method in FIG. 1 . FIG. 3 is a schematic structural diagram of a trusted data processing apparatus corresponding to the method in FIG. 1 according to an embodiment of the present specification, and the apparatus can be applied to trusted data processing applications.
如图3所示,该装置可以包括:As shown in Figure 3, the device may include:
第一获取模块302,用于获取数据需求信息;所述数据需求信息用于请求获取数据提供方的目标数据。The first obtaining
第二获取模块304,用于根据所述数据需求信息,获取所述目标数据;所述目标数据是所述可信数据处理应用从所述数据提供方作为用户的目标客户端处采集的数据。The second obtaining
加密模块306,用于对所述目标数据进行加密处理,得到加密目标数据。The
可信加密数据生成模块308,用于针对所述加密目标数据生成可信标识,得到可信加密数据,所述可信加密数据为携带所述可信标识的所述加密目标数据。The trusted encrypted
在本说明书实施例中,所述第二获取模块304,具体可以用于:In the embodiment of this specification, the second obtaining
所述可信数据处理应用根据所述数据需求信息,从所述数据提供方使用目标客户端的过程中产生的数据中,采集所述目标数据。The trusted data processing application collects the target data from the data generated in the process of using the target client by the data provider according to the data requirement information.
在本说明书实施例中,所述目标客户端可以包括目标网页客户端;所述可信数据处理应用可以为所述目标网页客户端处加载的可用插件。In the embodiment of this specification, the target client may include a target web client; the trusted data processing application may be an available plug-in loaded at the target web client.
所述第二获取模块,具体可以包括:The second acquisition module may specifically include:
第一采集模块,用于从所述数据提供方在所述目标网页客户端处浏览的网页数据中,采集所述目标数据;和/或,第二采集模块,用于从所述数据提供方在所述目标网页客户端处下载的网页数据中,采集所述目标数据。a first collection module, configured to collect the target data from the webpage data browsed by the data provider at the target webpage client; and/or, a second collection module, used to collect the target data from the data provider The target data is collected from the webpage data downloaded at the target webpage client.
其中,所述目标数据可以为与所述数据提供方在所述目标客户端处登录的已注册账户具有对应关系的用户业务数据。所述目标数据可以包括:所述网页数据中的指定字段、所述网页数据中的指定图片以及所述网页数据中的指定多媒体文件中的至少一种。The target data may be user service data that has a corresponding relationship with a registered account logged in by the data provider at the target client. The target data may include: at least one of a specified field in the web page data, a specified picture in the web page data, and a specified multimedia file in the web page data.
在本说明书实施例中,所述第一获取模块302,具体可以用于:In the embodiment of this specification, the first obtaining
获取数据需求方通过第一区块链网络发送的目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据。Obtain the target data obtaining request sent by the data demander through the first blockchain network, where the target data obtaining request is used to request to obtain the target data of the data provider.
在本说明书实施例中,图3中所述的装置,还可以包括:In the embodiment of the present specification, the apparatus described in FIG. 3 may further include:
授权指令获取模块,用于获取所述数据提供方的针对所述目标数据获取请求的授权指令。An authorization instruction acquisition module, configured to acquire an authorization instruction from the data provider for the target data acquisition request.
在本说明书实施例中,图3中所述的装置,还可以包括:In the embodiment of the present specification, the apparatus described in FIG. 3 may further include:
发送模块,用于通过第二区块链网络发送所述可信加密数据至所述数据需求方。A sending module, configured to send the trusted encrypted data to the data demander through the second blockchain network.
在本说明书实施例中,图3中所述的装置,还可以包括:In the embodiment of the present specification, the apparatus described in FIG. 3 may further include:
第一存储模块,用于存储所述可信加密数据至第三区块链网络。The first storage module is used for storing the trusted encrypted data to the third blockchain network.
在本说明书实施例中,图3中所述的装置,还可以包括:In the embodiment of the present specification, the apparatus described in FIG. 3 may further include:
第二存储模块,用于存储所述可信加密数据至可信硬件;所述可信硬件为与搭载有所述可信数据处理应用的设备连接的可信硬件;或者,所述可信硬件为与目标服务器连接的可信硬件。The second storage module is used to store the trusted encrypted data to trusted hardware; the trusted hardware is trusted hardware connected to the device equipped with the trusted data processing application; or, the trusted hardware is the trusted hardware connected to the target server.
基于同样的思路,本说明书实施例还提供了图2中方法对应的装置。图4为本说明书实施例提供的对应于图2中方法的一种可信数据获取装置的结构示意图。Based on the same idea, the embodiments of the present specification also provide a device corresponding to the method in FIG. 2 . FIG. 4 is a schematic structural diagram of an apparatus for obtaining trusted data corresponding to the method in FIG. 2 according to an embodiment of the present specification.
如图4所示,该装置可以包括:As shown in Figure 4, the apparatus may include:
获取模块402,用于获取数据需求方的操作信息。The obtaining
获取请求生成模块404,用于根据所述操作信息,生成目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据。The acquisition
发送模块406,用于发送所述目标数据获取请求。The sending
接收模块408,用于接收所述数据提供方反馈的可信加密数据;所述可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据;所述加密目标数据是所述可信数据处理应用对从所述数据提供方作为用户的目标客户端处采集的所述目标数据进行加密处理而得到的密文数据。A receiving
在本说明书实施例中,所述发送模块406,具体可以用于:In the embodiment of this specification, the sending
通过第一区块链网络发送所述目标数据获取请求至所述数据提供方。Send the target data acquisition request to the data provider through the first blockchain network.
在本说明书实施例中,所述接收模块408,具体可以用于:In the embodiment of this specification, the receiving
接收所述数据提供方通过第二区块链网络反馈的可信加密数据。Receive trusted encrypted data fed back by the data provider through the second blockchain network.
在本说明书实施例中,图4中所述的装置,还可以包括:In the embodiment of this specification, the apparatus described in FIG. 4 may further include:
验证模块,用于利用所述数据需求方的可信数据处理应用,对所述可信加密数据进行可信验证,得到验证结果。The verification module is used to perform trusted verification on the trusted encrypted data by using the trusted data processing application of the data demander to obtain a verification result.
在本说明书实施例中,所述验证模块,具体可以用于:In the embodiment of this specification, the verification module can be specifically used for:
利用所述数据需求方的可信数据处理应用,从第三区块链网络处获取基准数据;所述基准数据为所述数据提供方的可信数据处理应用发送至所述第三区块链网络处进行存储的携带所述可信标识的密文数据。Use the trusted data processing application of the data demander to obtain benchmark data from the third blockchain network; the benchmark data is sent to the third blockchain by the trusted data processing application of the data provider The ciphertext data carrying the trusted identifier stored at the network.
对所述基准数据与所述可信加密数据进行一致性验证。Consistency verification is performed on the reference data and the trusted encrypted data.
基于同样的思路,本说明书实施例还提供了上述方法对应的设备。Based on the same idea, the embodiments of this specification also provide a device corresponding to the above method.
图5为本说明书实施例提供的对应于图1的一种可信数据处理设备的结构示意图。如图5所示,设备500可以包括:FIG. 5 is a schematic structural diagram of a trusted data processing device corresponding to FIG. 1 according to an embodiment of the present specification. As shown in FIG. 5,
至少一个处理器510;以及,at least one processor 510; and,
与所述至少一个处理器通信连接的存储器530;其中,a memory 530 in communication with the at least one processor; wherein,
所述存储器530存储有可被所述至少一个处理器510执行的指令520,所述指令520为可信数据处理应用处的指令,所述指令被所述至少一个处理器510执行,以使所述至少一个处理器510能够:The memory 530 stores instructions 520 executable by the at least one processor 510, the instructions 520 are instructions at a trusted data processing application, and the instructions are executed by the at least one processor 510 to cause all The at least one processor 510 can:
获取数据需求信息;所述数据需求信息用于请求获取数据提供方的目标数据。Acquire data requirement information; the data requirement information is used to request to acquire target data of the data provider.
根据所述数据需求信息,获取所述目标数据;所述目标数据是所述可信数据处理应用从所述数据提供方作为用户的目标客户端处采集的数据。According to the data requirement information, the target data is acquired; the target data is the data collected by the trusted data processing application from the target client of which the data provider is the user.
对所述目标数据进行加密处理,得到加密目标数据。The target data is encrypted to obtain encrypted target data.
针对所述加密目标数据生成可信标识,得到可信加密数据,所述可信加密数据为携带所述可信标识的所述加密目标数据。A trusted identifier is generated for the encrypted target data to obtain trusted encrypted data, where the trusted encrypted data is the encrypted target data carrying the trusted identifier.
基于同样的思路,本说明书实施例还提供了上述方法对应的设备。Based on the same idea, the embodiments of this specification also provide a device corresponding to the above method.
图6为本说明书实施例提供的对应于图2的一种可信数据获取设备的结构示意图。如图6所示,设备600可以包括:FIG. 6 is a schematic structural diagram of a trusted data acquisition device corresponding to FIG. 2 according to an embodiment of the present specification. As shown in FIG. 6,
至少一个处理器610;以及,at least one
与所述至少一个处理器通信连接的存储器630;其中,a memory 630 in communication with the at least one processor; wherein,
所述存储器630存储有可被所述至少一个处理器610执行的指令620,所述指令被所述至少一个处理器610执行,以使所述至少一个处理器610能够:The memory 630 stores instructions 620 executable by the at least one
获取数据需求方的操作信息。Obtain the operation information of the data demander.
根据所述操作信息,生成目标数据获取请求,所述目标数据获取请求用于请求获取数据提供方的目标数据。According to the operation information, a target data acquisition request is generated, and the target data acquisition request is used for requesting acquisition of the target data of the data provider.
发送所述目标数据获取请求。Send the target data acquisition request.
接收所述数据提供方反馈的可信加密数据;所述可信加密数据为所述数据提供方的可信数据处理应用生成的携带可信标识的加密目标数据;所述加密目标数据是所述可信数据处理应用对从所述数据提供方作为用户的目标客户端处采集的所述目标数据进行加密处理而得到的密文数据。Receive trusted encrypted data fed back by the data provider; the trusted encrypted data is encrypted target data with a trusted identifier generated by a trusted data processing application of the data provider; the encrypted target data is the The ciphertext data obtained by encrypting the target data collected from the target client of which the data provider is the user by the trusted data processing application.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于图5及图6所示的设备而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the devices shown in FIG. 5 and FIG. 6 , since they are basically similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device, PLD)(例如现场可编程门阵列(Field Programmable GateArray,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字符系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware DescriptionLanguage)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(RubyHardware Description Language)等,目前最普遍使用的是VHDL(Very-High-SpeedIntegrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, an improvement in a technology could be clearly differentiated between improvements in hardware (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or improvements in software (improvements in method flow). However, with the development of technology, the improvement of many methods and processes today can be regarded as a direct improvement of the hardware circuit structure. Designers almost get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware entity modules. For example, a Programmable Logic Device (PLD) such as a Field Programmable Gate Array (FPGA) is an integrated circuit whose logical function is determined by the user programming the device. It is programmed by the designer to "integrate" a digital character system on a PLD, without the need for a chip manufacturer to design and manufacture a dedicated integrated circuit chip. And, instead of making integrated circuit chips by hand, these days, most of this programming is done using "logic compiler" software, which is similar to the software compilers used in program development and writing, but before compiling The original code also has to be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc. The most commonly used ones are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that a hardware circuit for implementing the logic method process can be easily obtained by simply programming the method process in the above-mentioned several hardware description languages and programming it into the integrated circuit.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20 以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller may be implemented in any suitable manner, for example, the controller may take the form of eg a microprocessor or processor and a computer readable medium storing computer readable program code (eg software or firmware) executable by the (micro)processor , logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers, examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the control logic of the memory. Those skilled in the art also know that, in addition to implementing the controller in the form of pure computer-readable program code, the controller can be implemented as logic gates, switches, application-specific integrated circuits, programmable logic controllers and embedded devices by logically programming the method steps. The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included therein for realizing various functions can also be regarded as a structure within the hardware component. Or even, the means for implementing various functions can be regarded as both a software module implementing a method and a structure within a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字符助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device Or a combination of any of these devices.
为了描述的方便,描述以上装置时以功能分为各种单元分别描述。当然,在实施本申请时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various units and described respectively. Of course, when implementing the present application, the functions of each unit may be implemented in one or more software and/or hardware.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowcharts and/or block diagrams, and combinations of flows and/or blocks in the flowcharts and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in one or more of the flowcharts and/or one or more blocks of the block diagrams.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions An apparatus implements the functions specified in a flow or flows of the flowcharts and/or a block or blocks of the block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in one or more of the flowcharts and/or one or more blocks of the block diagrams.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-persistent memory in computer readable media, random access memory (RAM) and/or non-volatile memory in the form of, for example, read only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字符多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media includes both persistent and non-permanent, removable and non-removable media, and storage of information may be implemented by any method or technology. Information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD), or other optical storage , magnetic tape cartridges, magnetic tape-disk storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer-readable media does not include transitory computer-readable media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device comprising a series of elements includes not only those elements, but also Other elements not expressly listed, or which are inherent to such a process, method, article of manufacture, or apparatus are also included. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, method, article of manufacture, or device that includes the element.
本领域技术人员应明白,本申请的实施例可提供为方法、系统或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。It will be appreciated by those skilled in the art that the embodiments of the present application may be provided as a method, a system or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above descriptions are merely examples of the present application, and are not intended to limit the present application. Various modifications and variations of this application are possible for those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included within the scope of the claims of this application.
Claims (30)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011303197.8A CN112100689B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
| CN202110932599.2A CN113792346B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011303197.8A CN112100689B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110932599.2A Division CN113792346B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112100689A CN112100689A (en) | 2020-12-18 |
| CN112100689B true CN112100689B (en) | 2021-07-27 |
Family
ID=73785940
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110932599.2A Active CN113792346B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
| CN202011303197.8A Active CN112100689B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110932599.2A Active CN113792346B (en) | 2020-11-19 | 2020-11-19 | Trusted data processing method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113792346B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112783942B (en) * | 2021-01-13 | 2022-12-06 | 湖北宸威玺链信息技术有限公司 | Block chain-based data acquisition quality verification method, system, device and medium |
| CN115292746A (en) * | 2022-07-28 | 2022-11-04 | 南京国电南自电网自动化有限公司 | A method for trusted compilation and operation of application programs |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103793815A (en) * | 2014-01-23 | 2014-05-14 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
| CN111510421A (en) * | 2019-01-31 | 2020-08-07 | 金联汇通信息技术有限公司 | Data processing method and device, electronic equipment and computer readable storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10691793B2 (en) * | 2017-02-20 | 2020-06-23 | AlphaPoint | Performance of distributed system functions using a trusted execution environment |
| CN109426732B (en) * | 2017-08-22 | 2021-09-21 | 创新先进技术有限公司 | Data processing method and device |
| CN111143859A (en) * | 2020-01-07 | 2020-05-12 | 杭州宇链科技有限公司 | Module for collecting credible data and data transmission method |
| CN111597567B (en) * | 2020-05-14 | 2022-03-04 | 腾讯科技(深圳)有限公司 | Data processing method, data processing device, node equipment and storage medium |
| CN111741036B (en) * | 2020-08-28 | 2020-12-18 | 支付宝(杭州)信息技术有限公司 | A trusted data transmission method, device and device |
| CN111814156B (en) * | 2020-09-04 | 2022-04-29 | 支付宝(杭州)信息技术有限公司 | A data acquisition method, device and device based on trusted equipment |
-
2020
- 2020-11-19 CN CN202110932599.2A patent/CN113792346B/en active Active
- 2020-11-19 CN CN202011303197.8A patent/CN112100689B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103793815A (en) * | 2014-01-23 | 2014-05-14 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
| CN111510421A (en) * | 2019-01-31 | 2020-08-07 | 金联汇通信息技术有限公司 | Data processing method and device, electronic equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113792346A (en) | 2021-12-14 |
| CN112100689A (en) | 2020-12-18 |
| CN113792346B (en) | 2024-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111932426B (en) | A method, device and device for identity management based on trusted hardware | |
| CN111741036B (en) | A trusted data transmission method, device and device | |
| CN107862215B (en) | Data storage method, data query method and device | |
| CN111047313B (en) | Scan code payment, information transmission and key management method, device and device | |
| CN111814196B (en) | A data processing method, device and equipment | |
| CN111814156B (en) | A data acquisition method, device and device based on trusted equipment | |
| CN111193597B (en) | Transmission method, device, equipment and system capable of verifying statement | |
| EP4011033B1 (en) | Anonymous event attestation with group signatures | |
| US20240187420A1 (en) | Securing browser cookies | |
| CN114731293B (en) | Prevent data manipulation and protect user privacy when determining accurate location event measurements | |
| US12107969B2 (en) | Anonymous event attestation | |
| CN111190974B (en) | Method, device and device for forwarding and obtaining verifiable claims | |
| CN108564363B (en) | Transaction processing method, server, client and system | |
| CN112100689B (en) | Trusted data processing method, device and equipment | |
| CN111930846B (en) | Data processing method, device and equipment | |
| HK40042990A (en) | Trusted data processing method, device and equipment | |
| HK40042990B (en) | Trusted data processing method, device and equipment | |
| CN115037548B (en) | System, method, device, medium and equipment for secure multiparty computation of data based on blockchain | |
| CN118611927A (en) | Data transmission method, device, storage medium and electronic device | |
| CN114510359A (en) | An API calling method, device, device and medium based on identification parsing | |
| CN115758418A (en) | Data management method, device and equipment based on block chain network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40042990 Country of ref document: HK |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20241113 Address after: Room 803, floor 8, No. 618 Wai Road, Huangpu District, Shanghai 200010 Patentee after: Ant blockchain Technology (Shanghai) Co.,Ltd. Country or region after: China Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |